diff options
249 files changed, 3549 insertions, 1398 deletions
diff --git a/.readthedocs.yaml b/.readthedocs.yaml index 3797dc8bb9..f724264ff4 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -14,7 +14,7 @@ build: python: version: 3.7 install: - - requirements: docs/requirements-docs.txt + - requirements: requirements.txt sphinx: configuration: docs/conf.py diff --git a/docs/oom_cloud_setup_guide.rst b/docs/oom_cloud_setup_guide.rst index 70f5190e8a..4b3ec92ccb 100644 --- a/docs/oom_cloud_setup_guide.rst +++ b/docs/oom_cloud_setup_guide.rst @@ -60,10 +60,6 @@ The versions of Kubernetes that are supported by OOM are as follows: Istanbul 1.19.11 3.6.3 1.19.11 19.03.x 1.5.4 ============== =========== ======= ======== ======== ============ -.. note:: - Guilin version also supports Kubernetes up to version 1.19.x and should work - with Helm with version up to 3.3.x but has not been thoroughly tested. - Minimum Hardware Configuration ============================== diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst index 2059251928..74f8c57f6e 100644 --- a/docs/oom_user_guide.rst +++ b/docs/oom_user_guide.rst @@ -15,8 +15,8 @@ .. _Kubernetes LoadBalancer: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer .. _user-guide-label: -OOM User Guide helm3 (experimental) -################################### +OOM User Guide +############## The ONAP Operations Manager (OOM) provide the ability to manage the entire life-cycle of an ONAP installation, from the initial deployment to final @@ -64,7 +64,7 @@ Enter the following to install kubectl (on Ubuntu, there are slight differences on other O/Ss), the Kubernetes command line interface used to manage a Kubernetes cluster:: - > curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/linux/amd64/kubectl + > curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.19.11/bin/linux/amd64/kubectl > chmod +x ./kubectl > sudo mv ./kubectl /usr/local/bin/kubectl > mkdir ~/.kube @@ -88,8 +88,8 @@ Install Helm Helm is used by OOM for package and configuration management. To install Helm, enter the following:: - > wget https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz - > tar -zxvf helm-v3.5.2-linux-amd64.tar.gz + > wget https://get.helm.sh/helm-v3.6.3-linux-amd64.tar.gz + > tar -zxvf helm-v3.6.3-linux-amd64.tar.gz > sudo mv linux-amd64/helm /usr/local/bin/helm Verify the Helm version with:: diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml index 07d12343a8..489390d8f1 100644 --- a/kubernetes/a1policymanagement/values.yaml +++ b/kubernetes/a1policymanagement/values.yaml @@ -63,7 +63,7 @@ certInitializer: echo "*** change ownership of certificates to targeted user" chown -R 1000 . -image: onap/ccsdk-oran-a1policymanagementservice:1.2.1 +image: onap/ccsdk-oran-a1policymanagementservice:1.2.3 userID: 1000 #Should match with image-defined user ID groupID: 999 #Should match with image-defined group ID pullPolicy: IfNotPresent diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat index 298274ed0f..8a923b2bff 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat @@ -2,12 +2,13 @@ a1p@a1p.onap.org|a1p|local|/opt/app/osaaf/local||mailto:|org.onap.a1p|root|30|{' aaf@aaf.osaaf.org|aaf-hello|local|/opt/app/osaaf/local||mailto:|org.osaaf.aaf|root|30|{'aaf-hello', 'aaf-hello.api.simpledemo.onap.org', 'aaf-hello.onap', 'aaf.osaaf.org'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} aaf@aaf.osaaf.org|aaf|local|/opt/app/osaaf/local||mailto:|org.osaaf.aaf|root|30|{'aaf', 'aaf.api.simpledemo.onap.org', 'aaf.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'} aaf-sms@aaf-sms.onap.org|aaf-sms|local|/opt/app/osaaf/local||mailto:|org.onap.aaf-sms|root|30|{'aaf-sms-db.onap', 'aaf-sms.api.simpledemo.onap.org', 'aaf-sms.onap', 'aaf-sms.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12', 'file'} -aai@aai.onap.org|aai1|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12'} -aai@aai.onap.org|aai2|aaf|/Users/jf2512||mailto:|org.onap.aai|jf2512|60|{'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.onap aai-sparky-be.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org aai1.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} -aai@aai.onap.org|aai|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|60|{'aai-search-data.onap', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'} -aai@aai.onap.org|aai.onap|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12'} -aai@aai.onap.org|mithrilcsp.sbc.com|local|/tmp/onap||mailto:|org.onap.aai|jg1555|30|{'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'pkcs12', 'script'} +aai@aai.onap.org|aai1|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-babel.onap', 'aai-babel', 'aai-modelloader.onap', 'aai-modelloader', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12'} +aai@aai.onap.org|aai2|aaf|/Users/jf2512||mailto:|org.onap.aai|jf2512|60|{'aai-babel.onap', 'aai-babel', 'aai-modelloader.onap', 'aai-modelloader', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.onap aai-sparky-be.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org aai1.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} +aai@aai.onap.org|aai|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|60|{'aai-babel.onap', 'aai-babel', 'aai-graphadmin', 'aai-graphadmin.onap', 'aai-modelloader.onap', 'aai-modelloader', 'aai-search-data.onap', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'} +aai@aai.onap.org|aai.onap|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-babel.onap', 'aai-babel', 'aai-modelloader.onap', 'aai-modelloader', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12'} +aai@aai.onap.org|mithrilcsp.sbc.com|local|/tmp/onap||mailto:|org.onap.aai|jg1555|30|{'aai-babel.onap', 'aai-babel', 'aai-modelloader.onap', 'aai-modelloader', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'pkcs12', 'script'} aai-resources@aai-resources.onap.org|aai-resources|local|/opt/app/osaaf/local||mailto:|org.onap.aai-resources|root|30|{'aai-resources', 'aai-resources.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'} +aai-schema-service@aai-schema-service.onap.org|aai-schema-service|local|/opt/app/osaaf/local||mailto:|org.onap.aai-schema-service|root|30|{'aai-schema-service', 'aai-schema-service.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'} aai-traversal@aai-traversal.onap.org|aai-traversal|local|/opt/app/osaaf/local||mailto:|org.onap.aai-traversal|root|30|{'aai-traversal', 'aai-traversal.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'} appc@appc.onap.org|appc|local|/opt/app/osaaf/local||mailto:|org.onap.appc|root|60|{'appc.api.simpledemo.onap.org', 'appc.onap', 'appc.simpledemo.onap.org'}|mmanager@osaaf.org|{'pkcs12'} appc-cdt@appc-cdt.onap.org|appc-cdt|local|/opt/app/osaaf/local||mailto:|org.onap.appc-cdt|root|30|{'appc-cdt', 'appc-cdt.api.simpledemo.onap.org', 'appc-cdt.onap'}|mmanager@osaaf.org|{'file', 'pkcs12', 'script'} @@ -70,3 +71,4 @@ vfc@vfc.onap.org|vfc|local|/opt/app/osaaf/local||mailto:|org.onap.vfc|root|30|{' vid1@vid1.onap.org|vid1|local|/opt/app/osaaf/local||mailto:|org.onap.vid1|root|30|{'onap', 'onap.vid1', 'vid1', 'vid1.api.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12', 'script'} vid2@vid2.onap.org|vid2|local|/opt/app/osaaf/local||mailto:|org.onap.vid2|root|30|{'onap.vid2', 'vid2', 'vid2.api.simpledemo.onap.org', 'vid2.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'} vid@vid.onap.org|vid|local|/opt/app/osaaf/local||mailto:|org.onap.vid|root|30|{'vid.api.simpledemo.onap.org', 'vid.onap'}|mmanager@osaaf.org|{'jks', 'pkcs12'} +uui@uui.onap.org|uui|local|/opt/app/osaaf/local||mailto:|org.onap.uui|root|30|{'uui', 'uui.api.simpledemo.onap.org', 'uui.onap','uui-server', 'uui-server.api.simpledemo.onap.org', 'uui-server.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'} diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat index 5cccae1a65..1279c363b5 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat @@ -6,6 +6,7 @@ aaf-sms@aaf-sms.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d0 clamp@clamp.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.clamp|53344|| aai@aai.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai|53344|| aai-resources@aai-resources.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai-resources|53344|| +aai-schema-service@aai-schema-service.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai-schema-service|53344|| aai-traversal@aai-traversal.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai-traversal|53344|| appc@appc.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.appc|53344|| appc-cdt@appc-cdt.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.appc-cdt|53344|| @@ -55,3 +56,4 @@ ps0001@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04 aaf_admin@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|| deployer@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|| portal_admin@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|| +uui@uui.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.uui|53344|| diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat index 3756a89aad..7d20d55c31 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat @@ -2,6 +2,7 @@ org.onap.a1p||org.onap||3 org.onap.aaf-sms||org.onap||3 org.onap.aai||org.onap||3 org.onap.aai-resources||org.onap||3 +org.onap.aai-schema-service||org.onap||3 org.onap.aai-traversal||org.onap||3 org.onap.appc||org.onap||3 org.onap.appc-cdt||org.onap||3 @@ -77,6 +78,7 @@ org.onap.vfc||org.onap||3 org.onap.vid1||org.onap||3 org.onap.vid2||org.onap||3 org.onap.vid||org.onap||3 +org.onap.uui||org.onap||3 org.openecomp.dcae|DCAE Namespace Org|org.openecomp|3|3 org.openecomp.dmaapBC|DMaap NS|org.openecomp|3|3 org.openecomp|Open EComp NS|org|2|2 diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat index d29617a4d9..89c726f9ec 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat @@ -20,6 +20,9 @@ org.onap.aai|traversal|*|basic||"{'org.onap.aai|traversal_basic'}" org.onap.aai-resources|access|*|*|AAF Namespace Write Access|"{'org.onap.aai-resources|admin', 'org.onap.aai-resources|service'}" org.onap.aai-resources|access|*|read|AAF Namespace Read Access|"{'org.onap.aai-resources|owner'}" org.onap.aai-resources|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}" +org.onap.aai-schema-service|access|*|*|AAF Namespace Write Access|"{'org.onap.aai-schema-service|admin', 'org.onap.aai-schema-service|service'}" +org.onap.aai-schema-service|access|*|read|AAF Namespace Read Access|"{'org.onap.aai-schema-service|owner'}" +org.onap.aai-schema-service|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}" org.onap.aai-traversal|access|*|*|AAF Namespace Write Access|"{'org.onap.aai-traversal|admin', 'org.onap.aai-traversal|service'}" org.onap.aai-traversal|access|*|read|AAF Namespace Read Access|"{'org.onap.aai-traversal|owner'}" org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}" @@ -524,6 +527,9 @@ org.onap.vid|url|doclib_admin|*|Document Library Admin|"{'org.onap.vid|System_Ad org.onap.vid|url|doclib|*|Document Library|"{'org.onap.vid|System_Administrator'}" org.onap.vid|url|login|*|Login|"{'org.onap.vid|Standard_User', 'org.onap.vid|System_Administrator'}" org.onap.vid|url|view_reports|*|View Raptor reports| +org.onap.uui|access|*|*|AAF Namespace Write Access|"{'org.onap.uui|admin', 'org.onap.uui|service'}" +org.onap.uui|access|*|read|AAF Namespace Read Access|"{'org.onap.uui|owner'}" +org.onap.uui|certman|local|request,ignoreIPs,showpass||"{'org.onap.uui|admin', 'org.onap.uui|seeCerts', 'org.osaaf.aaf|deploy'}" org.openecomp|access|*|*|OpenEcomp Write Access|{'org.openecomp.admin'} org.openecomp|access|*|read|OpenEcomp Read Access|{'org.openecomp.owner'} org.openecomp.dmaapBC|access|*|*|DMaap Write Access|{'org.openecomp.dmaapBC.admin'} diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat index d73a09d4cd..111b94e6a8 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat @@ -15,10 +15,13 @@ org.onap.aai|traversal_advanced|traversal_advanced|"{'org.onap.aai|traversal|*|a org.onap.aai|traversal_basic|traversal_basic|"{'org.onap.aai|traversal|*|basic'}" org.onap.aai-resources|admin|AAF Namespace Administrators|"{'org.onap.aai-resources|access|*|*'}" org.onap.aai-resources|owner|AAF Namespace Owners|"{'org.onap.aai-resources|access|*|read'}" -org.onap.aai-resources|service||"{'org.onapaai-resources|access|*|*'}" +org.onap.aai-resources|service||"{'org.onap.aai-resources|access|*|*'}" +org.onap.aai-schema-service|admin|AAF Namespace Administrators|"{'org.onap.aai-schema-service|access|*|*'}" +org.onap.aai-schema-service|owner|AAF Namespace Owners|"{'org.onap.aai-schema-service|access|*|read'}" +org.onap.aai-schema-service|service||"{'org.onap.aai-schema-service|access|*|*'}" org.onap.aai-traversal|admin|AAF Namespace Administrators|"{'org.onap.aai-traversal|access|*|*'}" org.onap.aai-traversal|owner|AAF Namespace Owners|"{'org.onap.aai-traversal|access|*|read'}" -org.onap.aai-traversal|service||"{'org.onapaai-traversal|access|*|*'}" +org.onap.aai-traversal|service||"{'org.onap.aai-traversal|access|*|*'}" org.onap|admin|Onap Admins|"{'org.onap.access|*|*'}" org.onap.appc|admin|AAF Namespace Administrators|"{'org.onap.appc|access|*|*'}" org.onap.appc|apidoc||"{'org.onap.appc|apidoc|/apidoc/.*|ALL'}" @@ -330,12 +333,16 @@ org.onap.vid|seeCerts|seeCerts| org.onap.vid|service|service| org.onap.vid|Standard_User|Standard User|"{'org.onap.vid|menu|menu_ajax|*', 'org.onap.vid|menu|menu_changemanagement|*', 'org.onap.vid|menu|menu_customer_create|*', 'org.onap.vid|menu|menu_customer|*', 'org.onap.vid|menu|menu_home|*', 'org.onap.vid|menu|menu_itracker|*', 'org.onap.vid|menu|menu_logout|*', 'org.onap.vid|menu|menu_map|*', 'org.onap.vid|menu|menu_newserinstance|*', 'org.onap.vid|menu|menu_profile|*', 'org.onap.vid|menu|menu_reports|*', 'org.onap.vid|menu|menu_searchexisting|*', 'org.onap.vid|menu|menu_servicemodels|*', 'org.onap.vid|menu|menu_tab|*', 'org.onap.vid|menu|menu_viewlog|*', 'org.onap.vid|url|login|*'}" org.onap.vid|System_Administrator|System Administrator|"{'org.onap.vid|menu|menu_admin|*', 'org.onap.vid|menu|menu_ajax|*', 'org.onap.vid|menu|menu_changemanagement|*', 'org.onap.vid|menu|menu_customer_create|*', 'org.onap.vid|menu|menu_customer|*', 'org.onap.vid|menu|menu_feedback|*', 'org.onap.vid|menu|menu_help|*', 'org.onap.vid|menu|menu_home|*', 'org.onap.vid|menu|menu_itracker|*', 'org.onap.vid|menu|menu_job_create|*', 'org.onap.vid|menu|menu_job|*', 'org.onap.vid|menu|menu_logout|*', 'org.onap.vid|menu|menu_newserinstance|*', 'org.onap.vid|menu|menu_notes|*', 'org.onap.vid|menu|menu_process|*', 'org.onap.vid|menu|menu_profile_create|*', 'org.onap.vid|menu|menu_profile_import|*', 'org.onap.vid|menu|menu_profile|*', 'org.onap.vid|menu|menu_reports|*', 'org.onap.vid|menu|menu_sample|*', 'org.onap.vid|menu|menu_searchexisting|*', 'org.onap.vid|menu|menu_servicemodels|*', 'org.onap.vid|menu|menu_tab|*', 'org.onap.vid|menu|menu_test|*', 'org.onap.vid|menu|menu_viewlog|*', 'org.onap.vid|url|doclib_admin|*', 'org.onap.vid|url|doclib|*', 'org.onap.vid|url|login|*'}" +org.onap.uui|admin|AAF Namespace Administrators|"{'org.onap.uui|access|*|*', 'org.onap.uui|certman|local|request,ignoreIPs,showpass'}" +org.onap.uui|owner|AAF Namespace Owners|"{'org.onap.uui|access|*|read'}" +org.onap.uui|seeCerts||"{'org.onap.uui|certman|local|request,ignoreIPs,showpass'}" +org.onap.uui|service||"{'org.onap.uui|access|*|*'}" org.openecomp|admin|OpenEcomp Admins|"{'org.openecomp.access|*|*'}" org.openecomp.dmaapBC|admin|AAF Admins|"{'org.openecomp.dmaapBC.access|*|*', 'org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub', 'org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub', 'org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create'}" org.openecomp.dmaapBC|owner|AAF Owners|"{'org.openecomp.dmaapBC.access|*|read'}" org.openecomp|owner|OpenEcomp Owners|"{'org.openecomp.access|*|read'}" org.osaaf.aaf|admin|AAF Admins|"{'org.osaaf.aaf.access|*|*', 'org.osaaf.aaf|cache|all|clear', 'org.osaaf.aaf|cache|role|clear', 'org.osaaf.aaf|password|*|create,reset'}" -org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.a1p|certman|local|request,ignoreIPs,showpass', 'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-engine-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-rule-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.refrepo|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}" +org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.a1p|certman|local|request,ignoreIPs,showpass', 'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-schema-service|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-engine-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-rule-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.refrepo|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.onap.uui|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}" org.osaaf.aaf|owner|AAF Owners|"{'org.osaaf.aaf.access|*|read,approve'}" org.osaaf.aaf|service||"{'org.osaaf.aaf|cache|*|clear'}" org.osaaf|admin|OSAAF Admins|"{'org.osaaf.access|*|*'}" diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat index cf6c3aa827..bc9f0ec833 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat @@ -6,6 +6,8 @@ mmanager@people.osaaf.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.on mmanager@people.osaaf.org|org.onap.aai.owner|2020-11-26 12:31:54.000+0000|org.onap.aai|owner mmanager@people.osaaf.org|org.onap.aai-resources.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|admin mmanager@people.osaaf.org|org.onap.aai-resources.owner|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|owner +mmanager@people.osaaf.org|org.onap.aai-schema-service.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-schema-service|admin +mmanager@people.osaaf.org|org.onap.aai-schema-service.owner|2020-11-26 12:31:54.000+0000|org.onap.aai-schema-service|owner mmanager@people.osaaf.org|org.onap.aai-traversal.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-traversal|admin mmanager@people.osaaf.org|org.onap.aai-traversal.owner|2020-11-26 12:31:54.000+0000|org.onap.aai-traversal|owner mmanager@people.osaaf.org|org.onap.admin|2020-11-26 12:31:54.000+0000|org.onap|admin @@ -94,6 +96,7 @@ mmanager@people.osaaf.org|org.onap.vid2.admin|2020-11-26 12:31:54.000+0000|org.o mmanager@people.osaaf.org|org.onap.vid2.owner|2020-11-26 12:31:54.000+0000|org.onap.vid2|owner mmanager@people.osaaf.org|org.onap.vid.admin|2020-11-26 12:31:54.000+0000|org.onap.vid|admin mmanager@people.osaaf.org|org.onap.vid.owner|2020-11-26 12:31:54.000+0000|org.onap.vid|owner +mmanager@people.osaaf.org|org.onap.uui.owner|2020-11-26 12:31:54.000+0000|org.onap.uui|owner mmanager@people.osaaf.org|org.osaaf.people.owner|2020-11-26 12:31:54.000+0000|org.osaaf.people|owner portal@portal.onap.org|org.onap.aaf-sms.admin|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|admin portal@portal.onap.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin @@ -201,6 +204,7 @@ aaf_admin@people.osaaf.org|org.onap.a1p.admin|2020-11-26 12:31:54.000+0000|org.o aaf_admin@people.osaaf.org|org.onap.aaf-sms.admin|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|admin aaf_admin@people.osaaf.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin aaf_admin@people.osaaf.org|org.onap.aai-resources.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|admin +aaf_admin@people.osaaf.org|org.onap.aai-schema-service.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-schema-service|admin aaf_admin@people.osaaf.org|org.onap.aai-traversal.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-traversal|admin aaf_admin@people.osaaf.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin aaf_admin@people.osaaf.org|org.onap.appc.apidoc|2020-11-26 12:31:54.000+0000|org.onap.appc|apidoc @@ -255,6 +259,7 @@ aaf_admin@people.osaaf.org|org.onap.vfc.admin|2020-11-26 12:31:54.000+0000|org.o aaf_admin@people.osaaf.org|org.onap.vid1.admin|2020-11-26 12:31:54.000+0000|org.onap.vid1|admin aaf_admin@people.osaaf.org|org.onap.vid2.admin|2020-11-26 12:31:54.000+0000|org.onap.vid2|admin aaf_admin@people.osaaf.org|org.onap.vid.admin|2020-11-26 12:31:54.000+0000|org.onap.vid|admin +aaf_admin@people.osaaf.org|org.onap.uui.admin|2020-11-26 12:31:54.000+0000|org.onap.uui|admin aaf_admin@people.osaaf.org|org.osaaf.aaf.admin|2020-11-26 12:31:54.000+0000|org.osaaf.aaf|admin aaf_admin@people.osaaf.org|org.osaaf.people.admin|2020-11-26 12:31:54.000+0000|org.osaaf.people|admin deployer@people.osaaf.org|org.osaaf.aaf.deploy|2020-11-26 12:31:54.000+0000|org.osaaf.aaf|deploy @@ -270,6 +275,7 @@ aai@aai.onap.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|ad aai@aai.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all aai@aai.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced aai-resources@aai-resources.onap.org|org.onap.aai-resources.service|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|service +aai-schema-service@aai-schema-service.onap.org|org.onap.aai-schema-service.service|2020-11-26 12:31:54.000+0000|org.onap.aai-schema-service|service aai-traversal@aai-traversal.onap.org|org.onap.aai-traversal.service|2020-11-26 12:31:54.000+0000|org.onap.aai-traversal|service appc@appc.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all appc@appc.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced @@ -355,6 +361,8 @@ vid@vid.onap.org|org.onap.vid.service|2020-11-26 12:31:54.000+0000|org.onap.vid| vid1@people.osaaf.org|org.onap.vid.System_Administrator|2020-11-26 12:31:54.000+0000|org.onap.vid|System_Administrator vid2@people.osaaf.org|org.onap.vid.Standard_User|2020-11-26 12:31:54.000+0000|org.onap.vid|Standard_User vid2@people.osaaf.org|org.onap.vid.System_Administrator|2020-11-26 12:31:54.000+0000|org.onap.vid|System_Administrator +uui@uui.onap.org|org.onap.uui.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.uui|seeCerts +uui@uui.onap.org|org.onap.uui.service|2020-11-26 12:31:54.000+0000|org.onap.uui|service dmaap-bc@bc.dmaap.onap.org|org.onap.dmaap.bc.service|2020-11-26 12:31:54.000+0000|org.onap.dmaap.bc|service dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap-bc.api.Controller|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc.api|Controller dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap-bc.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc|seeCerts diff --git a/kubernetes/aaf/resources/data/identities.dat b/kubernetes/aaf/resources/data/identities.dat index 0fffd6b079..4813cc19fc 100644 --- a/kubernetes/aaf/resources/data/identities.dat +++ b/kubernetes/aaf/resources/data/identities.dat @@ -54,6 +54,7 @@ aaf-sms|AAF SMS Application|AAF SMS|Application|314-123-1234|no_reply@people.osa clamp|ONAP CLAMP Application|CLAMP|Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager aai|ONAP AAI Application|AAI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager aai-resources|ONAP AAI Resources Application|AAI Resources|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +aai-schema-service|ONAP AAI Schema Service Application|AAI Schema Service|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager aai-traversal|ONAP AAI Traversal Application|AAI Resources|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager appc|ONAP APPC Application|APPC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager appc-cdt|ONAP APPC CDT Application|APPC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager @@ -75,6 +76,7 @@ msb-eag|ONAP MSB EAG Application|MSB EAG|ONAP Application|314-123-1234|no_reply@ msb-iag|ONAP MSB IAG Application|MSB IAG|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager music|ONAP MUSIC Application|MUSIC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager refrepo|ONAP REFREPO Application|REFREPO|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +uui|ONAP UUI Application|UUI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager # VID Identities vid|ONAP VID Application|VID|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager vid1|ONAP VID Application 1|VID 1|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager diff --git a/kubernetes/aai/components/aai-babel/requirements.yaml b/kubernetes/aai/components/aai-babel/requirements.yaml index a725a4ef30..7a434fc276 100644 --- a/kubernetes/aai/components/aai-babel/requirements.yaml +++ b/kubernetes/aai/components/aai-babel/requirements.yaml @@ -21,6 +21,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: certInitializer + version: ~9.x-0 + repository: '@local' - name: repositoryGenerator version: ~9.x-0 repository: '@local' diff --git a/kubernetes/aai/components/aai-babel/resources/config/application.properties b/kubernetes/aai/components/aai-babel/resources/config/application.properties index 21ed6cd9ee..6a3a74c0a6 100644 --- a/kubernetes/aai/components/aai-babel/resources/config/application.properties +++ b/kubernetes/aai/components/aai-babel/resources/config/application.properties @@ -1,14 +1,33 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} server.port=9516 {{ if ( include "common.needTLS" .) }} -server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore +server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +server.ssl.key-store-password=${KEYSTORE_PASSWORD} +server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} server.ssl.client-auth=need +server.ssl.key-store-type=PKCS12 {{ else }} security.require-ssl=false server.ssl.enabled=false {{ end }} +spring.main.allow-bean-definition-overriding=true server.servlet.context-path=/services/babel-service - logging.config=${CONFIG_HOME}/logback.xml - tosca.mappings.config=${CONFIG_HOME}/tosca-mappings.json diff --git a/kubernetes/aai/components/aai-babel/resources/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index e1d24d9b4d..0000000000 --- a/kubernetes/aai/components/aai-babel/resources/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/components/aai-babel/resources/config/logback.xml b/kubernetes/aai/components/aai-babel/resources/config/logback.xml index c29da77d84..125731cf6e 100644 --- a/kubernetes/aai/components/aai-babel/resources/config/logback.xml +++ b/kubernetes/aai/components/aai-babel/resources/config/logback.xml @@ -1,6 +1,7 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,25 +28,20 @@ <property name="auditLogName" value="audit" /> <property name="debugLogName" value="debug" /> - <property name="errorLogPattern" - value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%.-5level|%logger|%mdc{ClassName}|%msg%n" /> + <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%.-5level|%logger|%mdc{ClassName}|%msg%n" /> - <property name="auditLogPattern" - value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" /> + <property name="auditLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" /> - <property name="metricsLogPattern" - value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" /> + <property name="metricsLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" /> <!-- ============================================================================ --> <!-- EELF Appenders --> <!-- ============================================================================ --> - <appender name="EELF" - class="ch.qos.logback.core.rolling.RollingFileAppender"> + <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender"> <file>${logDirectory}/${generalLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip - </fileNamePattern> + <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern> <maxHistory>60</maxHistory> </rollingPolicy> <encoder> @@ -65,12 +61,10 @@ are specializations of the EELF application root logger and appender. This can be used to segregate Policy engine events from other components, or it can be eliminated to record these events as part of the application root log. --> - <appender name="EELFAudit" - class="ch.qos.logback.core.rolling.RollingFileAppender"> + <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> <file>${logDirectory}/${auditLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip - </fileNamePattern> + <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern> <maxHistory>60</maxHistory> </rollingPolicy> <encoder> @@ -82,12 +76,10 @@ <appender-ref ref="EELFAudit" /> </appender> - <appender name="EELFMetrics" - class="ch.qos.logback.core.rolling.RollingFileAppender"> + <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender"> <file>${logDirectory}/${metricsLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip - </fileNamePattern> + <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern> <maxHistory>60</maxHistory> </rollingPolicy> <encoder> @@ -100,14 +92,10 @@ <appender-ref ref="EELFMetrics" /> </appender> - <appender name="EELFDebug" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file> - ${logDirectory}/${debugLogName}.log - </file> + <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${debugLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip - </fileNamePattern> + <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern> <maxHistory>60</maxHistory> </rollingPolicy> <encoder> @@ -119,9 +107,7 @@ <!