summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docs/slave_nfs_node.sh2
-rw-r--r--kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat2
-rw-r--r--kubernetes/aai/components/aai-babel/values.yaml2
-rw-r--r--kubernetes/aai/components/aai-graphadmin/values.yaml6
-rw-r--r--kubernetes/aai/components/aai-modelloader/values.yaml2
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/application.properties5
-rw-r--r--kubernetes/aai/components/aai-resources/values.yaml6
-rw-r--r--kubernetes/aai/components/aai-schema-service/values.yaml6
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/application.properties3
-rw-r--r--kubernetes/aai/components/aai-traversal/values.yaml6
-rw-r--r--kubernetes/aai/values.yaml4
-rwxr-xr-xkubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh3
-rwxr-xr-xkubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh4
-rwxr-xr-xkubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh3
-rw-r--r--kubernetes/common/cassandra/resources/config/docker-entrypoint.sh2
-rw-r--r--kubernetes/common/cassandra/resources/restore.sh88
-rw-r--r--kubernetes/common/certInitializer/templates/job.yaml4
-rw-r--r--kubernetes/common/common/templates/_secret.tpl11
-rw-r--r--kubernetes/common/mariadb-galera/templates/statefulset.yaml17
-rw-r--r--kubernetes/common/mariadb-galera/values.yaml20
-rwxr-xr-xkubernetes/common/music/resources/config/startup.sh4
-rw-r--r--kubernetes/common/timescaledb/resources/init/init-schema.sh2
-rwxr-xr-xkubernetes/config/prepull_docker.sh4
-rwxr-xr-xkubernetes/contrib/components/ejbca/resources/ejbca-config.sh2
-rwxr-xr-xkubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh87
-rwxr-xr-xkubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh48
-rwxr-xr-xkubernetes/contrib/tools/check-for-staging-images.sh2
-rwxr-xr-xkubernetes/contrib/tools/rke/rke_setup.sh3
-rw-r--r--kubernetes/cps/components/cps-core/resources/config/application-helm.yml62
-rw-r--r--kubernetes/cps/components/cps-core/templates/deployment.yaml11
-rw-r--r--kubernetes/cps/components/cps-core/templates/serviceMonitor.yaml (renamed from kubernetes/cps/README.md)27
-rw-r--r--kubernetes/cps/components/cps-core/values.yaml81
-rw-r--r--kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml15
-rw-r--r--kubernetes/cps/components/cps-temporal/values.yaml15
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml12
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/resources/config/logback.xml36
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/templates/NOTES.txt39
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml23
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/templates/serviceMonitor.yaml23
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/values.yaml55
-rwxr-xr-xkubernetes/cps/values.yaml13
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml2
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml2
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml2
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml7
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml2
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml2
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml2
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml2
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml2
-rw-r--r--kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml2
-rw-r--r--kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml3
-rw-r--r--kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaemod/components/dcaemod-designtool/values.yaml6
-rw-r--r--kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml3
-rw-r--r--kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml6
-rw-r--r--kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml3
-rw-r--r--kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml6
-rw-r--r--kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml3
-rw-r--r--kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml5
-rw-r--r--kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml3
-rw-r--r--kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml6
-rw-r--r--kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml3
-rw-r--r--kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml6
-rw-r--r--kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml3
-rw-r--r--kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml6
-rwxr-xr-xkubernetes/helm/plugins/deploy/deploy.sh16
-rwxr-xr-xkubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh15
-rw-r--r--kubernetes/msb/components/msb-discovery/values.yaml2
-rw-r--r--kubernetes/msb/components/msb-eag/values.yaml2
-rw-r--r--kubernetes/msb/components/msb-iag/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/resources/config/healthy.sh2
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json3
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/resources/config/config.json66
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/values.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-api/resources/config/config.json3
-rwxr-xr-xkubernetes/policy/components/policy-api/values.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-distribution/resources/config/config.json31
-rwxr-xr-xkubernetes/policy/components/policy-distribution/values.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf8
-rw-r--r--kubernetes/policy/components/policy-drools-pdp/resources/configmaps/engine-system.properties45
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml8
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/values.yaml5
-rwxr-xr-xkubernetes/policy/components/policy-pap/resources/config/config.json14
-rwxr-xr-xkubernetes/policy/components/policy-pap/values.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/resources/config/config.json11
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/values.yaml2
-rwxr-xr-xkubernetes/policy/resources/config/db.sh6
-rw-r--r--kubernetes/policy/resources/config/db_migrator_policy_init.sh21
-rwxr-xr-xkubernetes/policy/templates/configmap.yaml3
-rwxr-xr-xkubernetes/policy/templates/job.yaml30
-rwxr-xr-xkubernetes/policy/values.yaml6
-rw-r--r--kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh554
-rwxr-xr-xkubernetes/robot/demo-k8s.sh253
-rwxr-xr-xkubernetes/robot/ete-k8s.sh2
-rwxr-xr-xkubernetes/robot/eteHelm-k8s.sh2
-rwxr-xr-xkubernetes/robot/instantiate-k8s.sh2
-rwxr-xr-xkubernetes/robot/scripts/etescript/hvves-etescript.sh36
-rwxr-xr-xkubernetes/robot/scripts/etescript/security-etescript.sh20
-rwxr-xr-xkubernetes/robot/scripts/etescript/vnfsdk-etescript.sh2
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh4
-rwxr-xr-xkubernetes/sdnc/resources/config/bin/createLinks.sh7
-rwxr-xr-xkubernetes/sdnc/resources/config/bin/installSdncDb.sh7
-rwxr-xr-xkubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh2
-rwxr-xr-xkubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh2
-rwxr-xr-xkubernetes/so/components/soHelpers/values.yaml2
-rwxr-xr-xkubernetes/so/requirements.yaml3
-rwxr-xr-xkubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh6
-rwxr-xr-xkubernetes/so/values.yaml21
-rw-r--r--tox.ini3
117 files changed, 1148 insertions, 946 deletions
diff --git a/docs/slave_nfs_node.sh b/docs/slave_nfs_node.sh
index fb2e230b7a..1035ff5ad6 100644
--- a/docs/slave_nfs_node.sh
+++ b/docs/slave_nfs_node.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
usage () {
echo "Usage:"
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
index 84bd723aad..298274ed0f 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
@@ -62,7 +62,7 @@ so@so.onap.org|sdc-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|roo
so@so.onap.org|sdnc-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'localhost', 'sdnc-simulator'}|aaf_admin@osaaf.org|{'pkcs12'}
so@so.onap.org|so-apih|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30|{'mso-asdc-controller-svc', 'mso-bpmn-infra-svc', 'mso-catalog-db-adapter-svc', 'mso-openstack-adapter-svc', 'mso-request-db-adapter-svc', 'mso-sdnc-adapter-svc'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
so@so.onap.org|so-client|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30||mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-so@so.onap.org|so|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so.api.simpledemo.onap.org', 'so.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
+so@so.onap.org|so|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so.api.simpledemo.onap.org', 'so.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12', 'script'}
so@so.onap.org|so-vnfm-adapter|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so-vnfm-adapter', 'so-vnfm-adapter.onap'}|aaf_admin@osaaf.org|{'pkcs12'}
so@so.onap.org|so-vnfm-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so-vnfm-simulator', 'so-vnfm-simulator.onap'}|aaf_admin@osaaf.org|{'pkcs12'}
tester1@test.portal.onap.org|tester1|aaf|/||mailto:|org.onap.portal.test|root|30||@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml
index 74c79ec05e..14a2993c2a 100644
--- a/kubernetes/aai/components/aai-babel/values.yaml
+++ b/kubernetes/aai/components/aai-babel/values.yaml
@@ -24,7 +24,7 @@ global: {}
#################################################################
# application image
-image: onap/babel:1.8.0
+image: onap/babel:1.9.1
flavor: small
flavorOverride: small
diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml
index 89c4b024d6..cdbef0dd8a 100644
--- a/kubernetes/aai/components/aai-graphadmin/values.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/values.yaml
@@ -78,11 +78,11 @@ global: # global defaults
version:
# Current version of the REST API
api:
- default: v21
+ default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24
# Specifies from which version related link should appear
related:
link: v11
@@ -119,7 +119,7 @@ global: # global defaults
# application image
-image: onap/aai-graphadmin:1.8.0
+image: onap/aai-graphadmin:1.9.1
pullPolicy: Always
restartPolicy: Always
flavor: small
diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml
index c0806fea0d..96780757c0 100644
--- a/kubernetes/aai/components/aai-modelloader/values.yaml
+++ b/kubernetes/aai/components/aai-modelloader/values.yaml
@@ -21,7 +21,7 @@ global: # global defaults
# application image
-image: onap/model-loader:1.8.0
+image: onap/model-loader:1.9.1
pullPolicy: Always
restartPolicy: Always
flavor: small
diff --git a/kubernetes/aai/components/aai-resources/resources/config/application.properties b/kubernetes/aai/components/aai-resources/resources/config/application.properties
index 2891e0385f..78a07f2a0f 100644
--- a/kubernetes/aai/components/aai-resources/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-resources/resources/config/application.properties
@@ -27,8 +27,9 @@ spring.jersey.type=filter
spring.main.allow-bean-definition-overriding=true
server.servlet.context-path=/
-spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
-spring.profiles.active={{ .Values.global.config.profiles.active }}{{ .Values.global.aafEnabled | ternary ",aaf-auth" "" }}
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration
+
+spring.profiles.active={{ .Values.global.config.profiles.active }}{{ .Values.global.aafEnabled | ternary ",aaf-auth" "" }}
spring.jersey.application-path=${schema.uri.base.path}
#The max number of active threads in this pool
server.tomcat.max-threads=200
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index e244e76753..42692dd544 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -77,11 +77,11 @@ global: # global defaults
version:
# Current version of the REST API
api:
- default: v21
+ default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24
# Specifies from which version related link should appear
related:
link: v11
@@ -157,7 +157,7 @@ certInitializer:
chown -R 1000 {{ .Values.credsPath }}
# application image
-image: onap/aai-resources:1.8.2
+image: onap/aai-resources:1.9.1
pullPolicy: Always
restartPolicy: Always
flavor: small
diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml
index 8a7d17f8dc..18ef89f1fd 100644
--- a/kubernetes/aai/components/aai-schema-service/values.yaml
+++ b/kubernetes/aai/components/aai-schema-service/values.yaml
@@ -40,11 +40,11 @@ global: # global defaults
version:
# Current version of the REST API
api:
- default: v23
+ default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24
# Specifies from which version related link should appear
related:
link: v11
@@ -74,7 +74,7 @@ global: # global defaults
- aai_keystore
# application image
-image: onap/aai-schema-service:1.8.6
+image: onap/aai-schema-service:1.9.1
pullPolicy: Always
restartPolicy: Always
flavorOverride: small
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties
index 54bb1c4afd..24a5241fe2 100644
--- a/kubernetes/aai/components/aai-traversal/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties
@@ -27,8 +27,7 @@ spring.jersey.type=filter
spring.main.allow-bean-definition-overriding=true
server.servlet.context-path=/
-spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration
spring.profiles.active={{ .Values.global.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }}
spring.jersey.application-path=${schema.uri.base.path}
#The max number of active threads in this pool
diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
index fc4ff7a983..70f3e9e6a7 100644
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -84,11 +84,11 @@ global: # global defaults
version:
# Current version of the REST API
api:
- default: v21
+ default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24
# Specifies from which version related link should appear
related:
link: v11
@@ -140,7 +140,7 @@ certInitializer:
chown -R 1000 {{ .Values.credsPath }}
# application image
-image: onap/aai-traversal:1.8.0
+image: onap/aai-traversal:1.9.1
pullPolicy: Always
restartPolicy: Always
flavor: small
diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
index 684e592d30..1122d63dab 100644
--- a/kubernetes/aai/values.yaml
+++ b/kubernetes/aai/values.yaml
@@ -230,11 +230,11 @@ global: # global defaults
version:
# Current version of the REST API
api:
- default: v23
+ default: v24
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24
# Specifies from which version related link should appear
related:
link: v11
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh
index f2675b0404..424074aa8c 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh
@@ -1,4 +1,5 @@
-#!/bin/bash -x
+#!/bin/sh -x
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
index 97df772ba7..789f1b38a1 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
@@ -1,6 +1,6 @@
-#!/bin/bash -x
-{{/*
+#!/bin/sh -x
+{{/*
###
# ============LICENSE_START=======================================================
# APPC
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh
index 29761a0200..7257d186e6 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh
@@ -1,4 +1,5 @@
-#!/bin/bash
+#!/bin/sh
+
{{/*
###
diff --git a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
index 2d30f2e068..4dcebc8883 100644
