diff options
47 files changed, 537 insertions, 312 deletions
diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml index 58017bdf40..355cd608cb 100644 --- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml +++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml @@ -81,11 +81,11 @@ persistence: mountSubPath: sms/consul/data service: - type: NodePort + type: ClusterIP name: aaf-sms-db portName: aaf-sms-db internalPort: 8200 - nodePort: 44 + externalPort: 8200 ingress: enabled: false diff --git a/kubernetes/aai/charts/aai-gizmo/resources/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-gizmo/resources/config/auth/client-cert.p12 Binary files differnew file mode 100644 index 0000000000..dbf4fcacec --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/config/auth/client-cert.p12 diff --git a/kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v15.json b/kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v15.json new file mode 100644 index 0000000000..8d00636d27 --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v15.json @@ -0,0 +1,6 @@ +{ + "contains-other-v": "java.lang.String", + "delete-other-v": "java.lang.String", + "SVC-INFRA": "java.lang.String", + "prevent-delete": "java.lang.String" +}
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-gizmo/resources/config/schema-ingest.properties b/kubernetes/aai/charts/aai-gizmo/resources/config/schema-ingest.properties index 39e08edf1b..647d4d963e 100644 --- a/kubernetes/aai/charts/aai-gizmo/resources/config/schema-ingest.properties +++ b/kubernetes/aai/charts/aai-gizmo/resources/config/schema-ingest.properties @@ -1,22 +1,45 @@ +############################################################################### # Schema Version Related Attributes +############################################################################### schema.uri.base.path=/aai # Lists all of the versions in the schema -schema.version.list=v9,v10,v11,v12,v13,v14 +schema.version.list=v10,v11,v12,v13,v14,v15 # Specifies from which version should the depth parameter to default to zero -schema.version.depth.start=v9 +schema.version.depth.start=v10 # Specifies from which version should the related link be displayed in response payload schema.version.related.link.start=v10 # Specifies from which version should the client see only the uri excluding host info # Before this version server base will also be included schema.version.app.root.start=v11 # Specifies from which version should the namespace be changed -schema.version.namespace.change.start=v12 +schema.version.namespace.change.start=v11 # Specifies from which version should the client start seeing the edge label in payload schema.version.edge.label.start=v12 # Specifies the version that the application should default to -schema.version.api.default=v14 +schema.version.api.default=v15 +############################################################################### +# Schema Location Related Attributes +############################################################################### # Schema Location Related Attributes schema.configuration.location=NA schema.nodes.location=/opt/app/crud-api/bundleconfig/etc/onap/oxm schema.edges.location=/opt/app/crud-api/bundleconfig/etc/onap/dbedgerules + +############################################################################### +# Schema Service Related Attributes +############################################################################### +# Specifies whether to use the schema service or local schema files +schema.translator.list=config + +schema.service.base.url=https://<host>:8452/aai/schema-service/v1/ +schema.service.nodes.endpoint=nodes?version= +schema.service.edges.endpoint=edgerules?version= +schema.service.versions.endpoint=versions + +#Default rest client is the two-way-ssl +schema.service.client=two-way-ssl +#Replace the below with the A&AI client key store +schema.service.ssl.key-store=${CONFIG_HOME}/auth/client-cert.p12 +#Replace the below with the A&AI tomcat trust store +schema.service.ssl.trust-store=${CONFIG_HOME}/auth/tomcat_keystore
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml index d622be662d..a596a6b77d 100644 --- a/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml @@ -109,7 +109,6 @@ spec: ports: - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort2 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml index 17f819b8ea..d8856164fb 100644 --- a/kubernetes/appc/values.yaml +++ b/kubernetes/appc/values.yaml @@ -61,7 +61,7 @@ config: openStackServiceTenantName: default openStackDomain: default openStackUserName: admin - openStackEncryptedPassword: admin + openStackEncryptedPassword: enc:LDEbHEAvTF1R odlUser: admin appc-ansible-server: diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml index a5e8edb36e..26067e0230 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml @@ -95,7 +95,7 @@ componentImages: tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.1.0 ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.3.1 snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0 - prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.1.1 + prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.2.0-SNAPSHOT hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.1.0-SNAPSHOT # Resource Limit flavor -By Default using small diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/poddisruptionbudget.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/poddisruptionbudget.yaml new file mode 100644 index 0000000000..0bc64e7682 --- /dev/null +++ b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/poddisruptionbudget.yaml @@ -0,0 +1,28 @@ +# Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ include "common.fullname" . }}-pdb + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + selector: + matchLabels: + app: {{ include "common.fullname" . }} + maxUnavailable: 1 diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pv.