-- allow only events with a level below INFO, that is TRACE and DEBUG --> <filter class="ch.qos.logback.core.filter.EvaluatorFilter"> <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator"> - <expression> - e.level.toInt() < INFO.toInt() - </expression> + <expression>e.level.toInt() < INFO.toInt()</expression> </evaluator> <OnMismatch>DENY</OnMismatch> <OnMatch>NEUTRAL</OnMatch> @@ -131,6 +117,15 @@ <includeCallerData>false</includeCallerData> </appender> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>${errorLogPattern}</pattern> + </encoder> + </appender> + <appender name="AsyncSysOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + <!-- ============================================================================ --> <!-- Default / root appenders --> <!-- This determines the logging level for 3rd party code --> @@ -138,29 +133,34 @@ <root level="INFO"> <appender-ref ref="asyncEELF" /> - <appender-ref ref="asyncEELFDebug" /> -</root> + <appender-ref ref="asyncEELFDebug" /> + <appender-ref ref="AsyncSysOut" /> + </root> <!-- ============================================================================ --> <!-- EELF loggers --> <!-- ============================================================================ --> <logger name="com.att.eelf" level="INFO" additivity="false"> - <appender-ref ref="asyncEELF" /> -</logger> + <appender-ref ref="asyncEELF" /> + <appender-ref ref="AsyncSysOut" /> + </logger> <!-- The level of this logger determines the contents of the debug log --> <logger name="com.att.eelf.debug" level="INFO" additivity="false"> - <appender-ref ref="asyncEELFDebug" /> -</logger> + <appender-ref ref="asyncEELFDebug" /> + <appender-ref ref="AsyncSysOut" /> + </logger> <logger name="com.att.eelf.audit" level="INFO" additivity="false"> - <appender-ref ref="asyncEELFAudit" /> -</logger> + <appender-ref ref="asyncEELFAudit" /> + <appender-ref ref="AsyncSysOut" /> + </logger> <logger name="com.att.eelf.metrics" level="INFO" additivity="false"> - <appender-ref ref="asyncEELFMetrics" /> -</logger> + <appender-ref ref="asyncEELFMetrics" /> + <appender-ref ref="AsyncSysOut" /> + </logger> <!-- ============================================================================ --> <!-- Non-EELF loggers --> diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml index db3540606b..bd6b8c728c 100644 --- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml @@ -37,10 +37,22 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + echo "*** retrieve Truststore and Keystore password" + export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + echo "*** actual launch of AAI Babel" + /bin/bash /opt/app/babel/bin/start.sh + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -60,35 +72,28 @@ spec: env: - name: CONFIG_HOME value: /opt/app/babel/config - - name: KEY_STORE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-pass - key: KEY_STORE_PASSWORD - - name: KEY_MANAGER_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-pass - key: KEY_MANAGER_PASSWORD - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true + - mountPath: /opt/app/babel/config/application.properties + name: config + subPath: application.properties - mountPath: /opt/app/babel/config/artifact-generator.properties - name: {{ include "common.fullname" . }}-config + name: config subPath: artifact-generator.properties - mountPath: /opt/app/babel/config/tosca-mappings.json - name: {{ include "common.fullname" . }}-config + name: config subPath: tosca-mappings.json - mountPath: /opt/app/babel/config/babel-auth.properties - name: {{ include "common.fullname" . }}-config + name: config subPath: babel-auth.properties - mountPath: /opt/app/babel/config/auth - name: {{ include "common.fullname" . }}-secrets - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs + name: secrets + - mountPath: {{ .Values.log.path }} + name: logs - mountPath: /opt/app/babel/config/logback.xml - name: {{ include "common.fullname" . }}-config + name: config subPath: logback.xml resources: {{ include "common.resources" . }} @@ -102,44 +107,21 @@ spec: {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - - mountPath: /usr/share/filebeat/data - name: aai-filebeat + {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime - - name: {{ include "common.fullname" . }}-config + - name: config configMap: name: {{ include "common.fullname" . }}-configmap - items: - - key: artifact-generator.properties - path: artifact-generator.properties - - key: tosca-mappings.json - path: tosca-mappings.json - - key: babel-auth.properties - path: babel-auth.properties - - key: logback.xml - path: logback.xml - - name: {{ include "common.fullname" . }}-secrets + - name: secrets secret: secretName: {{ include "common.fullname" . }}-babel-secrets - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: aai-filebeat + - name: logs emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-babel/templates/secrets.yaml b/kubernetes/aai/components/aai-babel/templates/secrets.yaml index b81ffa05b9..9d7d2c5a80 100644 --- a/kubernetes/aai/components/aai-babel/templates/secrets.yaml +++ b/kubernetes/aai/components/aai-babel/templates/secrets.yaml @@ -29,18 +29,3 @@ metadata: type: Opaque data: {{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-pass - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }} - KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }} diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index 14a2993c2a..3b68f4defe 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -20,6 +20,41 @@ global: {} ################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: aai-babel-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: aai + fqi: aai@aai.onap.org + public_fqdn: aai.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + fqi_namespace: org.onap.aai + aaf_add_config: | + echo "*** changing them into shell safe ones" + export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** writing passwords into prop file" + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop + echo "KEY_STORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop + echo "KEY_MANAGER_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop + echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R 1000 {{ .Values.credsPath }} + +################################################################# # Application configuration defaults. ################################################################# @@ -29,11 +64,6 @@ image: onap/babel:1.9.1 flavor: small flavorOverride: small -# application configuration -config: - keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 - # default number of instances replicaCount: 1 @@ -91,3 +121,8 @@ serviceAccount: nameOverride: aai-babel roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/components/aai-graphadmin/requirements.yaml b/kubernetes/aai/components/aai-graphadmin/requirements.yaml index d80dc5aea2..5a41aefe84 100644 --- a/kubernetes/aai/components/aai-graphadmin/requirements.yaml +++ b/kubernetes/aai/components/aai-graphadmin/requirements.yaml @@ -21,6 +21,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: certInitializer + version: ~9.x-0 + repository: '@local' - name: repositoryGenerator version: ~9.x-0 repository: '@local' diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties index 512e906b00..f768338d99 100644 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties @@ -4,6 +4,7 @@ # org.onap.aai # ================================================================================ # Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2021 Orange # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -41,10 +42,10 @@ aai.tools.password={{ .Values.global.config.basic.auth.passwd }} {{ end }} {{ if ( include "common.needTLS" .) }} -aai.truststore.filename={{ .Values.global.config.truststore.filename }} -aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }} -aai.keystore.filename={{ .Values.global.config.keystore.filename }} -aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }} +aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD} +aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +aai.keystore.passwd.x=${KEYSTORE_PASSWORD} {{ end }} aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties index 367e9038cd..27606021ef 100644 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties @@ -4,6 +4,7 @@ # org.onap.aai # ================================================================================ # Copyright � 2018 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2021 Orange # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -44,16 +45,16 @@ server.tomcat.max-idle-time=60000 # If you get an application startup failure that the port is already taken # If thats not it, please check if the key-store file path makes sense -server.local.startpath=aai-graphadmin/src/main/resources/ +server.local.startpath=/opt/app/aai-graphadmin/resources/ server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8449 {{ if ( include "common.needTLS" .) }} server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 -server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} -server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) -server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} -server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.jks +server.ssl.key-store-password=password(${KEYSTORE_JKS_PASSWORD}) +server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +server.ssl.trust-store-password=password(${TRUSTSTORE_PASSWORD}) server.ssl.client-auth=want server.ssl.key-store-type=JKS {{ else }} @@ -103,10 +104,10 @@ schema.service.versions.endpoint=versions schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }} {{ if ( include "common.needTLS" .) }} -schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} -schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} -schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) -schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.jks +schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +schema.service.ssl.key-store-password=password(${KEYSTORE_JKS_PASSWORD}) +schema.service.ssl.trust-store-password=password(${TRUSTSTORE_PASSWORD}) {{ end }} aperture.rdbmsname=aai_relational @@ -115,9 +116,9 @@ aperture.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .V aperture.service.base.url=http://localhost:8457/aai/aperture {{ if ( include "common.needTLS" .) }} -aperture.service.ssl.key-store=${server.local.startpath}etc/auth/{{ .Values.global.config.keystore.filename }} -aperture.service.ssl.trust-store=${server.local.startpath}etc/auth/{{ .Values.global.config.truststore.filename }} -aperture.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) -aperture.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +aperture.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.jks +aperture.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +aperture.service.ssl.key-store-password=password(${KEYSTORE_JKS_PASSWORD}) +aperture.service.ssl.trust-store-password=password(${TRUSTSTORE_PASSWORD}) {{ end }} aperture.service.timeout-in-milliseconds=300000 diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml b/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml index 95b8140e0b..243acd2955 100644 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml @@ -839,32 +839,41 @@ <!-- logback jms appenders & loggers definition ends here --> <logger name="org.onap.aai.aaf" level="DEBUG" additivity="false"> <appender-ref ref="asyncAUTH"/> + <appender-ref ref="STDOUT"/> </logger> <logger name="org.onap.aai.aailog.filter.RestClientLoggingInterceptor" level="INFO"> <appender-ref ref="asyncMETRIC"/> + <appender-ref ref="STDOUT"/> </logger> <logger name="org.onap.logging.filter.base.AbstractMetricLogFilter" level="INFO"> <appender-ref ref="asyncMETRIC"/> + <appender-ref ref="STDOUT"/> </logger> <logger name="org.onap.aai.aailog.logs.AaiScheduledTaskAuditLog" level="INFO"> <appender-ref ref="asyncAUDIT"/> + <appender-ref ref="STDOUT"/> </logger> <logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level="INFO"> <appender-ref ref="asyncAUDIT"/> + <appender-ref ref="STDOUT"/> </logger> <logger name="org.onap.aai.aailog.logs.AaiDBMetricLog" level="INFO"> <appender-ref ref="asyncMETRIC"/> + <appender-ref ref="STDOUT"/> </logger> <logger name="org.onap.aai.logging.ErrorLogHelper" level="WARN"> <appender-ref ref="asyncERROR"/> + <appender-ref ref="STDOUT"/> </logger> <logger name="org.onap.aai.interceptors.post" level="DEBUG" additivity="false"> <appender-ref ref="asynctranslog"/> + <appender-ref ref="STDOUT"/> </logger> <logger name="org.onap.aai.dmaap" level="DEBUG" additivity="false"> <appender-ref ref="dmaapAAIEventConsumer"/> <appender-ref ref="dmaapAAIEventConsumerDebug"/> <appender-ref ref="dmaapAAIEventConsumerMetric"/> + <appender-ref ref="STDOUT"/> </logger> <logger name="org.onap.aai.datasnapshot" level="DEBUG" additivity="false"> <appender-ref ref="dataSnapshot"/> @@ -938,6 +947,7 @@ <appender-ref ref="asyncDEBUG"/> <appender-ref ref="asyncERROR"/> <appender-ref ref="asyncMETRIC"/> + <appender-ref ref="STDOUT"/> </logger> <root level="DEBUG"> <appender-ref ref="external"/> diff --git a/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml b/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml index 91cd748066..8eb4a4a781 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml @@ -4,6 +4,7 @@ # org.onap.aai # ================================================================================ # Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2021 Orange # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,7 +23,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-configmap + name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -40,16 +41,33 @@ data: {{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-properties + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} + {{- if .Values.global.jobs.migration.enabled }} + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation + {{- end }} +data: {{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }} - {{- if .Values.global.jobs.migration.enabled }} --- apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-migration-configmap + name: {{ include "common.fullname" . }}-migration namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml index 610290061f..6b58eaa3fd 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml @@ -5,7 +5,7 @@ # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # Copyright (c) 2020 Nokia Intellectual Property. All rights reserved. -# Copyright (c) 2020 Orange Intellectual Property. All rights reserved. +# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -53,7 +53,49 @@ spec: hostname: aai-graphadmin terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} {{ if .Values.global.initContainers.enabled }} - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + {{- if .Values.global.aafEnabled }} + - command: + - sh + args: + - -c + - | + echo "*** retrieve Truststore and Keystore password" + export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) + echo "*** obfuscate them " + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop + echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop + echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop + image: {{ include "repositoryGenerator.image.jetty" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-obfuscate + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + securityContext: + runAsUser: {{ .Values.securityContext.user_id }} + - command: + - sh + args: + - -c + - | + echo "*** Set obfuscated Truststore and Keystore password into configuration file" + export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) + cd /config-input + for PFILE in `ls -1` + do + envsubst <${PFILE} >/config/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + - mountPath: /config-input + name: properties-input + - mountPath: /config + name: properties + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + {{- end }} - command: {{ if .Values.global.jobs.migration.enabled }} - /app/ready.py @@ -93,46 +135,40 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: LOCAL_USER_ID - value: {{ .Values.global.config.userId | quote }} + value: {{ .Values.securityContext.user_id | quote }} - name: LOCAL_GROUP_ID - value: {{ .Values.global.config.groupId | quote }} + value: {{ .Values.securityContext.group_id | quote }} - name: INTERNAL_PORT_1 value: {{ .Values.service.internalPort | quote }} - name: INTERNAL_PORT_2 value: {{ .Values.service.internalPort2 | quote }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties - name: {{ include "common.fullname" . }}-config + name: config subPath: janusgraph-realtime.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties - name: {{ include "common.fullname" . }}-config + name: config subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties - name: {{ include "common.fullname" . }}-config + name: properties subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-RES - name: {{ include "common.fullname" . }}-logs + name: logs - mountPath: /opt/app/aai-graphadmin/resources/logback.xml - name: {{ include "common.fullname" . }}-config + name: config subPath: logback.xml - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml - name: {{ include "common.fullname" . }}-config + name: config subPath: localhost-access-logback.xml - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/realm.properties - name: {{ include "common.fullname" . }}-config + name: config subPath: realm.properties - mountPath: /opt/app/aai-graphadmin/resources/application.properties - name: {{ include "common.fullname" . }}-config + name: properties subPath: application.properties - {{ $global := . }} - {{ range $job := .Values.global.config.auth.files }} - - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }} - name: {{ include "common.fullname" $global }}-auth-truststore-sec - subPath: {{ . }} - {{ end }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} @@ -174,40 +210,24 @@ spec: {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - - mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-filebeat + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} - - name: {{ include "common.fullname" . }}-filebeat - emptyDir: {} - - name: {{ include "common.fullname" . }}-config + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} + - name: config + configMap: + name: {{ include "common.fullname" . }} + - name: properties-input configMap: - name: {{ include "common.fullname" . }}-configmap - - name: {{ include "common.fullname" . }}-auth-truststore-sec - secret: - secretName: aai-common-truststore - items: - {{ range $job := .Values.global.config.auth.files }} - - key: {{ . }} - path: {{ . }} - {{ end }} + name: {{ include "common.fullname" . }}-properties + - name: properties + emptyDir: + medium: Memory restartPolicy: {{ .Values.restartPolicy }} imagePullSecrets: - name: {{ include "common.namespace" . }}-docker-registry-key diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml index 0cdce11395..d1e72841bc 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml @@ -5,7 +5,7 @@ # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # Copyright (c) 2020 Nokia Intellectual Property. All rights reserved. -# Copyright (c) 2020 Orange Intellectual Property. All rights reserved. +# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -58,8 +58,50 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + {{- if .Values.global.aafEnabled }} + - command: + - sh + args: + - -c + - | + echo "*** retrieve Truststore and Keystore password" + export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) + echo "*** obfuscate them " + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop + echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop + echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop + image: {{ include "repositoryGenerator.image.jetty" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-obfuscate + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + securityContext: + runAsUser: {{ .Values.securityContext.user_id }} + - command: + - sh + args: + - -c + - | + echo "*** Set obfuscated Truststore and Keystore password into configuration file" + export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) + cd /config-input + for PFILE in `ls -1` + do + envsubst <${PFILE} >/config/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + - mountPath: /config-input + name: properties-input + - mountPath: /config + name: properties + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + {{- end }} {{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }} - initContainers: - command: - /bin/bash - -c @@ -79,65 +121,69 @@ spec: image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /bin/bash + - sh + args: - -c - | - bash docker-entrypoint.sh dataSnapshot.sh ; + bash docker-entrypoint.sh dataSnapshot.sh {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }} env: - name: LOCAL_USER_ID - value: {{ .Values.global.config.userId | quote }} + value: {{ .Values.securityContext.user_id | quote }} - name: LOCAL_GROUP_ID - value: {{ .Values.global.config.groupId | quote }} - volumeMounts: + value: {{ .Values.securityContext.group_id | quote }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots - name: {{ include "common.fullname" . }}-snapshots + name: snapshots - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties - name: {{ include "common.fullname" . }}-migration + name: migration subPath: janusgraph-migration-real.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties - name: {{ include "common.fullname" . }}-migration + name: migration subPath: janusgraph-migration-cached.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties - name: {{ include "common.fullname" . }}-config + name: properties subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-RES/ - name: {{ include "common.fullname" . }}-logs + name: logs - mountPath: /opt/app/aai-graphadmin/resources/logback.xml - name: {{ include "common.fullname" . }}-config + name: config subPath: logback.xml - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml - name: {{ include "common.fullname" . }}-config + name: config subPath: localhost-access-logback.xml - mountPath: /opt/app/aai-graphadmin/resources/application.properties - name: {{ include "common.fullname" . }}-config + name: properties subPath: application.properties - resources: -{{ include "common.resources" . | indent 10 }} + resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end -}} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} - - name: {{ include "common.fullname" . }}-config + - name: config + configMap: + name: {{ include "common.fullname" . }} + - name: properties-input configMap: - name: {{ include "common.fullname" . }}-configmap - - name: {{ include "common.fullname" . }}-migration + name: {{ include "common.fullname" . }}-properties + - name: properties + emptyDir: + medium: Memory + - name: migration configMap: - name: {{ include "common.fullname" . }}-migration-configmap - - name: {{ include "common.fullname" . }}-snapshots + name: {{ include "common.fullname" . }}-migration + - name: snapshots persistentVolumeClaim: claimName: {{ include "common.fullname" . }}-migration restartPolicy: Never diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml index 7c078e9236..4a7de648e7 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml @@ -5,7 +5,7 @@ # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # Copyright (c) 2020 Nokia Intellectual Property. All rights reserved. -# Copyright (c) 2020 Orange Intellectual Property. All rights reserved. +# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -53,7 +53,49 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + {{- if .Values.global.aafEnabled }} + - command: + - sh + args: + - -c + - | + echo "*** retrieve Truststore and Keystore password" + export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) + echo "*** obfuscate them " + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop + echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop + echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop + image: {{ include "repositoryGenerator.image.jetty" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-obfuscate + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + securityContext: + runAsUser: {{ .Values.securityContext.user_id }} + - command: + - sh + args: + - -c + - | + echo "*** Set obfuscated Truststore and Keystore password into configuration file" + export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) + cd /config-input + for PFILE in `ls -1` + do + envsubst <${PFILE} >/config/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + - mountPath: /config-input + name: properties-input + - mountPath: /config + name: properties + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + {{- end }} - command: - /app/ready.py args: @@ -79,76 +121,64 @@ spec: image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /bin/bash + - sh + args: - -c - | - bash docker-entrypoint.sh createDBSchema.sh ; + bash docker-entrypoint.sh createDBSchema.sh {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }} env: - name: LOCAL_USER_ID - value: {{ .Values.global.config.userId | quote }} + value: {{ .Values.securityContext.user_id | quote }} - name: LOCAL_GROUP_ID - value: {{ .Values.global.config.groupId | quote }} - volumeMounts: + value: {{ .Values.securityContext.group_id | quote }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties - name: {{ include "common.fullname" . }}-config + name: config subPath: janusgraph-realtime.