--- a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
+++ b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
set -e
diff --git a/kubernetes/common/cassandra/resources/restore.sh b/kubernetes/common/cassandra/resources/restore.sh
index 7f271d262f..0df2d79fc6 100644
--- a/kubernetes/common/cassandra/resources/restore.sh
+++ b/kubernetes/common/cassandra/resources/restore.sh
@@ -20,25 +20,25 @@ find_target_table_name ()
print_usage ()
{
- echo "NAME"
- echo " Script to restore Cassandra database from Nuvo/Cain snapshot"
- echo "SYNOPSIS"
- echo " $me [--help|-h] [--base_db_dir|-b] [--snapshot_dir|-s] [--keyspace|-k] [--tag|-t]"
- echo " MUST OPTIONS: base_db_dir, snapshot_dir, keyspace_name"
- echo "DESCRIPTION"
- echo " --base_db_dir, -b"
- echo " Location of running Cassandra database"
- echo " --snapshot_dir, -s"
- echo " Snapshot location of Cassandra database taken by Nuvo/Cain"
- echo " --keyspace, -k"
- echo " Name of the keyspace to restore"
- echo "EXAMPLE"
- echo " $me -b /var/lib/cassandra/data -s /root/data.ss -k DISCOVERY_SERVER -t 1234567"
- exit
+ echo "NAME"
+ echo " Script to restore Cassandra database from Nuvo/Cain snapshot"
+ echo "SYNOPSIS"
+ echo " $me [--help|-h] [--base_db_dir|-b] [--snapshot_dir|-s] [--keyspace|-k] [--tag|-t]"
+ echo " MUST OPTIONS: base_db_dir, snapshot_dir, keyspace_name"
+ echo "DESCRIPTION"
+ echo " --base_db_dir, -b"
+ echo " Location of running Cassandra database"
+ echo " --snapshot_dir, -s"
+ echo " Snapshot location of Cassandra database taken by Nuvo/Cain"
+ echo " --keyspace, -k"
+ echo " Name of the keyspace to restore"
+ echo "EXAMPLE"
+ echo " $me -b /var/lib/cassandra/data -s /root/data.ss -k DISCOVERY_SERVER -t 1234567"
+ exit
}
if [ $# -eq 0 ]
then
- print_usage
+ print_usage
fi
while [ $# -gt 0 ]
@@ -47,40 +47,40 @@ key="$1"
shift
case $key in
- -h|--help)
- print_usage
- ;;
- -b|--base_db_dir)
- base_db_dir="$1"
- shift
- ;;
- -s|--snapshot_dir)
- ss_dir="$1"
- shift
- ;;
- -k|--keyspace)
- keyspace_name="$1"
- ;;
- -t|--tag)
- tag_name="$1"
- ;;
- --default)
- DEFAULT=YES
- shift
- ;;
- *)
- # unknown option
- ;;
+ -h|--help)
+ print_usage
+ ;;
+ -b|--base_db_dir)
+ base_db_dir="$1"
+ shift
+ ;;
+ -s|--snapshot_dir)
+ ss_dir="$1"
+ shift
+ ;;
+ -k|--keyspace)
+ keyspace_name="$1"
+ ;;
+ -t|--tag)
+ tag_name="$1"
+ ;;
+ --default)
+ DEFAULT=YES
+ shift
+ ;;
+ *)
+ # unknown option
+ ;;
esac
done
# Validate inputs
if [ "$base_db_dir" = "" ] || [ "$ss_dir" = "" ] || [ "$keyspace_name" = "" ]
then
- echo ""
- echo ">>>>>>>>>>Not all inputs provided, please check usage >>>>>>>>>>"
- echo ""
- print_usage
+ echo ""
+ echo ">>>>>>>>>>Not all inputs provided, please check usage >>>>>>>>>>"
+ echo ""
+ print_usage
fi
# Remove commit logs from current data dir
diff --git a/kubernetes/common/certInitializer/templates/job.yaml b/kubernetes/common/certInitializer/templates/job.yaml
index 331a58c310..2acb423511 100644
--- a/kubernetes/common/certInitializer/templates/job.yaml
+++ b/kubernetes/common/certInitializer/templates/job.yaml
@@ -20,12 +20,13 @@ kind: Job
{{- $suffix := "set-tls-secret" }}
metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
spec:
+ backoffLimit: 20
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers: {{ include "common.certInitializer.initContainer" (dict "dot" . "initRoot" .Values) | nindent 6 }}
containers:
- - name: create tls secret
+ - name: create-tls-secret
command:
- /ingress/onboard.sh
image: {{ include "repositoryGenerator.image.kubectl" . }}
@@ -41,4 +42,5 @@ spec:
configMap:
name: {{ include "common.fullname" . }}-ingress
defaultMode: 0777
+ restartPolicy: Never
{{- end}}
diff --git a/kubernetes/common/common/templates/_secret.tpl b/kubernetes/common/common/templates/_secret.tpl
index 2490debffb..9d284de500 100644
--- a/kubernetes/common/common/templates/_secret.tpl
+++ b/kubernetes/common/common/templates/_secret.tpl
@@ -193,7 +193,7 @@ type: Opaque
{{- $entry := dict }}
{{- $uid := tpl (default "" $secret.uid) $global }}
{{- $keys := keys $secret }}
- {{- range $key := (without $keys "annotations" "filePaths" )}}
+ {{- range $key := (without $keys "annotations" "filePaths" "envs" )}}
{{- $_ := set $entry $key (tpl (index $secret $key) $global) }}
{{- end }}
{{- if $secret.annotations }}
@@ -213,12 +213,21 @@ type: Opaque
{{- $_ := set $entry "filePaths" $secret.filePaths }}
{{- end }}
{{- end }}
+ {{- if $secret.envs }}
+ {{- $envsCache := (list) }}
+ {{- range $env := $secret.envs }}
+ {{- $tplValue := tpl (default "" $env.value) $global }}
+ {{- $envsCache = append $envsCache (dict "name" $env.name "policy" $env.policy "value" $tplValue) }}
+ {{- end }}
+ {{- $_ := set $entry "envs" $envsCache }}
+ {{- end }}
{{- $realName := default (include "common.secret.genNameFast" (dict "global" $global "uid" $uid "name" $entry.name) ) $entry.externalSecret }}
{{- $_ := set $entry "realName" $realName }}
{{- $_ := set $secretCache $uid $entry }}
{{- end }}
{{- $_ := set $global.Values "_secretsCache" $secretCache }}
{{- end }}
+
{{- end -}}
{{/*
diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
index 9227e182b6..bb3af76115 100644
--- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml
+++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
@@ -1,5 +1,6 @@
{{/*
-# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2018 Amdocs
+# Copyright © 2018,2021 Bell Canada
# Copyright © 2019 Samsung Electronics
# Copyright © 2019-2020 Orange
# Copyright © 2020 Bitnami
@@ -202,14 +203,20 @@ spec:
httpGet:
path: /metrics
port: metrics
- initialDelaySeconds: 30
- timeoutSeconds: 5
+ initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }}
readinessProbe:
httpGet:
path: /metrics
port: metrics
- initialDelaySeconds: 5
- timeoutSeconds: 1
+ initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }}
{{ include "common.containerSecurityContext" . | indent 10 | trim }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index ed9977acd9..bc9273f41f 100644
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2018 Amdocs
+# Copyright © 2018,2021 Bell Canada
# Copyright © 2019 Samsung Electronics
# Copyright © 2020 Bitnami, Orange
#
@@ -560,6 +561,23 @@ metrics:
requests:
cpu: 0.5
memory: 256Mi
+ ## MariaDB Galera metrics container's liveness and readiness probes
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+ ##
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 3
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 3
## MySQL Prometheus exporter service parameters
##
service:
diff --git a/kubernetes/common/music/resources/config/startup.sh b/kubernetes/common/music/resources/config/startup.sh
index e3cee36f1f..eb84b084d0 100755
--- a/kubernetes/common/music/resources/config/startup.sh
+++ b/kubernetes/common/music/resources/config/startup.sh
@@ -1,6 +1,6 @@
-#!/bin/bash
+#!/bin/sh
+
{{/*
-#
# ============LICENSE_START==========================================
# org.onap.music
# ===================================================================
diff --git a/kubernetes/common/timescaledb/resources/init/init-schema.sh b/kubernetes/common/timescaledb/resources/init/init-schema.sh
index ab83cffae2..9cc0f5ff9f 100644
--- a/kubernetes/common/timescaledb/resources/init/init-schema.sh
+++ b/kubernetes/common/timescaledb/resources/init/init-schema.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# ============LICENSE_START=======================================================
# Copyright (c) 2021 Bell Canada.
diff --git a/kubernetes/config/prepull_docker.sh b/kubernetes/config/prepull_docker.sh
index efd0bd14d3..596ace6ad5 100755
--- a/kubernetes/config/prepull_docker.sh
+++ b/kubernetes/config/prepull_docker.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
#function to provide help
#desc: this function provide help menu
@@ -110,7 +110,7 @@ do
#remove attional prefix and postfix
imageNameFinal=`echo "$imageName" | sed -e 's/^"//' -e 's/"$//' `
- #check if line contain Version as a subtag in lines if yes then call docker pull with version
+ #check if line contain Version as a subtag in lines if yes then call docker pull with version
if echo $line | grep -q $IMAGE_VERSION_TEXT ; then
echo docker pull "$imageNameWithVersion":"$imageNameFinal"
docker pull $imageNameWithVersion:$imageNameFinal &
diff --git a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
index 2c672e2f07..94c95d6c30 100755
--- a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
+++ b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
waitForEjbcaToStart() {
until $(curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth --output /dev/null --silent --head --fail)
diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh
index 460c046632..3c66feeb46 100755
--- a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh
+++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh
@@ -1,4 +1,4 @@
-#!/bin/bash -e
+#!/bin/sh -e
# Copyright 2020 Samsung Electronics Co., Ltd.
#
@@ -24,23 +24,24 @@ SPATH="$( dirname "$( which "$0" )" )"
usage() {
cat << ==usage
$0 [cluster_domain] [lb_ip] [helm_chart_args] ...
- [cluster_domain] Default value simpledemo.onap.org
- [lb_ip] Default value LoadBalancer IP
- [helm_chart_args] ... Optional arguments passed to helm install command
+ [cluster_domain] Default value simpledemo.onap.org
+ [lb_ip] Default value LoadBalancer IP
+ [helm_chart_args] ... Optional arguments passed to helm install command
$0 --help This message
$0 --info Display howto configure target machine
==usage
}
-target_machine_notice_info() {
+target_machine_notice_info()
+{
cat << ==infodeploy
Extra DNS server already deployed:
1. You can add the DNS server to the target machine using following commands:
- sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT
- sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT
- sudo sysctl -w net.ipv4.conf.all.route_localnet=1
- sudo sysctl -w net.ipv4.ip_forward=1
+ sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT
+ sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT
+ sudo sysctl -w net.ipv4.conf.all.route_localnet=1
+ sudo sysctl -w net.ipv4.ip_forward=1
2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine
==infodeploy
}
@@ -48,51 +49,51 @@ Extra DNS server already deployed:
list_node_with_external_addrs()
{
- local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
- for worker in $WORKER_NODES; do
- local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
- local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
- if [ $internal_ip != $external_ip ]; then
- echo $external_ip
- break
- fi
- done
+ local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
+ for worker in $WORKER_NODES; do
+ local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
+ local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
+ if [ $internal_ip != $external_ip ]; then
+ echo $external_ip
+ break
+ fi
+ done
}
ingress_controller_ip() {
- local metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system)
- if [ -z $metal_ns ]; then
- echo $CLUSTER_IP
- else
- list_node_with_external_addrs
- fi
+ local metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system)
+ if [ -z $metal_ns ]; then
+ echo $CLUSTER_IP
+ else
+ list_node_with_external_addrs
+ fi
}
deploy() {
- local ingress_ip=$(ingress_controller_ip)
- initdir = $(pwd)
- cd $SPATH/bind9dns
- if [ $# -eq 0 ]; then
- local cl_domain="simpledemo.onap.org"
- else
- local cl_domain=$1
- shift
- fi
- if [ $# -ne 0 ]; then
- ingress_ip=$1
- shift
- fi
- helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@
- cd $initdir
- target_machine_notice_info
+ local ingress_ip=$(ingress_controller_ip)
+ initdir = $(pwd)
+ cd $SPATH/bind9dns
+ if [ $# -eq 0 ]; then
+ local cl_domain="simpledemo.onap.org"
+ else
+ local cl_domain=$1
+ shift
+ fi
+ if [ $# -ne 0 ]; then
+ ingress_ip=$1
+ shift
+ fi
+ helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@
+ cd $initdir
+ target_machine_notice_info
}
if [ $# -eq 1 ] && [ "$1" = "-h" ]; then
- usage
+ usage
elif [ $# -eq 1 ] && [ "$1" = "--help" ]; then
- usage
+ usage
elif [ $# -eq 1 ] && [ "$1" = "--info" ]; then
target_machine_notice_info
else
- deploy $@
+ deploy $@
fi
diff --git a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh
index bf2bc121a7..c62e2a51bd 100755
--- a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh
+++ b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh
@@ -1,4 +1,5 @@
-#!/bin/bash -e
+#!/bin/sh -e
+
#
# Copyright 2020 Samsung Electronics Co., Ltd.
#
@@ -15,7 +16,8 @@
# limitations under the License.
#
-usage() {
+usage()
+{
cat << ==usage
$0 Automatic configuration using external addresess from nodes
$0 --help This message
@@ -27,14 +29,14 @@ $0 [cluster_ip1] ... [cluster_ipn] Cluster address or ip ranges
find_nodes_with_external_addrs()
{
- local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
- for worker in $WORKER_NODES; do
- local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
- local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
- if [ $internal_ip != $external_ip ]; then
- echo $external_ip
- fi
- done
+ local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
+ for worker in $WORKER_NODES; do
+ local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
+ local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
+ if [ $internal_ip != $external_ip ]; then
+ echo $external_ip
+ fi
+ done
}
generate_config_map()
@@ -56,32 +58,32 @@ CNFEOF
}
generate_config_from_single_addr() {
- generate_config_map "$1 - $1"
+ generate_config_map "$1 - $1"
}
install_metallb() {
- kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/namespace.yaml
- kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/metallb.yaml
- # Only when install
- kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
+ kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/namespace.yaml
+ kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/metallb.yaml
+ # Only when install
+ kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
}
automatic_configuration() {
- install_metallb
- generate_config_from_single_addr $(find_nodes_with_external_addrs)
+ install_metallb
+ generate_config_from_single_addr $(find_nodes_with_external_addrs)
}
manual_configuration() {
- install_metallb
- generate_config_map $@
+ install_metallb
+ generate_config_map $@
}
if [ $# -eq 1 ] && [ "$1" = "-h" ]; then
- usage
+ usage
if [ $# -eq 1 ] && [ "$1" = "--help" ]; then
- usage
+ usage
elif [ $# -eq 0 ]; then
- automatic_configuration
+ automatic_configuration
else
- manual_configuration $@
+ manual_configuration $@
fi
diff --git a/kubernetes/contrib/tools/check-for-staging-images.sh b/kubernetes/contrib/tools/check-for-staging-images.sh
index 543e918cfa..9705ee6ea8 100755
--- a/kubernetes/contrib/tools/check-for-staging-images.sh
+++ b/kubernetes/contrib/tools/check-for-staging-images.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Copyright © 2020 Samsung Electronics
#
diff --git a/kubernetes/contrib/tools/rke/rke_setup.sh b/kubernetes/contrib/tools/rke/rke_setup.sh
