diff options
87 files changed, 1008 insertions, 280 deletions
@@ -63,5 +63,20 @@ committers: company: 'ATT' id: 'xuegao' timezone: 'Belgium/Namur' + - name: 'Brian Freeman' + email: 'bf1936@att.com' + company: 'ATT' + id: 'bdfreeman1421' + timezone: 'America/New_York' + - name: 'Yang Xu' + email: 'Yang.Xu3@huawei.com' + company: 'Huawei' + id: 'xuyang11' + timezone: 'America/New_York' tsc: approval: 'https://lists.onap.org/pipermail/onap-tsc' + changes: + - type: 'Addition' + name: 'Brian Freeman' + name: 'Yang Xu' + link: 'TBD'
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-elasticsearch/resources/config/sg/sg_config.yml b/kubernetes/aai/charts/aai-elasticsearch/resources/config/sg/sg_config.yml index 9172b71e8d..d0050e095c 100644 --- a/kubernetes/aai/charts/aai-elasticsearch/resources/config/sg/sg_config.yml +++ b/kubernetes/aai/charts/aai-elasticsearch/resources/config/sg/sg_config.yml @@ -37,35 +37,28 @@ # HTTP # basic (challenging) # proxy (not challenging, needs xff) -# kerberos (challenging) # clientcert (not challenging, needs https) -# jwt (not challenging) # host (not challenging) #DEPRECATED, will be removed in a future version. # host based authentication is configurable in sg_roles_mapping # Authc # internal # noop -# ldap # Authz -# ldap # noop +# Some SearchGuard functionality is licensed under Apache-2.0, while other functionality is non-free; +# see https://github.com/floragunncom/search-guard. The functionality enabled in this configuration +# file only include those that are licensed under Apache-2.0. Please use care and review SearchGuard's +# license details before enabling any additional features here. + searchguard: dynamic: # Set filtered_alias_mode to 'disallow' to forbid more than 2 filtered aliases per index # Set filtered_alias_mode to 'warn' to allow more than 2 filtered aliases per index but warns about it (default) # Set filtered_alias_mode to 'nowarn' to allow more than 2 filtered aliases per index silently #filtered_alias_mode: warn - #kibana: - # Kibana multitenancy - # see https://github.com/floragunncom/search-guard-docs/blob/master/multitenancy.md - # To make this work you need to install https://github.com/floragunncom/search-guard-module-kibana-multitenancy/wiki - #multitenancy_enabled: true - #server_username: kibanaserver - #index: '.kibana' - #do_not_fail_on_forbidden: false http: anonymous_auth_enabled: false xff: @@ -80,20 +73,6 @@ searchguard: ###### and here https://tools.ietf.org/html/rfc7239 ###### and https://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Remote_IP_Valve authc: - kerberos_auth_domain: - http_enabled: false - transport_enabled: false - order: 6 - http_authenticator: - type: kerberos - challenge: true - config: - # If true a lot of kerberos/security related debugging output will be logged to standard out - krb_debug: false - # If true then the realm will be stripped from the user name - strip_realm_from_principal: true - authentication_backend: - type: noop basic_internal_auth_domain: http_enabled: true transport_enabled: true @@ -141,81 +120,4 @@ searchguard: challenge: false authentication_backend: type: noop - ldap: - http_enabled: false - transport_enabled: false - order: 5 - http_authenticator: - type: basic - challenge: false - authentication_backend: - # LDAP authentication backend (authenticate users against a LDAP or Active Directory) - type: ldap - config: - # enable ldaps - enable_ssl: false - # enable start tls, enable_ssl should be false - enable_start_tls: false - # send client certificate - enable_ssl_client_auth: false - # verify ldap hostname - verify_hostnames: true - hosts: - - localhost:8389 - bind_dn: null - password: null - userbase: 'ou=people,dc=example,dc=com' - # Filter to search for users (currently in the whole subtree beneath userbase) - # {0} is substituted with the username - usersearch: '(sAMAccountName={0})' - # Use this attribute from the user as username (if not set then DN is used) - username_attribute: null - authz: - roles_from_myldap: - http_enabled: false - transport_enabled: false - authorization_backend: - # LDAP authorization backend (gather roles from a LDAP or Active Directory, you have to configure the above LDAP authentication backend settings too) - type: ldap - config: - # enable ldaps - enable_ssl: false - # enable start tls, enable_ssl should be false - enable_start_tls: false - # send client certificate - enable_ssl_client_auth: false - # verify ldap hostname - verify_hostnames: true - hosts: - - localhost:8389 - bind_dn: null - password: null - rolebase: 'ou=groups,dc=example,dc=com' - # Filter to search for roles (currently in the whole subtree beneath rolebase) - # {0} is substituted with the DN of the user - # {1} is substituted with the username - # {2} is substituted with an attribute value from user's directory entry, of the authenticated user. Use userroleattribute to specify the name of the attribute - rolesearch: '(member={0})' - # Specify the name of the attribute which value should be substituted with {2} above - userroleattribute: null - # Roles as an attribute of the user entry - userrolename: disabled - #userrolename: memberOf - # The attribute in a role entry containing the name of that role, Default is "name". - # Can also be "dn" to use the full DN as rolename. - rolename: cn - # Resolve nested roles transitive (roles which are members of other roles and so on ...) - resolve_nested_roles: true - userbase: 'ou=people,dc=example,dc=com' - # Filter to search for users (currently in the whole subtree beneath userbase) - # {0} is substituted with the username - usersearch: '(uid={0})' - # Skip users matching a user name, a wildcard or a regex pattern - #skip_users: - # - 'cn=Michael Jackson,ou*people,o=TEST' - # - '/\S*/' - roles_from_another_ldap: - enabled: false - authorization_backend: - type: ldap - #config goes here ... + authz:
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-search-data/resources/fproxy/config/fproxy.properties b/kubernetes/aai/charts/aai-search-data/resources/fproxy/config/fproxy.properties new file mode 100644 index 0000000000..f512fb71a6 --- /dev/null +++ b/kubernetes/aai/charts/aai-search-data/resources/fproxy/config/fproxy.properties @@ -0,0 +1,2 @@ +credential.cache.timeout.ms=180000 +transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-search-data/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/charts/aai-search-data/resources/fproxy/config/logback-spring.xml new file mode 100644 index 0000000000..edac199968 --- /dev/null +++ b/kubernetes/aai/charts/aai-search-data/resources/fproxy/config/logback-spring.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + + <property name="LOGS" value="./logs/AAF-FPS" /> + <property name="FILEPREFIX" value="application" /> + + <appender name="Console" + class="ch.qos.logback.core.ConsoleAppender"> + <layout class="ch.qos.logback.classic.PatternLayout"> + <Pattern> + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + </Pattern> + </layout> + </appender> + + <appender name="RollingFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOGS}/${FILEPREFIX}.log</file> + <encoder + class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> + </encoder> + + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <!-- rollover daily and when the file reaches 10 MegaBytes --> + <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + </fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>10MB</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + </rollingPolicy> + </appender> + + <!-- LOG everything at INFO level --> + <root level="debug"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </root> + + <!-- LOG "com.baeldung*" at TRACE level --> + <logger name="org.onap.aaf.fproxy" level="trace" additivity="false"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </logger> + +</configuration> diff --git a/kubernetes/aai/charts/aai-search-data/resources/fproxy/config/readme.txt b/kubernetes/aai/charts/aai-search-data/resources/fproxy/config/readme.txt new file mode 100644 index 0000000000..79cf29e73c --- /dev/null +++ b/kubernetes/aai/charts/aai-search-data/resources/fproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/auth/uri-authorization.json new file mode 100644 index 0000000000..595d484c37 --- /dev/null +++ b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/auth/uri-authorization.json @@ -0,0 +1,11 @@ +[ + { + "uri": "\/services\/search-data-service\/.*", + "method": "GET|PUT|POST|DELETE", + "permissions": [ + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] + } + + +] diff --git a/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/cadi.properties b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/cadi.properties new file mode 100644 index 0000000000..c2b628dbb3 --- /dev/null +++ b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/cadi.properties @@ -0,0 +1,39 @@ +# This is a normal Java Properties File +# Comments are with Pound Signs at beginning of lines, +# and multi-line expression of properties can be obtained by backslash at end of line + +#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below +#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name +#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com +#to your hosts file on your machine. +#hostname=test.aic.cip.att.com + +cadi_loglevel=DEBUG + +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +# Locate URL (which AAF Env) +aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 + +# AAF URL +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 + +cadi_keyfile=/opt/app/rproxy/config/security/keyfile +cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12 +cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV +cadi_alias=aai@aai.onap.org +cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore +cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +aaf_env=DEV + +aaf_id=demo@people.osaaf.org +aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz + +# This is a colon separated list of client cert issuers +cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/forward-proxy.properties new file mode 100644 index 0000000000..55a9b4816f --- /dev/null +++ b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/forward-proxy.properties @@ -0,0 +1,4 @@ +forward-proxy.protocol = https +forward-proxy.host = localhost +forward-proxy.port = 10680 +forward-proxy.cacheurl = /credential-cache diff --git a/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/logback-spring.xml new file mode 100644 index 0000000000..289fe7512c --- /dev/null +++ b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/logback-spring.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + + <property name="LOGS" value="./logs/reverse-proxy" /> + <property name="FILEPREFIX" value="application" /> + + <appender name="Console" + class="ch.qos.logback.core.ConsoleAppender"> + <layout class="ch.qos.logback.classic.PatternLayout"> + <Pattern> + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + </Pattern> + </layout> + </appender> + + <appender name="RollingFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOGS}/${FILEPREFIX}.log</file> + <encoder + class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> + </encoder> + + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <!-- rollover daily and when the file reaches 10 MegaBytes --> + <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + </fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>10MB</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + </rollingPolicy> + </appender> + + <!-- LOG everything at INFO level --> + <root level="debug"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </root> + + <!-- LOG "com.baeldung*" at TRACE level --> + <logger name="org.onap.aaf.rproxy" level="trace" additivity="false"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </logger> + +</configuration> diff --git a/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/primary-service.properties b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/primary-service.properties new file mode 100644 index 0000000000..5fddcb240a --- /dev/null +++ b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/primary-service.properties @@ -0,0 +1,3 @@ +primary-service.protocol = https +primary-service.host = localhost +primary-service.port = 9509 diff --git a/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/readme.txt b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/readme.txt new file mode 100644 index 0000000000..79cf29e73c --- /dev/null +++ b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/reverse-proxy.properties new file mode 100644 index 0000000000..8d46e1f429 --- /dev/null +++ b/kubernetes/aai/charts/aai-search-data/resources/rproxy/config/reverse-proxy.properties @@ -0,0 +1 @@ +transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-search-data/templates/configmap.yaml b/kubernetes/aai/charts/aai-search-data/templates/configmap.yaml index b1547f42aa..4361aa405d 100644 --- a/kubernetes/aai/charts/aai-search-data/templates/configmap.yaml +++ b/kubernetes/aai/charts/aai-search-data/templates/configmap.yaml @@ -37,3 +37,47 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-log-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-log-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} +{{ end }} + diff --git a/kubernetes/aai/charts/aai-search-data/templates/deployment.yaml b/kubernetes/aai/charts/aai-search-data/templates/deployment.yaml index 1d39d4e1d9..b63c4c520f 100644 --- a/kubernetes/aai/charts/aai-search-data/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-search-data/templates/deployment.yaml @@ -35,6 +35,14 @@ spec: release: {{ .Release.Name }} name: {{ include "common.name" . }} spec: + {{ if .Values.global.installSidecarSecurity }} + initContainers: + - name: {{ .Values.global.tproxyConfig.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + privileged: true + {{ end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -116,6 +124,84 @@ spec: - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-service-filebeat + {{ if .Values.global.installSidecarSecurity }} + - name: {{ .Values.global.rproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/rproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.rproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/forward-proxy.properties + subPath: forward-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/primary-service.properties + subPath: primary-service.