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties - name: {{ include "common.fullname" . }}-config + name: config subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties - name: {{ include "common.fullname" . }}-config + name: properties subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-GA - name: {{ include "common.fullname" . }}-logs + name: logs - mountPath: /opt/app/aai-graphadmin/resources/logback.xml - name: {{ include "common.fullname" . }}-config + name: config subPath: logback.xml - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml - name: {{ include "common.fullname" . }}-config + name: config subPath: localhost-access-logback.xml - mountPath: /opt/app/aai-graphadmin/resources/application.properties - name: {{ include "common.fullname" . }}-config + name: properties subPath: application.properties - {{ $global := . }} - {{ range $job := .Values.global.config.auth.files }} - - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }} - name: {{ include "common.fullname" $global }}-auth-truststore-sec - subPath: {{ . }} - {{ end }} - resources: -{{ include "common.resources" . }} + resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end -}} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} + - name: logs emptyDir: {} - - name: {{ include "common.fullname" . }}-config + - name: config + configMap: + name: {{ include "common.fullname" . }} + - name: properties-input configMap: - name: {{ include "common.fullname" . }}-configmap - - name: {{ include "common.fullname" . }}-auth-truststore-sec - secret: - secretName: aai-common-truststore - items: - {{ range $job := .Values.global.config.auth.files }} - - key: {{ . }} - path: {{ . }} - {{ end }} + name: {{ include "common.fullname" . }}-properties + - name: properties + emptyDir: + medium: Memory restartPolicy: Never imagePullSecrets: - name: {{ include "common.namespace" . }}-docker-registry-key diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml index 9b4be4e4c7..1256e71e08 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml @@ -5,7 +5,7 @@ # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # Copyright (c) 2020 Nokia Intellectual Property. All rights reserved. -# Copyright (c) 2020 Orange Intellectual Property. All rights reserved. +# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -58,7 +58,49 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + {{- if .Values.global.aafEnabled }} + - command: + - sh + args: + - -c + - | + echo "*** retrieve Truststore and Keystore password" + export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) + echo "*** obfuscate them " + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop + echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop + echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop + image: {{ include "repositoryGenerator.image.jetty" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-obfuscate + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + securityContext: + runAsUser: {{ .Values.securityContext.user_id }} + - command: + - sh + args: + - -c + - | + echo "*** Set obfuscated Truststore and Keystore password into configuration file" + export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) + cd /config-input + for PFILE in `ls -1` + do + envsubst <${PFILE} >/config/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + - mountPath: /config-input + name: properties-input + - mountPath: /config + name: properties + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + {{- end }} - command: - /app/ready.py args: @@ -80,46 +122,42 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - command: - - /bin/bash + - sh + args: - -c - - bash docker-entrypoint.sh dataRestoreFromSnapshot.sh `ls -t /opt/app/aai-graphadmin/logs/data/dataSnapshots|head -1|awk -F".P" '{ print $1 }'` + - | + bash docker-entrypoint.sh dataRestoreFromSnapshot.sh `ls -t /opt/app/aai-graphadmin/logs/data/dataSnapshots|head -1|awk -F".P" '{ print $1 }'` env: - name: LOCAL_USER_ID - value: {{ .Values.global.config.userId | quote }} + value: {{ .Values.securityContext.user_id | quote }} - name: LOCAL_GROUP_ID - value: {{ .Values.global.config.groupId | quote }} - volumeMounts: + value: {{ .Values.securityContext.group_id | quote }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties - name: {{ include "common.fullname" . }}-config + name: config subPath: janusgraph-realtime.properties - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots - name: {{ include "common.fullname" . }}-snapshots + name: snapshots - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties - name: {{ include "common.fullname" . }}-config + name: config subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties - name: {{ include "common.fullname" . }}-config + name: properties subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-GA - name: {{ include "common.fullname" . }}-logs + name: logs - mountPath: /opt/app/aai-graphadmin/resources/logback.xml - name: {{ include "common.fullname" . }}-config + name: config subPath: logback.xml - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml - name: {{ include "common.fullname" . }}-config + name: config subPath: localhost-access-logback.xml - mountPath: /opt/app/aai-graphadmin/resources/application.properties - name: {{ include "common.fullname" . }}-config + name: properties subPath: application.properties - {{ $global := . }} - {{ range $job := .Values.global.config.auth.files }} - - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }} - name: {{ include "common.fullname" $global }}-auth-truststore-sec - subPath: {{ . }} - {{ end }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-restore-backup @@ -128,63 +166,53 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-perform-migration command: - - /bin/bash + - sh + args: - -c - | bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges ; {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }} env: - name: LOCAL_USER_ID - value: {{ .Values.global.config.userId | quote }} + value: {{ .Values.securityContext.user_id | quote }} - name: LOCAL_GROUP_ID - value: {{ .Values.global.config.groupId | quote }} - volumeMounts: + value: {{ .Values.securityContext.group_id | quote }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties - name: {{ include "common.fullname" . }}-config + name: config subPath: janusgraph-realtime.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties - name: {{ include "common.fullname" . }}-config + name: config subPath: janusgraph-cached.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties - name: {{ include "common.fullname" . }}-config + name: properties subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-GA - name: {{ include "common.fullname" . }}-logs + name: logs - mountPath: /opt/app/aai-graphadmin/resources/logback.xml - name: {{ include "common.fullname" . }}-config + name: config subPath: logback.xml - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml - name: {{ include "common.fullname" . }}-config + name: config subPath: localhost-access-logback.xml - mountPath: /opt/app/aai-graphadmin/resources/application.properties - name: {{ include "common.fullname" . }}-config + name: properties subPath: application.properties - {{ $global := . }} - {{ range $job := .Values.global.config.auth.files }} - - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }} - name: {{ include "common.fullname" $global }}-auth-truststore-sec - subPath: {{ . }} - {{ end }} - resources: -{{ include "common.resources" . }} + resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end -}} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }} - name: {{ include "common.fullname" . }}-logs emptyDir: {} - name: {{ include "common.fullname" . }}-config @@ -193,14 +221,12 @@ spec: - name: {{ include "common.fullname" . }}-snapshots persistentVolumeClaim: claimName: {{ include "common.fullname" . }}-migration - - name: {{ include "common.fullname" . }}-auth-truststore-sec - secret: - secretName: aai-common-truststore - items: - {{ range $job := .Values.global.config.auth.files }} - - key: {{ . }} - path: {{ . }} - {{ end }} + - name: properties-input + configMap: + name: {{ include "common.fullname" . }}-properties + - name: properties + emptyDir: + medium: Memory restartPolicy: Never imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" @@ -228,8 +254,50 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + {{- if .Values.global.aafEnabled }} + - command: + - sh + args: + - -c + - | + echo "*** retrieve Truststore and Keystore password" + export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) + echo "*** obfuscate them " + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop + echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop + echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop + image: {{ include "repositoryGenerator.image.jetty" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-obfuscate + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + securityContext: + runAsUser: {{ .Values.securityContext.user_id }} + - command: + - sh + args: + - -c + - | + echo "*** Set obfuscated Truststore and Keystore password into configuration file" + export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) + cd /config-input + for PFILE in `ls -1` + do + envsubst <${PFILE} >/config/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + - mountPath: /config-input + name: properties-input + - mountPath: /config + name: properties + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + {{- end }} {{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }} - initContainers: - command: - /bin/bash - -c @@ -249,65 +317,69 @@ spec: image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /bin/bash + - sh + args: - -c - | - bash docker-entrypoint.sh dataSnapshot.sh ; + bash docker-entrypoint.sh dataSnapshot.sh {{- include "common.serviceMesh.killSidecar" . | indent 11 | trim }} env: - name: LOCAL_USER_ID - value: {{ .Values.global.config.userId | quote }} + value: {{ .Values.securityContext.user_id | quote }} - name: LOCAL_GROUP_ID - value: {{ .Values.global.config.groupId | quote }} - volumeMounts: + value: {{ .Values.securityContext.group_id | quote }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots - name: {{ include "common.fullname" . }}-snapshots + name: snapshots - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties - name: {{ include "common.fullname" . }}-migration + name: migration subPath: janusgraph-migration-real.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties - name: {{ include "common.fullname" . }}-migration + name: migration subPath: janusgraph-migration-cached.properties - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties - name: {{ include "common.fullname" . }}-config + name: properties subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-RES/ - name: {{ include "common.fullname" . }}-logs + name: logs - mountPath: /opt/app/aai-graphadmin/resources/logback.xml - name: {{ include "common.fullname" . }}-config + name: config subPath: logback.xml - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml - name: {{ include "common.fullname" . }}-config + name: config subPath: localhost-access-logback.xml - mountPath: /opt/app/aai-graphadmin/resources/application.properties - name: {{ include "common.fullname" . }}-config + name: properties subPath: application.properties - resources: -{{ include "common.resources" . | indent 10 }} + resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end -}} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} - volumes: + volumes: {{ include "common.resources" . | nindent 10 }} - name: localtime hostPath: path: /etc/localtime - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} - - name: {{ include "common.fullname" . }}-config + - name: config configMap: - name: {{ include "common.fullname" . }}-configmap - - name: {{ include "common.fullname" . }}-migration + name: {{ include "common.fullname" . }} + - name: properties-input configMap: - name: {{ include "common.fullname" . }}-migration-configmap - - name: {{ include "common.fullname" . }}-snapshots + name: {{ include "common.fullname" . }}-properties + - name: properties + emptyDir: + medium: Memory + - name: migration + configMap: + name: {{ include "common.fullname" . }}-migration + - name: snapshots persistentVolumeClaim: claimName: {{ include "common.fullname" . }}-migration restartPolicy: Never diff --git a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml index 85165e2dc4..cf4655361d 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml @@ -4,6 +4,7 @@ # org.onap.aai # ================================================================================ # Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2021 Orange # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index cdbef0dd8a..2774609e8f 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -4,7 +4,7 @@ # ================================================================================ # Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # Copyright (c) 2020 Nokia Intellectual Property. All rights reserved. -# Copyright (c) 2020 Orange Intellectual Property. All rights reserved. +# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -37,8 +37,6 @@ global: # global defaults migration: enabled: false config: - # User information for the admin user in container - userId: 1000 # Specifies that the cluster connected to a dynamic # cluster being spinned up by kubernetes deployment @@ -96,27 +94,54 @@ global: # global defaults edge: label: v12 - # Keystore configuration password and filename - keystore: - filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 - - # Truststore configuration password and filename - truststore: - filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 - - - - # Specifies a list of files to be included in auth volume - auth: - files: - - aai_keystore - # Specifies which clients should always default to realtime graph connection realtime: clients: SDNC,MSO,SO,robot-ete +################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: aai-graphadmin-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: aai + fqi: aai@aai.onap.org + public_fqdn: aai.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + fqi_namespace: org.onap.aai + user_id: &user_id 1000 + group_id: &group_id 1000 + aaf_add_config: | + echo "*** changing them into shell safe ones" + export KEYSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export KEYSTORE_JKS_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PLAIN_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSTORE_PLAIN_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + keytool -storepasswd -new "${KEYSTORE_JKS_PLAIN_PASSWORD}" \ + -storepass "${cadi_keystore_password_jks}" \ + -keystore {{ .Values.fqi_namespace }}.jks + echo "*** set key password as same password as keystore password" + keytool -keypasswd -new "${KEYSTORE_JKS_PLAIN_PASSWORD}" \ + -keystore {{ .Values.fqi_namespace }}.jks \ + -keypass "${cadi_keystore_password_jks}" \ + -storepass "${KEYSTORE_JKS_PLAIN_PASSWORD}" -alias {{ .Values.fqi }} + echo "*** writing passwords into prop file" + echo "KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop + echo "KEYSTORE_JKS_PLAIN_PASSWORD=${KEYSTORE_JKS_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop + echo "TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }} # application image image: onap/aai-graphadmin:1.9.1 @@ -259,8 +284,17 @@ resources: memory: 2Gi unlimited: {} +# Not fully used for now +securityContext: + user_id: *user_id + group_id: *group_id + #Pods Service Account serviceAccount: nameOverride: aai-graphadmin roles: - read +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/components/aai-modelloader/requirements.yaml b/kubernetes/aai/components/aai-modelloader/requirements.yaml index d80dc5aea2..5a41aefe84 100644 --- a/kubernetes/aai/components/aai-modelloader/requirements.yaml +++ b/kubernetes/aai/components/aai-modelloader/requirements.yaml @@ -21,6 +21,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: certInitializer + version: ~9.x-0 + repository: '@local' - name: repositoryGenerator version: ~9.x-0 repository: '@local' diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/auth/babel-client-cert.p12 b/kubernetes/aai/components/aai-modelloader/resources/config/auth/babel-client-cert.p12 Binary files differdeleted file mode 100644 index e64895e911..0000000000 --- a/kubernetes/aai/components/aai-modelloader/resources/config/auth/babel-client-cert.p12 +++ /dev/null diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-modelloader/resources/config/auth/tomcat_keystore Binary files differdeleted file mode 100644 index e1d24d9b4d..0000000000 --- a/kubernetes/aai/components/aai-modelloader/resources/config/auth/tomcat_keystore +++ /dev/null diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml b/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml index cd36e799d6..129af8f2ac 100644 --- a/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml +++ b/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml @@ -1,6 +1,7 @@ {{/* <!-- # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,8 +27,7 @@ <property name="auditLogName" value="audit" /> <property name="debugLogName" value="debug" /> - <property name="errorLogPattern" - value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|ModelLoader|%mdc{PartnerName}|%logger||%.-5level|%msg%n" /> + <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|ModelLoader|%mdc{PartnerName}|%logger||%.-5level|%msg%n" /> <property name="auditMetricPattern" value="%m%n" /> <property name="logDirectory" value="${logDir}/${componentName}" /> @@ -35,9 +35,12 @@ <!-- Example evaluator filter applied against console appender --> <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> <encoder> - <pattern>${defaultPattern}</pattern> + <pattern>${errorLogPattern}</pattern> </encoder> </appender> + <appender name="AsyncSysOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> <!-- ============================================================================ --> <!-- EELF Appenders --> @@ -46,8 +49,7 @@ <!-- The EELFAppender is used to record events to the general application log --> - <appender name="EELF" - class="ch.qos.logback.core.rolling.RollingFileAppender"> + <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender"> <file>${logDirectory}/${generalLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern> @@ -66,8 +68,7 @@ <appender-ref ref="EELF" /> </appender> - <appender name="EELFAudit" - class="ch.qos.logback.core.rolling.RollingFileAppender"> + <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> <file>${logDirectory}/${auditLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern> @@ -82,8 +83,7 @@ <appender-ref ref="EELFAudit" /> </appender> - <appender name="EELFMetrics" - class="ch.qos.logback.core.rolling.RollingFileAppender"> + <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender"> <file>${logDirectory}/${metricsLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern> @@ -98,8 +98,7 @@ <appender-ref ref="EELFMetrics" /> </appender> - <appender name="EELFDebug" - class="ch.qos.logback.core.rolling.RollingFileAppender"> + <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> <file>${logDirectory}/${debugLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern> @@ -121,12 +120,15 @@ <logger name="com.att.eelf" level="info" additivity="false"> <appender-ref ref="asyncEELF" /> <appender-ref ref="asyncEELFDebug" /> + <appender-ref ref="AsyncSysOut" /> </logger> <logger name="com.att.eelf.audit" level="info" additivity="false"> <appender-ref ref="asyncEELFAudit" /> + <appender-ref ref="AsyncSysOut" /> </logger> <logger name="com.att.eelf.metrics" level="info" additivity="false"> <appender-ref ref="asyncEELFMetrics" /> + <appender-ref ref="AsyncSysOut" /> </logger> <!-- Spring related loggers --> @@ -162,8 +164,9 @@ <logger name="ch.qos.logback.core" level="WARN" /> <root> - <appender-ref ref="asyncEELF" /> - <!-- <appender-ref ref="asyncEELFDebug" /> --> -</root> + <appender-ref ref="asyncEELF" /> + <appender-ref ref="AsyncSysOut" /> + <!-- <appender-ref ref="asyncEELFDebug" /> --> + </root> </configuration> diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties b/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties index 41b855490a..09eb397860 100644 --- a/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties +++ b/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,7 +21,7 @@ ml.distribution.ACTIVE_SERVER_TLS_AUTH=false ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8443 ml.distribution.ASDC_USE_HTTPS=true ml.distribution.KEYSTORE_PASSWORD= -ml.distribution.KEYSTORE_FILE=asdc-client.jks +ml.distribution.KEYSTORE_FILE= ml.distribution.PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp {{ else }} ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8080 @@ -54,8 +55,8 @@ ml.aai.AUTH_PASSWORD=OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw ml.babel.BASE_URL={{ include "common.scheme" . }}://aai-babel.{{.Release.Namespace}}:9516 ml.babel.GENERATE_ARTIFACTS_URL=/services/babel-service/v1/app/generateArtifacts {{ if ( include "common.needTLS" .) }} -ml.babel.KEYSTORE_FILE=babel-client-cert.p12 -ml.babel.KEYSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 -ml.babel.TRUSTSTORE_FILE=tomcat_keystore -ml.babel.TRUSTSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 +ml.babel.KEYSTORE_FILE=aaf/local/{{ .Values.certInitializer.fqi_namespace }}.p12 +ml.babel.KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD} +ml.babel.TRUSTSTORE_FILE=aaf/local/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +ml.babel.TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD} {{ end }} diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml index 7509f88090..0213d631a3 100644 --- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml @@ -1,7 +1,7 @@ {{/* # Copyright © 2018 Amdocs, AT&T # Modifications Copyright © 2018 Bell Canada -# Modifications Copyright © 2020 Orange +# Modifications Copyright © 2020-2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -39,12 +39,53 @@ spec: name: {{ include "common.name" . }} spec: {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} + {{- end }} + {{- if .Values.global.aafEnabled }} + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + - command: + - sh + args: + - -c + - | + echo "*** retrieve Truststore and Keystore password" + export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) + echo "*** obfuscate them " + export KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD} + export TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD} + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop + echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop + image: {{ include "repositoryGenerator.image.jetty" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-obfuscate + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + securityContext: + runAsUser: {{ .Values.securityContext.user_id }} + - command: + - sh + args: + - -c + - | + echo "*** Set obfuscated Truststore and Keystore password into configuration file" + export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) + cd /config-input + for PFILE in `ls -1` + do + envsubst <${PFILE} >/config/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + - mountPath: /config-input + name: prop-config-input + - mountPath: /config + name: prop-config + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config {{- end }} containers: - name: {{ include "common.name" . }} @@ -53,59 +94,41 @@ spec: env: - name: CONFIG_HOME value: /opt/app/model-loader/config/ - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/model-loader/config/model-loader.properties subPath: model-loader.properties - name: {{ include "common.fullname" . }}-prop-config + name: prop-config - mountPath: /opt/app/model-loader/config/auth/ - name: {{ include "common.fullname" . }}-auth-config - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs + name: auth-config + - mountPath: {{ .Values.log.path }} + name: logs - mountPath: /opt/app/model-loader/logback.xml - name: {{ include "common.fullname" . }}-log-conf + name: log-config subPath: logback.xml - ports: - - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort2 }} - resources: -{{ include "common.resources" . }} - + resources: {{ include "common.resources" . | nindent 10 }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - - mountPath: /usr/share/filebeat/data - name: aai-filebeat - resources: -{{ include "common.resources" . }} + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime - - name: {{ include "common.fullname" . }}-prop-config + - name: prop-config-input configMap: name: {{ include "common.fullname" . }}-prop - - name: {{ include "common.fullname" . }}-auth-config + - name: prop-config + emptyDir: + medium: Memory + - name: auth-config secret: secretName: {{ include "common.fullname" . }} - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: aai-filebeat + - name: logs emptyDir: {} - - name: {{ include "common.fullname" . }}-log-conf + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} + - name: log-config configMap: name: {{ include "common.fullname" . }}-log restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml index 96780757c0..95eae6a80b 100644 --- a/kubernetes/aai/components/aai-modelloader/values.yaml +++ b/kubernetes/aai/components/aai-modelloader/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada, AT&T -# Modifications Copyright © 2020 Orange +# Modifications Copyright © 2020-2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,6 +19,41 @@ global: # global defaults nodePortPrefix: 302 +################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: aai-ml-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: aai + fqi: aai@aai.onap.org + public_fqdn: aai.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + appMountPath: /opt/app/model-loader/config/auth/aaf + fqi_namespace: org.onap.aai + user_id: &user_id 1000 + group_id: &group_id 1000 + aaf_add_config: | + echo "*** changing them into shell safe ones" + export KEYSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PLAIN_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSTORE_PLAIN_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** writing passwords into prop file" + echo "KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop + echo "TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }} # application image image: onap/model-loader:1.9.1 @@ -48,26 +83,6 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 -service: - type: NodePort - portName: http - externalPort: 8080 - internalPort: 8080 - nodePort: 10 - portName2: https - externalPort2: 8443 - internalPort2: 8443 - nodePort2: 29 - -ingress: - enabled: false - service: - - baseaddr: "aaimodelloader" - name: "aai-modelloader" - port: 8443 - config: - ssl: "redirect" - resources: small: limits: @@ -90,3 +105,13 @@ serviceAccount: nameOverride: aai-modelloader roles: - read + +# Not fully used for now +securityContext: + user_id: *user_id + group_id: *group_id + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index fd4b1c3dc1..021f0946ed 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -150,7 +150,7 @@ spec: name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-RES - name: {{ include "common.fullname" . }}-logs + name: logs - mountPath: /opt/app/aai-resources/resources/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml @@ -218,30 +218,15 @@ spec: affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - - mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-filebeat - resources: {{ include "common.resources" . | nindent 12 }} + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: {{ include "common.fullname" . }}-filebeat + - name: logs emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index 3941af3747..fcf7cfedef 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -275,3 +275,8 @@ serviceAccount: nameOverride: aai-resources roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties b/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties index b0ed0e89a0..a2abaf3785 100644 --- a/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties @@ -36,10 +36,10 @@ aai.tools.password={{ .Values.global.config.basic.auth.passwd }} {{ end }} {{ if ( include "common.needTLS" .) }} -aai.truststore.filename={{ .Values.global.config.truststore.filename }} -aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }} -aai.keystore.filename={{ .Values.global.config.keystore.filename }} -aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }} +aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD} +aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +aai.keystore.passwd.x=${KEYSTORE_PASSWORD} {{ end }} aai.default.api.version={{ .Values.global.config.schema.version.api.default }} diff --git a/kubernetes/aai/components/aai-schema-service/config/application.properties b/kubernetes/aai/components/aai-schema-service/config/application.properties index ad700dce6e..a3f7998a8f 100644 --- a/kubernetes/aai/components/aai-schema-service/config/application.properties +++ b/kubernetes/aai/components/aai-schema-service/config/application.properties @@ -39,12 +39,12 @@ server.basic.auth.location=${server.local.startpath}/etc/auth/realm.properties server.port=8452 {{ if ( include "common.needTLS" .) }} server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 -server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} -server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) -server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} -server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +server.ssl.key-store-password=${KEYSTORE_PASSWORD} +server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks +server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} server.ssl.client-auth=want -server.ssl.key-store-type=JKS +server.ssl.key-store-type=PKCS12 {{ else }} security.require-ssl=false server.ssl.enabled=false diff --git a/kubernetes/aai/components/aai-schema-service/config/logback.xml b/kubernetes/aai/components/aai-schema-service/config/logback.xml index cfcd3c02e6..e91e257d14 100644 --- a/kubernetes/aai/components/aai-schema-service/config/logback.xml +++ b/kubernetes/aai/components/aai-schema-service/config/logback.xml @@ -268,20 +268,25 @@ <logger name="org.onap.aai.aaf.auth" level="DEBUG" additivity="false"> <appender-ref ref="asyncAUTH" /> + <appender-ref ref="STDOUT"/> </logger> <logger name="org.onap.aai.aailog.logs.AaiScheduledTaskAuditLog" level="INFO"> <appender-ref ref="asyncAUDIT"/> + <appender-ref ref="STDOUT"/> </logger> <logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level="INFO"> <appender-ref ref="asyncAUDIT"/> + <appender-ref ref="STDOUT"/> </logger> <logger name="org.onap.aai.logging.ErrorLogHelper" level="WARN"> <appender-ref ref="asyncERROR"/> + <appender-ref ref="STDOUT"/> </logger> <logger name="org.onap.aai.schemaservice.interceptors.post" level="DEBUG" additivity="false"> <appender-ref ref="asynctranslog" /> + <appender-ref ref="STDOUT"/> </logger> <logger name="org.apache" level="OFF"/> diff --git a/kubernetes/aai/components/aai-schema-service/config/realm.properties b/kubernetes/aai/components/aai-schema-service/config/realm.properties index 988bb2411b..7c8539dbe7 100644 --- a/kubernetes/aai/components/aai-schema-service/config/realm.properties +++ b/kubernetes/aai/components/aai-schema-service/config/realm.properties @@ -10,6 +10,7 @@ ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin OOF:OBF:1img1ke71ily,admin aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +aai-graphadmin@aai-graphadmin.