index 2ee123b36a..a8938a96ee 100755
--- a/kubernetes/contrib/tools/rke/rke_setup.sh
+++ b/kubernetes/contrib/tools/rke/rke_setup.sh
@@ -1,4 +1,5 @@
-#!/bin/bash
+#!/bin/sh
+
#############################################################################
# Copyright © 2019 Bell.
#
diff --git a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
index f181b82fec..0bc7d5bccb 100644
--- a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
@@ -16,25 +16,7 @@
# limitations under the License.
*/}}
-server:
- port: 8080
-
-rest:
- api:
- cps-base-path: /cps/api
- xnf-base-path: /cps-nf-proxy/api
-
spring:
- main:
- banner-mode: "off"
- jpa:
- ddl-auto: create
- open-in-view: false
- properties:
- hibernate:
- enable_lazy_load_no_trans: true
- dialect: org.hibernate.dialect.PostgreSQLDialect
-
datasource:
url: jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }}
username: ${DB_USERNAME}
@@ -42,46 +24,32 @@ spring:
driverClassName: org.postgresql.Driver
initialization-mode: always
- cache:
- type: caffeine
- cache-names: yangSchema
- caffeine:
- spec: maximumSize=10000,expireAfterAccess=10m
-
liquibase:
change-log: classpath:changelog/changelog-master.yaml
labels: {{ .Values.config.liquibaseLabels }}
security:
- # comma-separated uri patterns which do not require authorization
- permit-uri: /manage/health/**,/manage/info,/swagger-ui/**,/swagger-resources/**,/v3/api-docs
- auth:
- username: ${CPS_USERNAME}
- password: ${CPS_PASSWORD}
-
-# Actuator
-management:
- endpoints:
- web:
- base-path: /manage
- exposure:
- include: info,health,loggers
- endpoint:
- health:
- show-details: always
- # kubernetes probes: liveness and readiness
- probes:
- enabled: true
- loggers:
- enabled: true
-
+ # comma-separated uri patterns which do not require authorization
+ permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/api-docs
+ auth:
+ username: ${CPS_USERNAME}
+ password: ${CPS_PASSWORD}
logging:
level:
org:
springframework: {{ .Values.logging.level }}
+dmi:
+ auth:
+ username: ${DMI_USERNAME}
+ password: ${DMI_PASSWORD}
+
+{{- if .Values.config.eventPublisher }}
+{{ toYaml .Values.config.eventPublisher | nindent 2 }}
+{{- end }}
+
{{- if .Values.config.additional }}
{{ toYaml .Values.config.additional | nindent 2 }}
{{- end }}
-
# Last empty line is required otherwise the last property will be missing from application.yml file in the pod.
+
diff --git a/kubernetes/cps/components/cps-core/templates/deployment.yaml b/kubernetes/cps/components/cps-core/templates/deployment.yaml
index 2047a39497..e6ee161feb 100644
--- a/kubernetes/cps/components/cps-core/templates/deployment.yaml
+++ b/kubernetes/cps/components/cps-core/templates/deployment.yaml
@@ -21,6 +21,12 @@ kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
selector: {{- include "common.selectors" . | nindent 4 }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
@@ -47,6 +53,11 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
- name: CPS_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
+ - name: DMI_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "login") | indent 12 }}
+ - name: DMI_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "password") | indent 12 }}
+
volumeMounts:
- mountPath: /config-input
name: init-data-input
diff --git a/kubernetes/cps/README.md b/kubernetes/cps/components/cps-core/templates/serviceMonitor.yaml
index 876da2ca57..a49a662aed 100644
--- a/kubernetes/cps/README.md
+++ b/kubernetes/cps/components/cps-core/templates/serviceMonitor.yaml
@@ -1,22 +1,23 @@
-# ============LICENSE_START==========================================
-# ===================================================================
-# Copyright (C) 2021 Pantheon.tech
-#
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-#============LICENSE_END============================================
-
-# Helm Chart for CPS Applications
-
-ONAP Configuration Persistence Service (CPS) includes the following Kubernetes services:
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
-1) cps-core - Configuration Persistence Service together with Nf Configuration Persistence Service \ No newline at end of file
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml
index ae8bccd2a8..4f788e7977 100644
--- a/kubernetes/cps/components/cps-core/values.yaml
+++ b/kubernetes/cps/components/cps-core/values.yaml
@@ -17,15 +17,15 @@
#################################################################
secrets:
- uid: pg-root-pass
- name: &pgRootPassSecretName '{{ include "common.release" . }}-cps-pg-root-pass'
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-cps-core-pg-root-pass'
type: password
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "cps-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "cps-core-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
password: '{{ .Values.postgres.config.pgRootpassword }}'
policy: generate
- uid: pg-user-creds
- name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-pg-user-creds'
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-core-pg-user-creds'
type: basicAuth
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "cps-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "cps-core-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
login: '{{ .Values.postgres.config.pgUserName }}'
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
@@ -35,6 +35,12 @@ secrets:
login: '{{ .Values.config.appUserName }}'
password: '{{ .Values.config.appUserPassword }}'
passwordPolicy: generate
+ - uid: dmi-plugin-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.dmiPluginUserExternalSecret) . }}'
+ login: '{{ .Values.config.dmiPluginUserName }}'
+ password: '{{ .Values.config.dmiPluginUserPassword }}'
+ passwordPolicy: generate
#################################################################
# Global configuration defaults.
@@ -47,8 +53,9 @@ global:
virtualhost:
baseurl: "simpledemo.onap.org"
-image: onap/cps-and-nf-proxy:1.0.1
+image: onap/cps-and-ncmp:2.0.0
containerPort: &svc_port 8080
+managementPort: &mgt_port 8081
service:
type: ClusterIP
@@ -56,6 +63,24 @@ service:
ports:
- name: &port http
port: *svc_port
+ - name: management
+ port: *mgt_port
+ targetPort: *mgt_port
+
+prometheus:
+ enabled: true
+
+metrics:
+ serviceMonitor:
+ enabled: true
+ port: management
+ ## specify target port if name is not given to the port in the service definition
+ ##
+ # targetPort: 8080
+ path: /manage/prometheus
+ interval: 60s
+ basicAuth:
+ enabled: false
pullPolicy: Always
# flag to enable debugging - application support required
@@ -91,13 +116,13 @@ liveness:
# in debugger so K8s doesn't restart unresponsive container
enabled: true
path: /manage/health
- port: *port
+ port: *mgt_port
readiness:
initialDelaySeconds: 15
periodSeconds: 15
path: /manage/health
- port: *port
+ port: *mgt_port
ingress:
enabled: true
@@ -130,13 +155,31 @@ config:
spring:
profile: helm
#appUserPassword:
-
+ dmiPluginUserName: dmiuser
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format insead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
+ eventPublisher:
+ spring.kafka.bootstrap-servers: message-router-kafka:9092
+ spring.kafka.security.protocol: SASL_PLAINTEXT
+ spring.kafka.properties.sasl.mechanism: PLAIN
+ spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=admin_secret;
+ spring.kafka.producer.client-id: cps-core
+
+ additional:
+ notification.data-updated.enabled: true
+ notification.data-updated.topic: cps.data-updated-events
+ notification.data-updated.filters.enabled-dataspaces: ""
+ notification.async.enabled: false
+ notification.async.executor.core-pool-size: 2
+ notification.async.executor.max-pool-size: 1
+ notification.async.executor.queue-capacity: 500
+ notification.async.executor.wait-for-tasks-to-complete-on-shutdown: true
+ notification.async.executor.thread-name-prefix: Async-
+
logging:
level: INFO
path: /tmp
@@ -145,18 +188,18 @@ logging:
# Postgres overriding defaults in the postgres
#################################################################
postgres:
- nameOverride: &postgresName cps-postgres
+ nameOverride: &postgresName cps-core-postgres
service:
name: *postgresName
- name2: cps-pg-primary
- name3: cps-pg-replica
+ name2: cps-core-pg-primary
+ name3: cps-core-pg-replica
container:
name:
- primary: cps-pg-primary
- replica: cps-pg-replica
+ primary: cps-core-pg-primary
+ replica: cps-core-pg-replica
persistence:
- mountSubPath: cps/data
- mountInitPath: cps
+ mountSubPath: cps-core/data
+ mountInitPath: cps-core
config:
pgUserName: cps
pgDatabase: cpsdb
@@ -165,4 +208,10 @@ postgres:
readinessCheck:
wait_for:
- - cps-postgres
+ - *postgresName
+
+minReadySeconds: 10
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
diff --git a/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml b/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml
index 6654b26556..32ae51b51a 100644
--- a/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml
@@ -23,23 +23,18 @@ spring:
url: jdbc:postgresql://{{ .Values.timescaledb.service.name }}:5432/{{ .Values.timescaledb.config.pgDatabase }}
username: ${DB_USERNAME}
password: ${DB_PASSWORD}
- kafka:
- bootstrap-servers: [{{ .Values.config.kafka.service }}:{{ .Values.config.kafka.port }}]
- security:
- protocol: {{ .Values.config.kafka.protocol }}
- consumer:
- group-id: {{ .Values.config.kafka.consumerGroupId }}
security:
auth:
username: ${APP_USERNAME}
password: ${APP_PASSWORD}
-app:
- listener:
- data-updated:
- topic: {{ .Values.config.kafka.listenerTopic }}
+# Event consumption properties (kafka)
+{{- if .Values.config.eventConsumption }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
+{{- end }}
+# Additional properties
{{- if .Values.config.additional }}
{{ toYaml .Values.config.additional | nindent 2 }}
{{- end }}
diff --git a/kubernetes/cps/components/cps-temporal/values.yaml b/kubernetes/cps/components/cps-temporal/values.yaml
index 6874fa2ff0..da055d0242 100644
--- a/kubernetes/cps/components/cps-temporal/values.yaml
+++ b/kubernetes/cps/components/cps-temporal/values.yaml
@@ -140,19 +140,20 @@ config:
profile: helm
#appUserPassword:
+ # Event consumption (kafka) properties
+ # All Kafka properties must be in "key: value" format instead of yaml.
+ eventConsumption:
+ spring.kafka.bootstrap-servers: message-router-kafka:9092
+ spring.kafka.security.protocol: PLAINTEXT
+ spring.kafka.consumer.group-id: cps-temporal-group
+ app.listener.data-updated.topic: cps.data-updated-events
+
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
- kafka:
- service: message-router-kafka
- port: 9092
- listenerTopic: cps.cfg-state-events
- consumerGroupId: cps-temporal-group
- protocol: PLAINTEXT
-
logging:
level: INFO
path: /tmp
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml
index d388823f9e..2e5018807c 100644
--- a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml
@@ -18,19 +18,19 @@
# ============LICENSE_END=========================================================
*/}}
-server:
- port: 8080
+dmi:
+ service:
+ name: {{ .Values.config.dmiServiceName }}
cps-core:
- baseUrl: http://${CPS_CORE_HOST:cps}:${CPS_CORE_PORT:8080}
- dmiRegistrationUrl : /cps-ncmp/api/ncmp-dmi/v1/ch
+ baseUrl: {{ .Values.config.cpsCore.url }}
auth:
username: ${CPS_CORE_USERNAME}
password: ${CPS_CORE_PASSWORD}
sdnc:
- baseUrl: http://${SDNC_HOST:sdnc}:${SDNC_PORT:8181}
- topologyId: ${SDNC_TOPOLOGY_ID:topology-netconf}
+ baseUrl: {{ .Values.config.sdnc.url }}
+ topologyId: {{ .Values.config.sdnc.topologyId }}
auth:
username: ${SDNC_USERNAME}
password: ${SDNC_PASSWORD}
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/logback.xml b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/logback.xml
deleted file mode 100644
index 2a62c86e77..0000000000
--- a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/logback.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
- ============LICENSE_START=======================================================
- Copyright (C) 2021 Nordix Foundation
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- SPDX-License-Identifier: Apache-2.0
- ============LICENSE_END=========================================================
--->
-
-<configuration scan="true" scanPeriod="30 seconds" debug="false">
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <pattern>%d - %highlight(%-5level) [%-20.20thread] %cyan(%logger{36}) - %msg%n</pattern>
- </encoder>
- </appender>
- <appender name="AsyncSysOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="STDOUT" />
- </appender>
-
- <root level="INFO">
- <appender-ref ref="AsyncSysOut" />
- </root>
-
-</configuration>
-
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/NOTES.txt b/kubernetes/cps/components/ncmp-dmi-plugin/templates/NOTES.txt
deleted file mode 100644
index 66f5302a11..0000000000
--- a/kubernetes/cps/components/ncmp-dmi-plugin/templates/NOTES.txt
+++ /dev/null
@@ -1,39 +0,0 @@
-# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- export SERVICE_PORT=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.spec.ports[0].port}')
- echo http://$SERVICE_IP:$SERVICE_PORT
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- export POD_PORT=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].spec.containers[0].ports[0].containerPort}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:$POD_PORT
-{{- end }}
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml
index d2fd5c9c49..3d154dba64 100644
--- a/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml
@@ -23,18 +23,18 @@ kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
selector: {{- include "common.selectors" . | nindent 4 }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "common.name" . }}
app.kubernetes.io/instance: {{ include "common.release" . }}
- {{- if .Values.prometheus.enabled }}
- annotations:
- prometheus.io/scrape: "true"
- prometheus.io/path: 'manage/prometheus'
- prometheus.io/port: {{ .Values.managementPort | quote }}
- {{- end }}
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim}}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
@@ -49,17 +49,17 @@ spec:
- "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: DMI_PLUGIN_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "user-creds" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
- name: DMI_PLUGIN_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "user-creds" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
- name: SDNC_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "login") | indent 12 }}
- name: SDNC_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "password") | indent 12 }}
- name: CPS_CORE_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "core-creds" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-core-creds" "key" "login") | indent 12 }}
- name: CPS_CORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "core-creds" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-core-creds" "key" "password") | indent 12 }}
volumeMounts:
- mountPath: /config-input
name: init-data-input
@@ -101,9 +101,6 @@ spec:
- mountPath: /app/resources/application-helm.yml
subPath: application-helm.yml
name: init-data
- - mountPath: /app/resources/logback.xml
- subPath: logback.xml
- name: init-data
- mountPath: /tmp
name: init-temp
volumes:
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/serviceMonitor.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/templates/serviceMonitor.yaml
new file mode 100644
index 0000000000..a49a662aed
--- /dev/null
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/templates/serviceMonitor.yaml
@@ -0,0 +1,23 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml
index 245a5d7048..3f40a79b84 100644
--- a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml
@@ -20,7 +20,7 @@
# Secrets.
#################################################################
secrets:
- - uid: user-creds
+ - uid: app-user-creds
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
login: '{{ .Values.config.appUserName }}'
@@ -29,14 +29,14 @@ secrets:
- uid: sdnc-creds
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
- login: '{{ .Values.config.sdncUser }}'
- password: '{{ .Values.config.sdncPassword }}'
+ login: '{{ .Values.config.sdnc.username }}'
+ password: '{{ .Values.config.sdnc.password }}'
passwordPolicy: required
- - uid: core-creds
+ - uid: cps-core-creds
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.coreCredsExternalSecret) . }}'
- login: '{{ .Values.config.coreUser }}'
- password: '{{ .Values.config.corePassword }}'
+ externalSecret: '{{ tpl (default "" .Values.config.cpsCore.credsExternalSecret) . }}'
+ login: '{{ .Values.config.cpsCore.username }}'
+ password: '{{ .Values.config.cpsCore.password }}'
passwordPolicy: generate
#################################################################
@@ -53,11 +53,10 @@ managementPort: &mgt_port 8081
prometheus:
enabled: true
- interval: 60s
service:
type: ClusterIP
- name: ncmp-dmi-plugin
+ name: &svc_name ncmp-dmi-plugin
ports:
- name: &port http
port: *svc_port
@@ -65,6 +64,18 @@ service:
port: *mgt_port
targetPort: *mgt_port
+metrics:
+ serviceMonitor:
+ enabled: true
+ port: management
+ ## specify target port if name is not given to the port in the service definition
+ ##
+ # targetPort: 8080
+ path: /manage/prometheus
+ interval: 60s
+ basicAuth:
+ enabled: false
+
pullPolicy: IfNotPresent
# flag to enable debugging - application support required
debugEnabled: false
@@ -112,7 +123,7 @@ ingress:
service:
- baseaddr: "ncmp-dmi-plugin"
path: "/"
- name: "ncmp-dmi-plugin"
+ name: *svc_name
port: *svc_port
serviceAccount:
@@ -132,14 +143,20 @@ config:
# REST API basic authentication credentials (passsword is generated if not provided)
appUserName: ncmpuser
+ #appUserPassword:
spring:
profile: helm
- #appUserPassword:
- sdncUser: admin
- sdncPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-
- coreUser: cpsuser
+ dmiServiceName: http://*svc_name:*svc_port
+ sdnc:
+ url: http://sdnc:8181
+ username: admin
+ password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ topologyId: topology-netconf
+ cpsCore:
+ url: http://cps-core:8080
+ username: cpsuser
+ #password:
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format insead of yaml.