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pv.yaml index bf372b3744..44c9576abe 100644 --- a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pv.yaml +++ b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pv.yaml @@ -1,6 +1,4 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,26 +11,29 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} +{{- $root := . -}} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolume +{{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }} +--- apiVersion: v1 +kind: PersistentVolume metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} + name: {{ $root.Release.Name }}-{{ $root.Values.service.name }}-{{ $i }} + namespace: {{ $root.Release.Namespace }} labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} + app: {{ $root.Values.service.name }} + chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }} + release: {{ $root.Release.Name }} + heritage: {{ $root.Release.Service }} spec: capacity: - storage: {{ .Values.persistence.size }} + storage: {{ $root.Values.persistence.size }} accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + - {{ $root.Values.persistence.accessMode }} hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} -{{- end -}} + path: {{ $root.Values.persistence.mountPath }}/{{ $root.Release.Name }}/{{ $root.Values.persistence.mountSubPath }}-{{ $i }} + persistentVolumeReclaimPolicy: {{ $root.Values.persistence.volumeReclaimPolicy }} +{{ end }} +{{ end }} + diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pvc.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pvc.yaml deleted file mode 100644 index 1deed4e92a..0000000000 --- a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pvc.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - selector: - matchLabels: - name: {{ include "common.fullname" . }} - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} -{{- end -}} diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/service.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/service.yaml index a88cbc4738..88de96b2d5 100644 --- a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/service.yaml +++ b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/service.yaml @@ -24,10 +24,13 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: + type: {{ .Values.service.type }} ports: - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} name: {{ .Values.service.portName }} + clusterIP: None selector: app: {{ include "common.name" . }} release: {{ .Release.Name }} + diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/deployment.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/statefulset.yaml index 52a3eddf86..163bbc23b6 100644 --- a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/deployment.yaml +++ b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/statefulset.yaml @@ -13,8 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 -kind: Deployment +apiVersion: apps/v1beta1 +kind: StatefulSet metadata: name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} @@ -24,32 +24,30 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: + serviceName: {{ .Values.service.name }} replicas: {{ .Values.replicaCount }} + podManagementPolicy: Parallel template: metadata: labels: app: {{ include "common.name" . }} release: {{ .Release.Name }} spec: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - {{ include "common.name" . }} + topologyKey: "kubernetes.io/hostname" initContainers: - - name: {{ include "common.name" . }}-seed-kafka-topics - command: - - /bin/bash - - -c - - > - if [ -d /tmp/topics/ECOMP-PORTAL-INBOX-0 ]; then - echo "nothing to do"; - else - git clone -b {{ .Values.config.gerritBranch }} --single-branch {{ .Values.config.gerritProject }} /tmp/gerrit; - echo "Clone complete. Copying from /tmp/gerrit/oom-projects/data-kafka/kafka-logs/* to /tmp/topics"; - cp -var /tmp/gerrit/oom-topics/data-kafka/kafka-logs/* /tmp/topics; - echo "Done."; - fi + - name: {{ include "common.name" . }}-initcontainer image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /tmp/topics - name: kafka-data - command: - /root/ready.py args: @@ -72,7 +70,7 @@ spec: {{ include "common.resources" . | indent 12 }} ports: - containerPort: {{ .Values.service.internalPort }} - {{ if eq .Values.liveness.enabled true }} + {{ if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: port: {{ .Values.service.internalPort }} @@ -85,18 +83,36 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: + - name: HOST_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: HOST_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace - name: KAFKA_ZOOKEEPER_CONNECT value: "{{.Values.zookeeper.name}}:{{.Values.zookeeper.port}}" - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP value: "INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT" - name: KAFKA_ADVERTISED_LISTENERS - value: "INTERNAL_PLAINTEXT://{{ include "common.servicename" . }}:{{.Values.service.internalPort}}" + value: "INTERNAL_PLAINTEXT://$(HOST_NAME).{{ .Values.service.name }}.$(HOST_NAMESPACE).svc.cluster.local:{{ .Values.service.internalPort}}" - name: KAFKA_LISTENERS value: "INTERNAL_PLAINTEXT://0.0.0.0:{{.Values.service.internalPort}}" - name: KAFKA_INTER_BROKER_LISTENER_NAME value: "INTERNAL_PLAINTEXT" - name: KAFKA_LOG_DIRS - value: "/kafka/logs" + value: "kafka/logs" + - name: BROKER_ID_COMMAND + value: "hostname | awk -F '-' '{print $NF}'" + - name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR + value: "{{ .Values.replicaCount }}" + - name: KAFKA_DEFAULT_REPLICATION_FACTOR + value: "{{ .Values.replicaCount }}" + - name: KAFKA_NUM_PARTITIONS + value: "{{ .Values.defaultpartitions }}" volumeMounts: - mountPath: /etc/localtime name: localtime @@ -112,8 +128,30 @@ spec: - name: docker-socket hostPath: path: /var/run/docker.sock +{{ if not .Values.persistence.enabled }} - name: kafka-data - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }} + emptyDir: {} +{{ else }} + volumeClaimTemplates: + - metadata: + name: kafka-data + labels: + app: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + selector: + matchLabels: + release: "{{ .Release.Name }}" + app: {{ .Values.service.name }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: "{{ .Release.Service }}" +{{ end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml index 43c4d3aecd..6569729bee 100644 --- a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml +++ b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml @@ -41,16 +41,12 @@ zookeeper: # flag to enable debugging - application support required debugEnabled: false -# application configuration -config: - # gerrit branch where the latest code is checked in - gerritBranch: 3.0.0-ONAP - # gerrit project where the latest code is checked in - gerritProject: http://gerrit.onap.org/r/dmaap/messagerouter/messageservice.git +# default number of instances +replicaCount: 3 +# defult partitions +defaultpartitions: 3 -# default number of instances -replicaCount: 1 nodeSelector: {} @@ -92,7 +88,7 @@ persistence: mountSubPath: message-router/data-kafka service: - type: NodePort + type: ClusterIP name: message-router-kafka portName: message-router-kafka internalPort: 9092 @@ -120,3 +116,4 @@ resources: cpu: 1000m memory: 2Gi unlimited: {} + diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/poddisruptionbudget.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/poddisruptionbudget.yaml new file mode 100644 index 0000000000..0bc64e7682 --- /dev/null +++ b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/poddisruptionbudget.yaml @@ -0,0 +1,28 @@ +# Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ include "common.fullname" . }}-pdb + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + selector: + matchLabels: + app: {{ include "common.fullname" . }} + maxUnavailable: 1 diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pv.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pv.yaml index bf372b3744..44c9576abe 100644 --- a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pv.yaml +++ b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pv.yaml @@ -1,6 +1,4 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,26 +11,29 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} +{{- $root := . -}} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolume +{{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }} +--- apiVersion: v1 +kind: PersistentVolume metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} + name: {{ $root.Release.Name }}-{{ $root.Values.service.name }}-{{ $i }} + namespace: {{ $root.Release.Namespace }} labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} + app: {{ $root.Values.service.name }} + chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }} + release: {{ $root.Release.Name }} + heritage: {{ $root.Release.Service }} spec: capacity: - storage: {{ .Values.persistence.size }} + storage: {{ $root.Values.persistence.size }} accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + - {{ $root.Values.persistence.accessMode }} hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} -{{- end -}} + path: {{ $root.Values.persistence.mountPath }}/{{ $root.Release.Name }}/{{ $root.Values.persistence.mountSubPath }}-{{ $i }} + persistentVolumeReclaimPolicy: {{ $root.Values.persistence.volumeReclaimPolicy }} +{{ end }} +{{ end }} + diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pvc.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pvc.yaml deleted file mode 100644 index 1deed4e92a..0000000000 --- a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pvc.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - selector: - matchLabels: - name: {{ include "common.fullname" . }} - accessModes: - - {{ .Values.persistence.accessMode }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" -{{- end }} -{{- end }} -{{- end -}} diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/service.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/service.yaml index 06bf063857..da494b0ba5 100644 --- a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/service.yaml +++ b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/service.yaml @@ -1,4 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2018 Amdocs, AT&T, Bell Canada # Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,10 +24,15 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: + type: {{ .Values.service.type }} ports: - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} + - port: {{ .Values.service.clientPort }} + name: {{ .Values.service.clientPortName }} + - port: {{ .Values.service.serverPort }} + name: {{ .Values.service.serverPortName }} + - port: {{ .Values.service.leaderElectionPort }} + name: {{ .Values.service.leaderElectionPortName }} + clusterIP: None selector: app: {{ include "common.name" . }} - release: {{ .Release.Name }} - clusterIP: None + release: {{ .Release.Name }}
\ No newline at end of file diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/deployment.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/statefulset.yaml index 6c1f762118..14f27949a7 100644 --- a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/deployment.yaml +++ b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/statefulset.yaml @@ -13,8 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 -kind: Deployment +apiVersion: apps/v1beta1 +kind: StatefulSet metadata: name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} @@ -24,15 +24,32 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: + serviceName: {{ .Values.service.name }} replicas: {{ .Values.replicaCount }} + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: {{ .Values.maxUnavailable }} + podManagementPolicy: Parallel template: metadata: labels: app: {{ include "common.name" . }} release: {{ .Release.Name }} spec: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: "app" + operator: In + values: + - {{ include "common.name" . }} + topologyKey: "kubernetes.io/hostname" initContainers: - - name: {{ include "common.name" . }}-seed-zookeeper-topics + - name: {{ include "common.name" . }}-seed-topics-apikeys command: - /bin/bash - -c @@ -57,31 +74,73 @@ spec: resources: {{ include "common.resources" . | indent 12 }} ports: - - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.clientPort }} + name: {{ .Values.service.clientPortName }} + - containerPort: {{ .Values.service.serverPort }} + name: {{ .Values.service.serverPortName }} + - containerPort: {{ .Values.service.leaderElectionPort }} + name: {{ .Values.service.leaderElectionPortName }} {{ if eq .Values.liveness.enabled true }} livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} + exec: + command: + - sh + - -c + - "zookeeper-ready.sh 2181" initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end }} readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} + exec: + command: + - sh + - -c + - "zookeeper-ready.sh 2181" initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: ZK_REPLICAS + value: "{{ .Values.replicaCount }}" + - name: ZK_INIT_LIMIT + value: "{{ .Values.zk.initLimit }}" + - name: ZK_SYNC_LIMIT + value: "{{ .Values.zk.syncLimit }}" volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /opt/zookeeper-3.4.9/data + - mountPath: /var/lib/zookeeper/data name: zookeeper-data volumes: - name: localtime hostPath: path: /etc/localtime +{{ if not .Values.persistence.enabled }} - name: zookeeper-data - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }} + emptyDir: {} +{{ else }} + volumeClaimTemplates: + - metadata: + name: zookeeper-data + labels: + app: {{ include "common.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + selector: + matchLabels: + release: "{{ .Release.Name }}" + app: {{ .Values.service.name }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + heritage: "{{ .Release.Service }}" +{{ end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" + + diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml index 05963ab48c..7b9e9eb58a 100644 --- a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml +++ b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml @@ -29,8 +29,8 @@ global: # Application configuration defaults. ################################################################# # application image -repository: docker.io -image: wurstmeister/zookeeper:latest +repository: nexus3.onap.org:10001 +image: onap/dmaap/zookeeper:1.0.0 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 @@ -40,12 +40,12 @@ debugEnabled: false # application configuration config: # gerrit branch where the latest code is checked in - gerritBranch: 3.0.0-ONAP + gerritBranch: master # gerrit project where the latest code is checked in gerritProject: http://gerrit.onap.org/r/dmaap/messagerouter/messageservice.git # default number of instances -replicaCount: 1 +replicaCount: 3 nodeSelector: {} @@ -63,6 +63,11 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 +#Zookeeper properties +zk: + initLimit: 5 + syncLimit: 2 + ## Persist data to a persitent volume persistence: enabled: true @@ -84,13 +89,21 @@ persistence: accessMode: ReadWriteMany size: 2Gi mountPath: /dockerdata-nfs - mountSubPath: message-router/data-zookeeper/ + mountSubPath: message-router/data-zookeeper + +rollingUpdate: + maxUnavailable: 1 service: - type: NodePort + type: ClusterIP name: message-router-zookeeper portName: message-router-zookeeper - internalPort: 2181 + clientPortName: client + clientPort: 2181 + serverPortName: server + serverPort: 2888 + leaderElectionPortName: leader-election + leaderElectionPort: 3888 ingress: enabled: false diff --git a/kubernetes/dmaap/charts/message-router/resources/config/dmaap/MsgRtrApi.properties b/kubernetes/dmaap/charts/message-router/resources/config/dmaap/MsgRtrApi.properties index 99eaeb298c..d40d2a1468 100755 --- a/kubernetes/dmaap/charts/message-router/resources/config/dmaap/MsgRtrApi.properties +++ b/kubernetes/dmaap/charts/message-router/resources/config/dmaap/MsgRtrApi.properties @@ -1,5 +1,4 @@ -############################################################################### -# ============LICENSE_START======================================================= +# LICENSE_START======================================================= # org.onap.dmaap # ================================================================================ # Copyright © 2017 AT&T Intellectual Property. All rights reserved. @@ -122,7 +121,7 @@ cambria.consumer.cache.touchFreqMs=120000 ## hostname is determined via InetAddress.getLocalHost ().getCanonicalHostName(), ## which is not always adequate.) You can set this value explicitly here. ## -cambria.api.node.identifier=message-router +#cambria.api.node.identifier=<use-something-unique-to-this-instance> #cambria.rateLimit.maxEmptyPollsPerMinute=30 #cambria.rateLimitActual.delay.ms=10 @@ -138,7 +137,9 @@ cambria.api.node.identifier=message-router #metrics.send.cambria.sendEverySeconds=60 cambria.consumer.cache.zkBasePath=/fe3c/cambria/consumerCache - +consumer.timeout=17 +default.partitions=3 +default.replicas=3 ############################################################################## #100mb maxcontentlength=10000 @@ -165,4 +166,5 @@ msgRtr.mirrormaker.consumerid=1 kafka.max.poll.interval.ms=300000 kafka.heartbeat.interval.ms=60000 kafka.session.timeout.ms=240000 -kafka.max.poll.records=1000