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin diff --git a/kubernetes/aai/components/aai-schema-service/requirements.yaml b/kubernetes/aai/components/aai-schema-service/requirements.yaml index d80dc5aea2..5a41aefe84 100644 --- a/kubernetes/aai/components/aai-schema-service/requirements.yaml +++ b/kubernetes/aai/components/aai-schema-service/requirements.yaml @@ -21,6 +21,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: certInitializer + version: ~9.x-0 + repository: '@local' - name: repositoryGenerator version: ~9.x-0 repository: '@local' diff --git a/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml b/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml index 23a2af54a2..957387158a 100644 --- a/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml @@ -30,7 +30,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-localhost-access-log-configmap + name: {{ include "common.fullname" . }}-localhost-access-log namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -43,7 +43,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-aaiconfig-configmap + name: {{ include "common.fullname" . }}-aaiconfig namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -56,7 +56,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-springapp-configmap + name: {{ include "common.fullname" . }}-springapp namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -69,7 +69,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-realm-configmap + name: {{ include "common.fullname" . }}-realm namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml index d4394057e8..e4f1d72d7b 100644 --- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml @@ -40,16 +40,52 @@ spec: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} spec: + {{- if .Values.global.aafEnabled }} + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + - command: + - sh + args: + - -c + - | + echo "*** retrieve Truststore and Keystore password" + export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) + echo "*** obfuscate them " + export KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD} + export TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD} + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop + echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop + image: {{ include "repositoryGenerator.image.jetty" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-obfuscate + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + securityContext: + runAsUser: {{ .Values.securityContext.user_id }} + {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + echo "*** retrieve Truststore and Keystore password" + export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + echo "keystore pass: $KEYSTORE_PASSWORD" + echo "truststore pass: $TRUSTSTORE_PASSWORD" + echo "*** actual launch of AAI Schema Service" + /bin/bash /opt/app/aai-schema-service/docker-entrypoint.sh + {{- end }} env: - name: LOCAL_USER_ID - value: {{ .Values.global.config.userId | quote }} + value: {{ .Values.securityContext.user_id | quote }} - name: LOCAL_GROUP_ID - value: {{ .Values.global.config.groupId | quote }} - volumeMounts: + value: {{ .Values.securityContext.group_id | quote }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -57,9 +93,9 @@ spec: name: aaiconfig-conf subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-SS - name: {{ include "common.fullname" . }}-logs + name: logs - mountPath: /opt/app/aai-schema-service/resources/logback.xml - name: {{ include "common.fullname" . }}-log-conf + name: log-conf subPath: logback.xml - mountPath: /opt/app/aai-schema-service/resources/localhost-access-logback.xml name: localhost-access-log-conf @@ -70,12 +106,6 @@ spec: - mountPath: /opt/app/aai-schema-service/resources/application.properties name: springapp-conf subPath: application.properties - {{ $global := . }} - {{ range $job := .Values.global.config.auth.files }} - - mountPath: /opt/app/aai-schema-service/resources/etc/auth/{{ . }} - name: auth-truststore-sec - subPath: {{ . }} - {{ end }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} @@ -105,55 +135,33 @@ spec: {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - - mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-filebeat + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: aai-common-aai-auth-mount secret: secretName: aai-common-aai-auth - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: {{ include "common.fullname" . }}-filebeat + - name: logs emptyDir: {} - - name: {{ include "common.fullname" . }}-log-conf + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} + - name: log-conf configMap: name: {{ include "common.fullname" . }}-log - name: localhost-access-log-conf configMap: - name: {{ include "common.fullname" . }}-localhost-access-log-configmap + name: {{ include "common.fullname" . }}-localhost-access-log - name: springapp-conf configMap: - name: {{ include "common.fullname" . }}-springapp-configmap + name: {{ include "common.fullname" . }}-springapp - name: aaiconfig-conf configMap: - name: {{ include "common.fullname" . }}-aaiconfig-configmap + name: {{ include "common.fullname" . }}-aaiconfig - name: realm-conf configMap: - name: {{ include "common.fullname" . }}-realm-configmap - - name: auth-truststore-sec - secret: - secretName: aai-common-truststore - items: - {{ range $job := .Values.global.config.auth.files }} - - key: {{ . }} - path: {{ . }} - {{ end }} + name: {{ include "common.fullname" . }}-realm restartPolicy: {{ .Values.restartPolicy }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index 252df407c1..7989bcc63d 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -58,20 +58,40 @@ global: # global defaults edge: label: v12 - # Keystore configuration password and filename - keystore: - filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 - - # Truststore configuration password and filename - truststore: - filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 - - # Specifies a list of files to be included in auth volume - auth: - files: - - aai_keystore +################################################################# +# Certificate configuration +################################################################# +certInitializer: + nameOverride: aai-schema-service-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: aai-schema-service + fqi: aai-schema-service@aai-schema-service.onap.org + public_fqdn: aai-schema-service.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + fqi_namespace: org.onap.aai-schema-service + user_id: &user_id 1000 + group_id: &group_id 1000 + aaf_add_config: | + echo "*** changing them into shell safe ones" + export KEYSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PLAIN_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSTORE_PLAIN_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** writing passwords into prop file" + echo "KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop + echo "TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }} # application image image: onap/aai-schema-service:1.9.2 @@ -146,3 +166,13 @@ serviceAccount: nameOverride: aai-schema-service roles: - read + +# Not fully used for now +securityContext: + user_id: *user_id + group_id: *group_id + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index 7c09dcd228..48a6b04913 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -107,7 +107,7 @@ spec: name: portal-config - mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/ name: portal-config-props - - mountPath: /var/log/onap + - mountPath: {{ .Values.log.path }} name: logs - mountPath: /opt/app/sparky/config/application.properties name: config @@ -164,19 +164,7 @@ spec: {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: logs - - mountPath: /usr/share/filebeat/data - name: aai-sparky-filebeat - resources: -{{ include "common.resources" . }} + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime @@ -197,13 +185,9 @@ spec: - name: auth-config secret: secretName: {{ include "common.fullname" . }} - - name: filebeat-conf - configMap: - name: aai-filebeat - name: logs emptyDir: {} - - name: aai-sparky-filebeat - emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: modeldir emptyDir: {} restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index 342df7a5d5..5c540c9b96 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -75,7 +75,7 @@ config: gerritBranch: 3.0.0-ONAP gerritProject: http://gerrit.onap.org/r/aai/test-config portalUsername: aaiui - portalPassword: OBF:1t2v1vfv1unz1vgz1t3b + portalPassword: OBF:1t2v1vfv1unz1vgz1t3b # aaiui portalCookieName: UserId portalAppRoles: ui_view cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties @@ -150,3 +150,8 @@ serviceAccount: nameOverride: aai-sparky-be roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml index 277fb4bfbb..ed8cde7a88 100644 --- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml @@ -169,7 +169,7 @@ spec: name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-GQ - name: {{ include "common.fullname" . }}-logs + name: logs - mountPath: /opt/aai/logroot/AAI-GQ/misc name: {{ include "common.fullname" . }}-logs-misc - mountPath: /opt/app/aai-traversal/resources/logback.xml @@ -243,33 +243,17 @@ spec: {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - - mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-filebeat - resources: -{{ include "common.resources" . }} + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} - name: {{ include "common.fullname" . }}-logs-misc emptyDir: {} - - name: {{ include "common.fullname" . }}-filebeat - emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml index 42f0f47bb0..f2e6ee61b5 100644 --- a/kubernetes/aai/components/aai-traversal/templates/job.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml @@ -118,15 +118,11 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat - name: {{ include "common.fullname" . }}-logs emptyDir: {} - name: {{ include "common.fullname" . }}-logs-misc emptyDir: {} - - name: {{ include "common.fullname" . }}-filebeat - emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index 70f3e9e6a7..38c7bd0da2 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -282,3 +282,8 @@ serviceAccount: nameOverride: aai-traversal roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/resources/config/aai/aai_keystore b/kubernetes/aai/resources/config/aai/aai_keystore Binary files differindex b9a3e45107..dc86acca0c 100644 --- a/kubernetes/aai/resources/config/aai/aai_keystore +++ b/kubernetes/aai/resources/config/aai/aai_keystore diff --git a/kubernetes/aai/templates/configmap.yaml b/kubernetes/aai/templates/configmap.yaml index b0da359ab1..dac36d729d 100644 --- a/kubernetes/aai/templates/configmap.yaml +++ b/kubernetes/aai/templates/configmap.yaml @@ -15,18 +15,7 @@ # this is a shared resource for subcharts */}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: aai-filebeat - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} +{{ include "common.log.configMap" . }} --- apiVersion: v1 kind: ConfigMap @@ -72,4 +61,4 @@ metadata: type: Opaque data: {{ tpl (.Files.Glob "resources/config/rproxy/security/*").AsSecrets . | indent 2 }} -{{ end }}
\ No newline at end of file +{{ end }} diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 1122d63dab..3ceeb8439e 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -33,6 +33,7 @@ global: # global defaults aafEnabled: true msbEnabled: true + centralizedLoggingEnabled: true cassandra: #This will instantiate AAI cassandra cluster, default:shared cassandra. @@ -251,12 +252,12 @@ global: # global defaults # Keystore configuration password and filename keystore: filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 + passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 # changeit # Truststore configuration password and filename truststore: filename: aai_keystore - passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 + passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 # changeit # Specifies a list of files to be included in auth volume auth: @@ -276,6 +277,21 @@ global: # global defaults # since when this is enabled, it prints a lot of information to console enabled: false +aai-babel: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-graphadmin: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-modelloader: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-resources: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-schema-service: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-sparky-be: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-traversal: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' + ################################################################# # Certificate configuration ################################################################# diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml index dc2002877a..f59e8cea4d 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml @@ -87,7 +87,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-blueprintsprocessor:1.2.0 +image: onap/ccsdk-blueprintsprocessor:1.2.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/cds/components/cds-command-executor/values.yaml b/kubernetes/cds/components/cds-command-executor/values.yaml index 658a899c1e..8077d819d1 100755 --- a/kubernetes/cds/components/cds-command-executor/values.yaml +++ b/kubernetes/cds/components/cds-command-executor/values.yaml @@ -32,7 +32,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-commandexecutor:1.2.0 +image: onap/ccsdk-commandexecutor:1.2.1 pullPolicy: Always # application configuration diff --git a/kubernetes/cds/components/cds-py-executor/values.yaml b/kubernetes/cds/components/cds-py-executor/values.yaml index c7a2734a8b..cf138c5e26 100755 --- a/kubernetes/cds/components/cds-py-executor/values.yaml +++ b/kubernetes/cds/components/cds-py-executor/values.yaml @@ -30,7 +30,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-py-executor:1.2.0 +image: onap/ccsdk-py-executor:1.2.1 pullPolicy: Always # default number of instances diff --git a/kubernetes/cds/components/cds-sdc-listener/values.yaml b/kubernetes/cds/components/cds-sdc-listener/values.yaml index fd15bd0ecc..7ca0a44aa4 100644 --- a/kubernetes/cds/components/cds-sdc-listener/values.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/values.yaml @@ -29,7 +29,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-sdclistener:1.2.0 +image: onap/ccsdk-sdclistener:1.2.1 name: sdc-listener pullPolicy: Always diff --git a/kubernetes/cds/components/cds-ui/values.yaml b/kubernetes/cds/components/cds-ui/values.yaml index f579cc358d..175c17ffa9 100644 --- a/kubernetes/cds/components/cds-ui/values.yaml +++ b/kubernetes/cds/components/cds-ui/values.yaml @@ -44,7 +44,7 @@ certInitializer: {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop # application image -image: onap/ccsdk-cds-ui-server:1.2.0 +image: onap/ccsdk-cds-ui-server:1.2.1 pullPolicy: Always # application configuration diff --git a/kubernetes/common/common/templates/_log.tpl b/kubernetes/common/common/templates/_log.tpl index dc714aecc4..369c25b254 100644 --- a/kubernetes/common/common/templates/_log.tpl +++ b/kubernetes/common/common/templates/_log.tpl @@ -27,14 +27,23 @@ mountPath: {{ .Values.log.path }} - name: filebeat-data mountPath: /usr/share/filebeat/data + resources: + requests: + memory: "5Mi" + cpu: "10m" + limits: + memory: "20Mi" + cpu: "100m" {{- end -}} {{- end -}} {{- define "common.log.volumes" -}} -{{- if .Values.global.centralizedLoggingEnabled }} +{{- $dot := default . .dot }} +{{- if $dot.Values.global.centralizedLoggingEnabled }} +{{- $configMapName := printf "%s-filebeat" (default (include "common.fullname" $dot) .configMapNamePrefix) }} - name: filebeat-conf configMap: - name: {{ include "common.fullname" . }}-filebeat + name: {{ $configMapName }} - name: filebeat-data emptyDir: {} {{- end -}} diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index 681c6afc4f..fa1f6c3e62 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -69,7 +69,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-dgbuilder-image:1.2.1 +image: onap/ccsdk-dgbuilder-image:1.2.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index c8c0ffa0b2..ff11da309a 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -75,7 +75,7 @@ spec: - name: SET_NAME value: {{ include "common.fullname" . }} - name: SERVICE_NAME - value: {{ include "common.servicename" . }} + value: {{ include "common.servicename" . }}.{{ include "common.namespace" . }}.svc.{{ .Values.global.clusterName }} {{- if .Values.extraEnv }} {{ toYaml .Values.extraEnv | indent 8 }} {{- end }} diff --git a/kubernetes/common/etcd/values.yaml b/kubernetes/common/etcd/values.yaml index 3cfd4535f1..e2334eadfe 100644 --- a/kubernetes/common/etcd/values.yaml +++ b/kubernetes/common/etcd/values.yaml @@ -17,6 +17,7 @@ ################################################################# global: nodePortPrefix: 302 + clusterName: cluster.local persistence: {} ################################################################# diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml index 8ca5374bbd..9bdf19c7ec 100644 --- a/kubernetes/common/network-name-gen/templates/deployment.yaml +++ b/kubernetes/common/network-name-gen/templates/deployment.yaml @@ -93,6 +93,8 @@ spec: value: "{{ .Values.config.aaiUri }}" - name: AAI_AUTH value: "{{ .Values.config.aaiAuth }}" + - name: DISABLE_HOST_VERIFICATION + value: "{{ .Values.config.disableHostVerification }}" volumeMounts: - name: certs mountPath: /opt/etc/config/aai_keystore diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index c1717c3d24..6937facf6f 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -74,7 +74,7 @@ mariadb-init: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-apps-ms-neng:1.2.0 +image: onap/ccsdk-apps-ms-neng:1.2.1 pullPolicy: IfNotPresent # application configuration @@ -90,6 +90,7 @@ config: polUrl: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision polEnv: TEST polReqId: xx + disableHostVerification: true aaiCertPass: changeit aaiCertPath: /opt/etc/config/aai_keystore aaiAuth: QUFJOkFBSQ== diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl index 1662985d0a..349bb4072a 100644 --- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl +++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl @@ -105,6 +105,10 @@ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "htpasswdImage") .) }} {{- end -}} +{{- define "repositoryGenerator.image.jetty" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "jettyImage") .) }} +{{- end -}} + {{- define "repositoryGenerator.image.jre" -}} {{- include "repositoryGenerator.image._helper" (merge (dict "image" "jreImage") .) }} {{- end -}} diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index f4104538f7..e2fe1ffbdb 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -28,6 +28,7 @@ global: envsubstImage: dibi/envsubst:1 # there's only latest image for htpasswd htpasswdImage: xmartlabs/htpasswd:latest + jettyImage: jetty:9-jdk11-slim jreImage: onap/integration-java11:7.1.0 kubectlImage: bitnami/kubectl:1.19 loggingImage: beats/filebeat:5.5.0 @@ -60,6 +61,7 @@ imageRepoMapping: curlImage: dockerHubRepository envsubstImage: dockerHubRepository htpasswdImage: dockerHubRepository + jettyImage: dockerHubRepository jreImage: repository kubectlImage: dockerHubRepository loggingImage: elasticRepository diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml index d41c44ddbc..a482152582 100644 --- a/kubernetes/cps/components/cps-core/values.yaml +++ b/kubernetes/cps/components/cps-core/values.yaml @@ -73,17 +73,16 @@ service: ports: - name: &port http port: *svc_port - - name: management + - name: http-management port: *mgt_port targetPort: *mgt_port prometheus: - enabled: true + enabled: false metrics: serviceMonitor: - enabled: true - port: management + port: http-management ## specify target port if name is not given to the port in the service definition ## # targetPort: 8080 diff --git a/kubernetes/cps/components/cps-temporal/values.yaml b/kubernetes/cps/components/cps-temporal/values.yaml index da055d0242..8b3f16b64c 100644 --- a/kubernetes/cps/components/cps-temporal/values.yaml +++ b/kubernetes/cps/components/cps-temporal/values.yaml @@ -45,7 +45,7 @@ containerPort: &svc_port 8080 managementPort: &mgt_port 8081 prometheus: - enabled: true + enabled: false service: type: ClusterIP @@ -54,14 +54,13 @@ service: - name: http port: *svc_port targetPort: *svc_port - - name: management + - name: http-management port: *mgt_port targetPort: *mgt_port metrics: serviceMonitor: - enabled: true - port: management + port: http-management ## specify target port if name is not given to the port in the service definition ## # targetPort: 8080 diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml index 2e5018807c..8e71114c8c 100644 --- a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml +++ b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml @@ -20,7 +20,7 @@ dmi: service: - name: {{ .Values.config.dmiServiceName }} + url: {{ .Values.config.dmiServiceUrl }} cps-core: baseUrl: {{ .Values.config.cpsCore.url }} diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml index 3f40a79b84..753b8baaff 100644 --- a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml +++ b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml @@ -47,12 +47,12 @@ global: virtualhost: baseurl: "simpledemo.onap.org" -image: onap/ncmp-dmi-plugin:1.0.0 +image: onap/ncmp-dmi-plugin:1.0.1 containerPort: &svc_port 8080 managementPort: &mgt_port 8081 prometheus: - enabled: true + enabled: false service: type: ClusterIP @@ -60,14 +60,13 @@ service: ports: - name: &port http port: *svc_port - - name: management + - name: http-management port: *mgt_port targetPort: *mgt_port metrics: serviceMonitor: - enabled: true - port: management + port: http-management ## specify target port if name is not given to the port in the service definition ## # targetPort: 8080 @@ -147,7 +146,7 @@ config: spring: profile: helm - dmiServiceName: http://*svc_name:*svc_port + dmiServiceUrl: http://*svc_name:*svc_port sdnc: url: http://sdnc:8181 username: admin diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml index 420814f6c2..1e60d24d7a 100644 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml @@ -56,7 +56,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.son-handler:2.1.4 +image: onap/org.onap.dcaegen2.services.son-handler:2.1.5 pullPolicy: Always # Log directory where logging sidecar should look for log files diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/job.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/job.yaml index 2e8b4cd4e8..f01edd240b 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/job.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/job.yaml @@ -37,8 +37,10 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" restartPolicy: Never containers: - name: dcae-cleanup image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.cleanupImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
\ No newline at end of file + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml index e1a0b1c660..597da1734c 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml @@ -48,10 +48,4 @@ metadata: data: {{ tpl (.Files.Glob "resources/dr_nodes/*.json").AsConfig . | indent 2 }} --- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-dmaap-dr-node-filebeat-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }} +{{ include "common.log.configMap" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml index 90db648028..84a3c1eee8 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml @@ -88,17 +88,7 @@ spec: affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} # Filebeat sidecar container - - name: {{ include "common.name" . }}-filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap/datarouter-node + {{ include "common.log.sidecar" . | nindent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} @@ -115,11 +105,7 @@ spec: - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.fullname" . }}-dmaap-dr-node-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} + {{ include "common.log.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-logs emptyDir: {} {{- if not .Values.persistence.enabled }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index eb6a48802e..e34bc0068d 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -19,6 +19,7 @@ global: loggingDirectory: /var/log/onap/datarouter persistence: {} aafEnabled: true + centralizedLoggingEnabled: true ################################################################# # AAF part @@ -156,3 +157,7 @@ serviceAccount: nameOverride: dmaap-dr-node roles: - read + +#Log configuration +log: + path: /var/log/onap diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml index 1a0ca9f759..9031cce423 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml @@ -35,13 +35,7 @@ metadata: data: {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} --- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-dmaap-dr-prov-filebeat-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }} +{{ include "common.log.configMap" . }} --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index a3051eee5d..5f99ea3399 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -107,17 +107,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} # Filebeat sidecar container - - name: {{ include "common.name" . }}-filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap/datarouter-prov + {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime @@ -132,11 +122,7 @@ spec: - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.fullname" . }}-dmaap-dr-prov-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} + {{ include "common.log.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-logs emptyDir: {} imagePullSecrets: diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index a1833568e9..1d9432afa2 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -19,6 +19,7 @@ global: nodePortPrefix: 302 loggingDirectory: /opt/app/datartr/logs persistence: {} + centralizedLoggingEnabled: true mariadbGalera: &mariadbGalera #This flag allows DMAAP-DR to instantiate its own mariadb-galera cluster localCluster: false @@ -164,3 +165,7 @@ serviceAccount: nameOverride: dmaap-dr-prov roles: - read + +#Log configuration +log: + path: /var/log/onap diff --git a/kubernetes/holmes/requirements.yaml b/kubernetes/holmes/requirements.yaml index d1200fd162..f881acdc97 100644 --- a/kubernetes/holmes/requirements.yaml +++ b/kubernetes/holmes/requirements.yaml @@ -22,6 +22,11 @@ dependencies: - name: postgres version: ~9.x-0 repository: '@local' + condition: global.postgres.localCluster + - name: postgres-init + version: ~9.x-0 + repository: '@local' + condition: not global.postgres.localCluster - name: holmes-rule-mgmt version: ~9.x-0 repository: 'file://components/holmes-rule-mgmt' diff --git a/kubernetes/holmes/values.yaml b/kubernetes/holmes/values.yaml index 9c69c20096..a536380bd5 100644 --- a/kubernetes/holmes/values.yaml +++ b/kubernetes/holmes/values.yaml @@ -19,7 +19,16 @@ global: nodePortPrefix: 302 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 - + #Service Names of the postgres db to connect to. + #Override it to dbc-pg if localCluster is enabled. + postgres: + localCluster: false + service: + name: pgset + name2: &postgres tcp-pgset-primary + name3: tcp-pgset-replica + container: + name: postgres secrets: - uid: pg-root-pass name: &pgRootPassSecretName '{{ include "common.release" . }}-holmes-pg-root-pass' @@ -65,11 +74,23 @@ postgres: mountSubPath: holmes/data mountInitPath: holmes +postgres-init: + nameOverride: holmes-postgres-init + config: + pgUserName: holmes + pgDatabase: *dbName + pgDataPath: data + pgUserExternalSecret: *pgUserCredsSecretName + # pgPrimaryPassword: password + # pgUserPassword: password + # pgRootPassword: password + holmes-engine-mgmt: config: pgConfig: dbName: *dbName - dbHost: *dbHost + # dbHost: *dbHost + dbHost: *postgres dbPort: *dbPort dbUserCredsExternalSecret: *pgUserCredsSecretName @@ -77,7 +98,8 @@ holmes-rule-mgmt: config: pgConfig: dbName: *dbName - dbHost: *dbHost + # dbHost: *dbHost + dbHost: *postgres dbPort: *dbPort dbUserCredsExternalSecret: *pgUserCredsSecretName diff --git a/kubernetes/modeling/components/modeling-etsicatalog/resources/config/logging/filebeat/filebeat.yml b/kubernetes/modeling/components/modeling-etsicatalog/resources/config/log/filebeat/filebeat.yml index 0bc14ea908..0bc14ea908 100644 --- a/kubernetes/modeling/components/modeling-etsicatalog/resources/config/logging/filebeat/filebeat.yml +++ b/kubernetes/modeling/components/modeling-etsicatalog/resources/config/log/filebeat/filebeat.yml diff --git a/kubernetes/modeling/components/modeling-etsicatalog/resources/config/logging/server/log.yml b/kubernetes/modeling/components/modeling-etsicatalog/resources/config/log/server/log.yml index 5ac5fefe92..5ac5fefe92 100644 --- a/kubernetes/modeling/components/modeling-etsicatalog/resources/config/logging/server/log.yml +++ b/kubernetes/modeling/components/modeling-etsicatalog/resources/config/log/server/log.yml diff --git a/kubernetes/modeling/components/modeling-etsicatalog/templates/configmap.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/configmap.yaml index 1a2112bbe2..fc16d8c0a0 100644 --- a/kubernetes/modeling/components/modeling-etsicatalog/templates/configmap.yaml +++ b/kubernetes/modeling/components/modeling-etsicatalog/templates/configmap.yaml @@ -20,12 +20,6 @@ metadata: name: {{ include "common.fullname" . }}-logging-configmap namespace: {{ include "common.namespace" . }} data: -{{ tpl (.Files.Glob "resources/config/logging/server/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/log/server/*").AsConfig . | indent 2 }} --- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-modeling-filebeat-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/logging/filebeat/*").AsConfig . | indent 2 }}