@@ -154,4 +171,10 @@ logging:
readinessCheck:
wait_for:
- - cps-postgres
+ - cps-core
+
+minReadySeconds: 10
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
diff --git a/kubernetes/cps/values.yaml b/kubernetes/cps/values.yaml
index cda726d0d3..6093fa72fa 100755
--- a/kubernetes/cps/values.yaml
+++ b/kubernetes/cps/values.yaml
@@ -23,6 +23,13 @@ secrets:
login: '{{ .Values.config.coreUserName }}'
password: '{{ .Values.config.coreUserPassword }}'
passwordPolicy: generate
+ - uid: dmi-plugin-user-creds
+ name: &dmi-plugin-creds-secret '{{ include "common.release" . }}-cps-dmi-plugin-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.dmiPluginUserExternalSecret) . }}'
+ login: '{{ .Values.config.dmiPluginUserName }}'
+ password: '{{ .Values.config.dmiPluginUserPassword }}'
+ passwordPolicy: generate
passwordStrengthOverride: basic
global:
@@ -32,12 +39,14 @@ global:
config:
coreUserName: cpsuser
+ dmiPluginUserName: dmiuser
# Enable all CPS components by default
cps-core:
enabled: true
config:
appUserExternalSecret: *core-creds-secret
+ dmiPluginUserExternalSecret: *dmi-plugin-creds-secret
cps-temporal:
enabled: true
@@ -45,4 +54,6 @@ cps-temporal:
ncmp-dmi-plugin:
enabled: true
config:
- coreCredsExternalSecret: *core-creds-secret
+ appUserExternalSecret: *dmi-plugin-creds-secret
+ cpsCore:
+ credsExternalSecret: *core-creds-secret
diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml
index 2eb3e5ae00..9815bf7ed6 100644
--- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml
@@ -55,7 +55,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.components.bbs-event-processor:2.1.0
+image: onap/org.onap.dcaegen2.services.components.bbs-event-processor:2.1.1
pullPolicy: Always
# Log directory where logging sidecar should look for log files
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml
index d092b83937..faff44cc56 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml
@@ -49,7 +49,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.datalakeadminui:1.1.0
+image: onap/org.onap.dcaegen2.services.datalakeadminui:1.1.1
# Log directory where logging sidecar should look for log files
# if absent, no sidecar will be deployed
diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
index 09637c5cfc..8847f298e8 100644
--- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
@@ -56,7 +56,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.heartbeat:2.2.0
+image: onap/org.onap.dcaegen2.services.heartbeat:2.3.1
pullPolicy: Always
# Log directory where logging sidecar should look for log files
diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
index 425016878c..802c830005 100644
--- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
@@ -49,7 +49,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.components.kpi-ms:1.0.0
+image: onap/org.onap.dcaegen2.services.components.kpi-ms:1.0.1
pullPolicy: Always
# Log directory where logging sidecar should look for log files
@@ -66,6 +66,11 @@ certDirectory: /opt/app/kpims/etc/cert/
tlsServer: true
enable_tls: true
+dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
+policies:
+ policyID: |
+ '["com.Config_KPIMS_CONFIG_POLICY"]'
+
# Dependencies
readinessCheck:
wait_for:
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
index 5e1a678bdf..0dff427f49 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
@@ -54,7 +54,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.pm-mapper:1.7.1
+image: onap/org.onap.dcaegen2.services.pm-mapper:1.7.2
pullPolicy: Always
# Log directory where logging sidecar should look for log files
diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
index 0efcf2eb3d..512bd2643a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
@@ -56,7 +56,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.pmsh:1.3.1
+image: onap/org.onap.dcaegen2.services.pmsh:1.3.2
pullPolicy: Always
# Log directory where logging sidecar should look for log files
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
index 35d108d000..5974d80e81 100644
--- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
@@ -56,7 +56,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.0.4
+image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.0.6
# Log directory where logging sidecar should look for log files
# if absent, no sidecar will be deployed
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
index 31c6b46e95..a0ab079e1d 100644
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
@@ -56,7 +56,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.son-handler:2.1.3
+image: onap/org.onap.dcaegen2.services.son-handler:2.1.4
pullPolicy: Always
# Log directory where logging sidecar should look for log files
diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
index cceed6289c..778f6c94ed 100644
--- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
@@ -94,8 +94,7 @@ service:
# policyRelease: "onap"
# policyID: |
# '["onap.vfirewall.tca","onap.vdns.tca"]'
-# filter: |
-# '["DCAE.Config_vfirewall_.*"]'
+
aaiCreds:
user: DCAE
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index 3bb09f0330..f3e6c29d53 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -104,7 +104,7 @@ mongo:
disableNfsProvisioner: true
# application image
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.3.4
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.3.5
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
index 63f96044fa..1d421427c3 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
@@ -36,7 +36,7 @@ config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.platform.configbinding:2.5.3
+image: onap/org.onap.dcaegen2.platform.configbinding:2.5.4
pullPolicy: Always
# probe configuration parameters
diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml
index 0972e6b6b9..233f6e4651 100644
--- a/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml
index bd2766f6db..556ac90e02 100644
--- a/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml
@@ -84,5 +84,6 @@ spec:
value: {{ .Values.config.nifiJarsIndexURL }}
- name: NIFI_DCAE_DISTRIBUTOR_API_URL
value: {{ .Values.config.distributorAPIURL }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml
index 74c7bdb223..86aad57b1b 100644
--- a/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml
@@ -90,3 +90,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-designtool
+ roles:
+ - read
diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml
index b242fbf51d..268442616b 100644
--- a/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml
index 696b43a536..f36c2af002 100644
--- a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml
@@ -72,5 +72,6 @@ spec:
- name : ONBOARDING_API_URL
value: {{ .Values.config.onboardingAPIURL }}
resources: {{ include "common.resources" . | nindent 12 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml
index 541f239d77..61ccfdef79 100644
--- a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml
@@ -89,3 +89,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-distributor-api
+ roles:
+ - read
diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml
index b242fbf51d..268442616b 100644
--- a/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml
index 40b0f3edc4..26f6586688 100644
--- a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml
@@ -72,6 +72,7 @@ spec:
- mountPath: /www/data
name: genprocessor-data
readOnly: true
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: genprocessor-data
persistentVolumeClaim:
diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml
index 4b79525c83..81c5888f10 100644
--- a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml
@@ -96,3 +96,9 @@ resources:
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-genprocessor
+ roles:
+ - read
+
diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml
index 0697ceb1d6..3762a2acea 100644
--- a/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml
index 0eaa2296bb..f46dc5f287 100644
--- a/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/templates/deployment.yaml
@@ -58,6 +58,7 @@ spec:
value: {{ include "common.namespace" . }}
- name: HELM_RELEASE
value: {{ include "common.release" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-expected-components
configMap:
diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
index 6a4fd542e7..bbc72a5b08 100644
--- a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml
@@ -64,4 +64,9 @@ resources:
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-healthcheck
+ roles:
+ - read
diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml
index b242fbf51d..268442616b 100644
--- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml
index 90561ac231..53f1de59bc 100644
--- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml
@@ -69,6 +69,7 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dbsecret" "key" "login") | indent 12 }}
- name: NIFI_REGISTRY_DB_PASS
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dbsecret" "key" "password") | indent 12 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: flow-storage
persistentVolumeClaim:
diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml
index 25b3b9e318..a0bbacc7ef 100644
--- a/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml
@@ -88,3 +88,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-nifi-registry
+ roles:
+ - read
diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml
index 7416c8cf4f..9320cd04ca 100644
--- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml
@@ -25,3 +25,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml
index b795f6b736..5c7d1b6d0d 100644
--- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml
@@ -78,5 +78,6 @@ spec:
value: "5432"
- name: PG_DB_NAME
value: dcae_onboarding_db
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
index 9401bf5340..c36e9b7129 100644
--- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml
@@ -114,3 +114,9 @@ resources:
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-onboarding-api
+ roles:
+ - read
+
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml
index b242fbf51d..268442616b 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml
index 42f596db1e..d5c37e9858 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml
@@ -71,6 +71,7 @@ spec:
value: {{ .Values.config.bpResourcesCpuLimit }}
- name: BP_RESOURCES_MEMORY_LIMIT
value: {{ .Values.config.bpResourcesMemoryLimit }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
index 22c4cdb3b2..e54608b30e 100644
--- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
+++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml
@@ -93,3 +93,9 @@ resources:
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcaemod-runtime-api
+ roles:
+ - read
+
diff --git a/kubernetes/helm/plugins/deploy/deploy.sh b/kubernetes/helm/plugins/deploy/deploy.sh
index 2182dde1d6..5820e77521 100755
--- a/kubernetes/helm/plugins/deploy/deploy.sh
+++ b/kubernetes/helm/plugins/deploy/deploy.sh
@@ -22,13 +22,13 @@ You can specify the '--values'/'-f' flag multiple times. The priority will be gi
last (right-most) file specified. For example, if both myvalues.yaml and override.yaml
contained a key called 'Test', the value set in override.yaml would take precedence:
- $ helm deploy demo ./onap --namespace onap -f openstack.yaml -f overrides.yaml
+ $ helm deploy demo ./onap --namespace onap -f openstack.yaml -f overrides.yaml
You can specify the '--set' flag multiple times. The priority will be given to the
last (right-most) set specified. For example, if both 'bar' and 'newbar' values are
set for a key called 'foo', the 'newbar' value would take precedence:
- $ helm deploy demo local/onap --namespace onap -f overrides.yaml --set log.enabled=false --set vid.enabled=false
+ $ helm deploy demo local/onap --namespace onap -f overrides.yaml --set log.enabled=false --set vid.enabled=false
Usage:
helm deploy [RELEASE] [CHART] [flags]
@@ -242,17 +242,17 @@ deploy() {
else
echo "release \"${RELEASE}-${subchart}\" deployed"
fi
- # Add annotation last-applied-configuration if set-last-applied flag is set
+ # Add annotation last-applied-configuration if set-last-applied flag is set
if [ "$SET_LAST_APPLIED" = "true" ]; then
helm get manifest "${RELEASE}-${subchart}" \
| kubectl apply set-last-applied --create-annotation -n onap -f - \
- > $LOG_FILE.log 2>&1
+ > $LOG_FILE.log 2>&1
fi
fi
- if [ "$DELAY" = "true" ]; then
- echo sleep 3m
- sleep 180
- fi
+ if [ "$DELAY" = "true" ]; then
+ echo sleep 3m
+ sleep 180
+ fi
else
array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}"))
n=${#array[*]}
diff --git a/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh b/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh
index cbcbf7a8bf..18692d8afa 100755
--- a/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh
+++ b/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh
@@ -1,16 +1,11 @@
+#!/bin/sh
+
#!/usr/bin/dumb-init /bin/sh
+# As of docker 1.13, using docker run --init achieves the same outcome than dumb-init.
+
set -e
set -x
-# Note above that we run dumb-init as PID 1 in order to reap zombie processes
-# as well as forward signals to all processes in its session. Normally, sh
-# wouldn't do either of these functions so we'd leak zombies as well as do
-# unclean termination of all our sub-processes.
-# As of docker 1.13, using docker run --init achieves the same outcome.
-
-# You can set CONSUL_BIND_INTERFACE to the name of the interface you'd like to
-# bind to and this will look up the IP and pass the proper -bind= option along
-# to Consul.
CONSUL_BIND=
if [ -n "$CONSUL_BIND_INTERFACE" ]; then
CONSUL_BIND_ADDRESS=$(ip -o -4 addr list $CONSUL_BIND_INTERFACE | head -n1 | awk '{print $4}' | cut -d/ -f1)