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/reverse-proxy.properties + subPath: reverse-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/cadi.properties + subPath: cadi.properties + - name: {{ include "common.fullname" . }}-rproxy-log-config + mountPath: /opt/app/rproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + mountPath: /opt/app/rproxy/config/auth/uri-authorization.json + subPath: uri-authorization.json + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 + subPath: org.onap.aai.p12 + - name: {{ include "common.fullname" . }}-rproxy-security-config + mountPath: /opt/app/rproxy/config/security/keyfile + subPath: keyfile + + ports: + - containerPort: {{ .Values.global.rproxy.port }} + + - name: {{ .Values.global.fproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/fproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: TRUST_STORE_PASSWORD + value: {{ .Values.config.trustStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.fproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-fproxy-config + mountPath: /opt/app/fproxy/config/fproxy.properties + subPath: fproxy.properties + - name: {{ include "common.fullname" . }}-fproxy-log-config + mountPath: /opt/app/fproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/fproxy_truststore + subPath: fproxy_truststore + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + ports: + - containerPort: {{ .Values.global.fproxy.port }} + {{ end }} + volumes: - name: localtime hostPath: @@ -139,6 +225,35 @@ spec: - name: {{ include "common.fullname" . }}-service-log-conf configMap: name: {{ include "common.fullname" . }}-service-log + {{ if .Values.global.installSidecarSecurity }} + - name: {{ include "common.fullname" . }}-rproxy-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-config + - name: {{ include "common.fullname" . }}-rproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-log-config + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + secret: + secretName: aai-rproxy-auth-certs + - name: {{ include "common.fullname" . }}-rproxy-security-config + secret: + secretName: aai-rproxy-security-config + - name: {{ include "common.fullname" . }}-fproxy-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-config + - name: {{ include "common.fullname" . }}-fproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-log-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + secret: + secretName: aai-fproxy-auth-certs + {{ end }} restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/charts/aai-search-data/templates/secret.yaml b/kubernetes/aai/charts/aai-search-data/templates/secret.yaml index ee32e19218..9af326c3d3 100644 --- a/kubernetes/aai/charts/aai-search-data/templates/secret.yaml +++ b/kubernetes/aai/charts/aai-search-data/templates/secret.yaml @@ -38,3 +38,16 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/auth/search_policy.json").AsSecrets . | indent 2 }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-rproxy-auth-config + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} +{{ end }} + diff --git a/kubernetes/aai/charts/aai-search-data/templates/service.yaml b/kubernetes/aai/charts/aai-search-data/templates/service.yaml index a49553e65b..73a4d62d02 100644 --- a/kubernetes/aai/charts/aai-search-data/templates/service.yaml +++ b/kubernetes/aai/charts/aai-search-data/templates/service.yaml @@ -25,6 +25,19 @@ metadata: spec: type: {{ .Values.service.type }} ports: + {{ if .Values.global.installSidecarSecurity }} + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + targetPort: {{ .Values.global.rproxy.port }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.global.rproxy.port }} + name: {{ .Values.service.portName }} + {{- end}} + {{ else }} + {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} @@ -33,6 +46,7 @@ spec: - port: {{ .Values.service.internalPort }} name: {{ .Values.service.portName }} {{- end}} +{{ end }} selector: app: {{ include "common.name" . }} release: {{ .Release.Name }} diff --git a/kubernetes/aai/charts/aai-search-data/values.yaml b/kubernetes/aai/charts/aai-search-data/values.yaml index 2a999b8a0c..9e02e1a246 100644 --- a/kubernetes/aai/charts/aai-search-data/values.yaml +++ b/kubernetes/aai/charts/aai-search-data/values.yaml @@ -32,7 +32,7 @@ config: elasticsearchHttpPort: 9200 keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - + trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 # default number of instances replicaCount: 1 diff --git a/kubernetes/aai/resources/config/fproxy/auth/fproxy_truststore b/kubernetes/aai/resources/config/fproxy/auth/fproxy_truststore Binary files differindex f6ebc75ed8..f5e41700dc 100644 --- a/kubernetes/aai/resources/config/fproxy/auth/fproxy_truststore +++ b/kubernetes/aai/resources/config/fproxy/auth/fproxy_truststore diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh index 481163a1d5..825f7ab56a 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh @@ -13,11 +13,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -startODL_status=$(ps -e | grep startODL | wc -l) waiting_bundles=$(/opt/opendaylight/current/bin/client bundle:list | grep Waiting | wc -l) run_level=$(/opt/opendaylight/current/bin/client system:start-level) - if [ "$run_level" == "Level 100" ] && [ "$startODL_status" -lt "1" ] && [ "$waiting_bundles" -lt "1" ] + if [ "$run_level" == "Level 100" ] && [ "$waiting_bundles" -lt "1" ] then echo APPC is healthy. else diff --git a/kubernetes/cds/Chart.yaml b/kubernetes/cds/Chart.yaml index fa430d2f78..acf35d4c8b 100644 --- a/kubernetes/cds/Chart.yaml +++ b/kubernetes/cds/Chart.yaml @@ -14,6 +14,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP Common Design Studio +description: ONAP Controller Design Studio (CDS) name: cds version: 4.0.0 diff --git a/kubernetes/cds/charts/blueprints-processor/Chart.yaml b/kubernetes/cds/charts/cds-blueprints-processor/Chart.yaml index 389097437c..0563675792 100755 --- a/kubernetes/cds/charts/blueprints-processor/Chart.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/Chart.yaml @@ -13,6 +13,6 @@ # limitations under the License. apiVersion: v1 -description: Blueprints Processor Micro Service -name: blueprints-processor +description: ONAP CDS Blueprints Processor +name: cds-blueprints-processor version: 4.0.0
\ No newline at end of file diff --git a/kubernetes/cds/charts/blueprints-processor/requirements.yaml b/kubernetes/cds/charts/cds-blueprints-processor/requirements.yaml index 9f92507a99..9f92507a99 100755 --- a/kubernetes/cds/charts/blueprints-processor/requirements.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/requirements.yaml diff --git a/kubernetes/cds/charts/blueprints-processor/resources/config/application.properties b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties index c25176f971..d2d043deea 100755 --- a/kubernetes/cds/charts/blueprints-processor/resources/config/application.properties +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties @@ -1,47 +1,60 @@ -# Copyright (c) 2019 IBM, Bell Canada.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Functionality config
-blueprintsprocessor.grpcEnable=true
-blueprintsprocessor.restconfEnabled=true
-blueprintsprocessor.httpPort=8080
-blueprintsprocessor.grpcPort=9111
-
-# Basic Authentication
-security.user.password: {bcrypt}$2a$10$duaUzVUVW0YPQCSIbGEkQOXwafZGwQ/b32/Ys4R1iwSSawFgz7QNu
-security.user.name: ccsdkapps
-