\ No newline at end of file +{{ include "common.log.configMap" . }} diff --git a/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml index 8e28071ba6..d9cbbef15b 100644 --- a/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml +++ b/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml @@ -111,7 +111,7 @@ spec: mountPath: /etc/localtime readOnly: true - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + mountPath: {{ .Values.log.path }} - name: {{ include "common.fullname" . }}-logconfig mountPath: /opt/modeling/etsicatalog/config/log.yml subPath: log.yml @@ -127,17 +127,7 @@ spec: {{- end }} # side car containers - - name: {{ include "common.name" . }}-filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data + {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-etsicatalog @@ -156,10 +146,6 @@ spec: configMap: name : {{ include "common.fullname" . }}-logging-configmap - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.fullname" . }}-modeling-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} + {{ include "common.log.volumes" . | nindent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml index 3af4bae554..b4d88375fc 100644 --- a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml @@ -28,6 +28,8 @@ global: internalPort: 3306 nameOverride: mariadb-galera + centralizedLoggingEnabled: true + readinessCheck: wait_for: msb: @@ -183,3 +185,7 @@ serviceAccount: nameOverride: modeling-etsicatalog roles: - read + +#Log configuration +log: + path: /var/log/onap diff --git a/kubernetes/msb/components/kube2msb/requirements.yaml b/kubernetes/msb/components/kube2msb/requirements.yaml index dbb7638914..dfda28d9c9 100644 --- a/kubernetes/msb/components/kube2msb/requirements.yaml +++ b/kubernetes/msb/components/kube2msb/requirements.yaml @@ -19,3 +19,4 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + diff --git a/kubernetes/msb/components/msb-consul/requirements.yaml b/kubernetes/msb/components/msb-consul/requirements.yaml index dbb7638914..ca01ea6e9d 100644 --- a/kubernetes/msb/components/msb-consul/requirements.yaml +++ b/kubernetes/msb/components/msb-consul/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/msb/components/msb-consul/templates/deployment.yaml b/kubernetes/msb/components/msb-consul/templates/deployment.yaml index 97dd1781f2..d03829d89d 100644 --- a/kubernetes/msb/components/msb-consul/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-consul/templates/deployment.yaml @@ -36,7 +36,6 @@ spec: annotations: sidecar.istio.io/inject: "{{.Values.istioSidecar}}" spec: - serviceAccountName: msb containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} @@ -85,6 +84,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/msb/components/msb-consul/values.yaml b/kubernetes/msb/components/msb-consul/values.yaml index 1c7fa38171..258d49e30b 100644 --- a/kubernetes/msb/components/msb-consul/values.yaml +++ b/kubernetes/msb/components/msb-consul/values.yaml @@ -87,3 +87,9 @@ securityContext: fsGroup: 1000 runAsUser: 100 runAsGroup: 1000 + +#Pods Service Account +serviceAccount: + nameOverride: msb-consul + roles: + - read diff --git a/kubernetes/msb/components/msb-discovery/requirements.yaml b/kubernetes/msb/components/msb-discovery/requirements.yaml index dbb7638914..ca01ea6e9d 100644 --- a/kubernetes/msb/components/msb-discovery/requirements.yaml +++ b/kubernetes/msb/components/msb-discovery/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/msb/components/msb-discovery/templates/deployment.yaml b/kubernetes/msb/components/msb-discovery/templates/deployment.yaml index e5e5f9eb0f..00d91fe646 100644 --- a/kubernetes/msb/components/msb-discovery/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-discovery/templates/deployment.yaml @@ -36,7 +36,6 @@ spec: annotations: sidecar.istio.io/inject: "{{.Values.istioSidecar}}" spec: - serviceAccountName: msb initContainers: - command: - /app/ready.py @@ -107,6 +106,7 @@ spec: - mountPath: /opt/ajsc/etc/config/logback.xml name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-log-conf configMap: diff --git a/kubernetes/msb/components/msb-discovery/values.yaml b/kubernetes/msb/components/msb-discovery/values.yaml index f0eabde79f..e9800233e3 100644 --- a/kubernetes/msb/components/msb-discovery/values.yaml +++ b/kubernetes/msb/components/msb-discovery/values.yaml @@ -82,3 +82,9 @@ resources: cpu: 400m memory: 400Mi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: msb-discovery + roles: + - read diff --git a/kubernetes/msb/components/msb-eag/requirements.yaml b/kubernetes/msb/components/msb-eag/requirements.yaml index 3fea5d0f52..a4fb34c5a6 100644 --- a/kubernetes/msb/components/msb-eag/requirements.yaml +++ b/kubernetes/msb/components/msb-eag/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: certInitializer version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/msb/components/msb-eag/templates/deployment.yaml b/kubernetes/msb/components/msb-eag/templates/deployment.yaml index 113a174eb6..c30fc343de 100644 --- a/kubernetes/msb/components/msb-eag/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-eag/templates/deployment.yaml @@ -37,7 +37,6 @@ spec: annotations: sidecar.istio.io/inject: "{{.Values.istioSidecar}}" spec: - serviceAccountName: msb initContainers: {{ include "common.certInitializer.initContainer" . | indent 6 | trim }} - command: @@ -119,6 +118,7 @@ spec: - mountPath: /opt/ajsc/etc/config/logback.xml name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | indent 8 | trim }} - name: {{ include "common.fullname" . }}-log-conf diff --git a/kubernetes/msb/components/msb-eag/values.yaml b/kubernetes/msb/components/msb-eag/values.yaml index 5faae36fb0..9345341437 100644 --- a/kubernetes/msb/components/msb-eag/values.yaml +++ b/kubernetes/msb/components/msb-eag/values.yaml @@ -116,3 +116,9 @@ resources: cpu: 200m memory: 400Mi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: msb-eag + roles: + - read diff --git a/kubernetes/msb/components/msb-iag/requirements.yaml b/kubernetes/msb/components/msb-iag/requirements.yaml index 3fea5d0f52..a4fb34c5a6 100644 --- a/kubernetes/msb/components/msb-iag/requirements.yaml +++ b/kubernetes/msb/components/msb-iag/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: certInitializer version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/msb/components/msb-iag/templates/deployment.yaml b/kubernetes/msb/components/msb-iag/templates/deployment.yaml index 7bae325b1e..2a855c713f 100644 --- a/kubernetes/msb/components/msb-iag/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-iag/templates/deployment.yaml @@ -37,7 +37,6 @@ spec: annotations: sidecar.istio.io/inject: "{{.Values.istioSidecar}}" spec: - serviceAccountName: msb initContainers: {{ include "common.certInitializer.initContainer" . | indent 6 | trim }} - command: @@ -119,6 +118,7 @@ spec: - mountPath: /opt/ajsc/etc/config/logback.xml name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | indent 8 | trim }} - name: {{ include "common.fullname" . }}-log-conf diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml index 9b9f805802..21f22dd3ac 100644 --- a/kubernetes/msb/components/msb-iag/values.yaml +++ b/kubernetes/msb/components/msb-iag/values.yaml @@ -117,3 +117,9 @@ resources: cpu: 100m memory: 400Mi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: msb-iag + roles: + - read diff --git a/kubernetes/multicloud/components/multicloud-fcaps/requirements.yaml b/kubernetes/multicloud/components/multicloud-fcaps/requirements.yaml index c2d6f85118..27373df61e 100644 --- a/kubernetes/multicloud/components/multicloud-fcaps/requirements.yaml +++ b/kubernetes/multicloud/components/multicloud-fcaps/requirements.yaml @@ -21,3 +21,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml index 21991b75fe..fe2eb68a3e 100644 --- a/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml @@ -35,15 +35,10 @@ handlers: level: "DEBUG" class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/openstack/fcaps/fcaps.log" - formatter: "mdcFormat" + formatter: "standard" maxBytes: 52428800 backupCount: 10 formatters: standard: format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" - mdcFormat: - format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml index 99d2314a07..b438bf0066 100644 --- a/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml @@ -100,7 +100,7 @@ spec: - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.rabbitmq }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: rabbit-mq - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: fcaps-log emptyDir: {} diff --git a/kubernetes/multicloud/components/multicloud-fcaps/values.yaml b/kubernetes/multicloud/components/multicloud-fcaps/values.yaml index c66e4e829f..39ddbae5b7 100644 --- a/kubernetes/multicloud/components/multicloud-fcaps/values.yaml +++ b/kubernetes/multicloud/components/multicloud-fcaps/values.yaml @@ -22,7 +22,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/openstack-fcaps:1.5.5 +image: onap/multicloud/openstack-fcaps:1.5.6 pullPolicy: Always #Istio sidecar injection policy @@ -89,3 +89,9 @@ resources: # rabbit-mq image resource rabbitmq: rabbitmq:alpine + +#Pods Service Account +serviceAccount: + nameOverride: multicloud-fcaps + roles: + - read diff --git a/kubernetes/multicloud/components/multicloud-k8s/requirements.yaml b/kubernetes/multicloud/components/multicloud-k8s/requirements.yaml index 434abf9ab5..eebca63b29 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/requirements.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/requirements.yaml @@ -29,3 +29,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml index 9f50d35784..e63be9c81c 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml @@ -85,7 +85,7 @@ spec: subPath: config.json - mountPath: /data name: artifact-data - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml index 30319683a2..1c7c8fa489 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml @@ -18,13 +18,13 @@ global: nodePortPrefixExt: 304 persistence: {} - artifactImage: onap/multicloud/framework-artifactbroker:1.7.0 + artifactImage: onap/multicloud/framework-artifactbroker:1.7.1 ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/k8s:0.9.1 +image: onap/multicloud/k8s:0.9.3 pullPolicy: Always # flag to enable debugging - application support required @@ -133,3 +133,9 @@ resources: cpu: 10m memory: 100Mi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: multicloud-k8s + roles: + - read diff --git a/kubernetes/multicloud/components/multicloud-pike/requirements.yaml b/kubernetes/multicloud/components/multicloud-pike/requirements.yaml index c2d6f85118..27373df61e 100644 --- a/kubernetes/multicloud/components/multicloud-pike/requirements.yaml +++ b/kubernetes/multicloud/components/multicloud-pike/requirements.yaml @@ -21,3 +21,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml index 43e681e615..e740dccce3 100644 --- a/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml @@ -35,15 +35,10 @@ handlers: level: "DEBUG" class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/openstack/pike/pike.log" - formatter: "mdcFormat" + formatter: "standard" maxBytes: 52428800 backupCount: 10 formatters: standard: format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" - mdcFormat: - format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml index b48e8dc431..d12e663236 100644 --- a/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml @@ -69,6 +69,8 @@ spec: {{ include "common.resources" . | indent 12 }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/sh"] + args: ["-c", "/bin/sh /opt/pike/run.sh"] ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -97,7 +99,7 @@ spec: name: pike-log - mountPath: /usr/share/filebeat/data name: pike-data-filebeat - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: pike-log emptyDir: {} diff --git a/kubernetes/multicloud/components/multicloud-pike/values.yaml b/kubernetes/multicloud/components/multicloud-pike/values.yaml index 3fc572631a..5ef87f46b6 100644 --- a/kubernetes/multicloud/components/multicloud-pike/values.yaml +++ b/kubernetes/multicloud/components/multicloud-pike/values.yaml @@ -22,7 +22,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/openstack-pike:1.5.5 +image: onap/multicloud/openstack-pike:1.5.6 pullPolicy: Always #Istio sidecar injection policy @@ -86,3 +86,9 @@ resources: cpu: 20m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: multicloud-pike + roles: + - read diff --git a/kubernetes/multicloud/components/multicloud-prometheus/requirements.yaml b/kubernetes/multicloud/components/multicloud-prometheus/requirements.yaml index 09630f0989..eb40843bf1 100644 --- a/kubernetes/multicloud/components/multicloud-prometheus/requirements.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/requirements.yaml @@ -27,3 +27,6 @@ dependencies: - name: prometheus-grafana version: ~9.x-0 repository: 'file://components/prometheus-grafana' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml index 3a5c8edb5f..74941292fd 100644 --- a/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml @@ -105,6 +105,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 8 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-config configMap: diff --git a/kubernetes/multicloud/components/multicloud-prometheus/values.yaml b/kubernetes/multicloud/components/multicloud-prometheus/values.yaml index fa949c0c75..757041ce43 100644 --- a/kubernetes/multicloud/components/multicloud-prometheus/values.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/values.yaml @@ -100,3 +100,9 @@ resources: cpu: 20m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: multicloud-prometheus + roles: + - read diff --git a/kubernetes/multicloud/components/multicloud-starlingx/requirements.yaml b/kubernetes/multicloud/components/multicloud-starlingx/requirements.yaml index c2d6f85118..27373df61e 100644 --- a/kubernetes/multicloud/components/multicloud-starlingx/requirements.yaml +++ b/kubernetes/multicloud/components/multicloud-starlingx/requirements.yaml @@ -21,3 +21,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml index e4d3d54b38..05989ac9b4 100644 --- a/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml @@ -39,15 +39,10 @@ handlers: level: "DEBUG" class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/openstack/starlingx/starlingx.log" - formatter: "mdcFormat" + formatter: "standard" maxBytes: 52428800 backupCount: 10 formatters: standard: format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" - mdcFormat: - format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml index 5413327d0b..7c39bb7006 100644 --- a/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml @@ -111,7 +111,7 @@ spec: subPath: config.json - mountPath: /data name: artifact-data - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: starlingx-log emptyDir: {} diff --git a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml index cde6f67cc5..69e4d943bd 100644 --- a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml +++ b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml @@ -17,14 +17,14 @@ ################################################################# global: nodePortPrefixExt: 304 - artifactImage: onap/multicloud/framework-artifactbroker:1.6.0 + artifactImage: onap/multicloud/framework-artifactbroker:1.7.1 ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/multicloud/openstack-starlingx:1.5.5 +image: onap/multicloud/openstack-starlingx:1.5.6 pullPolicy: Always #Istio sidecar injection policy @@ -88,3 +88,9 @@ resources: cpu: 20m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: multicloud-starlingx + roles: + - read diff --git a/kubernetes/multicloud/components/multicloud-vio/requirements.yaml b/kubernetes/multicloud/components/multicloud-vio/requirements.yaml index c2d6f85118..27373df61e 100644 --- a/kubernetes/multicloud/components/multicloud-vio/requirements.yaml +++ b/kubernetes/multicloud/components/multicloud-vio/requirements.yaml @@ -21,3 +21,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml index 520f86a7d1..5548359b12 100644 --- a/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml @@ -94,6 +94,7 @@ spec: name: vio-log - mountPath: /usr/share/filebeat/data name: vio-data-filebeat + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: vio-log emptyDir: {} diff --git a/kubernetes/multicloud/components/multicloud-vio/values.yaml b/kubernetes/multicloud/components/multicloud-vio/values.yaml index 1a5af2ca48..5b218f1e75 100644 --- a/kubernetes/multicloud/components/multicloud-vio/values.yaml +++ b/kubernetes/multicloud/components/multicloud-vio/values.yaml @@ -85,3 +85,9 @@ resources: cpu: 20m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: multicloud-vio + roles: + - read diff --git a/kubernetes/multicloud/components/multicloud-windriver/requirements.yaml b/kubernetes/multicloud/components/multicloud-windriver/requirements.yaml index c2d6f85118..27373df61e 100644 --- a/kubernetes/multicloud/components/multicloud-windriver/requirements.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/requirements.yaml @@ -21,3 +21,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml index 79ff56adaa..7488188cdc 100644 --- a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml @@ -35,15 +35,10 @@ handlers: level: "DEBUG" class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/openstack/windriver/titanium_cloud.log" - formatter: "mdcFormat" + formatter: "standard" maxBytes: 52428800 backupCount: 10 formatters: standard: format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" - mdcFormat: - format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml index 2ed0b13249..f46e45017d 100644 --- a/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml @@ -120,7 +120,7 @@ spec: subPath: config.json - mountPath: /data name: artifact-data - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: windriver-log emptyDir: {} diff --git a/kubernetes/multicloud/components/multicloud-windriver/values.yaml b/kubernetes/multicloud/components/multicloud-windriver/values.yaml index e25a96ba05..d520a783b7 100644 --- a/kubernetes/multicloud/components/multicloud-windriver/values.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/values.yaml @@ -18,14 +18,14 @@ ################################################################# global: nodePortPrefix: 302 - artifactImage: onap/multicloud/framework-artifactbroker:1.6.0 + artifactImage: onap/multicloud/framework-artifactbroker:1.7.1 persistence: {} ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/openstack-windriver:1.5.5 +image: onap/multicloud/openstack-windriver:1.5.6 pullPolicy: Always #Istio sidecar injection policy @@ -97,3 +97,9 @@ resources: cpu: 20m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: multicloud-windriver + roles: + - read diff --git a/kubernetes/multicloud/requirements.yaml b/kubernetes/multicloud/requirements.yaml index 2af2eb92ae..84099b2171 100644 --- a/kubernetes/multicloud/requirements.yaml +++ b/kubernetes/multicloud/requirements.yaml @@ -49,3 +49,6 @@ dependencies: version: ~9.x-0 repository: 'file://components/multicloud-windriver' condition: multicloud-windriver.enabled + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/resources/config/log/framework/log.yml b/kubernetes/multicloud/resources/config/log/framework/log.yml index 023ff81d50..604797d467 100644 --- a/kubernetes/multicloud/resources/config/log/framework/log.yml +++ b/kubernetes/multicloud/resources/config/log/framework/log.yml @@ -26,14 +26,9 @@ handlers: level: "DEBUG" class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/multivimbroker/multivimbroker.log" - formatter: "mdcFormat" + formatter: "standard" maxBytes: 52428800 backupCount: 10 formatters: standard: format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" - mdcFormat: - format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/multicloud/templates/deployment.yaml b/kubernetes/multicloud/templates/deployment.yaml index a5b8297e2f..34fe6224bc 100644 --- a/kubernetes/multicloud/templates/deployment.yaml +++ b/kubernetes/multicloud/templates/deployment.yaml @@ -100,6 +100,7 @@ spec: name: framework-log - mountPath: /usr/share/filebeat/data name: framework-data-filebeat + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: framework-log emptyDir: {} diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml index 93d299e16f..90e72be044 100644 --- a/kubernetes/multicloud/values.yaml +++ b/kubernetes/multicloud/values.yaml @@ -18,7 +18,7 @@ ################################################################# global: nodePortPrefix: 302 - artifactImage: onap/multicloud/framework-artifactbroker:1.7.0 + artifactImage: onap/multicloud/framework-artifactbroker:1.7.1 prometheus: enabled: false persistence: {} @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/framework:1.7.0 +image: onap/multicloud/framework:1.7.1 pullPolicy: Always #Istio sidecar injection policy @@ -108,3 +108,9 @@ resources: cpu: 20m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: multicloud + roles: + - read diff --git a/kubernetes/nbi/requirements.yaml b/kubernetes/nbi/requirements.yaml index f54b915d77..69d6f51433 100644 --- a/kubernetes/nbi/requirements.yaml +++ b/kubernetes/nbi/requirements.yaml @@ -37,3 +37,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml index d5f209e94a..b9ed35b0f7 100644 --- a/kubernetes/nbi/templates/deployment.yaml +++ b/kubernetes/nbi/templates/deployment.yaml @@ -146,6 +146,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index a3dc897718..92788e430f 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -181,3 +181,9 @@ resources: cpu: 200m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: nbi + roles: + - read diff --git a/kubernetes/onap/Chart.yaml b/kubernetes/onap/Chart.yaml index 21ff5a5c89..d9525c5750 100644 --- a/kubernetes/onap/Chart.yaml +++ b/kubernetes/onap/Chart.yaml @@ -21,4 +21,4 @@ home: https://www.onap.org/ sources: - https://gerrit.onap.org/r/#/admin/projects/ icon: https://wiki.onap.org/download/thumbnails/1015829/onap_704x271%20copy.png?version=1&modificationDate=1488326334000&api=v2 -kubeVersion: ">=1.19" +kubeVersion: ">=1.19.0-0" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml index 15694713a0..3e9b0a1c91 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml @@ -26,3 +26,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml index ba4a657c1a..3ed20ba8a6 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml @@ -162,6 +162,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml index fb402143c6..72c5ddc9c2 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml @@ -111,3 +111,9 @@ ingress: port: 8091 config: ssl: "redirect" + +#Pods Service Account +serviceAccount: + nameOverride: oof-has-api + roles: + - read diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml index a199ea899d..03f20196b5 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml index 895a305b53..55bb4f620d 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml @@ -126,6 +126,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml index aa5b8fca2e..0157c569a0 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml @@ -71,3 +71,9 @@ liveness: readiness: initialDelaySeconds: 10 periodSeconds: 10 + +#Pods Service Account +serviceAccount: + nameOverride: oof-has-controller + roles: + - read diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml index a199ea899d..03f20196b5 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml index cc4eaf08b9..4f58ec3b94 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml @@ -131,6 +131,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml index 666818da73..5623cde904 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml @@ -71,3 +71,9 @@ liveness: readiness: initialDelaySeconds: 10 periodSeconds: 10 + +#Pods Service Account +serviceAccount: + nameOverride: oof-has-data + roles: + - read diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml index a199ea899d..03f20196b5 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml index 095162bea2..f8755ea66b 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml @@ -125,6 +125,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml index 666818da73..fa8bdd97ed 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml @@ -71,3 +71,9 @@ liveness: readiness: initialDelaySeconds: 10 periodSeconds: 10 + +#Pods Service Account +serviceAccount: + nameOverride: oof-has-reservation + roles: + - read diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml index a199ea899d..03f20196b5 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml index d664ca0875..154bc78e41 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml @@ -125,6 +125,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml index 666818da73..e7ceddd9a4 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml @@ -71,3 +71,9 @@ liveness: readiness: initialDelaySeconds: 10 periodSeconds: 10 + +#Pods Service Account +serviceAccount: + nameOverride: oof-has-solver + roles: + - read diff --git a/kubernetes/oof/requirements.yaml b/kubernetes/oof/requirements.yaml index 16ecadb956..fbfb868bb0 100755 --- a/kubernetes/oof/requirements.yaml +++ b/kubernetes/oof/requirements.yaml @@ -31,3 +31,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml index 6f1022ba63..58ff39e1e5 100644 --- a/kubernetes/oof/templates/deployment.yaml +++ b/kubernetes/oof/templates/deployment.yaml @@ -133,7 +133,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index 64c3e0ad29..f5873b404e 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -177,3 +177,9 @@ ingress: oof-has: enabled: true certSecret: *oof-certs + +#Pods Service Account +serviceAccount: + nameOverride: oof + roles: + - read diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index 3983d932a0..3318a199f1 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-apex-pdp:2.6.0 +image: onap/policy-apex-pdp:2.6.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index 87ddd73adf..26ed0a77eb 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -36,7 +36,7 @@ secrets: passwordPolicy: required - uid: restserver-creds type: basicAuth - externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}' login: '{{ .Values.restServer.user }}' password: '{{ .Values.restServer.password }}' passwordPolicy: required @@ -78,7 +78,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-api:2.5.0 +image: onap/policy-api:2.5.1 pullPolicy: Always # flag to enable debugging - application support required @@ -94,7 +94,7 @@ db: restServer: user: healthcheck - password: zb!XztG34 + password: none # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties index a6334668b1..aa9870ae41 100644 --- a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties @@ -69,3 +69,9 @@ clamp.config.dcae.deployment.password=none #AAF related parameters clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095 + +# Configuration settings for ControlLoop Runtime Rest API +clamp.config.controlloop.runtime.url=http://policy-clamp-cl-runtime.