@@ -48,7 +43,7 @@ CONSUL_CONFIG_DIR=/consul/config
# You can also set the CONSUL_LOCAL_CONFIG environemnt variable to pass some
# Consul configuration JSON without having to bind any volumes.
if [ -n "$CONSUL_LOCAL_CONFIG" ]; then
- echo "$CONSUL_LOCAL_CONFIG" > "$CONSUL_CONFIG_DIR/local.json"
+ echo "$CONSUL_LOCAL_CONFIG" > "$CONSUL_CONFIG_DIR/local.json"
fi
# If the user is trying to run Consul directly with some arguments, then
diff --git a/kubernetes/msb/components/msb-discovery/values.yaml b/kubernetes/msb/components/msb-discovery/values.yaml
index 994e84b722..e981bbd091 100644
--- a/kubernetes/msb/components/msb-discovery/values.yaml
+++ b/kubernetes/msb/components/msb-discovery/values.yaml
@@ -21,7 +21,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_discovery:1.2.6
+image: onap/msb/msb_discovery:1.2.7
pullPolicy: Always
istioSidecar: true
diff --git a/kubernetes/msb/components/msb-eag/values.yaml b/kubernetes/msb/components/msb-eag/values.yaml
index 3629eb43ec..0a343cf925 100644
--- a/kubernetes/msb/components/msb-eag/values.yaml
+++ b/kubernetes/msb/components/msb-eag/values.yaml
@@ -52,7 +52,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_apigateway:1.2.7
+image: onap/msb/msb_apigateway:1.2.8
pullPolicy: Always
istioSidecar: true
diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml
index b95a11914d..baf2bec4bc 100644
--- a/kubernetes/msb/components/msb-iag/values.yaml
+++ b/kubernetes/msb/components/msb-iag/values.yaml
@@ -52,7 +52,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_apigateway:1.2.7
+image: onap/msb/msb_apigateway:1.2.8
pullPolicy: Always
istioSidecar: true
diff --git a/kubernetes/oof/components/oof-has/resources/config/healthy.sh b/kubernetes/oof/components/oof-has/resources/config/healthy.sh
index 21296ff22a..5495e4271b 100755
--- a/kubernetes/oof/components/oof-has/resources/config/healthy.sh
+++ b/kubernetes/oof/components/oof-has/resources/config/healthy.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
{{/*
# Copyright © 2017 Amdocs, Bell Canada
diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
index 66a42f0171..0c9d6a504f 100755
--- a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
+++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
@@ -5,7 +5,8 @@
"port": 6969,
"userName": "${RESTSERVER_USER}",
"password": "${RESTSERVER_PASSWORD}",
- "https": true
+ "https": true,
+ "prometheus": true
},
"pdpStatusParameters":{
"pdpGroup": "defaultGroup",
diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/config.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/config.json
deleted file mode 100755
index d6bd17f65b..0000000000
--- a/kubernetes/policy/components/policy-apex-pdp/resources/config/config.json
+++ /dev/null
@@ -1,66 +0,0 @@
-{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-{
- "javaProperties" : [
- ["javax.net.ssl.trustStore", "/opt/app/policy/apex-pdp/etc/ssl/policy-truststore"],
- ["javax.net.ssl.trustStorePassword", "${TRUSTSTORE_PASSWORD_BASE64}"]
- ],
- "engineServiceParameters": {
- "name": "MyApexEngine",
- "version": "0.0.1",
- "id": 45,
- "instanceCount": 4,
- "deploymentPort": 12345,
- "policyModelFileName": "examples/models/SampleDomain/SamplePolicyModelJAVASCRIPT.json",
- "engineParameters": {
- "executorParameters": {
- "JAVASCRIPT": {
- "parameterClassName": "org.onap.policy.apex.plugins.executor.javascript.JavascriptExecutorParameters"
- }
- }
- }
- },
- "eventOutputParameters": {
- "FirstProducer": {
- "carrierTechnologyParameters": {
- "carrierTechnology": "FILE",
- "parameters": {
- "standardIo": true
- }
- },
- "eventProtocolParameters": {
- "eventProtocol": "JSON"
- }
- }
- },
- "eventInputParameters": {
- "FirstConsumer": {
- "carrierTechnologyParameters": {
- "carrierTechnology": "FILE",
- "parameters": {
- "standardIo": true
- }
- },
- "eventProtocolParameters": {
- "eventProtocol": "JSON"
- }
- }
- }
-}
diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
index eb6292a039..3983d932a0 100755
--- a/kubernetes/policy/components/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -49,7 +49,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-apex-pdp:2.5.2
+image: onap/policy-apex-pdp:2.6.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-api/resources/config/config.json b/kubernetes/policy/components/policy-api/resources/config/config.json
index 729eea87ff..ce59965521 100755
--- a/kubernetes/policy/components/policy-api/resources/config/config.json
+++ b/kubernetes/policy/components/policy-api/resources/config/config.json
@@ -25,7 +25,8 @@
"userName":"${RESTSERVER_USER}",
"password":"${RESTSERVER_PASSWORD}",
"https": true,
- "aaf": false
+ "aaf": false,
+ "prometheus": true
},
"databaseProviderParameters": {
"name": "PolicyProviderParameterGroup",
diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml
index 36eb5c4899..87ddd73adf 100755
--- a/kubernetes/policy/components/policy-api/values.yaml
+++ b/kubernetes/policy/components/policy-api/values.yaml
@@ -78,7 +78,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-api:2.4.2
+image: onap/policy-api:2.5.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-distribution/resources/config/config.json b/kubernetes/policy/components/policy-distribution/resources/config/config.json
index ae31633843..615afc6351 100755
--- a/kubernetes/policy/components/policy-distribution/resources/config/config.json
+++ b/kubernetes/policy/components/policy-distribution/resources/config/config.json
@@ -2,6 +2,7 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 AT&T Intellectual Property.
+# Modifications Copyright (C) 2021 Bell Canada. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -25,7 +26,8 @@
"port":6969,
"userName":"${RESTSERVER_USER}",
"password":"${RESTSERVER_PASSWORD}",
- "https":true
+ "https":true,
+ "prometheus": true
},
"receptionHandlerParameters":{
"SDCReceptionHandler":{
@@ -69,8 +71,8 @@
],
"consumerGroup": "policy-group",
"environmentName": "AUTO",
- "keystorePath": "null",
- "keystorePassword": "null",
+ "keyStorePath": "null",
+ "keyStorePassword": "null",
"activeserverTlsAuth": false,
"isFilterinEmptyResources": true,
"isUseHttpsWithDmaap": true
@@ -91,18 +93,21 @@
"parameterClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiForwarderParameters",
"parameters":{
"apiParameters": {
- "hostName": "policy-api",
- "port": 6969,
- "userName": "${API_USER}",
- "password": "${API_PASSWORD}"
- },
+ "clientName": "policy-api",
+ "hostname": "policy-api",
+ "port": 6969,
+ "userName": "${API_USER}",
+ "password": "${API_PASSWORD}",
+ "useHttps": true
+ },
"papParameters": {
- "hostName": "policy-pap",
- "port": 6969,
- "userName": "${PAP_USER}",
- "password": "${PAP_PASSWORD}"
+ "clientName": "policy-pap",
+ "hostname": "policy-pap",
+ "port": 6969,
+ "userName": "${PAP_USER}",
+ "password": "${PAP_PASSWORD}",
+ "useHttps": true
},
- "isHttps": true,
"deployPolicies": true
}
}
diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index fb6ef6e039..1614bd840e 100755
--- a/kubernetes/policy/components/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -67,7 +67,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-distribution:2.5.2
+image: onap/policy-distribution:2.6.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
index ec8d119fa6..ff532ab5c1 100755
--- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2017-2018 Amdocs, Bell Canada.
# Modifications Copyright (C) 2018-2020 AT&T Intellectual Property.
+# Modifications Copyright (C) 2021 Bell Canada. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -40,6 +41,7 @@ REPOSITORY_OFFLINE={{.Values.nexus.offline}}
# Relational (SQL) DB access
SQL_HOST={{ .Values.db.name }}
+SQL_PORT=3306
# AAF
@@ -47,6 +49,11 @@ AAF={{.Values.aaf.enabled}}
AAF_NAMESPACE=org.onap.policy
AAF_HOST=aaf-locate.{{.Release.Namespace}}
+# HTTP Servers
+
+HTTP_SERVER_HTTPS=true
+PROMETHEUS=true
+
# PDP-D DMaaP configuration channel
PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION
@@ -85,6 +92,7 @@ DCAE_CONSUMER_GROUP=dcae.policy.shared
# Open DMaaP
DMAAP_SERVERS=message-router
+DMAAP_HTTPS=true
# AAI
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/engine-system.properties b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/engine-system.properties
new file mode 100644
index 0000000000..c7cca2b03a
--- /dev/null
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/engine-system.properties
@@ -0,0 +1,45 @@
+#
+# ============LICENSE_START=======================================================
+# ONAP
+# ================================================================================
+# Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+
+# system properties set within the application
+
+java.net.preferIPv4Stack=true
+
+# jmx
+
+com.sun.management.jmxremote.port=9991
+com.sun.management.jmxremote.authenticate=false
+com.sun.management.jmxremote.ssl=false
+
+# certs
+
+javax.net.ssl.trustStore=${envd:TRUSTSTORE:/opt/app/policy/etc/ssl/policy-truststore}
+javax.net.ssl.trustStorePassword=${envd:TRUSTSTORE_PASSWD}
+
+javax.net.ssl.keyStore=${envd:KEYSTORE}
+javax.net.ssl.keyStorePassword=${envd:KEYSTORE_PASSWD}
+
+# kie
+
+kie.maven.offline.force=${envd:REPOSITORY_OFFLINE:false}
+
+# symmetric key for sensitive configuration data
+
+engine.symm.key=${envd:SYMM_KEY}
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml
index 7173d80e57..2fc08e4e5d 100755
--- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml
@@ -80,7 +80,7 @@
<maxHistory>30</maxHistory>
<totalSizeCap>10GB</totalSizeCap>
</rollingPolicy>
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
+ <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
<encoder>
<pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
</encoder>
@@ -98,7 +98,7 @@
<maxHistory>30</maxHistory>
<totalSizeCap>10GB</totalSizeCap>
</rollingPolicy>
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
+ <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
<encoder>
<pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
</encoder>
@@ -119,7 +119,7 @@
</appender>
<appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
+ <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
<encoder>
<pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
</encoder>
@@ -130,7 +130,7 @@
</appender>
<appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
+ <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
<encoder>
<pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
</encoder>
diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml
index 38d398998c..678cce74ee 100755
--- a/kubernetes/policy/components/policy-drools-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2017 Amdocs
+# Copyright © 2017, 2021 Bell Canada
# Modifications Copyright © 2018-2021 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,7 +35,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:1.8.2
+image: onap/policy-pdpd-cl:1.9.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-pap/resources/config/config.json b/kubernetes/policy/components/policy-pap/resources/config/config.json
index 0b30a27535..e5cbd22105 100755
--- a/kubernetes/policy/components/policy-pap/resources/config/config.json
+++ b/kubernetes/policy/components/policy-pap/resources/config/config.json
@@ -1,6 +1,7 @@
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
+# Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -25,7 +26,8 @@
"userName":"${RESTSERVER_USER}",
"password":"${RESTSERVER_PASSWORD}",
"https": true,
- "aaf": false
+ "aaf": false,
+ "prometheus": true
},
"pdpParameters": {
"heartBeatMs": 120000,
@@ -47,6 +49,7 @@
"databasePassword": "${SQL_PASSWORD}",
"persistenceUnit": "PolicyMariaDb"
},
+ "savePdpStatisticsInDb": true,
"topicParameterGroup": {
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
@@ -54,6 +57,15 @@
"useHttps": true,
"fetchTimeout": 15000,
"topicCommInfrastructure" : "dmaap"
+ },
+ {
+ "topic" : "POLICY-HEARTBEAT",
+ "effectiveTopic": "POLICY-PDP-PAP",
+ "consumerGroup": "policy-pap",
+ "servers" : [ "message-router" ],
+ "useHttps": true,
+ "fetchTimeout": 15000,
+ "topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index 3c4c3e5ec6..c373e04cf2 100755
--- a/kubernetes/policy/components/policy-pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -92,7 +92,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pap:2.4.2
+image: onap/policy-pap:2.5.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
index a626a046a5..19b4d9c03b 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
+++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
@@ -27,17 +27,20 @@
"userName": "${RESTSERVER_USER}",
"password": "${RESTSERVER_PASSWORD}",
"https": true,
- "aaf": false
+ "aaf": false,
+ "prometheus": true
},
"policyApiParameters": {
- "host": "policy-api",
+ "hostname": "policy-api",
"port": 6969,
"userName": "${API_USER}",
"password": "${API_PASSWORD}",
- "https": true,
+ "useHttps": true,
"aaf": false
},
- "applicationPath": "/opt/app/policy/pdpx/apps",
+ "applicationParameters": {
+ "applicationPath": "/opt/app/policy/pdpx/apps"
+ },
"topicParameterGroup": {
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index 9eda53ee9b..91984cc81b 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -83,7 +83,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:2.4.2
+image: onap/policy-xacml-pdp:2.5.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/resources/config/db.sh b/kubernetes/policy/resources/config/db.sh
index 90c987984f..7b9437217d 100755
--- a/kubernetes/policy/resources/config/db.sh
+++ b/kubernetes/policy/resources/config/db.sh
@@ -18,10 +18,10 @@
mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
-for db in support onap_sdk log migration operationshistory10 pooling policyadmin policyclamp operationshistory
+for db in migration pooling policyadmin policyclamp operationshistory
do
- mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
- mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
done
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;"
diff --git a/kubernetes/policy/resources/config/db_migrator_policy_init.sh b/kubernetes/policy/resources/config/db_migrator_policy_init.sh
new file mode 100644
index 0000000000..d1cc108fec
--- /dev/null
+++ b/kubernetes/policy/resources/config/db_migrator_policy_init.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+{{/*
+# Copyright (C) 2021 Nordix Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB}
+/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o upgrade
+rc=$?
+/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o report
+exit $rc
diff --git a/kubernetes/policy/templates/configmap.yaml b/kubernetes/policy/templates/configmap.yaml
index 7809c746bb..17558f86ea 100755
--- a/kubernetes/policy/templates/configmap.yaml
+++ b/kubernetes/policy/templates/configmap.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -26,4 +27,4 @@ metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/db.sh").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/*.sh").AsConfig . | indent 2 }}
diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml
index 72c94f30c5..d781a634ae 100755
--- a/kubernetes/policy/templates/job.yaml
+++ b/kubernetes/policy/templates/job.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2020 AT&T Intellectual Property
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -47,7 +48,6 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- containers:
- name: {{ include "common.release" . }}-policy-galera-config
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadb.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -71,6 +71,32 @@ spec:
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
resources:
{{ include "common.resources" . }}
+ containers:
+ - name: {{ include "common.release" . }}-policy-galera-db-migrator
+ image: {{ .Values.repository }}/{{ .Values.dbmigrator.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /dbcmd-config/db_migrator_policy_init.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db_migrator_policy_init.sh
+ command:
+ - /bin/sh
+ args:
+ - -x
+ - /dbcmd-config/db_migrator_policy_init.sh
+ env:
+ - name: SQL_HOST
+ value: "{{ index .Values "mariadb-galera" "service" "name" }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: SQL_DB
+ value: {{ .Values.dbmigrator.schema }}
+ - name: POLICY_HOME
+ value: {{ .Values.dbmigrator.policy_home }}
+ resources:
+{{ include "common.resources" . }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
@@ -80,3 +106,5 @@ spec:
items:
- key: db.sh
path: db.sh
+ - key: db_migrator_policy_init.sh
+ path: db_migrator_policy_init.sh
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 92344dd2fe..5478e5baa8 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -1,5 +1,6 @@
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -84,6 +85,11 @@ pullPolicy: Always
mariadb:
image: mariadb:10.5.8
+dbmigrator:
+ image: onap/policy-db-migrator:2.3.0
+ schema: policyadmin
+ policy_home: "/opt/app/policy"
+
subChartsOnly:
enabled: true
diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
index f5dcbff6bf..a363ab3bb0 100644
--- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
+++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
@@ -5,18 +5,18 @@ shopt -s nullglob
# logging functions
mysql_log() {
- local type="$1"; shift
- printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*"
+ local type="$1"; shift
+ printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*"
}
mysql_note() {
- mysql_log Note "$@"
+ mysql_log Note "$@"
}
mysql_warn() {
- mysql_log Warn "$@" >&2
+ mysql_log Warn "$@" >&2
}
mysql_error() {
- mysql_log ERROR "$@" >&2
- exit 1
+ mysql_log ERROR "$@" >&2
+ exit 1
}
# usage: file_env VAR [DEFAULT]
@@ -24,170 +24,170 @@ mysql_error() {
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
- local var="$1"
- local fileVar="${var}_FILE"
- local def="${2:-}"
- if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
- mysql_error "Both $var and $fileVar are set (but are exclusive)"
- fi
- local val="$def"
- # val="${!var}"
- # val="$(< "${!fileVar}")"
- # eval replacement of the bashism equivalents above presents no security issue here
- # since var and fileVar variables contents are derived from the file_env() function arguments.