-# Blueprint Processor File Execution and Handling Properties
-blueprintsprocessor.blueprintDeployPath=/opt/app/onap/blueprints/deploy
-blueprintsprocessor.blueprintArchivePath=/opt/app/onap/blueprints/archive
-
-# Primary Database Configuration
-blueprintsprocessor.db.primary.url=jdbc:mysql://cds-db:3306/sdnctl
-blueprintsprocessor.db.primary.username=sdnctl
-blueprintsprocessor.db.primary.password=sdnctl
-blueprintsprocessor.db.primary.driverClassName=org.mariadb.jdbc.Driver
-blueprintsprocessor.db.primary.hibernateHbm2ddlAuto=update
-blueprintsprocessor.db.primary.hibernateDDLAuto=update
-blueprintsprocessor.db.primary.hibernateNamingStrategy=org.hibernate.cfg.ImprovedNamingStrategy
-blueprintsprocessor.db.primary.hibernateDialect=org.hibernate.dialect.MySQL5InnoDBDialect
-
-# Python executor
-blueprints.processor.functions.python.executor.executionPath=/opt/app/onap/scripts/jython/ccsdk_blueprints
-blueprints.processor.functions.python.executor.modulePaths=/opt/app/onap/scripts/jython/ccsdk_blueprints,/opt/app/onap/scripts/jython/ccsdk_netconf
-
-# SDN-C's ODL Restconf Connection Details
-blueprintsprocessor.restclient.sdncodl.type=basic-auth
-blueprintsprocessor.restclient.sdncodl.url=http://sdnc:8282/
-blueprintsprocessor.restclient.sdncodl.username=admin
-blueprintsprocessor.restclient.sdncodl.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
\ No newline at end of file +# +# Copyright (c) 2017-2019 AT&T, IBM, Bell Canada, Nordix Foundation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Web server config +blueprintsprocessor.grpcEnable=true +blueprintsprocessor.httpPort=8080 +blueprintsprocessor.grpcPort=9111 + +# Blueprint Processor File Execution and Handling Properties +blueprintsprocessor.blueprintDeployPath=/opt/app/onap/blueprints/deploy +blueprintsprocessor.blueprintArchivePath=/opt/app/onap/blueprints/archive +blueprintsprocessor.blueprintWorkingPath=/opt/app/onap/blueprints/work + +# Primary Database Configuration +blueprintsprocessor.db.primary.url=jdbc:mysql://cds-db:3306/sdnctl +blueprintsprocessor.db.primary.username=sdnctl +blueprintsprocessor.db.primary.password=sdnctl +blueprintsprocessor.db.primary.driverClassName=org.mariadb.jdbc.Driver +blueprintsprocessor.db.primary.hibernateHbm2ddlAuto=update +blueprintsprocessor.db.primary.hibernateDDLAuto=update +blueprintsprocessor.db.primary.hibernateNamingStrategy=org.hibernate.cfg.ImprovedNamingStrategy +blueprintsprocessor.db.primary.hibernateDialect=org.hibernate.dialect.MySQL5InnoDBDialect + +# Python executor +blueprints.processor.functions.python.executor.executionPath=/opt/app/onap/scripts/jython/ccsdk_blueprints +blueprints.processor.functions.python.executor.modulePaths=/opt/app/onap/scripts/jython/ccsdk_blueprints,/opt/app/onap/scripts/jython/ccsdk_netconf,/opt/app/onap/scripts/jython/ccsdk_restconf + +security.user.password: {bcrypt}$2a$10$duaUzVUVW0YPQCSIbGEkQOXwafZGwQ/b32/Ys4R1iwSSawFgz7QNu +security.user.name: ccsdkapps + +# SDN-C's ODL Restconf Connection Details +blueprintsprocessor.restconfEnabled=true +blueprintsprocessor.restclient.sdncodl.type=basic-auth +blueprintsprocessor.restclient.sdncodl.url=http://sdnc:8282/ +blueprintsprocessor.restclient.sdncodl.username=admin +blueprintsprocessor.restclient.sdncodl.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + +# Executor Options +blueprintprocessor.resourceResolution.enabled=true +blueprintprocessor.netconfExecutor.enabled=true +blueprintprocessor.restConfExecutor.enabled=true +blueprintprocessor.remoteScriptCommand.enabled=true + +# Command executor +blueprintsprocessor.grpcclient.remote-python.type=token-auth +blueprintsprocessor.grpcclient.remote-python.host=cds-command-executor +blueprintsprocessor.grpcclient.remote-python.port=50051 +blueprintsprocessor.grpcclient.remote-python.token=Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
\ No newline at end of file diff --git a/kubernetes/cds/charts/controller-blueprints/resources/config/logback.xml b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/logback.xml index b73db7145f..3a01678424 100644..100755 --- a/kubernetes/cds/charts/controller-blueprints/resources/config/logback.xml +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/logback.xml @@ -37,7 +37,7 @@ <logger name="org.hibernate" level="error"/> <logger name="org.onap.ccsdk.apps" level="info"/> - <root level="warn"> + <root level="info"> <appender-ref ref="STDOUT"/> </root> diff --git a/kubernetes/cds/charts/blueprints-processor/templates/configmap.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/configmap.yaml index 873acee237..873acee237 100755 --- a/kubernetes/cds/charts/blueprints-processor/templates/configmap.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/configmap.yaml diff --git a/kubernetes/cds/charts/blueprints-processor/templates/deployment.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml index 876f24937d..736b5cea24 100755 --- a/kubernetes/cds/charts/blueprints-processor/templates/deployment.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml @@ -54,9 +54,7 @@ spec: value: {{ .Values.config.appConfigDir }} ports: - containerPort: {{ .Values.service.http.internalPort }} - {{ if .Values.config.grpcEnabled }} - containerPort: {{ .Values.service.grpc.internalPort }} - {{ end }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} @@ -89,6 +87,8 @@ spec: - mountPath: {{ .Values.config.appConfigDir }}/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml + - mountPath: {{ .Values.persistence.deployedBlueprint }} + name: {{ include "common.fullname" . }}-blueprints resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -111,5 +111,8 @@ spec: path: application.properties - key: logback.xml path: logback.xml + - name: {{ include "common.fullname" . }}-blueprints + persistentVolumeClaim: + claimName: {{ .Release.Name }}-cds-blueprints imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/pv.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/pv.yaml new file mode 100755 index 0000000000..812108760b --- /dev/null +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/pv.yaml @@ -0,0 +1,39 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if not .Values.persistence.storageClass -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-blueprints + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }}-blueprints +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} +{{- end -}} +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/pvc.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/pvc.yaml new file mode 100755 index 0000000000..98b55716c5 --- /dev/null +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/pvc.yaml @@ -0,0 +1,50 @@ +{{/* +# Copyright © 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ .Release.Name }}-cds-blueprints + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: +{{- if not .Values.persistence.storageClass }} + selector: + matchLabels: + name: {{ include "common.fullname" . }}-blueprints +{{- end }} + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/cds/charts/blueprints-processor/templates/service.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/service.yaml index 5c8bc8cc0d..5c8bc8cc0d 100755 --- a/kubernetes/cds/charts/blueprints-processor/templates/service.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/service.yaml diff --git a/kubernetes/cds/charts/blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index 10169d5dc7..05ef5fe1f0 100755 --- a/kubernetes/cds/charts/blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -80,8 +80,15 @@ service: internalPort: 9111 externalPort: 9111 + persistence: enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteMany + size: 2Gi + enabled: true + mountSubPath: cds/blueprints/deploy + deployedBlueprint: /opt/app/onap/blueprints/deploy ingress: enabled: false diff --git a/kubernetes/cds/charts/cds-command-executor/Chart.yaml b/kubernetes/cds/charts/cds-command-executor/Chart.yaml new file mode 100755 index 0000000000..6f17c88c46 --- /dev/null +++ b/kubernetes/cds/charts/cds-command-executor/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright (c) 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP CDS Command Executor +name: cds-command-executor +version: 4.0.0