\ No newline at end of file +kafka.max.poll.records=1000 + diff --git a/kubernetes/dmaap/charts/message-router/templates/deployment.yaml b/kubernetes/dmaap/charts/message-router/templates/statefulset.yaml index 4e12ded493..bdd134ac64 100644 --- a/kubernetes/dmaap/charts/message-router/templates/deployment.yaml +++ b/kubernetes/dmaap/charts/message-router/templates/statefulset.yaml @@ -12,8 +12,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 -kind: Deployment +apiVersion: apps/v1beta1 +kind: StatefulSet metadata: name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} diff --git a/kubernetes/dmaap/charts/message-router/values.yaml b/kubernetes/dmaap/charts/message-router/values.yaml index bd1c660d9d..5d01e55077 100644 --- a/kubernetes/dmaap/charts/message-router/values.yaml +++ b/kubernetes/dmaap/charts/message-router/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/dmaap-mr:1.1.8 +image: onap/dmaap/dmaap-mr:1.1.9 pullPolicy: Always kafka: @@ -53,14 +53,14 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 120 + initialDelaySeconds: 70 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 120 + initialDelaySeconds: 70 periodSeconds: 10 service: diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/values.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/values.yaml index 883e9f4efa..ccd70b30cf 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/values.yaml +++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/values.yaml @@ -39,11 +39,11 @@ persistence: #Service configuration for this chart service: - type: NodePort + type: ClusterIP name: multicloud-prometheus-alertmanager portName: prometheus-alertmanager internalPort: 9093 - nodePort: 62 + externalPort: 9093 meshpeer: enabled: false diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/values.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/values.yaml index 4018a69d38..43f4e93a6f 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/values.yaml +++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/values.yaml @@ -43,11 +43,11 @@ persistence: #Service configuration for this chart service: - type: NodePort + type: ClusterIP name: multicloud-prometheus-grafana portName: prometheus-grafana internalPort: 3000 - nodePort: 63 + externalPort: 3000 #Grafana Datasources datasources: diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/configmap.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/templates/configmap.yaml index 8b6da6a6c1..a5aff3480b 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/templates/configmap.yaml +++ b/kubernetes/multicloud/charts/multicloud-prometheus/templates/configmap.yaml @@ -14,6 +14,8 @@ # limitations under the License. */}} +{{- if .Values.global.prometheus.enabled -}} + apiVersion: v1 kind: ConfigMap metadata: @@ -26,3 +28,5 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} + +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/templates/deployment.yaml index 00c6e21c5d..562755db91 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/templates/deployment.yaml +++ b/kubernetes/multicloud/charts/multicloud-prometheus/templates/deployment.yaml @@ -14,6 +14,8 @@ # limitations under the License. */}} +{{- if .Values.global.prometheus.enabled -}} + apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -119,3 +121,5 @@ spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" restartPolicy: Always + +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/pv.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/templates/pv.yaml index 37ed28ee9d..961b6bba63 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/templates/pv.yaml +++ b/kubernetes/multicloud/charts/multicloud-prometheus/templates/pv.yaml @@ -14,6 +14,8 @@ # limitations under the License. */}} +{{- if .Values.global.prometheus.enabled -}} + {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} kind: PersistentVolume apiVersion: v1 @@ -34,4 +36,6 @@ spec: persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} hostPath: path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} +{{- end -}} + {{- end -}}
\ No newline at end of file diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/pvc.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/templates/pvc.yaml index e6aacd1b96..73fcc30ba6 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/templates/pvc.yaml +++ b/kubernetes/multicloud/charts/multicloud-prometheus/templates/pvc.yaml @@ -14,6 +14,8 @@ # limitations under the License. */}} +{{- if .Values.global.prometheus.enabled -}} + {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} kind: PersistentVolumeClaim apiVersion: v1 @@ -46,3 +48,5 @@ spec: {{- end }} {{- end }} {{- end -}} + +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/service.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/templates/service.yaml index f736793d7b..88f5cac526 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/templates/service.yaml +++ b/kubernetes/multicloud/charts/multicloud-prometheus/templates/service.yaml @@ -14,6 +14,8 @@ # limitations under the License. */}} +{{- if .Values.global.prometheus.enabled -}} + apiVersion: v1 kind: Service metadata: @@ -39,4 +41,6 @@ spec: protocol: TCP selector: app: {{ include "common.name" . }} - release: {{ .Release.Name }}
\ No newline at end of file + release: {{ .Release.Name }} + +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/values.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/values.yaml index c107a55878..5065392214 100644 --- a/kubernetes/multicloud/charts/multicloud-prometheus/values.yaml +++ b/kubernetes/multicloud/charts/multicloud-prometheus/values.yaml @@ -24,9 +24,9 @@ global: busyboxRepository: registry.hub.docker.com busyboxImage: library/busybox:latest alertmanager: - enabled: true + enabled: false grafana: - enabled: true + enabled: false configmapReload: image: repository: jimmidyson/configmap-reload @@ -57,11 +57,11 @@ persistence: #Service configuration for this chart service: - type: NodePort + type: ClusterIP name: multicloud-prometheus portName: multicloud-prometheus internalPort: 9090 - nodePort: 45 + externalPort: 9090 # probe configuration parameters liveness: diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml index 78f42ccbfb..8ebcb826ae 100644 --- a/kubernetes/multicloud/values.yaml +++ b/kubernetes/multicloud/values.yaml @@ -20,6 +20,8 @@ global: nodePortPrefix: 302 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + prometheus: + enabled: false ################################################################# # Application configuration defaults. diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf index 7afaeaea61..cff0deec5a 100644 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf +++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf @@ -22,19 +22,19 @@ TRUSTSTORE_PASSWD=Pol1cy_0nap # Telemetry credentials -ENGINE_MANAGEMENT_PORT=9696 -ENGINE_MANAGEMENT_HOST=0.0.0.0 -ENGINE_MANAGEMENT_USER=demo@people.osaaf.org -ENGINE_MANAGEMENT_PASSWORD=demo123456! +TELEMETRY_PORT=9696 +TELEMETRY_HOST=0.0.0.0 +TELEMETRY_USER=demo@people.osaaf.org +TELEMETRY_PASSWORD=demo123456! # nexus repository -snapshotRepositoryID=policy-nexus-snapshots -snapshotRepositoryUrl=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots/ -releaseRepositoryID=policy-nexus-releases -releaseRepositoryUrl=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases/ -repositoryUsername=admin -repositoryPassword=admin123 +SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots +SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots/ +RELEASE_REPOSITORY_ID=policy-nexus-releases +RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases/ +REPOSITORY_USERNAME=admin +REPOSITORY_PASSWORD=admin123 # Relational (SQL) DB access diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json b/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json index c8908c7b91..57542c3510 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json +++ b/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json @@ -5,7 +5,7 @@ # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, @@ -16,63 +16,49 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= { - "engineServiceParameters": { - "name": "PolicyApexPDPEngine", - "version": "0.0.1", - "id": 45, - "instanceCount": 4, - "deploymentPort": 12345, - "engineParameters": { - "executorParameters": { - "JAVASCRIPT": { - "parameterClassName": "org.onap.policy.apex.plugins.executor.javascript.JavascriptExecutorParameters" - } - }, - "contextParameters": { - "parameterClassName": "org.onap.policy.apex.context.parameters.ContextParameters", - "schemaParameters": { - "Avro": { - "parameterClassName": "org.onap.policy.apex.plugins.context.schema.avro.AvroSchemaHelperParameters" - } - } - } - } - }, - "eventInputParameters": { - "ApexConsumer": { - "carrierTechnologyParameters" : { - "carrierTechnology" : "RESTSERVER", - "parameterClassName" : - "org.onap.policy.apex.plugins.event.carrier.restserver.RestServerCarrierTechnologyParameters", - "parameters" : { - "standalone" : true, - "host" : "localhost", - "port" : 12346 - } - }, - "eventProtocolParameters":{ - "eventProtocol" : "JSON" - }, - "synchronousMode" : true, - "synchronousPeer" : "ApexProducer", - "synchronousTimeout" : 500 - } - }, - "eventOutputParameters": { - "ApexProducer": { - "carrierTechnologyParameters":{ - "carrierTechnology" : "RESTSERVER", - "parameterClassName" : - "org.onap.policy.apex.plugins.event.carrier.restserver.RestServerCarrierTechnologyParameters" - }, - "eventProtocolParameters":{ - "eventProtocol" : "JSON" - }, - "synchronousMode" : true, - "synchronousPeer" : "ApexConsumer", - "synchronousTimeout" : 500 - } + "javaProperties" : [ + ["javax.net.ssl.trustStore", "/opt/app/policy/apex-pdp/etc/ssl/policy-truststore"], + ["javax.net.ssl.trustStorePassword", "UG9sMWN5XzBuYXA="] + ], + "engineServiceParameters": { + "name": "MyApexEngine", + "version": "0.0.1", + "id": 45, + "instanceCount": 4, + "deploymentPort": 12345, + "policyModelFileName": "examples/models/SampleDomain/SamplePolicyModelJAVASCRIPT.json", + "engineParameters": { + "executorParameters": { + "JAVASCRIPT": { + "parameterClassName": "org.onap.policy.apex.plugins.executor.javascript.JavascriptExecutorParameters" } + } + } + }, + "eventOutputParameters": { + "FirstProducer": { + "carrierTechnologyParameters": { + "carrierTechnology": "FILE", + "parameters": { + "standardIo": true + } + }, + "eventProtocolParameters": { + "eventProtocol": "JSON" + } + } + }, + "eventInputParameters": { + "FirstConsumer": { + "carrierTechnologyParameters": { + "carrierTechnology": "FILE", + "parameters": { + "standardIo": true + } + }, + "eventProtocolParameters": { + "eventProtocol": "JSON" + } + } + } } - - diff --git a/kubernetes/policy/charts/policy-distribution/resources/config/config.json b/kubernetes/policy/charts/policy-distribution/resources/config/config.json index b0a6504555..5591e58e32 100644 --- a/kubernetes/policy/charts/policy-distribution/resources/config/config.json +++ b/kubernetes/policy/charts/policy-distribution/resources/config/config.json @@ -21,7 +21,8 @@ "host":"0.0.0.0", "port":6969, "userName":"healthcheck", - "password":"zb!XztG34" + "password":"zb!XztG34", + "https":true }, "receptionHandlerParameters":{ "SDCReceptionHandler":{ @@ -107,14 +108,14 @@ "xacmlPdpConfiguration":{ "parameterClassName":"org.onap.policy.distribution.forwarding.xacml.pdp.XacmlPdpPolicyForwarderParameterGroup", "parameters":{ - "useHttps": false, + "useHttps": true, "hostname": "pdp", "port": 8081, "userName": "testpdp", "password": "alpha123", "clientAuth": "cHl0aG9uOnRlc3Q=", "isManaged": true, - "pdpGroup": "pdpGroup" + "pdpGroup": "default" } }, "apexForwarderConfiguration":{ diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/future-builders/ndcb.properties b/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/ndcb.properties index f07cb65c31..f07cb65c31 100755..100644 --- a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/future-builders/ndcb.properties +++ b/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/ndcb.properties diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/resources/config/elasticsearch.yml b/kubernetes/pomba/charts/pomba-elasticsearch/resources/config/elasticsearch.yml index 2e469d551f..2ffa686ba5 100644 --- a/kubernetes/pomba/charts/pomba-elasticsearch/resources/config/elasticsearch.yml +++ b/kubernetes/pomba/charts/pomba-elasticsearch/resources/config/elasticsearch.yml @@ -131,3 +131,4 @@ xpack.security.enabled: false xpack.watcher.enabled: false #Set to false to disable Watcher. + diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.crt.pem b/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.crt.pem new file mode 100644 index 0000000000..11125eaef7 --- /dev/null +++ b/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.crt.