- # This method is only called inside this script with a limited number of possible values.
- if [ "${!var:-}" ]; then
- eval val=\$$var
- elif [ "${!fileVar:-}" ]; then
- val="$(< "$(eval echo "\$$fileVar")")"
- fi
- export "$var"="$val"
- unset "$fileVar"
+ local var="$1"
+ local fileVar="${var}_FILE"
+ local def="${2:-}"
+ if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+ mysql_error "Both $var and $fileVar are set (but are exclusive)"
+ fi
+ local val="$def"
+ # val="${!var}"
+ # val="$(< "${!fileVar}")"
+ # eval replacement of the bashism equivalents above presents no security issue here
+ # since var and fileVar variables contents are derived from the file_env() function arguments.
+ # This method is only called inside this script with a limited number of possible values.
+ if [ "${!var:-}" ]; then
+ eval val=\$$var
+ elif [ "${!fileVar:-}" ]; then
+ val="$(< "$(eval echo "\$$fileVar")")"
+ fi
+ export "$var"="$val"
+ unset "$fileVar"
}
# check to see if this file is being run or sourced from another script
_is_sourced() {
- # https://unix.stackexchange.com/a/215279
- [ "${#FUNCNAME[@]}" -ge 2 ] \
- && [ "${FUNCNAME[0]}" = '_is_sourced' ] \
- && [ "${FUNCNAME[1]}" = 'source' ]
+ # https://unix.stackexchange.com/a/215279
+ [ "${#FUNCNAME[@]}" -ge 2 ] \
+ && [ "${FUNCNAME[0]}" = '_is_sourced' ] \
+ && [ "${FUNCNAME[1]}" = 'source' ]
}
# usage: docker_process_init_files [file [file [...]]]
# ie: docker_process_init_files /always-initdb.d/*
# process initializer files, based on file extensions
docker_process_init_files() {
- # mysql here for backwards compatibility "${mysql[@]}"
- mysql=( docker_process_sql )
-
- echo
- local f
- for f; do
- case "$f" in
- *.sh)
- # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
- # https://github.com/docker-library/postgres/pull/452
- if [ -x "$f" ]; then
- mysql_note "$0: running $f"
- "$f"
- else
- mysql_note "$0: sourcing $f"
- . "$f"
- fi
- ;;
- *.sql) mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;;
- *.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
- *.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;;
- *) mysql_warn "$0: ignoring $f" ;;
- esac
- echo
- done
+ # mysql here for backwards compatibility "${mysql[@]}"
+ mysql=( docker_process_sql )
+
+ echo
+ local f
+ for f; do
+ case "$f" in
+ *.sh)
+ # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
+ # https://github.com/docker-library/postgres/pull/452
+ if [ -x "$f" ]; then
+ mysql_note "$0: running $f"
+ "$f"
+ else
+ mysql_note "$0: sourcing $f"
+ . "$f"
+ fi
+ ;;
+ *.sql) mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;;
+ *.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
+ *.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;;
+ *) mysql_warn "$0: ignoring $f" ;;
+ esac
+ echo
+ done
}
mysql_check_config() {
- local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors
- if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
- mysql_error "$(printf 'mysqld failed while attempting to check config\n\tcommand was: ')${toRun[*]}$(printf'\n\t')$errors"
- fi
+ local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors
+ if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
+ mysql_error "$(printf 'mysqld failed while attempting to check config\n\tcommand was: ')${toRun[*]}$(printf'\n\t')$errors"
+ fi
}
# Fetch value from server config
# We use mysqld --verbose --help instead of my_print_defaults because the
# latter only show values present in config files, and not server defaults
mysql_get_config() {
- local conf="$1"; shift
- "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
- | awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
- # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)"
+ local conf="$1"; shift
+ "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
+ | awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
+ # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)"
}
# Do a temporary startup of the MySQL server, for init purposes
docker_temp_server_start() {
- "$@" --skip-networking --socket="${SOCKET}" &
- mysql_note "Waiting for server startup"
- local i
- for i in $(seq 30 -1 0); do
- # only use the root password if the database has already been initializaed
- # so that it won't try to fill in a password file when it hasn't been set yet
- extraArgs=""
- if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
- extraArgs=${extraArgs}" --dont-use-mysql-root-password"
- fi
- if echo 'SELECT 1' |docker_process_sql ${extraArgs} --database=mysql >/dev/null 2>&1; then
- break
- fi
- sleep 1
- done
- if [ "$i" = 0 ]; then
- mysql_error "Unable to start server."
- fi
+ "$@" --skip-networking --socket="${SOCKET}" &
+ mysql_note "Waiting for server startup"
+ local i
+ for i in $(seq 30 -1 0); do
+ # only use the root password if the database has already been initializaed
+ # so that it won't try to fill in a password file when it hasn't been set yet
+ extraArgs=""
+ if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+ extraArgs=${extraArgs}" --dont-use-mysql-root-password"
+ fi
+ if echo 'SELECT 1' |docker_process_sql ${extraArgs} --database=mysql >/dev/null 2>&1; then
+ break
+ fi
+ sleep 1
+ done
+ if [ "$i" = 0 ]; then
+ mysql_error "Unable to start server."
+ fi
}
# Stop the server. When using a local socket file mysqladmin will block until
# the shutdown is complete.
docker_temp_server_stop() {
- if ! mysqladmin --defaults-extra-file=<( _mysql_passfile ) shutdown -uroot --socket="${SOCKET}"; then
- mysql_error "Unable to shut down server."
- fi
+ if ! mysqladmin --defaults-extra-file=<( _mysql_passfile ) shutdown -uroot --socket="${SOCKET}"; then
+ mysql_error "Unable to shut down server."
+ fi
}
# Verify that the minimally required password settings are set for new databases.
docker_verify_minimum_env() {
- if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- mysql_error "$(printf'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD')"
- fi
+ if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+ mysql_error "$(printf'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD')"
+ fi
}
# creates folders for the database
# also ensures permission for user mysql of run as root
docker_create_db_directories() {
- local user; user="$(id -u)"
+ local user; user="$(id -u)"
- # TODO other directories that are used by default? like /var/lib/mysql-files
- # see https://github.com/docker-library/mysql/issues/562
- mkdir -p "$DATADIR"
+ # TODO other directories that are used by default? like /var/lib/mysql-files
+ # see https://github.com/docker-library/mysql/issues/562
+ mkdir -p "$DATADIR"
- if [ "$user" = "0" ]; then
- # this will cause less disk access than `chown -R`
- find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
- fi
+ if [ "$user" = "0" ]; then
+ # this will cause less disk access than `chown -R`
+ find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
+ fi
}
# initializes the database directory
docker_init_database_dir() {
- mysql_note "Initializing database files"
- installArgs=" --datadir=$DATADIR --rpm "
- if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then
- # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
- # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
- # (this flag doesn't exist in 10.0 and below)
- installArgs=${installArgs}" --auth-root-authentication-method=normal"
- fi
- # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
- mysql_install_db ${installArgs} "$(echo ${@} | sed 's/^ *[^ ]* *//')"
- mysql_note "Database files initialized"
+ mysql_note "Initializing database files"
+ installArgs=" --datadir=$DATADIR --rpm "
+ if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then
+ # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
+ # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
+ # (this flag doesn't exist in 10.0 and below)
+ installArgs=${installArgs}" --auth-root-authentication-method=normal"
+ fi
+ # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
+ mysql_install_db ${installArgs} "$(echo ${@} | sed 's/^ *[^ ]* *//')"
+ mysql_note "Database files initialized"
}
# Loads various settings that are used elsewhere in the script
# This should be called after mysql_check_config, but before any other functions
docker_setup_env() {
- # Get config
- declare -g DATADIR SOCKET
- DATADIR="$(mysql_get_config 'datadir' "$@")"
- SOCKET="$(mysql_get_config 'socket' "$@")"
-
- # Initialize values that might be stored in a file
- file_env 'MYSQL_ROOT_HOST' '%'
- file_env 'MYSQL_DATABASE'
- file_env 'MYSQL_USER'
- file_env 'MYSQL_PASSWORD'
- file_env 'MYSQL_ROOT_PASSWORD'
- file_env 'PORTAL_DB_TABLES'
-
- declare -g DATABASE_ALREADY_EXISTS
- if [ -d "$DATADIR/mysql" ]; then
- DATABASE_ALREADY_EXISTS='true'
- fi
+ # Get config
+ declare -g DATADIR SOCKET
+ DATADIR="$(mysql_get_config 'datadir' "$@")"
+ SOCKET="$(mysql_get_config 'socket' "$@")"
+
+ # Initialize values that might be stored in a file
+ file_env 'MYSQL_ROOT_HOST' '%'
+ file_env 'MYSQL_DATABASE'
+ file_env 'MYSQL_USER'
+ file_env 'MYSQL_PASSWORD'
+ file_env 'MYSQL_ROOT_PASSWORD'
+ file_env 'PORTAL_DB_TABLES'
+
+ declare -g DATABASE_ALREADY_EXISTS
+ if [ -d "$DATADIR/mysql" ]; then
+ DATABASE_ALREADY_EXISTS='true'
+ fi
}
# Execute sql script, passed via stdin
@@ -195,178 +195,178 @@ docker_setup_env() {
# ie: docker_process_sql --database=mydb <<<'INSERT ...'
# ie: docker_process_sql --dont-use-mysql-root-password --database=mydb <my-file.sql
docker_process_sql() {
- passfileArgs=""
- if [ '--dont-use-mysql-root-password' = "$1" ]; then
- passfileArgs=${passfileArgs}" $1"
- shift
- fi
- # args sent in can override this db, since they will be later in the command
- if [ -n "$MYSQL_DATABASE" ]; then
- set -- --database="$MYSQL_DATABASE" "$@"
- fi
-
- mysql --defaults-extra-file=<( _mysql_passfile ${passfileArgs}) --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@"
+ passfileArgs=""
+ if [ '--dont-use-mysql-root-password' = "$1" ]; then
+ passfileArgs=${passfileArgs}" $1"
+ shift
+ fi
+ # args sent in can override this db, since they will be later in the command
+ if [ -n "$MYSQL_DATABASE" ]; then
+ set -- --database="$MYSQL_DATABASE" "$@"
+ fi
+
+ mysql --defaults-extra-file=<( _mysql_passfile ${passfileArgs}) --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@"
}
# Initializes database with timezone info and root password, plus optional extra db/user
docker_setup_db() {
- # Load timezone info into database
- if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
- {
- # Aria in 10.4+ is slow due to "transactional" (crash safety)
- # https://jira.mariadb.org/browse/MDEV-23326
- # https://github.com/docker-library/mariadb/issues/262
- local tztables=( time_zone time_zone_leap_second time_zone_name time_zone_transition time_zone_transition_type )
- for table in "${tztables[@]}"; do
- echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=0 */;"
- done
-
- # sed is for https://bugs.mysql.com/bug.php?id=20545
- mysql_tzinfo_to_sql /usr/share/zoneinfo \
- | sed 's/Local time zone must be set--see zic manual page/FCTY/'
-
- for table in "${tztables[@]}"; do
- echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=1 */;"
- done
- } | docker_process_sql --dont-use-mysql-root-password --database=mysql
- # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is not set yet
- fi
- # Generate random root password
- if [ -n "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
- mysql_note "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
- fi
- # Sets root password and creates root users for non-localhost hosts
- local rootCreate=
- # default root to listen for connections from anywhere
- if [ -n "$MYSQL_ROOT_HOST" ] && [ "$MYSQL_ROOT_HOST" != 'localhost' ]; then
- # no, we don't care if read finds a terminating character in this heredoc
- # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
- read -r -d '' rootCreate <<-EOSQL || true
- CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
- GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
- EOSQL
- fi
-
- # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is just now being set
- docker_process_sql --dont-use-mysql-root-password --database=mysql <<-EOSQL
- -- What's done in this file shouldn't be replicated
- -- or products like mysql-fabric won't work
- SET @@SESSION.SQL_LOG_BIN=0;
-
- DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mariadb.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
- SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
- -- 10.1: https://github.com/MariaDB/server/blob/d925aec1c10cebf6c34825a7de50afe4e630aff4/scripts/mysql_secure_installation.sh#L347-L365
- -- 10.5: https://github.com/MariaDB/server/blob/00c3a28820c67c37ebbca72691f4897b57f2eed5/scripts/mysql_secure_installation.sh#L351-L369
- DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' ;
-
- GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
- FLUSH PRIVILEGES ;
- ${rootCreate}
- DROP DATABASE IF EXISTS test ;
- EOSQL
-
- # Creates a custom database and user if specified
- if [ -n "$MYSQL_DATABASE" ]; then
- mysql_note "Creating database ${MYSQL_DATABASE}"
- echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" |docker_process_sql --database=mysql
- fi
-
- if [ -n "$MYSQL_USER" ] && [ -n "$MYSQL_PASSWORD" ]; then
- mysql_note "Creating user ${MYSQL_USER}"
- echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" |docker_process_sql --database=mysql
-
- if [ -n "$MYSQL_DATABASE" ]; then
- mysql_note "Giving user ${MYSQL_USER} access to schema ${MYSQL_DATABASE}"
- echo "GRANT ALL ON \`$(echo $MYSQL_DATABASE | sed 's@_@\\_@g')\`.* TO '$MYSQL_USER'@'%' ;" | docker_process_sql --database=mysql
- fi
-
- echo "FLUSH PRIVILEGES ;" | docker_process_sql --database=mysql
- fi
+ # Load timezone info into database
+ if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
+ {
+ # Aria in 10.4+ is slow due to "transactional" (crash safety)
+ # https://jira.mariadb.org/browse/MDEV-23326
+ # https://github.com/docker-library/mariadb/issues/262
+ local tztables=( time_zone time_zone_leap_second time_zone_name time_zone_transition time_zone_transition_type )
+ for table in "${tztables[@]}"; do
+ echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=0 */;"
+ done
+
+ # sed is for https://bugs.mysql.com/bug.php?id=20545
+ mysql_tzinfo_to_sql /usr/share/zoneinfo \
+ | sed 's/Local time zone must be set--see zic manual page/FCTY/'
+
+ for table in "${tztables[@]}"; do
+ echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=1 */;"
+ done
+ } | docker_process_sql --dont-use-mysql-root-password --database=mysql
+ # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is not set yet
+ fi
+ # Generate random root password
+ if [ -n "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
+ export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
+ mysql_note "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
+ fi
+ # Sets root password and creates root users for non-localhost hosts
+ local rootCreate=
+ # default root to listen for connections from anywhere
+ if [ -n "$MYSQL_ROOT_HOST" ] && [ "$MYSQL_ROOT_HOST" != 'localhost' ]; then
+ # no, we don't care if read finds a terminating character in this heredoc
+ # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
+ read -r -d '' rootCreate <<-EOSQL || true
+ CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
+ GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
+EOSQL
+ fi
+
+ # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is just now being set
+ docker_process_sql --dont-use-mysql-root-password --database=mysql <<-EOSQL
+ -- What's done in this file shouldn't be replicated
+ -- or products like mysql-fabric won't work
+ SET @@SESSION.SQL_LOG_BIN=0;
+
+ DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mariadb.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
+ SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
+ -- 10.1: https://github.com/MariaDB/server/blob/d925aec1c10cebf6c34825a7de50afe4e630aff4/scripts/mysql_secure_installation.sh#L347-L365
+ -- 10.5: https://github.com/MariaDB/server/blob/00c3a28820c67c37ebbca72691f4897b57f2eed5/scripts/mysql_secure_installation.sh#L351-L369
+ DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' ;
+
+ GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
+ FLUSH PRIVILEGES ;
+ ${rootCreate}
+ DROP DATABASE IF EXISTS test ;
+EOSQL
+
+ # Creates a custom database and user if specified
+ if [ -n "$MYSQL_DATABASE" ]; then
+ mysql_note "Creating database ${MYSQL_DATABASE}"
+ echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" |docker_process_sql --database=mysql
+ fi
+
+ if [ -n "$MYSQL_USER" ] && [ -n "$MYSQL_PASSWORD" ]; then
+ mysql_note "Creating user ${MYSQL_USER}"
+ echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" |docker_process_sql --database=mysql
+
+ if [ -n "$MYSQL_DATABASE" ]; then
+ mysql_note "Giving user ${MYSQL_USER} access to schema ${MYSQL_DATABASE}"
+ echo "GRANT ALL ON \`$(echo $MYSQL_DATABASE | sed 's@_@\\_@g')\`.* TO '$MYSQL_USER'@'%' ;" | docker_process_sql --database=mysql
+ fi
+
+ echo "FLUSH PRIVILEGES ;" | docker_process_sql --database=mysql
+ fi
}
_mysql_passfile() {
- # echo the password to the "file" the client uses
- # the client command will use process substitution to create a file on the fly
- # ie: --defaults-extra-file=<( _mysql_passfile )
- if [ '--dont-use-mysql-root-password' != "$1" ] && [ -n "$MYSQL_ROOT_PASSWORD" ]; then
- cat <<-EOF
- [client]
- password="${MYSQL_ROOT_PASSWORD}"
- EOF
- fi
+ # echo the password to the "file" the client uses
+ # the client command will use process substitution to create a file on the fly
+ # ie: --defaults-extra-file=<( _mysql_passfile )
+ if [ '--dont-use-mysql-root-password' != "$1" ] && [ -n "$MYSQL_ROOT_PASSWORD" ]; then
+ cat <<-EOF
+ [client]
+ password="${MYSQL_ROOT_PASSWORD}"
+EOF
+ fi
}
# check arguments for an option that would cause mysqld to stop
# return true if there is one
_mysql_want_help() {
- local arg
- for arg; do
- case "$arg" in
- -'?'|--help|--print-defaults|-V|--version)
- return 0
- ;;
- esac
- done
- return 1
+ local arg
+ for arg; do
+ case "$arg" in
+ -'?'|--help|--print-defaults|-V|--version)
+ return 0
+ ;;
+ esac
+ done
+ return 1
}
_main() {
- # if command starts with an option, prepend mysqld
- if echo "$1" | grep '^-' >/dev/null; then
- set -- mysqld "$@"
- fi
-
- # skip setup if they aren't running mysqld or want an option that stops mysqld
- if [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then
- mysql_note "Entrypoint script for MySQL Server ${MARIADB_VERSION} started."
