diff options
71 files changed, 818 insertions, 711 deletions
diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst new file mode 100644 index 0000000000..84ca2d0eed --- /dev/null +++ b/docs/oom_hardcoded_certificates.rst @@ -0,0 +1,18 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. Copyright 2018 Amdocs, Bell Canada + +.. Links +.. _hardcoded-certiticates-label: + +ONAP Hardcoded certificates +########################### + +ONAP current installation have hardcoded certificates. +Here's the list of these certificates: + + +----------------------------------------------------------------------------------+ + | Project | ONAP Certificate | Own Certificate | Path | + +============+==================+==================+===============================+ + | VID | No | Yes | kubernetes/vid/resources/cert | + +------------+------------------+------------------+-------------------------------+ diff --git a/docs/oom_project_description.rst b/docs/oom_project_description.rst index 6486f4bab7..7903b709d8 100644 --- a/docs/oom_project_description.rst +++ b/docs/oom_project_description.rst @@ -38,6 +38,7 @@ The OOM documentation is broken into four different areas each targeted at a dif - :ref:`user-guide-label` - a guide for operators of an ONAP instance - :ref:`developer-guide-label` - a guide for developers of OOM and ONAP - :ref:`cloud-setup-guide-label` - a guide for those setting up cloud environments that ONAP will use +- :ref:`hardcoded-certiticates-label` - the list of all hardcoded certificates sets in ONAP installation The :ref:`release-notes-label` for OOM describe the incremental features per release. diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties index 31ddc59983..d36f0bce85 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties @@ -42,9 +42,9 @@ blueprintsprocessor.httpPort=8080 blueprintsprocessor.grpcPort=9111 # db -blueprintsprocessor.db.url=jdbc:mysql://cds-db:3306/sdnctl -blueprintsprocessor.db.username=sdnctl -blueprintsprocessor.db.password=sdnctl +blueprintsprocessor.db.url=jdbc:mysql://{{.Values.config.cdsDB.dbServer}}:{{.Values.config.cdsDB.dbPort}}/{{.Values.config.cdsDB.dbName}} +blueprintsprocessor.db.username=${CDS_DB_USERNAME} +blueprintsprocessor.db.password=${CDS_DB_PASSWORD} blueprintsprocessor.db.driverClassName=org.mariadb.jdbc.Driver blueprintsprocessor.db.hibernateHbm2ddlAuto=update blueprintsprocessor.db.hibernateDDLAuto=update @@ -53,9 +53,9 @@ blueprintsprocessor.db.hibernateDialect=org.hibernate.dialect.MySQL5InnoDBDialec # processor-db endpoint blueprintsprocessor.db.processor-db.type=maria-db -blueprintsprocessor.db.processor-db.url=jdbc:mysql://mariadb-galera:3306/sdnctl +blueprintsprocessor.db.processor-db.url=jdbc:mysql://{{.Values.config.cdsDB.dbServer}}:{{.Values.config.cdsDB.dbPort}}/{{.Values.config.cdsDB.dbName}} blueprintsprocessor.db.processor-db.username=root -blueprintsprocessor.db.processor-db.password=secretpassword +blueprintsprocessor.db.processor-db.password=${CDS_DB_ROOT_PASSWORD} # Python executor blueprints.processor.functions.python.executor.executionPath=/opt/app/onap/scripts/jython/ccsdk_blueprints @@ -64,6 +64,11 @@ blueprints.processor.functions.python.executor.modulePaths=/opt/app/onap/scripts security.user.password: {bcrypt}$2a$10$duaUzVUVW0YPQCSIbGEkQOXwafZGwQ/b32/Ys4R1iwSSawFgz7QNu security.user.name: ccsdkapps +# Error Managements +error.catalog.applicationId=cds +error.catalog.type=properties +error.catalog.errorDefinitionFileDirectory=/opt/app/onap/config + # SDN-C's ODL Restconf Connection Details blueprintsprocessor.restconfEnabled=true blueprintsprocessor.restclient.sdncodl.type=basic-auth @@ -125,8 +130,6 @@ blueprintsprocessor.messageproducer.self-service-api.clientId=cds-client blueprintsprocessor.messageproducer.self-service-api.topic=cds-producer -blueprintprocessor.remoteScriptCommand.enabled=true - #Encrypted username and password for health check service endpoints.user.name=eHbVUbJAj4AG2522cSbrOQ== endpoints.user.password=eHbVUbJAj4AG2522cSbrOQ== diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/error-messages_en.properties b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/error-messages_en.properties new file mode 100644 index 0000000000..ef398784dd --- /dev/null +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/error-messages_en.properties @@ -0,0 +1,91 @@ +# +# Copyright © 2020 IBM, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +org.onap.ccsdk.cds.blueprintsprocessor.generic_failure=cause=Internal error in Blueprint Processor run time.,action=Contact CDS administrator team. +org.onap.ccsdk.cds.blueprintsprocessor.