{{ include "common.namespace" . }}:6969 +clamp.config.controlloop.runtime.userName=${RUNTIME_USER} +clamp.config.controlloop.runtime.password=${RUNTIME_PASSWORD} + diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql b/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql index 1f153bce04..1652dc18c3 100644 --- a/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql @@ -1,257 +1,275 @@ - - create table dictionary ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - dictionary_second_level integer, - dictionary_type varchar(255), - primary key (name) - ) engine=InnoDB; - - create table dictionary_elements ( - short_name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - description varchar(255) not null, - name varchar(255) not null, - subdictionary_name varchar(255), - type varchar(255) not null, - primary key (short_name) +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2021 Nordix Foundation + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +create table if not exists dictionary ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + dictionary_second_level integer, + dictionary_type varchar(255), + primary key (name) ) engine=InnoDB; - create table dictionary_to_dictionaryelements ( - dictionary_name varchar(255) not null, - dictionary_element_short_name varchar(255) not null, - primary key (dictionary_name, dictionary_element_short_name) +create table if not exists dictionary_elements ( + short_name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + description varchar(255) not null, + name varchar(255) not null, + subdictionary_name varchar(255), + type varchar(255) not null, + primary key (short_name) ) engine=InnoDB; - create table hibernate_sequence ( - next_val bigint +create table if not exists dictionary_to_dictionaryelements ( + dictionary_name varchar(255) not null, + dictionary_element_short_name varchar(255) not null, + primary key (dictionary_name, dictionary_element_short_name) ) engine=InnoDB; - insert into hibernate_sequence values ( 1 ); - - create table loop_element_models ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - blueprint_yaml MEDIUMTEXT, - dcae_blueprint_id varchar(255), - loop_element_type varchar(255) not null, - short_name varchar(255), - primary key (name) +create table if not exists hibernate_sequence ( + next_val bigint +) engine=InnoDB; + +insert into hibernate_sequence values ( 1 ); + +create table if not exists loop_element_models ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + blueprint_yaml MEDIUMTEXT, + dcae_blueprint_id varchar(255), + loop_element_type varchar(255) not null, + short_name varchar(255), + primary key (name) ) engine=InnoDB; - create table loop_logs ( - id bigint not null, - log_component varchar(255) not null, - log_instant datetime(6) not null, - log_type varchar(255) not null, - message MEDIUMTEXT not null, - loop_id varchar(255) not null, - primary key (id) +create table if not exists loop_logs ( + id bigint not null, + log_component varchar(255) not null, + log_instant datetime(6) not null, + log_type varchar(255) not null, + message MEDIUMTEXT not null, + loop_id varchar(255) not null, + primary key (id) ) engine=InnoDB; - create table loop_templates ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - allowed_loop_type varchar(255), - blueprint_yaml MEDIUMTEXT, - dcae_blueprint_id varchar(255), - maximum_instances_allowed integer, - svg_representation MEDIUMTEXT, - unique_blueprint boolean default false, - service_uuid varchar(255), - primary key (name) +create table if not exists loop_templates ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + allowed_loop_type varchar(255), + blueprint_yaml MEDIUMTEXT, + dcae_blueprint_id varchar(255), + maximum_instances_allowed integer, + svg_representation MEDIUMTEXT, + unique_blueprint boolean default false, + service_uuid varchar(255), + primary key (name) ) engine=InnoDB; - create table loopelementmodels_to_policymodels ( - loop_element_name varchar(255) not null, - policy_model_type varchar(255) not null, - policy_model_version varchar(255) not null, - primary key (loop_element_name, policy_model_type, policy_model_version) +create table if not exists loopelementmodels_to_policymodels ( + loop_element_name varchar(255) not null, + policy_model_type varchar(255) not null, + policy_model_version varchar(255) not null, + primary key (loop_element_name, policy_model_type, policy_model_version) ) engine=InnoDB; - create table loops ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - dcae_deployment_id varchar(255), - dcae_deployment_status_url varchar(255), - global_properties_json json, - last_computed_state varchar(255) not null, - svg_representation MEDIUMTEXT, - loop_template_name varchar(255) not null, - service_uuid varchar(255), - primary key (name) +create table if not exists loops ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + dcae_deployment_id varchar(255), + dcae_deployment_status_url varchar(255), + global_properties_json json, + last_computed_state varchar(255) not null, + svg_representation MEDIUMTEXT, + loop_template_name varchar(255) not null, + service_uuid varchar(255), + primary key (name) ) engine=InnoDB; - create table loops_to_microservicepolicies ( - loop_name varchar(255) not null, - microservicepolicy_name varchar(255) not null, - primary key (loop_name, microservicepolicy_name) +create table if not exists loops_to_microservicepolicies ( + loop_name varchar(255) not null, + microservicepolicy_name varchar(255) not null, + primary key (loop_name, microservicepolicy_name) ) engine=InnoDB; - create table looptemplates_to_loopelementmodels ( - loop_element_model_name varchar(255) not null, - loop_template_name varchar(255) not null, - flow_order integer not null, - primary key (loop_element_model_name, loop_template_name) +create table if not exists looptemplates_to_loopelementmodels ( + loop_element_model_name varchar(255) not null, + loop_template_name varchar(255) not null, + flow_order integer not null, + primary key (loop_element_model_name, loop_template_name) ) engine=InnoDB; - create table micro_service_policies ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - configurations_json json, - json_representation json not null, - pdp_group varchar(255), - pdp_sub_group varchar(255), - context varchar(255), - dcae_blueprint_id varchar(255), - dcae_deployment_id varchar(255), - dcae_deployment_status_url varchar(255), - device_type_scope varchar(255), - shared bit not null, - loop_element_model_id varchar(255), - policy_model_type varchar(255), - policy_model_version varchar(255), - primary key (name) +create table if not exists micro_service_policies ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + configurations_json json, + json_representation json not null, + pdp_group varchar(255), + pdp_sub_group varchar(255), + context varchar(255), + dcae_blueprint_id varchar(255), + dcae_deployment_id varchar(255), + dcae_deployment_status_url varchar(255), + device_type_scope varchar(255), + shared bit not null, + loop_element_model_id varchar(255), + policy_model_type varchar(255), + policy_model_version varchar(255), + primary key (name) ) engine=InnoDB; - create table operational_policies ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - configurations_json json, - json_representation json not null, - pdp_group varchar(255), - pdp_sub_group varchar(255), - loop_element_model_id varchar(255), - policy_model_type varchar(255), - policy_model_version varchar(255), - loop_id varchar(255) not null, - primary key (name) +create table if not exists operational_policies ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + configurations_json json, + json_representation json not null, + pdp_group varchar(255), + pdp_sub_group varchar(255), + loop_element_model_id varchar(255), + policy_model_type varchar(255), + policy_model_version varchar(255), + loop_id varchar(255) not null, + primary key (name) ) engine=InnoDB; - create table policy_models ( - policy_model_type varchar(255) not null, - version varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - policy_acronym varchar(255), - policy_tosca MEDIUMTEXT, - policy_pdp_group json, - primary key (policy_model_type, version) +create table if not exists policy_models ( + policy_model_type varchar(255) not null, + version varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + policy_acronym varchar(255), + policy_tosca MEDIUMTEXT, + policy_pdp_group json, + primary key (policy_model_type, version) ) engine=InnoDB; - create table services ( - service_uuid varchar(255) not null, - name varchar(255) not null, - resource_details json, - service_details json, - version varchar(255), - primary key (service_uuid) +create table if not exists services ( + service_uuid varchar(255) not null, + name varchar(255) not null, + resource_details json, + service_details json, + version varchar(255), + primary key (service_uuid) ) engine=InnoDB; - alter table dictionary_to_dictionaryelements - add constraint FK68hjjinnm8nte2owstd0xwp23 - foreign key (dictionary_element_short_name) - references dictionary_elements (short_name); - - alter table dictionary_to_dictionaryelements - add constraint FKtqfxg46gsxwlm2gkl6ne3cxfe - foreign key (dictionary_name) - references dictionary (name); - - alter table loop_logs - add constraint FK1j0cda46aickcaoxqoo34khg2 - foreign key (loop_id) - references loops (name); - - alter table loop_templates - add constraint FKn692dk6281wvp1o95074uacn6 - foreign key (service_uuid) - references services (service_uuid); - - alter table loopelementmodels_to_policymodels - add constraint FK23j2q74v6kaexefy0tdabsnda - foreign key (policy_model_type, policy_model_version) - references policy_models (policy_model_type, version); - - alter table loopelementmodels_to_policymodels - add constraint FKjag1iu0olojfwryfkvb5o0rk5 - foreign key (loop_element_name) - references loop_element_models (name); - - alter table loops - add constraint FK844uwy82wt0l66jljkjqembpj - foreign key (loop_template_name) - references loop_templates (name); - - alter table loops - add constraint FK4b9wnqopxogwek014i1shqw7w - foreign key (service_uuid) - references services (service_uuid); - - alter table loops_to_microservicepolicies - add constraint FKle255jmi7b065fwbvmwbiehtb - foreign key (microservicepolicy_name) - references micro_service_policies (name); - - alter table loops_to_microservicepolicies - add constraint FK8avfqaf7xl71l7sn7a5eri68d - foreign key (loop_name) - references loops (name); - - alter table looptemplates_to_loopelementmodels - add constraint FK1k7nbrbugvqa0xfxkq3cj1yn9 - foreign key (loop_element_model_name) - references loop_element_models (name); - - alter table looptemplates_to_loopelementmodels - add constraint FKj29yxyw0x7ue6mwgi6d3qg748 - foreign key (loop_template_name) - references loop_templates (name); - - alter table micro_service_policies - add constraint FKqvvdypacbww07fuv8xvlvdjgl - foreign key (loop_element_model_id) - references loop_element_models (name); - - alter table micro_service_policies - add constraint FKn17j9ufmyhqicb6cvr1dbjvkt - foreign key (policy_model_type, policy_model_version) - references policy_models (policy_model_type, version); - - alter table operational_policies - add constraint FKi9kh7my40737xeuaye9xwbnko - foreign key (loop_element_model_id) - references loop_element_models (name); - - alter table operational_policies - add constraint FKlsyhfkoqvkwj78ofepxhoctip - foreign key (policy_model_type, policy_model_version) - references policy_models (policy_model_type, version); - - alter table operational_policies - add constraint FK1ddoggk9ni2bnqighv6ecmuwu - foreign key (loop_id) - references loops (name); +alter table dictionary_to_dictionaryelements + add constraint FK68hjjinnm8nte2owstd0xwp23 + foreign key (dictionary_element_short_name) + references dictionary_elements (short_name); + +alter table dictionary_to_dictionaryelements + add constraint FKtqfxg46gsxwlm2gkl6ne3cxfe + foreign key (dictionary_name) + references dictionary (name); + +alter table loop_logs + add constraint FK1j0cda46aickcaoxqoo34khg2 + foreign key (loop_id) + references loops (name); + +alter table loop_templates + add constraint FKn692dk6281wvp1o95074uacn6 + foreign key (service_uuid) + references services (service_uuid); + +alter table loopelementmodels_to_policymodels + add constraint FK23j2q74v6kaexefy0tdabsnda + foreign key (policy_model_type, policy_model_version) + references policy_models (policy_model_type, version); + +alter table loopelementmodels_to_policymodels + add constraint FKjag1iu0olojfwryfkvb5o0rk5 + foreign key (loop_element_name) + references loop_element_models (name); + +alter table loops + add constraint FK844uwy82wt0l66jljkjqembpj + foreign key (loop_template_name) + references loop_templates (name); + +alter table loops + add constraint FK4b9wnqopxogwek014i1shqw7w + foreign key (service_uuid) + references services (service_uuid); + +alter table loops_to_microservicepolicies + add constraint FKle255jmi7b065fwbvmwbiehtb + foreign key (microservicepolicy_name) + references micro_service_policies (name); + +alter table loops_to_microservicepolicies + add constraint FK8avfqaf7xl71l7sn7a5eri68d + foreign key (loop_name) + references loops (name); + +alter table looptemplates_to_loopelementmodels + add constraint FK1k7nbrbugvqa0xfxkq3cj1yn9 + foreign key (loop_element_model_name) + references loop_element_models (name); + +alter table looptemplates_to_loopelementmodels + add constraint FKj29yxyw0x7ue6mwgi6d3qg748 + foreign key (loop_template_name) + references loop_templates (name); + +alter table micro_service_policies + add constraint FKqvvdypacbww07fuv8xvlvdjgl + foreign key (loop_element_model_id) + references loop_element_models (name); + +alter table micro_service_policies + add constraint FKn17j9ufmyhqicb6cvr1dbjvkt + foreign key (policy_model_type, policy_model_version) + references policy_models (policy_model_type, version); + +alter table operational_policies + add constraint FKi9kh7my40737xeuaye9xwbnko + foreign key (loop_element_model_id) + references loop_element_models (name); + +alter table operational_policies + add constraint FKlsyhfkoqvkwj78ofepxhoctip + foreign key (policy_model_type, policy_model_version) + references policy_models (policy_model_type, version); + +alter table operational_policies + add constraint FK1ddoggk9ni2bnqighv6ecmuwu + foreign key (loop_id) + references loops (name); diff --git a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml index e61cca0e49..4354c00a30 100644 --- a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml @@ -70,7 +70,7 @@ spec: export SDC_CLIENT_PASSWORD_ENC=`java -jar {{ .Values.certInitializer.credsPath }}/aaf-cadi-aaf-2.1.20-full.jar cadi digest ${SDC_CLIENT_PASSWORD} {{ .Values.certInitializer.credsPath }}/org.onap.clamp.keyfile`; envsubst < "/opt/policy/clamp/sdc-controllers-config.json" > "/opt/policy/clamp/sdc-controllers-config-pass.json" {{- end }} - java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./policy-clamp-backend.jar + java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./policy-clamp-backend.jar --spring.config.location=optional:classpath:/,optional:classpath:/config/,optional:file:./,optional:file:./config/ ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -97,6 +97,10 @@ spec: name: {{ include "common.fullname" . }}-config subPath: application.properties env: + - name: RUNTIME_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-be-secret" "key" "login") | indent 12 }} + - name: RUNTIME_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-be-secret" "key" "password") | indent 12 }} - name: MYSQL_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }} - name: MYSQL_PASSWORD diff --git a/kubernetes/policy/components/policy-clamp-be/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml index dcbe59c382..35011dea1d 100644 --- a/kubernetes/policy/components/policy-clamp-be/values.yaml +++ b/kubernetes/policy/components/policy-clamp-be/values.yaml @@ -60,11 +60,17 @@ secrets: externalSecret: '{{ tpl (default "" .Values.sdc.sdcClientExternalSecret) . }}' password: '{{ .Values.sdc.clientPassword }}' passwordPolicy: required + - uid: runtime-be-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}' + login: '{{ .Values.config.policyAppUserName }}' + password: '{{ .Values.config.policyAppUserPassword }}' + passwordPolicy: required flavor: small # application image -image: onap/policy-clamp-backend:6.1.1 +image: onap/policy-clamp-backend:6.1.3 pullPolicy: Always # flag to enable debugging - application support required @@ -79,7 +85,6 @@ log: ################################################################# #####dummy values for db user and password to pass lint!!!####### - sdc: clientPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U @@ -92,6 +97,8 @@ db: internalPort: 3306 config: + policyAppUserName: runtimeUser + policyAppUserPassword: none log: logstashServiceName: log-ls logstashPort: 5044 diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/Chart.yaml new file mode 100644 index 0000000000..463e007d9f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP Policy Clamp Controlloop Http Participant +name: policy-clamp-cl-http-ppnt +version: 9.0.0 diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/requirements.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/requirements.yaml new file mode 100644 index 0000000000..0139b52b25 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/requirements.yaml @@ -0,0 +1,31 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~9.x-0 + repository: '@local' + - name: certInitializer + version: ~9.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~9.x-0 + repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/HttpParticipantParameters.yaml new file mode 100644 index 0000000000..fd3c1d4438 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/HttpParticipantParameters.yaml @@ -0,0 +1,42 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +participant: + intermediaryParameters: + reportingTimeIntervalMs: 120000 + description: Participant Description + participantId: + name: HttpParticipant0 + version: 1.0.0 + participantType: + name: org.onap.k8s.controlloop.HttpControlLoopParticipant + version: 2.3.4 + clampControlLoopTopics: + topicSources: + - topic: POLICY-CLRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + fetchTimeout: 15000 + useHttps: true + topicSinks: + - topic: POLICY-CLRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + useHttps: true diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/logback.xml new file mode 100644 index 0000000000..b6a853d0a0 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/logback.xml @@ -0,0 +1,103 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2021 Nordix Foundation. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/http-participant/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/http-participant/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/http-participant/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/http-participant/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/http-participant/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/http-participant/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration> diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/configmap.yaml new file mode 100644 index 0000000000..09cc8cd48f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/configmap.yaml @@ -0,0 +1,32 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/deployment.yaml new file mode 100644 index 0000000000..80eaf761e8 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/deployment.yaml @@ -0,0 +1,93 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + volumeMounts: + - mountPath: /config-input + name: cl-http-ppnt-config + - mountPath: /config + name: cl-http-ppnt-config-processed + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["sh","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + /opt/app/policy/clamp/bin/http-participant.sh /opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"] +{{- else }} + command: ["/opt/app/policy/clamp/bin/http-participant.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} + volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: cl-http-ppnt-config-processed + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} + - name: localtime + hostPath: + path: /etc/localtime + - name: cl-http-ppnt-config + configMap: + name: {{ include "common.fullname" . }}-configmap + defaultMode: 0755 + - name: cl-http-ppnt-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/secrets.yaml new file mode 100644 index 0000000000..0bddc8dfbc --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +#Copyright (C) 2021 Nordix Foundation. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml new file mode 100644 index 0000000000..6ea647e388 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml @@ -0,0 +1,104 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + aafEnabled: true + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-clamp-cl-http-ppnt-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/policy-clamp-cl-http-ppnt:6.1.3 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} +ingress: + enabled: false + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-cl-http-ppnt + roles: + - read diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml index 74cf74f36d..f98fce1137 100644 --- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml @@ -72,7 +72,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-cl-k8s-ppnt:6.1.2 +image: onap/policy-clamp-cl-k8s-ppnt:6.1.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/Chart.yaml new file mode 100644 index 0000000000..bdca3aaf16 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP Policy Clamp Controlloop Policy Participant +name: policy-clamp-cl-pf-ppnt +version: 9.0.0 diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/requirements.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/requirements.yaml new file mode 100644 index 0000000000..e6af3b046f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/requirements.yaml @@ -0,0 +1,31 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~9.x-0 + repository: '@local' + - name: certInitializer + version: ~9.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~9.x-0 + repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/PolicyParticipantParameters.yaml new file mode 100644 index 0000000000..16d41131a1 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/PolicyParticipantParameters.yaml @@ -0,0 +1,62 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +participant: + pdpGroup: defaultGroup + pdpType: apex + policyApiParameters: + clientName: api + hostname: policy-api + port: 6969 + userName: ${API_USER} + password: ${API_PASSWORD} + useHttps: true + allowSelfSignedCerts: true + policyPapParameters: + clientName: pap + hostname: policy-pap + port: 6969 + userName: ${PAP_USER} + password: ${PAP_PASSWORD} + useHttps: true + allowSelfSignedCerts: true + intermediaryParameters: + reportingTimeIntervalMs: 120000 + description: Participant Description + participantId: + name: org.onap.PM_Policy + version: 1.0.0 + participantType: + name: org.onap.policy.controlloop.PolicyControlLoopParticipant + version: 2.3.1 + clampControlLoopTopics: + topicSources: + - + topic: POLICY-CLRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + fetchTimeout: 15000 + useHttps: true + topicSinks: + - + topic: POLICY-CLRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + useHttps: true diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/logback.xml new file mode 100644 index 0000000000..1447eb49fc --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/logback.xml @@ -0,0 +1,103 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2021 Nordix Foundation. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pf-participant/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pf-participant/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pf-participant/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pf-participant/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pf-participant/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pf-participant/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration> diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/configmap.yaml new file mode 100644 index 0000000000..09cc8cd48f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/configmap.yaml @@ -0,0 +1,32 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/deployment.yaml new file mode 100644 index 0000000000..2317194e96 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/deployment.yaml @@ -0,0 +1,102 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: API_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "login") | indent 10 }} + - name: API_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "password") | indent 10 }} + - name: PAP_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-secret" "key" "login") | indent 10 }} + - name: PAP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: cl-pf-ppnt-config + - mountPath: /config + name: cl-pf-ppnt-config-processed + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["sh","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + /opt/app/policy/clamp/bin/policy-participant.sh /opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"] +{{- else }} + command: ["/opt/app/policy/clamp/bin/policy-participant.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} + volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: cl-pf-ppnt-config-processed + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} + - name: localtime + hostPath: + path: /etc/localtime + - name: cl-pf-ppnt-config + configMap: + name: {{ include "common.fullname" . }}-configmap + defaultMode: 0755 + - name: cl-pf-ppnt-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/secrets.yaml new file mode 100644 index 0000000000..f0f3c5e993 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml new file mode 100644 index 0000000000..791b785502 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml @@ -0,0 +1,125 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + aafEnabled: true + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: api-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}' + login: '{{ .Values.restServer.api.user }}' + password: '{{ .Values.restServer.api.password }}' + passwordPolicy: required + - uid: pap-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}' + login: '{{ .Values.restServer.pap.user }}' + password: '{{ .Values.restServer.pap.password }}' + passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-clamp-cl-pf-ppnt-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/policy-clamp-cl-pf-ppnt:6.1.3 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# default number of instances +replicaCount: 1 + +# application configuration +restServer: + api: + user: healthcheck + password: none + pap: + user: healthcheck + password: none + +nodeSelector: {} + +affinity: {} +ingress: + enabled: false + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-cl-pf-ppnt + roles: + - read diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml index 4cf9e67c99..c0044e2cd1 100644 --- a/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml +++ b/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml @@ -78,7 +78,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-cl-runtime:6.1.2 +image: onap/policy-clamp-cl-runtime:6.1.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-fe/values.yaml b/kubernetes/policy/components/policy-clamp-fe/values.yaml index 9e021c8d0e..e5587411d5 100644 --- a/kubernetes/policy/components/policy-clamp-fe/values.yaml +++ b/kubernetes/policy/components/policy-clamp-fe/values.yaml @@ -60,7 +60,7 @@ subChartsOnly: flavor: small # application image -image: onap/policy-clamp-frontend:6.1.2 +image: onap/policy-clamp-frontend:6.1.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index 1614bd840e..2d80fbb216 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -67,7 +67,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/policy-distribution:2.6.0 +image: onap/policy-distribution:2.6.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 678cce74ee..fa0fda80e1 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -35,7 +35,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pdpd-cl:1.9.0 +image: onap/policy-pdpd-cl:1.9.