-
- mysql_check_config "$@"
- # Load various environment variables
- docker_setup_env "$@"
- docker_create_db_directories
-
- # If container is started as root user, restart as dedicated mysql user
- if [ "$(id -u)" = "0" ]; then
- mysql_note "Switching to dedicated user 'mysql'"
- exec gosu mysql "$0" "$@"
- fi
-
- # there's no database, so it needs to be initialized
- if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
- docker_verify_minimum_env
-
- # check dir permissions to reduce likelihood of half-initialized database
- ls /docker-entrypoint-initdb.d/ > /dev/null
-
- docker_init_database_dir "$@"
-
- mysql_note "Starting temporary server"
- docker_temp_server_start "$@"
- mysql_note "Temporary server started."
-
- docker_setup_db
- docker_process_init_files /docker-entrypoint-initdb.d/*
-
- for i in $(echo $PORTAL_DB_TABLES | sed "s/,/ /g")
- do
- echo "Granting portal user ALL PRIVILEGES for table $i"
- echo "GRANT ALL ON \`$i\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
- done
-
- mysql_note "Stopping temporary server"
- docker_temp_server_stop
- mysql_note "Temporary server stopped"
-
- echo
- mysql_note "MySQL init process done. Ready for start up."
- echo
- fi
- fi
- exec "$@"
+ # if command starts with an option, prepend mysqld
+ if echo "$1" | grep '^-' >/dev/null; then
+ set -- mysqld "$@"
+ fi
+
+ # skip setup if they aren't running mysqld or want an option that stops mysqld
+ if [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then
+ mysql_note "Entrypoint script for MySQL Server ${MARIADB_VERSION} started."
+
+ mysql_check_config "$@"
+ # Load various environment variables
+ docker_setup_env "$@"
+ docker_create_db_directories
+
+ # If container is started as root user, restart as dedicated mysql user
+ if [ "$(id -u)" = "0" ]; then
+ mysql_note "Switching to dedicated user 'mysql'"
+ exec gosu mysql "$0" "$@"
+ fi
+
+ # there's no database, so it needs to be initialized
+ if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+ docker_verify_minimum_env
+
+ # check dir permissions to reduce likelihood of half-initialized database
+ ls /docker-entrypoint-initdb.d/ > /dev/null
+
+ docker_init_database_dir "$@"
+
+ mysql_note "Starting temporary server"
+ docker_temp_server_start "$@"
+ mysql_note "Temporary server started."
+
+ docker_setup_db
+ docker_process_init_files /docker-entrypoint-initdb.d/*
+
+ for i in $(echo $PORTAL_DB_TABLES | sed "s/,/ /g")
+ do
+ echo "Granting portal user ALL PRIVILEGES for table $i"
+ echo "GRANT ALL ON \`$i\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
+ done
+
+ mysql_note "Stopping temporary server"
+ docker_temp_server_stop
+ mysql_note "Temporary server stopped"
+
+ echo
+ mysql_note "MySQL init process done. Ready for start up."
+ echo
+ fi
+ fi
+ exec "$@"
}
# If we are sourced from elsewhere, don't perform any further actions
if ! _is_sourced; then
- _main "$@"
+ _main "$@"
fi
diff --git a/kubernetes/robot/demo-k8s.sh b/kubernetes/robot/demo-k8s.sh
index 0d30557220..439390525f 100755
--- a/kubernetes/robot/demo-k8s.sh
+++ b/kubernetes/robot/demo-k8s.sh
@@ -1,4 +1,5 @@
-#!/bin/bash
+#!/bin/sh
+
# Copyright (C) 2018 Amdocs, Bell Canada
# Modifications Copyright (C) 2019 Samsung
# Modifications Copyright (C) 2020 Nokia
@@ -19,46 +20,46 @@
#
usage ()
{
- echo "Usage: demo-k8s.sh <namespace> <command> [<parameters>] [execscript]"
- echo " "
- echo " demo-k8s.sh <namespace> init"
- echo " - Execute both init_customer + distribute"
- echo " "
- echo " demo-k8s.sh <namespace> init_customer"
- echo " - Create demo customer (Demonstration) and services, etc."
- echo " "
- echo " demo-k8s.sh <namespace> distribute [<prefix>]"
- echo " - Distribute demo models (demoVFW and demoVLB)"
- echo " "
- echo " demo-k8s.sh <namespace> preload <vnf_name> <module_name>"
- echo " - Preload data for VNF for the <module_name>"
- echo " "
- echo " demo-k8s.sh <namespace> appc <module_name>"
- echo " - provide APPC with vFW module mount point for closed loop"
- echo " "
- echo " demo-k8s.sh <namespace> init_robot [ <etc_hosts_prefix> ]"
- echo " - Initialize robot after all ONAP VMs have started"
- echo " "
- echo " demo-k8s.sh <namespace> instantiateVFW"
- echo " - Instantiate vFW module for the demo customer (DemoCust<uuid>)"
- echo " "
- echo " demo-k8s.sh <namespace> instantiateVFWdirectso csar_filename"
- echo " - Instantiate vFW module using direct SO interface using previously distributed model "
+ echo "Usage: demo-k8s.sh <namespace> <command> [<parameters>] [execscript]"
+ echo " "
+ echo " demo-k8s.sh <namespace> init"
+ echo " - Execute both init_customer + distribute"
+ echo " "
+ echo " demo-k8s.sh <namespace> init_customer"
+ echo " - Create demo customer (Demonstration) and services, etc."
+ echo " "
+ echo " demo-k8s.sh <namespace> distribute [<prefix>]"
+ echo " - Distribute demo models (demoVFW and demoVLB)"
+ echo " "
+ echo " demo-k8s.sh <namespace> preload <vnf_name> <module_name>"
+ echo " - Preload data for VNF for the <module_name>"
+ echo " "
+ echo " demo-k8s.sh <namespace> appc <module_name>"
+ echo " - provide APPC with vFW module mount point for closed loop"
+ echo " "
+ echo " demo-k8s.sh <namespace> init_robot [ <etc_hosts_prefix> ]"
+ echo " - Initialize robot after all ONAP VMs have started"
+ echo " "
+ echo " demo-k8s.sh <namespace> instantiateVFW"
+ echo " - Instantiate vFW module for the demo customer (DemoCust<uuid>)"
+ echo " "
+ echo " demo-k8s.sh <namespace> instantiateVFWdirectso csar_filename"
+ echo " - Instantiate vFW module using direct SO interface using previously distributed model "
echo " that is in /tmp/csar in robot container"
- echo " "
+ echo " "
echo " demo-k8s.sh <namespace> instantiateVLB_CDS"
echo " - Instantiate vLB module using CDS with a preloaded CBA "
echo " "
- echo " demo-k8s.sh <namespace> deleteVNF <module_name from instantiateVFW>"
- echo " - Delete the module created by instantiateVFW"
- echo " "
- echo " demo-k8s.sh <namespace> vfwclosedloop <pgn-ip-address>"
+ echo " demo-k8s.sh <namespace> deleteVNF <module_name from instantiateVFW>"
+ echo " - Delete the module created by instantiateVFW"
+ echo " "
+ echo " demo-k8s.sh <namespace> vfwclosedloop <pgn-ip-address>"
echo " - vFWCL: Sets the packet generator to high and low rates, and checks whether the policy "
echo " kicks in to modulate the rates back to medium"
- echo " "
- echo " demo-k8s.sh <namespace> <command> [<parameters>] execscript"
- echo " - Optional parameter to execute user custom scripts located in scripts/demoscript directory"
- echo " "
+ echo " "
+ echo " demo-k8s.sh <namespace> <command> [<parameters>] execscript"
+ echo " - Optional parameter to execute user custom scripts located in scripts/demoscript directory"
+ echo " "
}
# Check if execscript flag is used and drop it from input arguments
@@ -74,8 +75,8 @@ echo "Number of parameters:"
echo $#
if [ $# -lt 2 ];then
- usage
- exit
+ usage
+ exit
fi
NAMESPACE=$1
@@ -86,80 +87,80 @@ shift
##
while [ $# -gt 0 ]
do
- key="$1"
+ key="$1"
echo "KEY:"
echo $key
- case $key in
- init_robot)
- TAG="UpdateWebPage"
- echo "WEB Site Password for user 'test': "
- stty -echo
- read WEB_PASSWORD
- stty echo
- if [ "$WEB_PASSWORD" = "" ]; then
- echo ""
- echo "WEB Password is required for user 'test'"
- exit
- fi
- VARIABLES="$VARIABLES -v WEB_PASSWORD:$WEB_PASSWORD"
- shift
- if [ $# -eq 2 ];then
- VARIABLES="$VARIABLES -v HOSTS_PREFIX:$1"
- fi
- shift
- ;;
- init)
- TAG="InitDemo"
- shift
- ;;
- vescollector)
- TAG="vescollector"
- shift
- ;;
+ case $key in
+ init_robot)
+ TAG="UpdateWebPage"
+ echo "WEB Site Password for user 'test': "
+ stty -echo
+ read WEB_PASSWORD
+ stty echo
+ if [ "$WEB_PASSWORD" = "" ]; then
+ echo ""
+ echo "WEB Password is required for user 'test'"
+ exit
+ fi
+ VARIABLES="$VARIABLES -v WEB_PASSWORD:$WEB_PASSWORD"
+ shift
+ if [ $# -eq 2 ];then
+ VARIABLES="$VARIABLES -v HOSTS_PREFIX:$1"
+ fi
+ shift
+ ;;
+ init)
+ TAG="InitDemo"
+ shift
+ ;;
+ vescollector)
+ TAG="vescollector"
+ shift
+ ;;
distribute_vcpe)
- TAG="distributeVCPE"
- shift
- ;;
- init_customer)
- TAG="InitCustomer"
- shift
- ;;
- distribute)
- TAG="InitDistribution"
- shift
- if [ $# -eq 1 ];then
- VARIABLES="$VARIABLES -v DEMO_PREFIX:$1"
- fi
- shift
- ;;
- preload)
- TAG="PreloadDemo"
- shift
- if [ $# -ne 2 ];then
- echo "Usage: demo-k8s.sh <namespace> preload <vnf_name> <module_name>"
- exit
- fi
- VARIABLES="$VARIABLES -v VNF_NAME:$1"
- shift
- VARIABLES="$VARIABLES -v MODULE_NAME:$1"
- shift
- ;;
- appc)
- TAG="APPCMountPointDemo"
- shift
- if [ $# -ne 1 ];then
- echo "Usage: demo-k8s.sh <namespace> appc <module_name>"
- exit
- fi
- VARIABLES="$VARIABLES -v MODULE_NAME:$1"
- shift
- ;;
- instantiateVFW)
- TAG="instantiateVFW"
- VARIABLES="$VARIABLES -v GLOBAL_BUILD_NUMBER:$$"
- shift
- ;;
+ TAG="distributeVCPE"
+ shift
+ ;;
+ init_customer)
+ TAG="InitCustomer"
+ shift
+ ;;
+ distribute)
+ TAG="InitDistribution"
+ shift
+ if [ $# -eq 1 ];then
+ VARIABLES="$VARIABLES -v DEMO_PREFIX:$1"
+ fi
+ shift
+ ;;
+ preload)
+ TAG="PreloadDemo"
+ shift
+ if [ $# -ne 2 ];then
+ echo "Usage: demo-k8s.sh <namespace> preload <vnf_name> <module_name>"
+ exit
+ fi
+ VARIABLES="$VARIABLES -v VNF_NAME:$1"
+ shift
+ VARIABLES="$VARIABLES -v MODULE_NAME:$1"
+ shift
+ ;;
+ appc)
+ TAG="APPCMountPointDemo"
+ shift
+ if [ $# -ne 1 ];then
+ echo "Usage: demo-k8s.sh <namespace> appc <module_name>"
+ exit
+ fi
+ VARIABLES="$VARIABLES -v MODULE_NAME:$1"
+ shift
+ ;;
+ instantiateVFW)
+ TAG="instantiateVFW"
+ VARIABLES="$VARIABLES -v GLOBAL_BUILD_NUMBER:$$"
+ shift
+ ;;
instantiateVFWdirectso)
TAG="instantiateVFWdirectso"
shift
@@ -175,21 +176,21 @@ do
VARIABLES="$VARIABLES -v GLOBAL_BUILD_NUMBER:$$"
shift
;;
- deleteVNF)
- TAG="deleteVNF"
- shift
- if [ $# -ne 1 ];then
- echo "Usage: demo-k8s.sh <namespace> deleteVNF <module_name from instantiateVFW>"
- exit
- fi
- VARFILE=$1.py
- VARIABLES="$VARIABLES -V /share/${VARFILE}"
- shift
- ;;
- cds)
- TAG="cds"
- shift
- ;;
+ deleteVNF)
+ TAG="deleteVNF"
+ shift
+ if [ $# -ne 1 ];then
+ echo "Usage: demo-k8s.sh <namespace> deleteVNF <module_name from instantiateVFW>"
+ exit
+ fi
+ VARFILE=$1.py
+ VARIABLES="$VARIABLES -V /share/${VARFILE}"
+ shift
+ ;;
+ cds)
+ TAG="cds"
+ shift
+ ;;
distributeVFWNG)
TAG="distributeVFWNG"
shift
@@ -208,10 +209,10 @@ do
VARIABLES="$VARIABLES -v PACKET_GENERATOR_HOST:$1 -v pkg_host:$1"
shift
;;
- *)
- usage
- exit
- esac
+ *)
+ usage
+ exit
+ esac
done
set -x
diff --git a/kubernetes/robot/ete-k8s.sh b/kubernetes/robot/ete-k8s.sh
index 01cf0922fa..4ef8f462f0 100755
--- a/kubernetes/robot/ete-k8s.sh
+++ b/kubernetes/robot/ete-k8s.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Copyright © 2018 Amdocs, Bell Canada
#
diff --git a/kubernetes/robot/eteHelm-k8s.sh b/kubernetes/robot/eteHelm-k8s.sh
index 8b74da77f8..1b31c16e81 100755
--- a/kubernetes/robot/eteHelm-k8s.sh
+++ b/kubernetes/robot/eteHelm-k8s.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
diff --git a/kubernetes/robot/instantiate-k8s.sh b/kubernetes/robot/instantiate-k8s.sh
index 623870b9f3..aef812b143 100755
--- a/kubernetes/robot/instantiate-k8s.sh
+++ b/kubernetes/robot/instantiate-k8s.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Copyright 2019 AT&T Intellectual Property. All rights reserved.