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time. +org.onap.ccsdk.cds.blueprintsprocessor.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format. +org.onap.ccsdk.cds.blueprintsprocessor.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format. +org.onap.ccsdk.cds.blueprintsprocessor.invalid_request_format=cause=bad request provided.,action=Verify the request payload. +org.onap.ccsdk.cds.blueprintsprocessor.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials. +org.onap.ccsdk.cds.blueprintsprocessor.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request. +org.onap.ccsdk.cds.blueprintsprocessor.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist. +org.onap.ccsdk.cds.blueprintsprocessor.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time. +org.onap.ccsdk.cds.blueprintsprocessor.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource. +org.onap.ccsdk.cds.blueprintsprocessor.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format. + +# Self Service API +org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.generic_failure=cause=Internal error in Self Service API.,action=Verify the request and try again. +org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.generic_process_failure=cause=Internal error while processing REST call to the Self Service API.,action=Verify the request and try again. +org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.invalid_file_extension=cause=Failed trying to upload a non ZIP file format.,action=Please reload your file and make sure it is in ZIP format. +org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time. +org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format. +org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format. +org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload. +org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials. +org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request. +org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist. +org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time. +org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource. +org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format. + +# Designer API +org.onap.ccsdk.cds.blueprintsprocessor.designer.api.generic_failure=cause=Internal error while processing REST call to the Designer API.,action=Verify the request and try again. +org.onap.ccsdk.cds.blueprintsprocessor.designer.api.invalid_file_extension=cause=Failed trying to upload a non ZIP file format.,action=Please reload your file and make sure it is in ZIP format. +org.onap.ccsdk.cds.blueprintsprocessor.designer.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time. +org.onap.ccsdk.cds.blueprintsprocessor.designer.api.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format. +org.onap.ccsdk.cds.blueprintsprocessor.designer.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format. +org.onap.ccsdk.cds.blueprintsprocessor.designer.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload. +org.onap.ccsdk.cds.blueprintsprocessor.designer.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials. +org.onap.ccsdk.cds.blueprintsprocessor.designer.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request. +org.onap.ccsdk.cds.blueprintsprocessor.designer.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist. +org.onap.ccsdk.cds.blueprintsprocessor.designer.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time. +org.onap.ccsdk.cds.blueprintsprocessor.designer.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource. +org.onap.ccsdk.cds.blueprintsprocessor.designer.api.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format. + +# Resource API +org.onap.ccsdk.cds.blueprintsprocessor.resource.api.generic_failure=cause=Internal error while processing REST call to the Resource API.,action=Verify the request and try again. +org.onap.ccsdk.cds.blueprintsprocessor.resource.api.invalid_file_extension=cause=Failed trying to upload a non ZIP file format.,action=Please reload your file and make sure it is in ZIP format. +org.onap.ccsdk.cds.blueprintsprocessor.resource.