\ No newline at end of file diff --git a/kubernetes/cds/charts/cds-command-executor/requirements.yaml b/kubernetes/cds/charts/cds-command-executor/requirements.yaml new file mode 100755 index 0000000000..a57d2b6103 --- /dev/null +++ b/kubernetes/cds/charts/cds-command-executor/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright (c) 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~4.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/cds/charts/cds-command-executor/templates/deployment.yaml b/kubernetes/cds/charts/cds-command-executor/templates/deployment.yaml new file mode 100755 index 0000000000..659eddbaef --- /dev/null +++ b/kubernetes/cds/charts/cds-command-executor/templates/deployment.yaml @@ -0,0 +1,90 @@ +# Copyright (c) 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + initContainers: + - command: + - /root/ready.py + args: + - --container-name + - cds-blueprints-processor + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.grpc.internalPort }} + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.grpc.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.grpc.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: {{ .Values.persistence.deployedBlueprint }} + name: {{ include "common.fullname" . }}-blueprints + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-blueprints + persistentVolumeClaim: + claimName: {{ .Release.Name }}-cds-blueprints + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/cds/charts/cds-command-executor/templates/service.yaml b/kubernetes/cds/charts/cds-command-executor/templates/service.yaml new file mode 100755 index 0000000000..a6888b2fca --- /dev/null +++ b/kubernetes/cds/charts/cds-command-executor/templates/service.yaml @@ -0,0 +1,37 @@ +# Copyright (c) 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.grpc.externalPort }} + targetPort: {{ .Values.service.grpc.internalPort }} + {{- if eq .Values.service.type "NodePort"}} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + {{- end}} + name: {{ .Values.service.grpc.portName | default "grpc" }} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }}
\ No newline at end of file diff --git a/kubernetes/cds/charts/cds-command-executor/values.yaml b/kubernetes/cds/charts/cds-command-executor/values.yaml new file mode 100755 index 0000000000..fa49735cef --- /dev/null +++ b/kubernetes/cds/charts/cds-command-executor/values.yaml @@ -0,0 +1,99 @@ +# Copyright (c) 2019 Bell Canada +# +# Modifications Copyright (c) 2019 Bell Canada. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + # Change to an unused port prefix range to prevent port conflicts + # with other instances running within the same k8s cluster + nodePortPrefix: 302 + + # image repositories + repository: nexus3.onap.org:10001 + + # readiness check + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + + # image pull policy + pullPolicy: Always + + persistence: + mountPath: /dockerdata-nfs + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/ccsdk-commandexecutor:0.4.2-STAGING-latest +pullPolicy: Always + +# application configuration +config: + basicAuth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: ClusterIP + grpc: + portName: command-executor-grpc + internalPort: 50051 + externalPort: 50051 + +persistence: + enabled: true + mountSubPath: cds/blueprints/deploy + deployedBlueprint: /opt/app/onap/blueprints/deploy + +ingress: + enabled: false + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} diff --git a/kubernetes/cds/charts/controller-blueprints/.helmignore b/kubernetes/cds/charts/cds-controller-blueprints/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/cds/charts/controller-blueprints/.helmignore +++ b/kubernetes/cds/charts/cds-controller-blueprints/.helmignore diff --git a/kubernetes/cds/charts/controller-blueprints/Chart.yaml b/kubernetes/cds/charts/cds-controller-blueprints/Chart.yaml index 5e8b3f35df..fa04a16b00 100644 --- a/kubernetes/cds/charts/controller-blueprints/Chart.yaml +++ b/kubernetes/cds/charts/cds-controller-blueprints/Chart.yaml @@ -13,6 +13,6 @@ # limitations under the License. apiVersion: v1 -description: Controller Blueprints Micro Service -name: controller-blueprints +description: ONAP CDS Controller Blueprints +name: cds-controller-blueprints version: 4.0.0
\ No newline at end of file diff --git a/kubernetes/cds/charts/controller-blueprints/requirements.yaml b/kubernetes/cds/charts/cds-controller-blueprints/requirements.yaml index 857a963ada..857a963ada 100644 --- a/kubernetes/cds/charts/controller-blueprints/requirements.yaml +++ b/kubernetes/cds/charts/cds-controller-blueprints/requirements.yaml diff --git a/kubernetes/cds/charts/controller-blueprints/resources/config/application.properties b/kubernetes/cds/charts/cds-controller-blueprints/resources/config/application.properties index 80fdaf542e..80fdaf542e 100755 --- a/kubernetes/cds/charts/controller-blueprints/resources/config/application.properties +++ b/kubernetes/cds/charts/cds-controller-blueprints/resources/config/application.properties diff --git a/kubernetes/cds/charts/blueprints-processor/resources/config/logback.xml b/kubernetes/cds/charts/cds-controller-blueprints/resources/config/logback.xml index b73db7145f..b73db7145f 100755..100644 --- a/kubernetes/cds/charts/blueprints-processor/resources/config/logback.xml +++ b/kubernetes/cds/charts/cds-controller-blueprints/resources/config/logback.xml diff --git a/kubernetes/cds/charts/controller-blueprints/templates/configmap.yaml b/kubernetes/cds/charts/cds-controller-blueprints/templates/configmap.yaml index a8489681df..a8489681df 100644 --- a/kubernetes/cds/charts/controller-blueprints/templates/configmap.yaml +++ b/kubernetes/cds/charts/cds-controller-blueprints/templates/configmap.yaml diff --git a/kubernetes/cds/charts/controller-blueprints/templates/deployment.yaml b/kubernetes/cds/charts/cds-controller-blueprints/templates/deployment.yaml index 4cd2e18090..4cd2e18090 100755 --- a/kubernetes/cds/charts/controller-blueprints/templates/deployment.yaml +++ b/kubernetes/cds/charts/cds-controller-blueprints/templates/deployment.yaml diff --git a/kubernetes/cds/charts/controller-blueprints/templates/service.yaml b/kubernetes/cds/charts/cds-controller-blueprints/templates/service.yaml index e0a66d2483..e0a66d2483 100755 --- a/kubernetes/cds/charts/controller-blueprints/templates/service.yaml +++ b/kubernetes/cds/charts/cds-controller-blueprints/templates/service.yaml diff --git a/kubernetes/cds/charts/controller-blueprints/values.yaml b/kubernetes/cds/charts/cds-controller-blueprints/values.yaml index 246aae482b..246aae482b 100755 --- a/kubernetes/cds/charts/controller-blueprints/values.yaml +++ b/kubernetes/cds/charts/cds-controller-blueprints/values.yaml diff --git a/kubernetes/cds/charts/cds-ui/Chart.yaml b/kubernetes/cds/charts/cds-ui/Chart.yaml new file mode 100644 index 0000000000..d168e7cb9f --- /dev/null +++ b/kubernetes/cds/charts/cds-ui/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright (c) 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP CDS UI +name: cds-ui +version: 4.0.0