#
diff --git a/kubernetes/robot/scripts/etescript/hvves-etescript.sh b/kubernetes/robot/scripts/etescript/hvves-etescript.sh
index 63e90cdec6..16fec57b15 100755
--- a/kubernetes/robot/scripts/etescript/hvves-etescript.sh
+++ b/kubernetes/robot/scripts/etescript/hvves-etescript.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Copyright © 2019 Nokia
#
@@ -24,46 +24,46 @@ HVVESPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:m
generate_ca_key_cert () {
- openssl genrsa -out $1/ca.key 2048
- openssl req -new -x509 -days 36500 -key $1/ca.key -out $1/ca.pem -subj /CN=dcae-hv-ves-ca.onap
+ openssl genrsa -out $1/ca.key 2048
+ openssl req -new -x509 -days 36500 -key $1/ca.key -out $1/ca.pem -subj /CN=dcae-hv-ves-ca.onap
}
generate_server_key_csr () {
- openssl genrsa -out $1/server.key 2048
- openssl req -new -key $1/server.key -out $1/server.csr -subj /CN=dcae-hv-ves-collector.onap
+ openssl genrsa -out $1/server.key 2048
+ openssl req -new -key $1/server.key -out $1/server.csr -subj /CN=dcae-hv-ves-collector.onap
}
generate_client_key_csr () {
- openssl genrsa -out $1/client.key 2048
- openssl req -new -key $1/client.key -out $1/client.csr -subj /CN=dcae-hv-ves-client.onap
+ openssl genrsa -out $1/client.key 2048
+ openssl req -new -key $1/client.key -out $1/client.csr -subj /CN=dcae-hv-ves-client.onap
}
sign_server_and_client_cert () {
- openssl x509 -req -days 36500 -in $1/server.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/server.pem -set_serial 00
- openssl x509 -req -days 36500 -in $1/client.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/client.pem -set_serial 00
+ openssl x509 -req -days 36500 -in $1/server.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/server.pem -set_serial 00
+ openssl x509 -req -days 36500 -in $1/client.csr -CA $1/ca.pem -CAkey $1/ca.key -out $1/client.pem -set_serial 00
}
create_pkcs12_ca_and_server () {
- openssl pkcs12 -export -out $1/ca.p12 -inkey $1/ca.key -in $1/ca.pem -passout pass:
- openssl pkcs12 -export -out $1/server.p12 -inkey $1/server.key -in $1/server.pem -passout pass:
+ openssl pkcs12 -export -out $1/ca.p12 -inkey $1/ca.key -in $1/ca.pem -passout pass:
+ openssl pkcs12 -export -out $1/server.p12 -inkey $1/server.key -in $1/server.pem -passout pass:
}
copy_server_certs_to_hvves () {
- for f in ca.p12 server.p12
- do
- kubectl cp $1/$f $2/$3:$4
- done
+ for f in ca.p12 server.p12
+ do
+ kubectl cp $1/$f $2/$3:$4
+ done
}
copy_client_certs_to_robot () {
- for f in ca.pem client.key client.pem
- do
+ for f in ca.pem client.key client.pem
+ do
kubectl cp $1/$f $2/$3:$4
done
}
cleanup () {
- rm -f $1/ca.??? $1/server.??? s$1/client.???
+ rm -f $1/ca.??? $1/server.??? s$1/client.???
}
diff --git a/kubernetes/robot/scripts/etescript/security-etescript.sh b/kubernetes/robot/scripts/etescript/security-etescript.sh
index 1cd911ca60..a114cf59ea 100755
--- a/kubernetes/robot/scripts/etescript/security-etescript.sh
+++ b/kubernetes/robot/scripts/etescript/security-etescript.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/bin/sh
# Copyright 2019 Samsung Electronics Co., Ltd.
#
@@ -25,29 +25,29 @@ TMPTPL='onap_security'
CSV2JSON='import csv; import json; import sys; print(json.dumps({i[0]: i[1] for i in csv.reader(sys.stdin)}))'
FILTER="$(tr -d [:space:] <<TEMPLATE
{{range .items}}
- {{range.spec.ports}}
- {{if .nodePort}}
- {{.nodePort}}{{','}}{{.name}}{{'\n'}}
- {{end}}
- {{end}}
+ {{range.spec.ports}}
+ {{if .nodePort}}
+ {{.nodePort}}{{','}}{{.name}}{{'\n'}}
+ {{end}}
+ {{end}}
{{end}}
TEMPLATE)"
setup () {
- export NODEPORTS_FILE="$(mktemp -p ${TMPDIR} ${TMPTPL}XXX)"
+ export NODEPORTS_FILE="$(mktemp -p ${TMPDIR} ${TMPTPL}XXX)"
}
create_actual_nodeport_json () {
- kubectl get svc -n $NAMESPACE -o go-template="$FILTER" | python3 -c "$CSV2JSON" > "$NODEPORTS_FILE"
+ kubectl get svc -n $NAMESPACE -o go-template="$FILTER" | python3 -c "$CSV2JSON" > "$NODEPORTS_FILE"
}
copy_actual_nodeport_json_to_robot () {
- kubectl cp "$1" "$2/$3:$4"
+ kubectl cp "$1" "$2/$3:$4"
}
cleanup () {
- rm "$NODEPORTS_FILE"
+ rm "$NODEPORTS_FILE"
}
diff --git a/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh b/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh
index a93f109085..e23e5ed83b 100755
--- a/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh
+++ b/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# SPDX-License-Identifier: Apache-2.0
diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh
index fa76a9ee40..6d7ada618d 100755
--- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh
@@ -1,6 +1,6 @@
-#!/bin/bash
-{{/*
+#!/bin/sh
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/kubernetes/sdnc/resources/config/bin/createLinks.sh b/kubernetes/sdnc/resources/config/bin/createLinks.sh
index 52c40723f9..d8a2025bea 100755
--- a/kubernetes/sdnc/resources/config/bin/createLinks.sh
+++ b/kubernetes/sdnc/resources/config/bin/createLinks.sh
@@ -4,8 +4,7 @@
# ============LICENSE_START=======================================================
# ONAP : SDN-C
# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -42,7 +41,7 @@ then
if [ -d $JOURNAL_PATH ]
then
mv $JOURNAL_PATH/* $MDSAL_PATH/journal
- rm -f $JOURNAL_PATH
+ rm -f $JOURNAL_PATH
fi
ln -s $MDSAL_PATH/journal $JOURNAL_PATH
fi
@@ -52,7 +51,7 @@ then
if [ -d $SNAPSHOTS_PATH ]
then
mv $SNAPSHOTS_PATH/* $MDSAL_PATH/snapshots
- rm -f $SNAPSHOTS_PATH
+ rm -f $SNAPSHOTS_PATH
fi
ln -s $MDSAL_PATH/snapshots $SNAPSHOTS_PATH
fi
diff --git a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh
index 42abf54444..2406a48c37 100755
--- a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh
+++ b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh
@@ -1,12 +1,11 @@
-#!/bin/bash
-{{/*
+#!/bin/sh
+{{/*
###
# ============LICENSE_START=======================================================
# ONAP : SDN-C
# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh
index 7b88055078..33c4b32146 100755
--- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh
@@ -27,7 +27,7 @@ echo "Creating so user . . ." 1>/tmp/mariadb-so-user.log 2>&1
prepare_password()
{
- echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
}
DB_PASSWORD=`prepare_password $DB_PASSWORD`
diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh
index 5296748c50..069556f51c 100755
--- a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh
+++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh
@@ -27,7 +27,7 @@ echo "Creating so admin user . . ." 1>/tmp/mariadb-so-admin.log 2>&1
prepare_password()
{
- echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
}
DB_ADMIN_PASSWORD=`prepare_password $DB_ADMIN_PASSWORD`
diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml
index 938a6f9d00..2417d2553c 100755
--- a/kubernetes/so/components/soHelpers/values.yaml
+++ b/kubernetes/so/components/soHelpers/values.yaml
@@ -34,11 +34,11 @@ certInitializer:
fqdn: so
fqi: so@so.onap.org
public_fqdn: so.onap.org
+ fqi_namespace: org.onap.so
cadi_longitude: '0.0'
cadi_latitude: '0.0'
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
- qi_namespace: org.onap.so
aaf_add_config: |
echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop
echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop
diff --git a/kubernetes/so/requirements.yaml b/kubernetes/so/requirements.yaml
index f2fc70c1f9..af95ab85ce 100755
--- a/kubernetes/so/requirements.yaml
+++ b/kubernetes/so/requirements.yaml
@@ -18,6 +18,9 @@ dependencies:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
- name: readinessCheck
version: ~8.x-0
repository: '@local'
diff --git a/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh b/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh
index 3a9ef84834..5bbd187b05 100755
--- a/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh
+++ b/kubernetes/so/resources/config/docker-files/scripts/start-jboss-server.sh
@@ -22,10 +22,10 @@ fi
#Start the chef-solo if mso-docker.json contains some data.
if [ -s /var/berks-cookbooks/${CHEF_REPO_NAME}/environments/mso-docker.json ]
then
- echo "mso-docker.json has some configuration, replay the recipes."
- chef-solo -c /var/berks-cookbooks/${CHEF_REPO_NAME}/solo.rb -o recipe[mso-config::apih],recipe[mso-config::bpmn],recipe[mso-config::jra]
+ echo "mso-docker.json has some configuration, replay the recipes."
+ chef-solo -c /var/berks-cookbooks/${CHEF_REPO_NAME}/solo.rb -o recipe[mso-config::apih],recipe[mso-config::bpmn],recipe[mso-config::jra]
else
- echo "mso-docker.json is empty, do not replay the recipes."
+ echo "mso-docker.json is empty, do not replay the recipes."
fi
JBOSS_PIDFILE=/tmp/jboss-standalone.pid
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index ca2fe07b22..064415927f 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -151,6 +151,24 @@ aaf:
trustore: org.onap.so.trust.jks
#################################################################
+# AAF part for Ingress
+#################################################################
+certInitializer:
+ nameOverride: so-tls-cert
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: so
+ fqi: so@so.onap.org
+ public_fqdn: so.onap.org
+ fqi_namespace: org.onap.so
+ cadi_longitude: '0.0'
+ cadi_latitude: '0.0'
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ ingressTlsSecret: '{{ include "common.release" . }}-so-ingress-certs'
+
+#################################################################
# Application configuration defaults.
#################################################################
@@ -263,7 +281,8 @@ ingress:
name: 'so'
port: 8080
config:
- ssl: 'none'
+ tls:
+ secret: '{{ include "common.release" . }}-so-ingress-certs'
mso:
adapters:
diff --git a/tox.ini b/tox.ini
index 01e9953617..7339601b92 100644
--- a/tox.ini
+++ b/tox.ini
@@ -4,6 +4,7 @@ envlist =
docs,
docs-linkcheck,
gitlint,
+ checkbashisms,
skipsdist=true
[doc8]
@@ -52,7 +53,7 @@ commands =
sh -c 'which checkbashisms>/dev/null || sudo yum install devscripts-minimal || sudo apt-get install devscripts \
|| (echo "checkbashisms command not found - please install it (e.g. sudo apt-get install devscripts | \
yum install devscripts-minimal )" >&2 && exit 1)'
- find . -not -path '*/\.*' -name *.sh -exec checkbashisms -f \{\} +
+ find . -not -path '*/\.*' -name *.sh -exec checkbashisms \{\} +
[testenv:autopep8]
deps = autopep8