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID/TCCAuWgAwIBAgIJALVJyrUvH8uGMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +VQQGEwJBVTERMA8GA1UECAwIVmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTEd +MBsGA1UECgwURXhhbXBsZSBPcmdhbml6YXRpb24xGzAZBgNVBAMMEmtpYmFuYS5l +eGFtcGxlLm9yZzEiMCAGCSqGSIb3DQEJARYTZXhhbXBsZUBleGFtcGxlLm9yZzAe +Fw0xNjA5MTgwMzU4NTNaFw0yNjA5MTYwMzU4NTNaMIGUMQswCQYDVQQGEwJBVTER +MA8GA1UECAwIVmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTEdMBsGA1UECgwU +RXhhbXBsZSBPcmdhbml6YXRpb24xGzAZBgNVBAMMEmtpYmFuYS5leGFtcGxlLm9y +ZzEiMCAGCSqGSIb3DQEJARYTZXhhbXBsZUBleGFtcGxlLm9yZzCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAK3AKz7Jq8CGR75NcbuUKiLTJhSS0/TBGA9M +k+OmradT5qWhFKbxUDoMwT4YpUTzkUGUzkGEVbUsrKK4XaYXldRoHOm8mS0aBErk +g2ffmpi+TiGk5LHykZ0avmYeEsqVESAjVEMuU3fWJzZd4NfUcTKsBA7Ccqfnb3CB +TS5fbAz/zw1K//XR5ZNCEBOsFD+0oFGKTNLCeMBCwccFNyVI2mNZpDA++HilNiQj +TEJytBXGcMVZaS+Tc0vENfVWHAAtVdk8+dd6jkpNnDhK1W1TB7HvhScewyEGh9yb +cK5asE8TBebEvUIrPaVFz+ef/o3lRev0Gq1QUYAoaG7ps9JlDcsCAwEAAaNQME4w +HQYDVR0OBBYEFIKSLrYMY9fXpCS7OGnyxhS7JzRrMB8GA1UdIwQYMBaAFIKSLrYM +Y9fXpCS7OGnyxhS7JzRrMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB +ABiu7+GH8WGNPqPUUHP17HHYK41xAyYoKSzCrELKmFLphYhnUQA6EeBY8rjYr3X0 +Z2O0F9J6Cik/kG/uBYW0Oi8PQ0EeSZwzvd+CsAc2EJAryOBpafWRXa2XrOtFkKjq +jKWHSa0QJsBALiu8+JVfcwXYshbhmdVBxrktxMoY9WpGI7EcZkf77SW5enY4LtSF +wuRr2lv29YADsa/Q7JV2I4oAbWUjW3513mR5JsefHPk7hXZbRCXqUxFTmWpnDomF +HDeEDAdSgMgzODnbU/qHI9tmP6iDaCTz/eVfyCMKGYA0oIX1j5GdJ6HXK1OHafJK +W/M9gDRhQKU0bTXC2CoEOAs= +-----END CERTIFICATE----- diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.key.pem b/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.key.pem new file mode 100644 index 0000000000..db46f0d462 --- /dev/null +++ b/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCtwCs+yavAhke+ +TXG7lCoi0yYUktP0wRgPTJPjpq2nU+aloRSm8VA6DME+GKVE85FBlM5BhFW1LKyi +uF2mF5XUaBzpvJktGgRK5INn35qYvk4hpOSx8pGdGr5mHhLKlREgI1RDLlN31ic2 +XeDX1HEyrAQOwnKn529wgU0uX2wM/88NSv/10eWTQhATrBQ/tKBRikzSwnjAQsHH +BTclSNpjWaQwPvh4pTYkI0xCcrQVxnDFWWkvk3NLxDX1VhwALVXZPPnXeo5KTZw4 +StVtUwex74UnHsMhBofcm3CuWrBPEwXmxL1CKz2lRc/nn/6N5UXr9BqtUFGAKGhu +6bPSZQ3LAgMBAAECggEAKE5S+d7ItAGydOf8QTpux+NZix5Agx+kGDB4gi/xSsbA +051ZcBy8sqqwzVnkROmHwcHmUvaC92NkrN6+AsCn5j08r9ArbHYDlugJv7f0YgiL +kWxyDQGrW9mPX5sMWuhXr6/iZS9C96K7N/ZxKUBD/jA/RLlA5chfZqboI6DJLP5s +u03ZW4toaGItLZtPxF07eElE4MGG/TbkoBZ5t79Y98TJP2oO95IpPQa8omqQcDEM +w0DsbV/dJV9AtyZBfmIRNaG5beiIUH26OQzUJP7FP2eIN4F/CAXLdlMnHtQA1XJz +QRwMxbfBQ+JfKD7YWedqivrjR0iPMx80M4HSU9DFaQKBgQDa+7F7zDRy4WU0GtfP +g+ArDUMjQv5pTXA0b2hKjHJRXM3LVo5qNJYWlirHtPjkVL4BJSY+iVl9/lfV2Xrf +gDXQLcUhABx5HNzZ5p+NyDHWrpZamFkfw9wLwQHXZGG8I+dla/iToHRWEH2QYxdz +VvfntpyE7XbxzhPPiS5haHGerwKBgQDLHxPn/jm2dSHa6jAidJXFJCMblcDuwIBy +7Cm7vnRro9Mbx/hZkRPXYWHQ/4WEVlWO9Sgkf4ambPSmdFg8ksQwBBd+l3K5K4Un +2AIL/PqgZg+anoEYYn1sqiWSc+YiO2GiRaHh5wOWtekEBBH9HcYkmKIXm3JHVdSw +SpQsryxppQKBgDi7qqDLJ+93a7PTHIRbwzEEL5esHKOFd4NuNZPSzS89HugGVcE4 +PIY/g3fX7/+f4NYFHOJozTGyOmlh/c53tfloUkEZeUb7blBZyo5+BkN7WeLAw55S +LOkyqNp33EZU+vcwwObmVB2UCiPlOEceif2TNvvNVdqRrFpBTS3ZVE5rAoGAJivk +9cgU2HESt60i9paqPq4X2us9oqCSgwZWoW2dO01CMwpVZZ+Z9vPaCgi68q+2zHLN +5G4Cw+vd3honKtr5+3wJXkTfzmSbVW2GlPIpt1L2w7vdztNTdsRS4z7clLpMEs67 +KVTcm8n7zEFnkAW0YtQ8Qet4gmdi3O5nAi65TfECgYEA0Pw2X4R37IrYM7tFDJSz +zDF4mRmk2qfhHBd8IaIDBpsXSgLcVRduro4HBzf/JeCt8rvw3VMLEFyqwyszpHro +xNnqPvbMPMCtOvUcr1VtXnO7CzaFNCJrfjYdV8vmDgvbYmBEHzG+LGbnVZIBUhQa +igVjtqU1uT83+VpR703IcBI= +-----END PRIVATE KEY----- diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/bin/kibana_start.sh b/kubernetes/pomba/charts/pomba-kibana/resources/bin/kibana_start.sh new file mode 100644 index 0000000000..2323fe1280 --- /dev/null +++ b/kubernetes/pomba/charts/pomba-kibana/resources/bin/kibana_start.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +# Copyright © 2018 Amdocs +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +mkdir -p /usr/share/kibana/auth +chmod 0777 /usr/share/kibana/auth + +cp /opt/app/auth/* /usr/share/kibana/auth/. + +chmod 0400 /usr/share/kibana/auth/* + +/usr/share/kibana/node/bin/node --no-warnings /usr/share/kibana/src/cli --cpu.cgroup.path.override=/ --cpuacct.cgroup.path.override=/ diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/config/kibana.yml b/kubernetes/pomba/charts/pomba-kibana/resources/config/kibana.yml index 6d31c4453d..fdcdd02cc7 100644 --- a/kubernetes/pomba/charts/pomba-kibana/resources/config/kibana.yml +++ b/kubernetes/pomba/charts/pomba-kibana/resources/config/kibana.yml @@ -51,9 +51,9 @@ elasticsearch.username: "elastic" elasticsearch.password: "changeme" # Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. # These settings enable SSL for outgoing requests from the Kibana server to the browser. -#server.ssl.enabled: $server_ssl_enabled -#server.ssl.certificate: $server_ssl_certificate -#server.ssl.key: $server_ssl_key +server.ssl.enabled: {{.Values.config.serverSslEnabled}} +server.ssl.certificate: {{.Values.config.serverSslCertificate}} +server.ssl.key: {{.Values.config.serverSslKey}} # Optional settings that provide the paths to the PEM-format SSL certificate and key files. # These files validate that your Elasticsearch backend uses the same key files. diff --git a/kubernetes/pomba/charts/pomba-kibana/templates/configmap.yaml b/kubernetes/pomba/charts/pomba-kibana/templates/configmap.yaml index fd8934b22c..4eb25fedcf 100644 --- a/kubernetes/pomba/charts/pomba-kibana/templates/configmap.yaml +++ b/kubernetes/pomba/charts/pomba-kibana/templates/configmap.yaml @@ -19,3 +19,19 @@ metadata: namespace: {{ include "common.namespace" . }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-auth + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/auth/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-bin + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/bin/*").AsConfig . | indent 2 }} diff --git a/kubernetes/pomba/charts/pomba-kibana/templates/deployment.yaml b/kubernetes/pomba/charts/pomba-kibana/templates/deployment.yaml index e87a04faba..2bc9e796c9 100644 --- a/kubernetes/pomba/charts/pomba-kibana/templates/deployment.yaml +++ b/kubernetes/pomba/charts/pomba-kibana/templates/deployment.yaml @@ -117,12 +117,15 @@ spec: - name: {{ include "common.name" . }} image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/bash"] + args: ["-c", "/opt/app/bin/kibana_start.sh"] ports: - containerPort: {{ .Values.service.internalPort }} name: {{ .Values.service.name }} readinessProbe: httpGet: path: "/" + scheme: "HTTPS" port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} @@ -133,6 +136,7 @@ spec: livenessProbe: httpGet: path: "/" + scheme: "HTTPS" port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} @@ -143,8 +147,12 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /usr/share/kibana/config/ + - mountPath: /usr/share/kibana/config name: {{ include "common.fullname" . }} + - mountPath: /opt/app/auth + name: {{ include "common.fullname" . }}-auth + - mountPath: /opt/app/bin + name: {{ include "common.fullname" . }}-bin resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -166,12 +174,20 @@ spec: - key: kibana.yml path: kibana.yml - key: default.json - path: default.json + path: default.json - key: validationsDump.json path: validationsDump.json - key: violationsDump.json path: violationsDump.json - key: default-mapping.json - path: default-mapping.json + path: default-mapping.json + - name: {{ include "common.fullname" . }}-auth + configMap: + name: {{ include "common.fullname" . }}-auth + defaultMode: 0777 + - name: {{ include "common.fullname" . }}-bin + configMap: + name: {{ include "common.fullname" . }}-bin + defaultMode: 0777 imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/pomba/charts/pomba-kibana/values.yaml b/kubernetes/pomba/charts/pomba-kibana/values.yaml index aa48263521..fe50e47fda 100644 --- a/kubernetes/pomba/charts/pomba-kibana/values.yaml +++ b/kubernetes/pomba/charts/pomba-kibana/values.yaml @@ -45,6 +45,11 @@ config: elasticsearchServiceName: pomba-es elasticsearchPort: 9200 + #Enable HTTPS + serverSslEnabled: true + serverSslCertificate: /usr/share/kibana/auth/pomba.crt.pem + serverSslKey: /usr/share/kibana/auth/pomba.key.pem + # default number of instances replicaCount: 1 diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/service.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/service.yaml index 2b54defa4e..913a2d8eaf 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/service.yaml +++ b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/service.yaml @@ -27,8 +27,7 @@ spec: ports:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.externalPort }}
- #Example internal target port if required
- #targetPort: {{ .Values.service.internalPort }}
+ targetPort: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName | default "http" }}
{{- else -}}
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml index 33eb2b82ed..fdc44298e2 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml +++ b/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml @@ -24,7 +24,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/network-discovery:latest +image: onap/network-discovery:1.4.1-latest pullPolicy: Always # flag to enable debugging - application support required @@ -86,12 +86,10 @@ service: #service being defined. type: NodePort name: pomba-networkdiscovery - externalPort: 8443 + externalPort: 9531 internalPort: 8443 nodePort: 99 -# nodePort: <replace with unused node port suffix eg. 23> - # optional port name override - default can be defined in service.yaml - #portName: http + portName: https ingress: enabled: false diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml index 9e4a8807cb..b45c24b9e9 100644 --- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml +++ b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml @@ -24,7 +24,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/pomba-network-discovery-context-builder:1.3.1 +image: onap/pomba-network-discovery-context-builder:1.4.0-SNAPSHOT-latest pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/values.yaml b/kubernetes/pomba/charts/pomba-sdncctxbuilder/values.yaml index 1627328ceb..7947b18ad2 100644 --- a/kubernetes/pomba/charts/pomba-sdncctxbuilder/values.yaml +++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/values.yaml @@ -44,7 +44,7 @@ config: aaiKeyStorePath: n/a aaiKeyStorePassword: n/a aaiConnectionTimeout: 5000 - aaiReadTimeout: 1000 + aaiReadTimeout: 5000 # HTTP Basic Authorization credentials for Rest Service API aaiHttpUserId: admin aaiHttpPassword: OBF:1u2a1toa1w8v1tok1u30 @@ -53,12 +53,12 @@ config: # SDNC Rest Client Connection sdncServiceName: sdnc - sdncPort: 8443 - sdncUsername: SDNC - sdncPassword: OBF:1gfr1ev31gg7 - sdncHttpProtocol: https + sdncPort: 8282 + sdncUsername: admin + sdncPassword: OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp + sdncHttpProtocol: http sdncConnectionTimeout: 5000 - sdncReadTimeout: 1000 + sdncReadTimeout: 5000 # default number of instances replicaCount: 1 @@ -69,15 +69,15 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 10 - periodSeconds: 10 + initialDelaySeconds: 60 + periodSeconds: 30 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 10 - periodSeconds: 10 + initialDelaySeconds: 60 + periodSeconds: 30 #Example service definition with external, internal and node ports. service: @@ -116,4 +116,4 @@ resources: requests: cpu: 200m memory: 800Mi - unlimited: {}
\ No newline at end of file + unlimited: {} |