\ No newline at end of file diff --git a/kubernetes/cds/charts/cds-ui/requirements.yaml b/kubernetes/cds/charts/cds-ui/requirements.yaml new file mode 100644 index 0000000000..a57d2b6103 --- /dev/null +++ b/kubernetes/cds/charts/cds-ui/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright (c) 2019 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~4.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/cds/templates/deployment.yaml b/kubernetes/cds/charts/cds-ui/templates/deployment.yaml index 134e6b7443..134e6b7443 100644 --- a/kubernetes/cds/templates/deployment.yaml +++ b/kubernetes/cds/charts/cds-ui/templates/deployment.yaml diff --git a/kubernetes/cds/templates/service.yaml b/kubernetes/cds/charts/cds-ui/templates/service.yaml index f8e91120eb..989321cc9b 100644 --- a/kubernetes/cds/templates/service.yaml +++ b/kubernetes/cds/charts/cds-ui/templates/service.yaml @@ -27,7 +27,7 @@ spec: ports: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }} name: {{ .Values.service.portName }}-{{ .Values.service.internalPort }} {{- else -}} - port: {{ .Values.service.externalPort }} diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml new file mode 100644 index 0000000000..efcd7e29b7 --- /dev/null +++ b/kubernetes/cds/charts/cds-ui/values.yaml @@ -0,0 +1,89 @@ +# Copyright © 2018 Orange +# Modifications Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefixExt: 304 + readinessRepository: oomk8s + readinessImage: readiness-check:1.1.0 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + +subChartsOnly: + enabled: true + +# application image +repository: nexus3.onap.org:10001 +image: onap/ccsdk-cds-ui-server:0.4.2-STAGING-latest +pullPolicy: Always + +# application configuration +config: + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + httpGet: + path: / + port: 3000 + initialDelaySeconds: 30 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + httpGet: + path: /ping + port: 3000 + initialDelaySeconds: 30 + periodSeconds: 10 + +service: + type: NodePort + portName: ui + name: cds-ui + nodePort: 97 + internalPort: 3000 + +ingress: + enabled: false +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 10m + memory: 100Mi + large: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 200m + memory: 200Mi + unlimited: {} diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml index 06b7cd1211..cdede47d09 100644 --- a/kubernetes/cds/values.yaml +++ b/kubernetes/cds/values.yaml @@ -1,5 +1,4 @@ -# Copyright © 2018 Orange -# Modifications Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2019 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,27 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 303 - readinessRepository: oomk8s - readinessImage: readiness-check:1.1.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - -subChartsOnly: - enabled: true - -# application image -repository: nexus3.onap.org:10001 -image: onap/ccsdk-cds-ui:1.0.0-STAGING-latest -pullPolicy: Always - -# application configuration -config: - mariadb-galera: config: userName: sdnctl @@ -47,58 +25,4 @@ mariadb-galera: replicaCount: 1 persistence: enabled: true - mountSubPath: cds/data - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - httpGet: - path: / - port: 3000 - initialDelaySeconds: 30 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - httpGet: - path: /ping - port: 3000 - initialDelaySeconds: 30 - periodSeconds: 10 - -service: - type: NodePort - portName: ui - name: cds - nodePort: 97 - internalPort: 3000 - -ingress: - enabled: false -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 1Gi - requests: - cpu: 10m - memory: 100Mi - large: - limits: - cpu: 2 - memory: 2Gi - requests: - cpu: 200m - memory: 200Mi - unlimited: {} + mountSubPath: cds/data
\ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties index f9c4d9e446..dc9298de65 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties +++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties @@ -153,7 +153,7 @@ ApiNamespace: org.onap.dmaap-bc.api # If API authorization is required, then implement a class to enforce it. # This overrides the Class used for API permission check. -#ApiPermission.Class: com.company.policy.DecisionPolicy +ApiPermission.Class: org.onap.dmaap.dbcapi.authentication.AllowAll ##################################################### # diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/post-install-job.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/post-install-job.yaml index ee24cfb548..d01987448c 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/post-install-job.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/post-install-job.yaml @@ -31,9 +31,9 @@ spec: - name: DELAY value: "0" - name: PROTO - value: "http" + value: "https" - name: PORT - value: "8080" + value: "8443" - name: REQUESTID value: "{{.Chart.Name}}-post-install" volumeMounts: diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml index 2123dd7a6d..4623738003 100644 --- a/kubernetes/portal/charts/portal-app/values.yaml +++ b/kubernetes/portal/charts/portal-app/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/portal-app:2.3.1 +image: onap/portal-app:2.5.0-STAGING-latest pullPolicy: Always # default number of instances diff --git a/kubernetes/portal/charts/portal-mariadb/values.yaml b/kubernetes/portal/charts/portal-mariadb/values.yaml index 24b92f3bc3..e6d7d11360 100644 --- a/kubernetes/portal/charts/portal-mariadb/values.yaml +++ b/kubernetes/portal/charts/portal-mariadb/values.yaml @@ -24,7 +24,7 @@ global: # global defaults # application image repository: nexus3.onap.org:10001 -image: onap/portal-db:2.3.1 +image: onap/portal-db:2.5.0-STAGING-latest pullPolicy: Always readinessImage: readiness-check:2.0.0 diff --git a/kubernetes/portal/charts/portal-sdk/values.yaml b/kubernetes/portal/charts/portal-sdk/values.yaml index 63f7a49363..b61c84a494 100644 --- a/kubernetes/portal/charts/portal-sdk/values.yaml +++ b/kubernetes/portal/charts/portal-sdk/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/portal-sdk:2.3.1 +image: onap/portal-sdk:2.5.0-STAGING-latest pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/portal/charts/portal-widget/values.yaml b/kubernetes/portal/charts/portal-widget/values.yaml index f3567962db..7cf7b306ad 100644 --- a/kubernetes/portal/charts/portal-widget/values.yaml +++ b/kubernetes/portal/charts/portal-widget/values.yaml @@ -29,7 +29,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/portal-wms:2.3.1 +image: onap/portal-wms:2.5.0-STAGING-latest pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py index 85a932e02d..b765db23d6 