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml index 460a83d9b2..a1810d387c 100644 --- a/kubernetes/policy/components/policy-gui/values.yaml +++ b/kubernetes/policy/components/policy-gui/values.yaml @@ -63,7 +63,7 @@ subChartsOnly: flavor: small # application image -image: onap/policy-gui:2.1.0 +image: onap/policy-gui:2.1.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index c373e04cf2..d7135524d3 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -38,13 +38,13 @@ secrets: passwordPolicy: required - uid: restserver-secret type: basicAuth - externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}' login: '{{ .Values.restServer.user }}' password: '{{ .Values.restServer.password }}' passwordPolicy: required - uid: api-secret type: basicAuth - externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.api.credsExternalSecret) . }}' + externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}' login: '{{ .Values.healthCheckRestClient.api.user }}' password: '{{ .Values.healthCheckRestClient.api.password }}' passwordPolicy: required @@ -92,7 +92,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pap:2.5.0 +image: onap/policy-pap:2.5.1 pullPolicy: Always # flag to enable debugging - application support required @@ -109,12 +109,12 @@ db: restServer: user: healthcheck - password: zb!XztG34 + password: none healthCheckRestClient: api: user: healthcheck - password: zb!XztG34 + password: none distribution: user: healthcheck password: zb!XztG34 diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 91984cc81b..7c2d1b13a8 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -83,7 +83,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-xacml-pdp:2.5.0 +image: onap/policy-xacml-pdp:2.5.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/requirements.yaml b/kubernetes/policy/requirements.yaml index 65ca87b2a4..949199aa81 100755 --- a/kubernetes/policy/requirements.yaml +++ b/kubernetes/policy/requirements.yaml @@ -70,6 +70,14 @@ dependencies: version: ~9.x-0 repository: 'file://components/policy-gui' condition: policy-gui.enabled + - name: policy-clamp-cl-pf-ppnt + version: ~9.x-0 + repository: 'file://components/policy-clamp-cl-pf-ppnt' + condition: policy-clamp-cl-pf-ppnt.enabled + - name: policy-clamp-cl-http-ppnt + version: ~9.x-0 + repository: 'file://components/policy-clamp-cl-http-ppnt' + condition: policy-clamp-cl-http-ppnt.enabled - name: repositoryGenerator version: ~9.x-0 repository: '@local' diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 29603690b8..5204aa7568 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -52,6 +52,20 @@ secrets: login: '{{ .Values.config.policyAppUserName }}' password: '{{ .Values.config.policyAppUserPassword }}' passwordPolicy: generate + - uid: policy-pap-user-creds + name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}' + login: '{{ .Values.restServer.policyPapUserName }}' + password: '{{ .Values.restServer.policyPapUserPassword }}' + passwordPolicy: required + - uid: policy-api-user-creds + name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}' + login: '{{ .Values.restServer.policyApiUserName }}' + password: '{{ .Values.restServer.policyApiUserPassword }}' + passwordPolicy: required db: &dbSecretsHook credsExternalSecret: *dbSecretName @@ -59,9 +73,14 @@ db: &dbSecretsHook policy-api: enabled: true db: *dbSecretsHook + restServer: + apiUserExternalSecret: *policyApiCredsSecret policy-pap: enabled: true db: *dbSecretsHook + restServer: + papUserExternalSecret: *policyPapCredsSecret + apiUserExternalSecret: *policyApiCredsSecret policy-xacml-pdp: enabled: true db: *dbSecretsHook @@ -83,6 +102,13 @@ policy-clamp-fe: enabled: true policy-clamp-cl-k8s-ppnt: enabled: true +policy-clamp-cl-pf-ppnt: + enabled: true + restServer: + apiUserExternalSecret: *policyApiCredsSecret + papUserExternalSecret: *policyPapCredsSecret +policy-clamp-cl-http-ppnt: + enabled: true policy-nexus: enabled: false policy-clamp-cl-runtime: @@ -104,7 +130,7 @@ mariadb: image: mariadb:10.5.8 dbmigrator: - image: onap/policy-db-migrator:2.3.0 + image: onap/policy-db-migrator:2.3.1 schema: policyadmin policy_home: "/opt/app/policy" @@ -156,6 +182,12 @@ mariadb-galera: serviceAccount: nameOverride: *policy-mariadb +restServer: + policyPapUserName: healthcheck + policyPapUserPassword: zb!XztG34 + policyApiUserName: healthcheck + policyApiUserPassword: zb!XztG34 + # Resource Limit flavor -By Default using small # Segregation for Different environment (small, large, or unlimited) flavor: small diff --git a/kubernetes/portal/components/portal-app/templates/deployment.yaml b/kubernetes/portal/components/portal-app/templates/deployment.yaml index 39393efb59..db4454d5e5 100644 --- a/kubernetes/portal/components/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-app/templates/deployment.yaml @@ -158,7 +158,7 @@ spec: - name: properties-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/temp" - name: var-log-onap - mountPath: /var/log/onap + mountPath: "{{ .Values.log.path }}" resources: {{ include "common.resources" . }} {{- if .Values.nodeSelector }} @@ -169,17 +169,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - name: filebeat-conf - subPath: filebeat.yml - - name: portal-data-filebeat - mountPath: /usr/share/filebeat/data - - name: var-log-onap - mountPath: /var/log/onap + {{ include "common.log.sidecar" . | nindent 6 }} volumes: {{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime @@ -192,13 +182,9 @@ spec: configMap: name: {{ include "common.fullname" . }}-onapportal defaultMode: 0755 - - name: filebeat-conf - configMap: - name: portal-filebeat + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }} - name: var-log-onap emptyDir: {} - - name: portal-data-filebeat - emptyDir: {} - name: portal-tomcat-logs emptyDir: {} imagePullSecrets: diff --git a/kubernetes/portal/components/portal-app/values.yaml b/kubernetes/portal/components/portal-app/values.yaml index b46876ced9..6cf2513c44 100644 --- a/kubernetes/portal/components/portal-app/values.yaml +++ b/kubernetes/portal/components/portal-app/values.yaml @@ -166,3 +166,8 @@ resources: cpu: 2 memory: 8Gi unlimited: {} + +# Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml index 95247b3dd2..abc5daab80 100644 --- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml @@ -149,7 +149,7 @@ spec: - name: portal-tomcat-logs mountPath: "{{ .Values.global.env.tomcatDir }}/logs" - name: var-log-onap - mountPath: /var/log/onap + mountPath: "{{ .Values.log.path }}" resources: {{ include "common.resources" . }} {{- if .Values.nodeSelector }} @@ -160,17 +160,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - name: filebeat-conf - subPath: filebeat.yml - - name: portal-data-filebeat - mountPath: /usr/share/filebeat/data - - name: var-log-onap - mountPath: /var/log/onap + {{ include "common.log.sidecar" . | nindent 6 }} volumes: - name: localtime hostPath: @@ -182,13 +172,9 @@ spec: configMap: name: {{ include "common.fullname" . }}-onapportalsdk defaultMode: 0755 - - name: filebeat-conf - configMap: - name: portal-filebeat + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }} - name: var-log-onap emptyDir: {} - - name: portal-data-filebeat - emptyDir: {} - name: portal-tomcat-logs emptyDir: {} {{ include "common.certInitializer.volumes" . | indent 8 }} diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml index 7631c3a482..f0c3954c11 100644 --- a/kubernetes/portal/components/portal-sdk/values.yaml +++ b/kubernetes/portal/components/portal-sdk/values.yaml @@ -161,3 +161,8 @@ resources: cpu: 4 memory: 10Gi unlimited: {} + +# Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/portal/templates/configmap.yaml b/kubernetes/portal/templates/configmap.yaml index a474a6c3d3..681f24eff3 100644 --- a/kubernetes/portal/templates/configmap.yaml +++ b/kubernetes/portal/templates/configmap.yaml @@ -15,16 +15,4 @@ # limitations under the License. */}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: portal-filebeat - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }} - +{{ include "common.log.configMap" . }} diff --git a/kubernetes/portal/values.yaml b/kubernetes/portal/values.yaml index 0d4b023b12..0e6c9d63f5 100644 --- a/kubernetes/portal/values.yaml +++ b/kubernetes/portal/values.yaml @@ -22,6 +22,8 @@ global: # application's front end hostname. Must be resolvable on the client side environment portalHostName: "portal.api.simpledemo.onap.org" + centralizedLoggingEnabled: true + ################################################################# # Secrets metaconfig ################################################################# @@ -72,6 +74,7 @@ portal-app: cassandra: config: cassandraExternalSecret: *dbSecretName + logConfigMapNamePrefix: '{{ include "common.release" . }}-portal' portal-sdk: mariadb: config: @@ -79,6 +82,7 @@ portal-sdk: cassandra: config: cassandraExternalSecret: *dbSecretName + logConfigMapNamePrefix: '{{ include "common.release" . }}-portal' messageRouter: service: name: message-router diff --git a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml index d731a56c5c..2eb1aba21b 100644 --- a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml @@ -169,7 +169,7 @@ spec: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true - - name: {{ include "common.fullname" . }}-logs + - name: logs mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logback mountPath: /tmp/logback.xml @@ -179,34 +179,13 @@ spec: exec: command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/catalog-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] # side car containers - - name: {{ include "common.name" . }}-filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi + {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.release" . }}-sdc-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-logback configMap: name : {{ include "common.fullname" . }}-logging-configmap @@ -216,7 +195,7 @@ spec: defaultMode: 0755 - name: sdc-environments-output emptyDir: { medium: "Memory" } - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index d769f628eb..eec198865f 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -35,8 +35,8 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-backend-all-plugins:1.9.3 -backendInitImage: onap/sdc-backend-init:1.9.3 +image: onap/sdc-backend-all-plugins:1.9.4 +backendInitImage: onap/sdc-backend-init:1.9.4 pullPolicy: Always @@ -167,3 +167,8 @@ serviceAccount: nameOverride: sdc-be roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index 223e023b28..a36fdb5c0d 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -38,8 +38,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.9.3 -cassandraInitImage: onap/sdc-cassandra-init:1.9.3 +image: onap/sdc-cassandra:1.9.4 +cassandraInitImage: onap/sdc-cassandra-init:1.9.4 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml index dcb17d0ba2..43f9f2c928 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml @@ -158,7 +158,7 @@ spec: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true - - name: {{ include "common.fullname" . }}-logs + - name: logs mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-configs mountPath: /app/jetty/config/catalog-fe/plugins-configuration.yaml @@ -171,34 +171,13 @@ spec: exec: command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/catalog-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] # side car containers - - name: {{ include "common.name" . }}-filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi + {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.release" . }}-sdc-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }} - name: {{ include "common.fullname" . }}-configs configMap: name : {{ include "common.fullname" . }}-plugins-configmap @@ -212,7 +191,7 @@ spec: defaultMode: 0755 - name: sdc-environments-output emptyDir: { medium: "Memory" } - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index d563e80f42..bb68dd3610 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -47,7 +47,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-frontend:1.9.3 +image: onap/sdc-frontend:1.9.4 pullPolicy: Always config: @@ -149,3 +149,8 @@ serviceAccount: nameOverride: sdc-fe roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml index 2bd53ff91b..d6b8a4e026 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml @@ -183,7 +183,7 @@ spec: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true - - name: {{ include "common.fullname" . }}-logs + - name: logs mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-cert-storage mountPath: "{{ .Values.cert.certDir }}" @@ -195,34 +195,13 @@ spec: exec: command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/app/jetty/config/onboarding-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] # side car containers - - name: {{ include "common.name" . }}-filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi + {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-localtime hostPath: path: /etc/localtime - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.release" . }}-sdc-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-logback configMap: name : {{ include "common.fullname" . }}-logging-configmap @@ -232,7 +211,7 @@ spec: defaultMode: 0755 - name: sdc-environments-output emptyDir: { medium: "Memory" } - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} - name: {{ include "common.fullname" . }}-cert-storage persistentVolumeClaim: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index 1bce6b17af..ae6de7f6c3 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -59,8 +59,8 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-onboard-backend:1.9.3 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.3 +image: onap/sdc-onboard-backend:1.9.4 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.4 pullPolicy: Always # flag to enable debugging - application support required @@ -181,3 +181,8 @@ serviceAccount: nameOverride: sdc-onboarding-be roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml index d221c07612..b703e6656c 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml @@ -160,24 +160,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} # side car containers - - name: {{ include "common.name" . }}-filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi + {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: {{ include "common.fullname" . }}-localtime @@ -188,12 +171,8 @@ spec: emptyDir: medium: "Memory" {{- end }} - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.release" . }}-sdc-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} - - name: {{ include "common.fullname" . }}-logs + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }} + - name: logs emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml index d8ee5c8285..b3e3b39a41 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml @@ -145,3 +145,8 @@ serviceAccount: nameOverride: sdc-wfd-fe roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json index d01f8557f3..bd76b97b98 100755 --- a/kubernetes/sdc/resources/config/environments/AUTO.json +++ b/kubernetes/sdc/resources/config/environments/AUTO.json @@ -89,7 +89,10 @@ "socket_read_timeout": "20000", "socket_connect_timeout": "20000", "janusgraph_connection_timeout": "10000", - "replication_factor": "{{.Values.global.cassandra.replicaCount}}" + "replication_factor": "{{.Values.global.cassandra.replicaCount}}", + "db_cache": "{{.Values.global.cassandra.dbCache}}", + "read_consistency_level": "{{.Values.global.cassandra.readConsistencyLevel}}", + "write_consistency_level":"{{.Values.global.cassandra.writeConsistencyLevel}}" }, "DMAAP": { "consumer": { diff --git a/kubernetes/sdc/templates/configmap.yaml b/kubernetes/sdc/templates/configmap.yaml index fbb0b4216c..712f2ecc61 100644 --- a/kubernetes/sdc/templates/configmap.yaml +++ b/kubernetes/sdc/templates/configmap.yaml @@ -28,15 +28,4 @@ metadata: data: {{ tpl (.Files.Glob "resources/config/environments/*").AsConfig . | indent 2 }} --- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.release" . }}-sdc-filebeat-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} +{{ include "common.log.configMap" . }} diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index cd3dc1e5fd..98b4abe2ee 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -34,10 +34,23 @@ global: #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled #to match with its own cluster replica replicaCount: 3 + dbCache: true + readConsistencyLevel: ONE + writeConsistencyLevel: ALL clusterName: cassandra dataCenter: Pod security: disableHttp: true + centralizedLoggingEnabled: true + +sdc-be: + logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc' +sdc-fe: + logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc' +sdc-onboarding-be: + logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc' +sdc-wfd-fe: + logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc' # Environment file env: diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml index 95aba913a3..801d542bc0 100644 --- a/kubernetes/sdnc/components/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-dmaap-listener-image:2.2.0 +image: onap/sdnc-dmaap-listener-image:2.2.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml index 7294dbccc7..4b8ac2198a 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ansible-server-image:2.2.0 +image: onap/sdnc-ansible-server-image:2.2.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml index 803488b054..dd76f58dd2 100644 --- a/kubernetes/sdnc/components/sdnc-web/values.yaml +++ b/kubernetes/sdnc/components/sdnc-web/values.yaml @@ -23,7 +23,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: "onap/sdnc-web-image:2.2.0" +image: "onap/sdnc-web-image:2.2.2" pullPolicy: Always config: diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml index b58154fd1a..848fd97eb2 100644 --- a/kubernetes/sdnc/components/ueb-listener/values.yaml +++ b/kubernetes/sdnc/components/ueb-listener/values.yaml @@ -55,7 +55,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ueb-listener-image:2.2.0 +image: onap/sdnc-ueb-listener-image:2.2.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/resources/config/log/filebeat/log4j/filebeat.yml b/kubernetes/sdnc/resources/config/log/filebeat/filebeat.yml index 49d818a807..49d818a807 100644 --- a/kubernetes/sdnc/resources/config/log/filebeat/log4j/filebeat.yml +++ b/kubernetes/sdnc/resources/config/log/filebeat/filebeat.yml diff --git a/kubernetes/sdnc/templates/configmap.yaml b/kubernetes/sdnc/templates/configmap.yaml index 087ed30055..acbcb63e4f 100644 --- a/kubernetes/sdnc/templates/configmap.yaml +++ b/kubernetes/sdnc/templates/configmap.yaml @@ -14,18 +14,7 @@ # limitations under the License. */}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-filebeat-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/log4j/*").AsConfig . | indent 2 }} +{{ include "common.log.configMap" . }} --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index aaf01fe422..f53c41c0f5 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -129,19 +129,19 @@ spec: image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config - {{ if .Values.dgbuilder.enabled -}} + {{ if or .Values.dgbuilder.enabled .Values.config.sdnr.enabled -}} - command: - /app/ready.py args: - {{ if or .Values.dgbuilder.enabled .Values.config.sdnr.enabled -}} + {{ if .Values.dgbuilder.enabled -}} - --container-name - {{ include "common.mariadbService" . }} - --job-name - {{ include "common.fullname" . }}-dbinit-job {{ end -}} {{ if .Values.config.sdnr.enabled -}} - - --container-name - - {{ include "common.name" . }}-sdnrdb-init-job + - --job-name + - {{ include "common.fullname" . }}-sdnrdb-init-job {{ end -}} env: - name: NAMESPACE @@ -199,8 +199,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: + {{ if and .Values.config.sdnr.enabled .Values.config.sdnr.sdnronly -}} - name: MYSQL_ROOT_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }} + {{ end -}} - name: ODL_ADMIN_USERNAME {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }} - name: ODL_USER @@ -372,7 +374,7 @@ spec: subPath: blueprints-processor-adaptor.properties - mountPath: {{ .Values.persistence.mdsalPath }} name: {{ include "common.fullname" . }}-data - - mountPath: /var/log/onap + - mountPath: {{ .Values.log.path }} name: logs - mountPath: {{ .Values.config.odl.salConfigDir }}/{{ .Values.config.odl.salConfigVersion}}/sal-clustering-config-{{ .Values.config.odl.salConfigVersion}}-akkaconf.xml name: properties @@ -402,17 +404,7 @@ spec: {{ end }} resources: {{ include "common.resources" . | nindent 12 }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - name: filebeat-conf - subPath: filebeat.yml - - mountPath: /var/log/onap - name: logs - - mountPath: /usr/share/filebeat/data - name: data-filebeat + {{ include "common.log.sidecar" . | nindent 8 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end }} @@ -428,11 +420,7 @@ spec: path: /etc/localtime - name: logs emptyDir: {} - - name: data-filebeat - emptyDir: {} - - name: filebeat-conf - configMap: - name: {{ include "common.fullname" . }}-filebeat-configmap + {{ include "common.log.volumes" . | nindent 8 }} - name: sdnc-logging-cfg-config configMap: name: {{ include "common.fullname" . }}-log-configmap diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 399edf7f53..cbf5678283 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -23,6 +23,7 @@ global: persistence: mountPath: /dockerdata-nfs aafEnabled: true + centralizedLoggingEnabled: true mariadbGalera: #This flag allows SO to instantiate its own mariadb-galera cluster #If shared instance is used, this chart assumes that DB already exists @@ -209,7 +210,7 @@ certificates: # application images pullPolicy: Always -image: onap/sdnc-image:2.2.0 +image: onap/sdnc-image:2.2.2 # flag to enable debugging - application support required debugEnabled: false @@ -648,3 +649,7 @@ serviceAccount: nameOverride: sdnc roles: - read + +#Log configuration +log: + path: /var/log/onap diff --git a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml index 2609e99781..57a2b2c689 100755 --- a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml +++ b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml @@ -83,26 +83,14 @@ spec: mountPath: /app/config readOnly: true - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + mountPath: {{ .Values.log.path }} {{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP # Filebeat sidecar container - - name: {{ include "common.name" . }}-filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - - name: logs - mountPath: /var/log/onap/so - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs @@ -113,11 +101,7 @@ spec: - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ .Release.Name }}-so-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-logs emptyDir: {} imagePullSecrets: diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml index 92c0a614c9..ec6f4408a0 100755 --- a/kubernetes/so/components/so-bpmn-infra/values.yaml +++ b/kubernetes/so/components/so-bpmn-infra/values.yaml @@ -179,3 +179,8 @@ serviceAccount: nameOverride: so-bpmn-infra roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/so/components/so-cnf-adapter/values.yaml b/kubernetes/so/components/so-cnf-adapter/values.yaml index b7e8dd9098..2b6fff63c8 100755 --- a/kubernetes/so/components/so-cnf-adapter/values.yaml +++ b/kubernetes/so/components/so-cnf-adapter/values.yaml @@ -76,7 +76,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/so-cnf-adapter:1.9.1 +image: onap/so/so-cnf-adapter:1.9.2 pullPolicy: Always readinessCheck: diff --git a/kubernetes/so/components/so-nssmf-adapter/values.yaml b/kubernetes/so/components/so-nssmf-adapter/values.yaml index 09f61a5320..2489ddd75e 100755 --- a/kubernetes/so/components/so-nssmf-adapter/values.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/values.yaml @@ -75,7 +75,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/so-nssmf-adapter:1.8.3 +image: onap/so/so-nssmf-adapter:1.9.1 pullPolicy: Always db: diff --git a/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml index 5e8869ce11..f5307992d1 100755 --- a/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml @@ -70,19 +70,7 @@ spec: {{ include "so.helpers.livenessProbe" .| indent 8 }} ports: {{- include "common.containerPorts" . | nindent 12 }} # Filebeat sidecar container - - name: {{ include "common.name" . }}-filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - - name: logs - mountPath: /var/log/onap/so - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs @@ -93,11 +81,7 @@ spec: - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ .Release.Name }}-so-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-logs emptyDir: {} imagePullSecrets: diff --git a/kubernetes/so/components/so-oof-adapter/values.yaml b/kubernetes/so/components/so-oof-adapter/values.yaml index 240f05f204..863e0e9428 100755 --- a/kubernetes/so/components/so-oof-adapter/values.yaml +++ b/kubernetes/so/components/so-oof-adapter/values.yaml @@ -145,3 +145,8 @@ serviceAccount: nameOverride: so-oof-adapter roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml index 15f08bccc6..e332f98302 100755 --- a/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml @@ -57,7 +57,11 @@ org: onap: so: adapters: + {{- if eq .Values.config.openStackKeystoneVersion "KEYSTONE_V3" }} + default_keystone_url_version: /v3 + {{- else }} default_keystone_url_version: /v2.0 + {{- end }} default_keystone_reg_ex: "/[vV][0-9]" vnf: bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}} @@ -79,7 +83,11 @@ org: retrylist: 408,429,500,502,503,504,900 encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7 tenant: + {{- if eq .Values.config.openStackKeystoneVersion "KEYSTONE_V3" }} + default_keystone_url_version: /v3 + {{- else }} default_keystone_url_version: /v2.0 + {{- end }} default_keystone_reg_ex: "/[vV][0-9]" default_tenant_description: Tenant default_region_type: single diff --git a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml index 2609e99781..f370fbd315 100755 --- a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml @@ -90,19 +90,7 @@ spec: name: {{ .Values.service.portName }} protocol: TCP # Filebeat sidecar container - - name: {{ include "common.name" . }}-filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - - name: logs - mountPath: /var/log/onap/so - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs @@ -113,11 +101,7 @@ spec: - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ .Release.Name }}-so-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-logs emptyDir: {} imagePullSecrets: diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml index 2ac829592c..1faf890e65 100755 --- a/kubernetes/so/components/so-openstack-adapter/values.yaml +++ b/kubernetes/so/components/so-openstack-adapter/values.yaml @@ -150,6 +150,8 @@ config: openStackServiceTenantName: "service" openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" openStackTenantId: "d570c718cbc545029f40e50b75eb13df" + # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3 + openStackKeystoneVersion: "KEYSTONE" nodeSelector: {} tolerations: [] affinity: {} @@ -159,3 +161,8 @@ serviceAccount: nameOverride: so-openstack-adapter roles: - read + +#Logs configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml index 2609e99781..f370fbd315 100755 --- a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml +++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml @@ -90,19 +90,7 @@ spec: name: {{ .Values.service.portName }} protocol: TCP # Filebeat sidecar container - - name: {{ include "common.name" . }}-filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - - name: logs - mountPath: /var/log/onap/so - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs @@ -113,11 +101,7 @@ spec: - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ .Release.Name }}-so-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-logs emptyDir: {} imagePullSecrets: diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml index 6f9885650d..e613950fe8 100755 --- a/kubernetes/so/components/so-sdc-controller/values.yaml +++ b/kubernetes/so/components/so-sdc-controller/values.yaml @@ -148,3 +148,8 @@ serviceAccount: nameOverride: so-sdc-controller roles: - read + +#Logs configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml index 703186e292..01e0ab7077 100755 --- a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml @@ -94,19 +94,7 @@ spec: name: {{ .Values.service.portName }} protocol: TCP # Filebeat sidecar container - - name: {{ include "common.name" . }}-filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - - name: logs - mountPath: /var/log/onap/so - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs @@ -117,11 +105,7 @@ spec: - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ .Release.Name }}-so-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-logs emptyDir: {} imagePullSecrets: diff --git a/kubernetes/so/components/so-sdnc-adapter/values.yaml b/kubernetes/so/components/so-sdnc-adapter/values.yaml index 6cb019c378..d087b15a9d 100755 --- a/kubernetes/so/components/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/values.yaml @@ -168,3 +168,8 @@ serviceAccount: nameOverride: so-sdnc-adapter roles: - read + +#Logs configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/so/resources/config/mso/mso-docker.json b/kubernetes/so/resources/config/mso/mso-docker.json index 167a8edc09..119a31304a 100755 --- a/kubernetes/so/resources/config/mso/mso-docker.json +++ b/kubernetes/so/resources/config/mso/mso-docker.json @@ -84,13 +84,17 @@ [ { "dcp_clli": "DEFAULT_KEYSTONE", + {{- if eq .Values.config.openStackKeystoneVersion "KEYSTONE_V3" }} + "identity_url": "{{ .Values.config.openStackKeyStoneUrl }}/v3", + {{- else }} "identity_url": "{{ .Values.config.openStackKeyStoneUrl }}/v2.0", + {{- end }} "mso_id": "{{ .Values.config.openStackUserName }}", "mso_pass": "{{ .Values.config.openStackEncryptedPasswordHere }}", "admin_tenant":"{{ .Values.config.openStackServiceTenantName }}", "member_role": "admin", "tenant_metadata": "true", - "identity_server_type": "KEYSTONE", + "identity_server_type": "{{ .Values.config.openStackKeystoneVersion }}", "identity_authentication_type": "USERNAME_PASSWORD" } ], diff --git a/kubernetes/so/templates/configmap.yaml b/kubernetes/so/templates/configmap.yaml index 74daf41b7f..c55bf573f1 100755 --- a/kubernetes/so/templates/configmap.yaml +++ b/kubernetes/so/templates/configmap.yaml @@ -49,10 +49,4 @@ metadata: data: {{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }} --- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-so-filebeat-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }} +{{ include "common.log.configMap" . }} diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml index 2609e99781..47701d89b9 100755 --- a/kubernetes/so/templates/deployment.yaml +++ b/kubernetes/so/templates/deployment.yaml @@ -83,26 +83,14 @@ spec: mountPath: /app/config readOnly: true - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + mountPath: {{ .Values.log.path }} {{ include "so.helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP # Filebeat sidecar container - - name: {{ include "common.name" . }}-filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - - name: logs - mountPath: /var/log/onap/so - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "so.certificate.volumes" . | nindent 6 }} - name: logs @@ -113,11 +101,7 @@ spec: - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ .Release.Name }}-so-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} + {{ include "common.log.volumes" . | nindent 6 }} - name: {{ include "common.fullname" . }}-logs emptyDir: {} imagePullSecrets: diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 988b8ef585..18455e4129 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -19,6 +19,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 aafAgentImage: onap/aaf/aaf_agent:2.1.20 + centralizedLoggingEnabled: true mariadbGalera: nameOverride: mariadb-galera serviceName: mariadb-galera @@ -257,6 +258,8 @@ affinity: {} config: logstashServiceName: log-ls logstashPort: 5044 + # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3 + openStackKeystoneVersion: "KEYSTONE" #Used only if localCluster is enabled. Instantiates SO's own cassandra cluster #helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \ @@ -315,6 +318,7 @@ so-appc-orchestrator: so-bpmn-infra: db: <<: *dbSecrets + logConfigMapNamePrefix: '{{ include "common.release" . }}-so' so-catalog-db-adapter: enabled: true @@ -367,11 +371,13 @@ so-oof-adapter: camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A oof: authSecret: *mso-oof-auth + logConfigMapNamePrefix: '{{ include "common.release" . }}-so' so-openstack-adapter: enabled: true db: <<: *dbSecrets + logConfigMapNamePrefix: '{{ include "common.release" . }}-so' so-request-db-adapter: db: @@ -380,6 +386,7 @@ so-request-db-adapter: so-sdc-controller: db: <<: *dbSecrets + logConfigMapNamePrefix: '{{ include "common.release" . }}-so' so-sdnc-adapter: enabled: true @@ -387,6 +394,7 @@ so-sdnc-adapter: <<: *dbSecrets mso: msoKeySecret: *mso-key + logConfigMapNamePrefix: '{{ include "common.release" . }}-so' so-ve-vnfm-adapter: enabled: false @@ -404,3 +412,7 @@ serviceAccount: nameOverride: so roles: - read + +#Log configuration +log: + path: /var/log/onap diff --git a/kubernetes/uui/Makefile b/kubernetes/uui/Makefile new file mode 100644 index 0000000000..4c79718d02 --- /dev/null +++ b/kubernetes/uui/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/uui/components/Makefile b/kubernetes/uui/components/Makefile new file mode 100644 index 0000000000..bf267b7720 --- /dev/null +++ b/kubernetes/uui/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/dmaap/templates/configmap.yaml b/kubernetes/uui/components/uui-nlp/Chart.yaml index 2a8e2860fa..3f09b486aa 100644 --- a/kubernetes/dmaap/templates/configmap.yaml +++ b/kubernetes/uui/components/uui-nlp/Chart.yaml @@ -1,28 +1,22 @@ -{{/* -# -# ============LICENSE_START======================================================= -# Copyright (C) 2019 Nordix Foundation. +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 AT&T. All rights reserved. +# Modifications Copyright © 2021 Orange # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= -# -*/}} + apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.release" . }}-dmaap-filebeat-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }} +description: ONAP UUI NLP +name: uui-nlp +version: 9.0.0 diff --git a/kubernetes/uui/components/uui-nlp/requirements.yaml b/kubernetes/uui/components/uui-nlp/requirements.yaml new file mode 100644 index 0000000000..52fd1da64e --- /dev/null +++ b/kubernetes/uui/components/uui-nlp/requirements.yaml @@ -0,0 +1,27 @@ +#============LICENSE_START======================================================== +# Copyright (c) 2021 AT&T. All rights reserved. +# Modifications Copyright © 2021 Orange +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~9.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~9.x-0 + repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/uui/components/uui-nlp/templates/deployment.yaml b/kubernetes/uui/components/uui-nlp/templates/deployment.yaml new file mode 100644 index 0000000000..e72ee448c6 --- /dev/null +++ b/kubernetes/uui/components/uui-nlp/templates/deployment.yaml @@ -0,0 +1,62 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: 1 + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + {{ include "common.podSecurityContext" . | indent 6 | trim}} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {{ include "common.resources" . | nindent 12 }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /home/run/bert-master/upload + name: uui-server-v + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: + - name: uui-server-v + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }} + {{- else }} + emptyDir: {} + {{- end }} + + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-modelloader/templates/ingress.yaml b/kubernetes/uui/components/uui-nlp/templates/ingress.yaml index 8f87c68f1e..8f87c68f1e 100644 --- a/kubernetes/aai/components/aai-modelloader/templates/ingress.yaml +++ b/kubernetes/uui/components/uui-nlp/templates/ingress.yaml diff --git a/kubernetes/uui/components/uui-nlp/templates/pv.yaml b/kubernetes/uui/components/uui-nlp/templates/pv.yaml new file mode 100644 index 0000000000..a05ebfb207 --- /dev/null +++ b/kubernetes/uui/components/uui-nlp/templates/pv.yaml @@ -0,0 +1,20 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.PV" . }}
\ No newline at end of file diff --git a/kubernetes/uui/components/uui-nlp/templates/pvc.yaml b/kubernetes/uui/components/uui-nlp/templates/pvc.yaml new file mode 100644 index 0000000000..2bd21dde5c --- /dev/null +++ b/kubernetes/uui/components/uui-nlp/templates/pvc.yaml @@ -0,0 +1,19 @@ +{{/* +################################################################################ +# Copyright (c) 2021 AT&T # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +{{ include "common.PVC" . }}
\ No newline at end of file diff --git a/kubernetes/uui/components/uui-nlp/templates/service.yaml b/kubernetes/uui/components/uui-nlp/templates/service.yaml new file mode 100644 index 0000000000..40aaa735e2 --- /dev/null +++ b/kubernetes/uui/components/uui-nlp/templates/service.yaml @@ -0,0 +1,20 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/uui/components/uui-nlp/values.yaml b/kubernetes/uui/components/uui-nlp/values.yaml new file mode 100644 index 0000000000..3fb70fefae --- /dev/null +++ b/kubernetes/uui/components/uui-nlp/values.yaml @@ -0,0 +1,96 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2021 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +# Global values +global: + pullPolicy: Always + persistence: {} +image: onap/usecase-ui-nlp:1.0.2 + +uui-nlp: + enabled: true + +flavor: large + +onLinePort: &online_port 33011 +offLinePort: &offline_port 33012 +uploadPort: &upload_port 33013 + +# service configuration +service: + internalPort: 33013 + type: ClusterIP + name: uui-nlp + ports: + - name: http-online + port: *online_port + - name: http-offline + port: *offline_port + - name: http-upload + port: *upload_port + + +liveness: + initialDelaySeconds: 300 + periodSeconds: 30 + enabled: true + +readiness: + initialDelaySeconds: 300 + periodSeconds: 10 + +# Below parameter should match setting in all clients +# including contrib\tools\registry-initialize.sh +# which does preload +#registryCred: +# username: onapinitializer +# password: demo123456! + +# Parameters for persistent storage +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 4Gi + mountPath: /dockerdata-nfs + mountSubPath: uui-nlp + volumeReclaimPolicy: Retain + +serviceAccount: + nameOverride: uui-nlp + roles: + - read + +securityContext: + user_id: 1000 + group_id: 1000 + +resources: + small: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 0.5 + memory: 512Mi + large: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + unlimited: {} diff --git a/kubernetes/uui/components/uui-server/requirements.yaml b/kubernetes/uui/components/uui-server/requirements.yaml new file mode 100644 index 0000000000..34cedc84cb --- /dev/null +++ b/kubernetes/uui/components/uui-server/requirements.yaml @@ -0,0 +1,27 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~9.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: certInitializer + version: ~9.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/uui/components/uui-server/resources/config/application.properties b/kubernetes/uui/components/uui-server/resources/config/application.properties new file mode 100644 index 0000000000..37f8467df1 --- /dev/null +++ b/kubernetes/uui/components/uui-server/resources/config/application.properties @@ -0,0 +1,53 @@ +## +## Copyright (C) 2017 CMCC, Inc. and others. All rights reserved. +## +## Licensed under the Apache License, Version 2.0 (the "License"); +## you may not use this file except in compliance with the License. +## You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## +## General App Properties +server.servlet.contextPath=/api/usecaseui-server/v1 +server.port=8082 +spring.http.multipart.max-file-size=128MB +spring.http.multipart.max-request-size=128MB + +## App DB Properties +spring.datasource.url=jdbc:postgresql://localhost:5432/uui +spring.datasource.username=uui +spring.datasource.password=uui +spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL9Dialect +spring.database.driver.classname=org.postgresql.Driver +spring.jpa.show-sql=false +spring.jpa.properties.hibernate.format_sql=false +spring.jpa.properties.hibernate.show-sql=false +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true +spring.jpa.properties.hibernate.temp.use_jdbc_metadata_defaults = false +spring.jpa.properties.hibernate.current_session_context_class=org.springframework.orm.hibernate5.SpringSessionContext +spring.jpa.properties.hibernate.cache.use_second_level_cache=false +spring.jpa.properties.hibernate.cache.use_query_cache=false +#spring.jpa.properties.hibernate.allow_update_outside_transaction=true + +## Basic Authentication Properties +# security.user.name=usecase +# security.user.password=usecase + +## Logback Properties +logging.file.name=logs/usecaseui_server.log +logging.level.*=INFO + +#enable shutdown +endpoints.shutdown.enabled=true +endpoints.shutdown.sensitive=false + +server.ssl.protocol=TLS +server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +server.ssl.key-store-password=${KEYSTORE_PASSWORD} +server.ssl.key-store-type=PKCS12
\ No newline at end of file diff --git a/kubernetes/uui/components/uui-server/resources/entrypoint/run.sh b/kubernetes/uui/components/uui-server/resources/entrypoint/run.sh new file mode 100644 index 0000000000..f96dd74bd3 --- /dev/null +++ b/kubernetes/uui/components/uui-server/resources/entrypoint/run.sh @@ -0,0 +1,43 @@ +#!/bin/bash +{{/* +# +# Copyright 2016-2017 ZTE Corporation. +# Copyright 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +*/}} + +main_path="/home/uui" +echo @main_path@ $main_path + +echo "Starting postgreSQL..." +#service postgresql start +postmaster -D /usr/share/postgresql/data & +sleep 10 + +echo "usecase-ui database init script start..." +dbScript="$main_path/resources/bin/initDB.sh" +source $dbScript 127.0.0.1 5432 postgres uui +echo "usecase-ui database init script finished normally..." + +JAVA_PATH="$JAVA_HOME/bin/java" +JAVA_OPTS="-Xms50m -Xmx128m" +echo @JAVA_PATH@ $JAVA_PATH +echo @JAVA_OPTS@ $JAVA_OPTS + +jar_path="$main_path/usecase-ui-server.jar" +echo @jar_path@ $jar_path + +echo "Starting usecase-ui-server..." +$JAVA_PATH $JAVA_OPTS -classpath $jar_path -jar $jar_path $SPRING_OPTS
\ No newline at end of file diff --git a/kubernetes/aai/components/aai-modelloader/templates/service.yaml b/kubernetes/uui/components/uui-server/templates/configmap.yaml index fad857bb41..0f0bd37c26 100644 --- a/kubernetes/aai/components/aai-modelloader/templates/service.yaml +++ b/kubernetes/uui/components/uui-server/templates/configmap.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2018 Amdocs, Bell Canada, AT&T +# Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,31 +15,27 @@ */}} apiVersion: v1 -kind: Service +kind: ConfigMap metadata: - name: {{ include "common.servicename" . }} + name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName2 }} - {{- else -}} - - port: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName2 }} - {{- end}} - selector: +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-entrypoint + namespace: {{ include "common.namespace" . }} + labels: app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/entrypoint/*").AsConfig . | indent 2 }} diff --git a/kubernetes/uui/components/uui-server/templates/deployment.yaml b/kubernetes/uui/components/uui-server/templates/deployment.yaml index ea6f7b7a23..b7a385d30e 100644 --- a/kubernetes/uui/components/uui-server/templates/deployment.yaml +++ b/kubernetes/uui/components/uui-server/templates/deployment.yaml @@ -35,10 +35,20 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + bash /uui/run.sh + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -50,8 +60,7 @@ spec: initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} readinessProbe: tcpSocket: port: {{ .Values.service.internalPort }} @@ -62,5 +71,24 @@ spec: value: {{tpl .Values.msbaddr .}} - name: MR_ADDR value: {{tpl .Values.mraddr .}} + {{- if .Values.global.aafEnabled }} + - name: SPRING_OPTS + value: --spring.config.location=file:/config/application.properties + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + - mountPath: /uui/run.sh + name: entrypoint + subPath: run.sh + - mountPath: /config/application.properties + name: config + subPath: application.properties + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + - name: config + configMap: + name: {{ include "common.fullname" . }} + - name: entrypoint + configMap: + name: {{ include "common.fullname" . }}-entrypoint + defaultMode: 0755 + {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml index 6017f2640e..1b652d553b 100644 --- a/kubernetes/uui/components/uui-server/values.yaml +++ b/kubernetes/uui/components/uui-server/values.yaml @@ -18,6 +18,44 @@ global: uuiPortPrefix: 303 +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: uui-server-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: uui + fqi: uui@uui.onap.org + fqi_namespace: org.onap.uui + public_fqdn: uui.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** changing them into shell safe ones" + export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** set key password as same password as keystore password" + keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \ + -keystore {{ .Values.fqi_namespace }}.jks \ + -keypass "${cadi_keystore_password_p12}" \ + -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }} + echo "*** save the generated passwords" + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop + echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R 1000 {{ .Values.credsPath }} + subChartsOnly: enabled: true diff --git a/kubernetes/uui/requirements.yaml b/kubernetes/uui/requirements.yaml index b982291e58..d60dc43132 100644 --- a/kubernetes/uui/requirements.yaml +++ b/kubernetes/uui/requirements.yaml @@ -20,9 +20,16 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: certInitializer + version: ~9.x-0 + repository: '@local' - name: repositoryGenerator version: ~9.x-0 repository: '@local' - name: uui-server version: ~9.x-0 repository: 'file://components/uui-server' + - name: uui-nlp + version: ~9.x-0 + repository: 'file://components/uui-nlp' + condition: uui-nlp.enabled diff --git a/kubernetes/uui/resources/config/server.xml b/kubernetes/uui/resources/config/server.xml new file mode 100644 index 0000000000..2260bb8cf5 --- /dev/null +++ b/kubernetes/uui/resources/config/server.xml @@ -0,0 +1,161 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- {{/* + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!-- Note: A "Server" is not itself a "Container", so you may not + define subcomponents such as "Valves" at this level. + Documentation at /docs/config/server.html +*/}} --> + +<Server port="8005" shutdown="SHUTDOWN"> + <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> + <!-- Security listener. Documentation at /docs/config/listeners.html + <Listener className="org.apache.catalina.security.SecurityListener" /> + --> + <!--APR library loader. Documentation at /docs/apr.html --> + <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> + <!-- Prevent memory leaks due to use of particular java/javax APIs--> + <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> + <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> + <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> + + <!-- Global JNDI resources + Documentation at /docs/jndi-resources-howto.html + --> + <GlobalNamingResources> + <!-- Editable user database that can also be used by + UserDatabaseRealm to authenticate users + --> + <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> + </GlobalNamingResources> + + <!-- A "Service" is a collection of one or more "Connectors" that share + a single "Container" Note: A "Service" is not itself a "Container", + so you may not define subcomponents such as "Valves" at this level. + Documentation at /docs/config/service.html + --> + <Service name="Catalina"> + + <!--The connectors can use a shared executor, you can define one or more named thread pools--> + <!-- + <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" + maxThreads="150" minSpareThreads="4"/> + --> + + + <!-- A "Connector" represents an endpoint by which requests are received + and responses are returned. Documentation at : + Java HTTP Connector: /docs/config/http.html + Java AJP Connector: /docs/config/ajp.html + APR (HTTP/AJP) Connector: /docs/apr.html + Define a non-SSL/TLS HTTP/1.1 Connector on port 8080 + --> + <!--Connector port="8080" protocol="HTTP/1.1" + connectionTimeout="20000" + redirectPort="8443" /> + --> + <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12" keystorePass="${KEYSTORE_PASSWORD}" /> + + <!-- A "Connector" using the shared thread pool--> + <!-- + <Connector executor="tomcatThreadPool" + port="8080" protocol="HTTP/1.1" + connectionTimeout="20000" + redirectPort="8443" /> + --> + <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 + This connector uses the NIO implementation. The default + SSLImplementation will depend on the presence of the APR/native + library and the useOpenSSL attribute of the + AprLifecycleListener. + Either JSSE or OpenSSL style configuration may be used regardless of + the SSLImplementation selected. JSSE style configuration is used below. + --> + <!-- + <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" + maxThreads="150" SSLEnabled="true"> + <SSLHostConfig> + <Certificate certificateKeystoreFile="conf/localhost-rsa.jks" + type="RSA" /> + </SSLHostConfig> + </Connector> + --> + <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2 + This connector uses the APR/native implementation which always uses + OpenSSL for TLS. + Either JSSE or OpenSSL style configuration may be used. OpenSSL style + configuration is used below. + --> + <!-- + <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" + maxThreads="150" SSLEnabled="true" > + <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> + <SSLHostConfig> + <Certificate certificateKeyFile="conf/localhost-rsa-key.pem" + certificateFile="conf/localhost-rsa-cert.pem" + certificateChainFile="conf/localhost-rsa-chain.pem" + type="RSA" /> + </SSLHostConfig> + </Connector> + --> + + <!-- Define an AJP 1.3 Connector on port 8009 --> + <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> + + + <!-- An Engine represents the entry point (within Catalina) that processes + every request. The Engine implementation for Tomcat stand alone + analyzes the HTTP headers included with the request, and passes them + on to the appropriate Host (virtual host). + Documentation at /docs/config/engine.html --> + + <!-- You should set jvmRoute to support load-balancing via AJP ie : + <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> + --> + <Engine name="Catalina" defaultHost="localhost"> + + <!--For clustering, please take a look at documentation at: + /docs/cluster-howto.html (simple how to) + /docs/config/cluster.html (reference documentation) --> + <!-- + <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> + --> + + <!-- Use the LockOutRealm to prevent attempts to guess user passwords + via a brute-force attack --> + <Realm className="org.apache.catalina.realm.LockOutRealm"> + <!-- This Realm uses the UserDatabase configured in the global JNDI + resources under the key "UserDatabase". Any edits + that are performed against this UserDatabase are immediately + available for use by the Realm. --> + <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" /> + </Realm> + + <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> + + <!-- SingleSignOn valve, share authentication between web applications + Documentation at: /docs/config/valve.html --> + <!-- + <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> + --> + + <!-- Access log processes all example. + Documentation at: /docs/config/valve.html + Note: The pattern used is equivalent to using pattern="common" --> + <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> + + </Host> + </Engine> + </Service> +</Server> diff --git a/kubernetes/uui/templates/configmap.yaml b/kubernetes/uui/templates/configmap.yaml new file mode 100644 index 0000000000..8c32132498 --- /dev/null +++ b/kubernetes/uui/templates/configmap.yaml @@ -0,0 +1,28 @@ +{{/* +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/uui/templates/deployment.yaml b/kubernetes/uui/templates/deployment.yaml index 8c523b2388..5d8c7b32b5 100644 --- a/kubernetes/uui/templates/deployment.yaml +++ b/kubernetes/uui/templates/deployment.yaml @@ -35,6 +35,28 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + {{- if .Values.global.aafEnabled }} + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + - command: + - sh + args: + - -c + - | + export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + cd /config-input && for PFILE in `ls -1` + do + envsubst <${PFILE} >/config/${PFILE} + done + cat /config/server.xml + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + - mountPath: /config-input + name: config-input + - mountPath: /config + name: config + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -42,7 +64,16 @@ spec: command: - /bin/bash - -c - - /home/uui/uuiStartup.sh + - | + echo "*** /opt" + ls -lh /opt/ + echo "*** /opt/app" + ls -lh /opt/app/ + echo "*** /opt/app/osaaf/" + ls -lh /opt/app/osaaf/ + echo "*** /opt/app/osaaf/local" + ls -lh /opt/app/osaaf/local/ + /home/uui/uuiStartup.sh ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -59,18 +90,30 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + {{- if .Values.global.aafEnabled }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + - mountPath: /home/uui/server.xml + name: config + subPath: server.xml + {{- end }} env: - name: MSB_ADDR value: {{ tpl .Values.msbaddr . }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end }} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} + {{- if .Values.global.aafEnabled }} + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + - name: config-input + configMap: + name: {{ include "common.fullname" . }} + - name: config + emptyDir: + medium: Memory + {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml index 32b8449240..52301d63c8 100644 --- a/kubernetes/uui/values.yaml +++ b/kubernetes/uui/values.yaml @@ -18,6 +18,39 @@ global: uuiPortPrefix: 303 +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: uui-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: uui + fqi: uui@uui.onap.org + fqi_namespace: org.onap.uui + public_fqdn: uui.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** changing them into shell safe ones" + export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** save the generated passwords" + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop + echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R 1000 {{ .Values.credsPath }} + subChartsOnly: enabled: true diff --git a/kubernetes/vid/templates/configmap.yaml b/kubernetes/vid/templates/configmap.yaml index 0ba466dfb9..5c423e61cc 100644 --- a/kubernetes/vid/templates/configmap.yaml +++ b/kubernetes/vid/templates/configmap.yaml @@ -27,18 +27,7 @@ metadata: data: {{ tpl (.Files.Glob "resources/config/log/vid/*").AsConfig . | indent 2 }} --- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-filebeat-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} +{{ include "common.log.configMap" . }} --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/vid/templates/deployment.yaml b/kubernetes/vid/templates/deployment.yaml index 478b44232b..116a7cdfed 100644 --- a/kubernetes/vid/templates/deployment.yaml +++ b/kubernetes/vid/templates/deployment.yaml @@ -136,7 +136,7 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /var/log/onap + - mountPath: "{{ .Values.log.path }}" name: vid-logs - mountPath: /tmp/logback.xml name: vid-logback @@ -154,30 +154,16 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - name: filebeat-conf - subPath: filebeat.yml - - mountPath: /var/log/onap - name: vid-logs - - mountPath: /usr/share/filebeat/data - name: vid-data-filebeat + {{ include "common.log.sidecar" . | nindent 8 }} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: {{ include "common.fullname" . }}-filebeat-configmap + {{ include "common.log.volumes" . | nindent 8 }} - name: vid-cache emptyDir: {} - name: vid-logs emptyDir: {} - - name: vid-data-filebeat - emptyDir: {} - name: vid-logback configMap: name: {{ include "common.fullname" . }}-log-configmap diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index 91132e276c..aba010eb26 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -25,6 +25,7 @@ global: service: mariadb-galera internalPort: 3306 nameOverride: mariadb-galera + centralizedLoggingEnabled: true ################################################################# # Secrets metaconfig @@ -194,3 +195,7 @@ resources: cpu: 200m memory: 2Gi unlimited: {} + +# Log configuration +log: + path: /var/log/onap |