100644 --- a/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/integration_robot_properties.py @@ -85,7 +85,6 @@ GLOBAL_MSB_SERVER_PORT = "80" GLOBAL_MR_SERVER_PROTOCOL = "http" GLOBAL_MR_SERVER_PORT = "3904" # bus controller info -GLOBAL_BC_SERVER_PORT = "8080" GLOBAL_BC_HTTPS_SERVER_PORT = "8443" GLOBAL_BC_USERNAME = "{{ .Values.bcUsername }}" GLOBAL_BC_PASSWORD = "{{ .Values.bcPassword }}" diff --git a/kubernetes/robot/resources/config/eteshare/config/vm_properties.py b/kubernetes/robot/resources/config/eteshare/config/vm_properties.py index 5c6d191cdc..7d42fd54d8 100644 --- a/kubernetes/robot/resources/config/eteshare/config/vm_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/vm_properties.py @@ -71,8 +71,8 @@ GLOBAL_INJECTED_OPENSTACK_USERNAME_REGION_THREE = "{{ .Values.openStackUserNameR GLOBAL_INJECTED_OPENSTACK_PASSWORD_REGION_THREE = "{{ .Values.openStackPasswordRegionThree }}" GLOBAL_INJECTED_OPENSTACK_MSO_ENCRYPTED_PASSWORD_REGION_THREE = "{{ .Values.openSackMsoEncryptdPasswordRegionThree }}" GLOBAL_INJECTED_OPENSTACK_TENANT_ID_REGION_THREE = "{{ .Values.openStackTenantIdRegionThree }}" -GLOBAL_INJECTED_OPENSTACK_PROJECT_DOMAIN__REGION_THREE = "{{ .Values.openStackProjectNameRegionThree }}" -GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN__REGION_THREE = "{{ .Values.openStackDomainIdRegionThree }}" +GLOBAL_INJECTED_OPENSTACK_PROJECT_DOMAIN_REGION_THREE = "{{ .Values.openStackProjectNameRegionThree }}" +GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN_REGION_THREE = "{{ .Values.openStackDomainIdRegionThree }}" GLOBAL_INJECTED_OPENSTACK_OAM_NETWORK_CIDR_PREFIX = "{{ .Values.openStackOamNetworkCidrPrefix }}" GLOBAL_INJECTED_POLICY_IP_ADDR = "pdp.{{include "common.namespace" .}}" GLOBAL_INJECTED_POLICY_HEALTHCHECK_IP_ADDR = "drools.{{include "common.namespace" .}}" @@ -157,8 +157,8 @@ GLOBAL_INJECTED_PROPERTIES = { "GLOBAL_INJECTED_OPENSTACK_PASSWORD_REGION_THREE" : "{{ .Values.openStackPasswordRegionThree }}", "GLOBAL_INJECTED_OPENSTACK_MSO_ENCRYPTED_PASSWORD_REGION_THREE" : "{{ .Values.openSackMsoEncryptdPasswordRegionThree }}", "GLOBAL_INJECTED_OPENSTACK_TENANT_ID_REGION_THREE" : "{{ .Values.openStackTenantIdRegionThree }}", - "GLOBAL_INJECTED_OPENSTACK_PROJECT_DOMAIN__REGION_THREE" : "{{ .Values.openStackProjectNameRegionThree }}", - "GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN__REGION_THREE" : "{{ .Values.openStackDomainIdRegionThree }}", + "GLOBAL_INJECTED_OPENSTACK_PROJECT_DOMAIN_REGION_THREE" : "{{ .Values.openStackProjectNameRegionThree }}", + "GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN_REGION_THREE" : "{{ .Values.openStackDomainIdRegionThree }}", "GLOBAL_INJECTED_OPENSTACK_OAM_NETWORK_CIDR_PREFIX" : "{{ .Values.openStackOamNetworkCidrPrefix }}", "GLOBAL_INJECTED_POLICY_IP_ADDR" : "pdp.{{include "common.namespace" .}}", "GLOBAL_INJECTED_POLICY_HEALTHCHECK_IP_ADDR" : "drools.{{include "common.namespace" .}}", diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml index 9ad4d7fcc6..14f6064973 100755 --- a/kubernetes/robot/values.yaml +++ b/kubernetes/robot/values.yaml @@ -60,7 +60,7 @@ openStackUserName: "tenantUsername" # Project name of Openstack where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_PROJECT_NAME openStackProjectName: "onap" # Domain id of openstack where VNFs will be deployed. Maps to GLOBAL_INJECTED_OPENSTACK_DOMAIN_ID -openStackDomainId: "default" +openStackDomainId: "Default" # Openstack Keystone API version. Valid values are [ v2.0, v3 ]. Maps to GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION openStackKeystoneAPIVersion: "v2.0" # Values for second cloud instante for VNF instantiatioen testing and keystone v3 @@ -73,7 +73,7 @@ openStackPasswordRegionThree: "tenantPassword" openSackMsoEncryptdPasswordRegionThree: "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" openStackTenantIdRegionThree: "3583253e932845a09cd4c8ca2f31d095" openStackProjectNameRegionThree: "Integration-HEAT-Staging-Daily" -openStackDomainIdRegionThree: "default" +openStackDomainIdRegionThree: "Default" # # Openstack glance image name for Ubuntu 14. Maps to GLOBAL_INJECTED_UBUNTU_1404_IMAGE ubuntu14Image: "Ubuntu_14_trusty" diff --git a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml index 666c22254d..9ae8f31499 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml @@ -27,9 +27,9 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dcae-be:1.3.0 +image: onap/dcae-be:1.3-STAGING-latest pullPolicy: Always -backendInitImage: onap/dcae-tools:1.3.0 +backendInitImage: onap/dcae-tools:1.3-STAGING-latest # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml index cf0640565c..f04b8fa5f2 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dcae-dt:1.2.0 +image: onap/dcae-dt:1.2-STAGING-latest pullPolicy: IfNotPresent config: javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml index ab6eaf3fbf..9f544cb9e0 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dcae-fe:1.3.0 +image: onap/dcae-fe:1.3-STAGING-latest pullPolicy: Always config: javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml index f968c59dae..a22479e8e8 100644 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dcae-tosca-app:1.3.0 +image: onap/dcae-tosca-app:1.3-STAGING-latest pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml index fe2b1aa1df..1849c46ea1 100644 --- a/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml @@ -72,6 +72,10 @@ spec: value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}" + - name: MYSQL_AUTH + value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}" + - name: REDIS_ADDR + value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" volumeMounts: - name: {{ include "common.fullname" . }}-catalog mountPath: /service/vfc/nfvo/catalog/static diff --git a/kubernetes/vfc/charts/vfc-catalog/values.yaml b/kubernetes/vfc/charts/vfc-catalog/values.yaml index fc6cf4e853..a96276b135 100644 --- a/kubernetes/vfc/charts/vfc-catalog/values.yaml +++ b/kubernetes/vfc/charts/vfc-catalog/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/catalog:1.2.1 +image: onap/vfc/catalog:1.3.0-STAGING-latest pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-db/values.yaml b/kubernetes/vfc/charts/vfc-db/values.yaml index 957af13576..a134190412 100644 --- a/kubernetes/vfc/charts/vfc-db/values.yaml +++ b/kubernetes/vfc/charts/vfc-db/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/db:1.2.1 +image: onap/vfc/db:1.3.0-STAGING-latest pullPolicy: Always # flag to enable debugging - application support required @@ -59,8 +59,8 @@ readiness: service: type: ClusterIP - name: vfc-db - portName: vfc-db + name: vfc-redis + portName: vfc-redis externalPort: 3306 internalPort: 3306 externalPort2: 6379 diff --git a/kubernetes/vfc/charts/vfc-ems-driver/values.yaml b/kubernetes/vfc/charts/vfc-ems-driver/values.yaml index ebdc2f3e45..704d900cbb 100644 --- a/kubernetes/vfc/charts/vfc-ems-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-ems-driver/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/emsdriver:1.2.1 +image: onap/vfc/emsdriver:1.3.0-STAGING-latest pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml index d743acdd79..22e4873d12 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/gvnfmdriver:1.2.1 +image: onap/vfc/gvnfmdriver:1.3.0-STAGING-latest pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml index d3f393bc2d..5cd1d75773 100644 --- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/nfvo/svnfm/huawei:1.2.1 +image: onap/vfc/nfvo/svnfm/huawei:1.3.0-STAGING-latest pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-juju-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-juju-vnfm-driver/values.yaml index fab65fa0cc..43eafe45d0 100644 --- a/kubernetes/vfc/charts/vfc-juju-vnfm-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-juju-vnfm-driver/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/jujudriver:1.2.1 +image: onap/vfc/jujudriver:1.3.0-STAGING-latest pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-multivim-proxy/values.yaml b/kubernetes/vfc/charts/vfc-multivim-proxy/values.yaml index 0a4601fea0..c481cda8ba 100644 --- a/kubernetes/vfc/charts/vfc-multivim-proxy/values.yaml +++ b/kubernetes/vfc/charts/vfc-multivim-proxy/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/multivimproxy:1.2.1 +image: onap/vfc/multivimproxy:1.3.0-STAGING-latest pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/values.yaml index 74f5b67204..dfebe764d6 100644 --- a/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/nfvo/svnfm/nokiav2:1.3.0 +image: onap/vfc/nfvo/svnfm/nokiav2:1.3.1-STAGING-latest pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml index 184ceb5dfa..24a42fe5f1 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml @@ -72,6 +72,10 @@ spec: value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}" + - name: MYSQL_AUTH + value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}" + - name: REDIS_ADDR + value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" volumeMounts: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime diff --git a/kubernetes/vfc/charts/vfc-nslcm/values.yaml b/kubernetes/vfc/charts/vfc-nslcm/values.yaml index d96aa6992a..554d20b5b3 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/values.yaml +++ b/kubernetes/vfc/charts/vfc-nslcm/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/nslcm:1.2.1 +image: onap/vfc/nslcm:1.3.0-STAGING-latest pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-resmgr/values.yaml b/kubernetes/vfc/charts/vfc-resmgr/values.yaml index bdd6c14836..03feb71746 100644 --- a/kubernetes/vfc/charts/vfc-resmgr/values.yaml +++ b/kubernetes/vfc/charts/vfc-resmgr/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/resmanagement:1.2.1 +image: onap/vfc/resmanagement:1.3.0-STAGING-latest pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml index 95e90a1e4e..f941ae866e 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml @@ -72,6 +72,10 @@ spec: value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}" + - name: MYSQL_AUTH + value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}" + - name: REDIS_ADDR + value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" volumeMounts: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime diff --git a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml index e733812dac..d1d76819a2 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/vnflcm:1.2.1 +image: onap/vfc/vnflcm:1.3.0-STAGING-latest pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml index 219f2f2961..d197da6a75 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml @@ -72,6 +72,10 @@ spec: value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}" + - name: REDIS_ADDR + value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" + - name: MYSQL_AUTH + value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}" volumeMounts: - name: {{ include "common.fullname" . }}-localtime diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml index 3febc9b9be..d709d9d198 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/vnfmgr:1.2.1 +image: onap/vfc/vnfmgr:1.3.0-STAGING-latest pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml index 9f9f1b3377..f2a8b055c0 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml @@ -72,6 +72,10 @@ spec: value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}" + - name: REDIS_ADDR + value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" + - name: MYSQL_AUTH + value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}" volumeMounts: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime diff --git a/kubernetes/vfc/charts/vfc-vnfres/values.yaml b/kubernetes/vfc/charts/vfc-vnfres/values.yaml index bb51c63b6e..62b2463876 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnfres/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/vnfres:1.2.1 +image: onap/vfc/vnfres:1.3.0-STAGING-latest pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-workflow-engine/values.yaml b/kubernetes/vfc/charts/vfc-workflow-engine/values.yaml index dd098d65d1..598cb4d9d1 100644 --- a/kubernetes/vfc/charts/vfc-workflow-engine/values.yaml +++ b/kubernetes/vfc/charts/vfc-workflow-engine/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/wfengine-activiti:1.2.0 +image: onap/vfc/wfengine-activiti:1.3.0-STAGING-latest pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-workflow/values.yaml b/kubernetes/vfc/charts/vfc-workflow/values.yaml index 6d06d9b765..26d9888b05 100644 --- a/kubernetes/vfc/charts/vfc-workflow/values.yaml +++ b/kubernetes/vfc/charts/vfc-workflow/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/wfengine-mgrservice:1.2.0 +image: onap/vfc/wfengine-mgrservice:1.3.0-STAGING-latest pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-zte-sdnc-driver/values.yaml b/kubernetes/vfc/charts/vfc-zte-sdnc-driver/values.yaml index 8bb0574ec6..b9d7288953 100644 --- a/kubernetes/vfc/charts/vfc-zte-sdnc-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-zte-sdnc-driver/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/ztesdncdriver:1.2.0 +image: onap/vfc/ztesdncdriver:1.2.0-STAGING-latest pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml index cf0a162a5f..d37c241f6b 100644 --- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/ztevnfmdriver:1.2.1 +image: onap/vfc/ztevnfmdriver:1.3.0-STAGING-latest pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/requirements.yaml b/kubernetes/vfc/requirements.yaml index 1d30dfd918..71bfc00487 100644 --- a/kubernetes/vfc/requirements.yaml +++ b/kubernetes/vfc/requirements.yaml @@ -15,4 +15,7 @@ dependencies: - name: common version: ~4.x-0 - repository: '@local'
\ No newline at end of file + repository: '@local' + - name: mariadb-galera + version: ~4.x-0 + repository: '@local' diff --git a/kubernetes/vfc/values.yaml b/kubernetes/vfc/values.yaml index 00eae1edd2..7afa643e9f 100644 --- a/kubernetes/vfc/values.yaml +++ b/kubernetes/vfc/values.yaml @@ -18,6 +18,10 @@ global: msbPort: 80 dbServiceName: vfc-db dbPort: 3306 + dbUser: root + mariadbRootPassword: secretpassword + redisServiceName: vfc-redis + redisPort: 6379 persistence: mountPath: /dockerdata-nfs @@ -26,6 +30,25 @@ config: logstashServiceName: log-ls logstashPort: 5044 +mariadb-galera: + nameOverride: vfc-mariadb + service: + name: vfc-db + portName: vfc-db + nfsprovisionerPrefix: vfc + persistence: + mountSubPath: vfc/data + enabled: true + disableNfsProvisioner: true + +catalog: + config: + dbPodName: vfc-db + dbServiceName: vfc-db +nslcm: + config: + dbPodName: vfc-db + dbServiceName: vfc-db # sub-chart configuration vfc-workflow: service: |