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time. +org.onap.ccsdk.cds.blueprintsprocessor.resource.api.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format. +org.onap.ccsdk.cds.blueprintsprocessor.resource.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format. +org.onap.ccsdk.cds.blueprintsprocessor.resource.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload. +org.onap.ccsdk.cds.blueprintsprocessor.resource.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials. +org.onap.ccsdk.cds.blueprintsprocessor.resource.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request. +org.onap.ccsdk.cds.blueprintsprocessor.resource.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist. +org.onap.ccsdk.cds.blueprintsprocessor.resource.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time. +org.onap.ccsdk.cds.blueprintsprocessor.resource.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource. +org.onap.ccsdk.cds.blueprintsprocessor.resource.api.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format. + + +# Configs API +org.onap.ccsdk.cds.blueprintsprocessor.configs.api.generic_failure=cause=Internal error while processing REST call to the Configs API.,action=Verify the request and try again. +org.onap.ccsdk.cds.blueprintsprocessor.configs.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time. +org.onap.ccsdk.cds.blueprintsprocessor.configs.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format. +org.onap.ccsdk.cds.blueprintsprocessor.configs.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload. +org.onap.ccsdk.cds.blueprintsprocessor.configs.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials. +org.onap.ccsdk.cds.blueprintsprocessor.configs.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request. +org.onap.ccsdk.cds.blueprintsprocessor.configs.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist. +org.onap.ccsdk.cds.blueprintsprocessor.configs.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time. +org.onap.ccsdk.cds.blueprintsprocessor.configs.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource. + +# Python Executor +org.onap.ccsdk.cds.blueprintsprocessor.functions.python.executor.generic_failure=cause=Internal error in Blueprint Processor run time.,action=Contact CDS administrator team. + +# Resource resolution +org.onap.ccsdk.cds.blueprintsprocessor.resource.resolution.invalid_request_format=cause=bad request provided.,action=Verify the request payload. +org.onap.ccsdk.cds.blueprintsprocessor.resource.resolution.resource_not_found=cause=No response was found for this resolution in CDS.,action=Verify definition of the resource in CBA. +org.onap.ccsdk.cds.blueprintsprocessor.resource.resolution.internal_error=cause=Internal error while processing Resource Resolution.,action=Verify the payload. + +org.onap.ccsdk.cds.sdclistener.generic_failure=cause=Internal error in SDC Listener.,action=Contact CDS administrator team. diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml index 749e9a4637..3a887f193e 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml @@ -1,4 +1,5 @@ # Copyright (c) 2019 IBM, Bell Canada +# Copyright (c) 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -44,6 +45,29 @@ spec: spec: initContainers: - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst '${CDS_DB_USERNAME},${CDS_DB_PASSWORD},${CDS_DB_ROOT_PASSWORD}' <${PFILE} >/config/${PFILE}; done" + env: + - name: CDS_DB_USERNAME + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cds-db-user-creds" "key" "login") | indent 10}} + - name: CDS_DB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cds-db-user-creds" "key" "password") | indent 10}} + - name: CDS_DB_ROOT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "cds-db-root-pass" "key" "password") | indent 10}} + + volumeMounts: + - mountPath: /config-input/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + - mountPath: /config + name: processed-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + + - command: - /root/ready.py args: - --container-name @@ -114,8 +138,11 @@ spec: name: localtime readOnly: true - mountPath: {{ .Values.config.appConfigDir }}/application.properties - name: {{ include "common.fullname" . }}-config + name: processed-config subPath: application.properties + - mountPath: {{ .Values.config.appConfigDir }}/error-messages_en.properties + name: {{ include "common.fullname" . }}-config + subPath: error-messages_en.properties - mountPath: {{ .Values.config.appConfigDir }}/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml @@ -149,6 +176,8 @@ spec: items: - key: application.properties path: application.properties + - key: error-messages_en.properties + path: error-messages_en.properties - key: logback.xml path: logback.xml - key: hazelcast.yaml @@ -158,5 +187,8 @@ spec: - name: {{ include "common.fullname" . }}-blueprints persistentVolumeClaim: claimName: {{ include "common.release" . }}-cds-blueprints + - name: processed-config + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/vfc/charts/vfc-catalog/templates/secrets.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/secrets.yaml index d053c484be..87edb92a4b 100644 --- a/kubernetes/vfc/charts/vfc-catalog/templates/secrets.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/secrets.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2020 Samsung Electronics +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,5 +11,4 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - {{ include "common.secret" . }} diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index 9bcf03ad3e..50c33c2f75 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -1,4 +1,5 @@ # Copyright (c) 2019 IBM, Bell Canada +# Copyright (c) 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -33,6 +34,25 @@ global: persistence: mountPath: /dockerdata-nfs + # envsusbt + envsubstImage: dibi/envsubst + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: 'cds-db-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.cdsDB.dbCredsExternalSecret) . }}' + login: '{{ .Values.config.cdsDB.dbUser }}' + password: '{{ .Values.config.cdsDB.dbPassword }}' + passwordPolicy: required + - uid: 'cds-db-root-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.config.cdsDB.dbRootPassExternalSecret) . }}' + password: '{{ .Values.config.cdsDB.dbRootPassword }}' + passwordPolicy: required + ################################################################# # Application configuration defaults. ################################################################# @@ -48,6 +68,15 @@ debugEnabled: false config: appConfigDir: /opt/app/onap/config useScriptCompileCache: true + cdsDB: + dbServer: cds-db + dbPort: 3306 + dbName: sdnctl + # dbUser: sdnctl + # dbPassword: sdnctl + # dbCredsExternalSecret: <some secret name> + # dbRootPassword: password + # dbRootPassExternalSecret # default number of instances replicaCount: 1 @@ -60,6 +89,7 @@ affinity: {} # custom kafka cluster. dmaapEnabled: true + # probe configuration parameters liveness: initialDelaySeconds: 120 diff --git a/kubernetes/vfc/charts/vfc-catalog/Chart.yaml b/kubernetes/cds/templates/secrets.yaml index 2b5283468d..87edb92a4b 100644 --- a/kubernetes/vfc/charts/vfc-catalog/Chart.yaml +++ b/kubernetes/cds/templates/secrets.yaml @@ -1,4 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,8 +11,4 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - -apiVersion: v1 -description: ONAP VFC - Catalog -name: vfc-catalog -version: 5.0.0
\ No newline at end of file +{{ include "common.secret" . }} diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml index fec878960c..1ead35e234 100644 --- a/kubernetes/cds/values.yaml +++ b/kubernetes/cds/values.yaml @@ -1,3 +1,4 @@ +# Copyright © 2020 Samsung Electronics # Copyright © 2019 Orange, Bell Canada # Copyright © 2017 Amdocs, Bell Canada # @@ -28,6 +29,22 @@ global: mountPath: /dockerdata-nfs ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - name: &dbUserSecretName '{{ include "common.release" . }}-cds-db-secret' + uid: 'cds-db-secret' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "cds-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "config" "userName" }}' + password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + - name: &dbRootPasswordSecretName '{{ include "common.release" . }}-cds-db-root-pass' + uid: 'cds-db-root-pass' + type: password + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) .) (hasSuffix "cds-db-root-pass" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret"))}}' + password: '{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}' + +################################################################# # Application configuration defaults. ################################################################# # application images @@ -64,14 +81,14 @@ readiness: ingress: enabled: false - mariadb-galera: config: - userName: sdnctl - userPassword: sdnctl - mariadbRootPassword: sdnctl - mysqlDatabase: sdnctl - nameOverride: cds-db + userName: sdnctl + # userPassword: sdnctl + userCredentialsExternalSecret: *dbUserSecretName + mariadbRootPasswordExternalSecret: *dbRootPasswordSecretName + mysqlDatabase: &mysqlDbName sdnctl + nameOverride: &dbServer cds-db service: name: cds-db portName: cds-db @@ -80,6 +97,15 @@ mariadb-galera: enabled: true mountSubPath: cds/data +cds-blueprints-processor: + config: + cdsDB: + dbServer: *dbServer + dbPort: 3306 + dbName: *mysqlDbName + dbCredsExternalSecret: *dbUserSecretName + dbRootPassExternalSecret: *dbRootPasswordSecretName + #Resource Limit flavor -By Default using small flavor: small #segregation for different envionment (Small and Large) diff --git a/kubernetes/common/common/templates/_aafconfig.tpl b/kubernetes/common/common/templates/_aafconfig.tpl new file mode 100644 index 0000000000..db7cbe8d8d --- /dev/null +++ b/kubernetes/common/common/templates/_aafconfig.tpl @@ -0,0 +1,226 @@ +{{/* +# Copyright © 2020 Amdocs, Bell Canada, highstreet technologies GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + common templates to enable aaf configs for applictaions + + Parameter for aafConfig to be defined in values.yaml + aafConfig: --> if a different key is used, call templates with argument (dict "aafRoot" "<yourkey>" "dot" .) + # additional scripts can be defined to handle certs + addconfig: true|false + fqdn: "sdnc" + image: onap/aaf/aaf_agent:2.1.15 + app_ns: "org.osaaf.aaf" + fqi: "sdnc@sdnc.onap.org" + fqi_namespace: org.onap.sdnc + public_fqdn: "aaf.osaaf.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + persistence: + enabled: true + config.volumeReclaimPolicy: Delete + config.accessMode: ReadWriteMany + config.size: 40M + config.storageClass: "manual" + config.mountPath: "/dockerdata-nfs" + config.mountSubPath: "sdnc/aaf" + # secrets configuration, Note: create a secrets template + secrets: + - uid: aaf-deploy-creds + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aafConfig.aafDeployFqi }}' + password: '{{ .Values.aafConfig.aafDeployPass }}' + passwordPolicy: required + + In deployments/jobs/stateful include: + initContainers: + {{ include "common.aaf-config" . | nindent XX}} + + containers: + volumeMounts: + {{- if .Values.global.aafEnabled }} + - mountPath: "/opt/app/osaaf" + name: {{ include "common.fullname" . }}-aaf-config-vol + {{- end }} + volumes: + {{- include "common.aaf-config-volumes" . | nindent XX}} + + If persistence.enabled = true + Create pvc: + {{ include "common.aaf-config-pvc" . }} + Create pv + {{ include "common.aaf-config-pv" . }} + +*/}} +{{- define "common.aaf-config" -}} +{{- $dot := default . .dot -}} +{{- $aafRoot := default "aafConfig" .aafRoot -}} +{{ if .Values.global.aafEnabled }} +- name: {{ include "common.name" . }}-aaf-readiness + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - aaf-locate + - --container-name + - aaf-cm + - --container-name + - aaf-service + + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace +- name: {{ include "common.name" . }}-aaf-config + image: {{ .Values.global.repository }}/{{index .Values $aafRoot "image" }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: "/opt/app/osaaf" + name: {{ include "common.fullname" . }}-aaf-config-vol + {{- if (index .Values $aafRoot "addconfig") }} + - name: aaf-add-config + mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh + subPath: aaf-add-config.sh + {{- end }} + command: + - sh + - -c + - | + #!/usr/bin/env bash + /opt/app/aaf_config/bin/agent.sh + {{- if (index .Values $aafRoot "addconfig") }} + /opt/app/aaf_config/bin/aaf-add-config.sh + {{- end }} + env: + - name: APP_FQI + value: "{{ index .Values $aafRoot "fqi" }}" + - name: aaf_locate_url + value: "https://aaf-locate.{{ .Release.Namespace}}:8095" + - name: aaf_locator_container + value: "oom" + - name: aaf_locator_container_ns + value: "{{ .Release.Namespace }}" + - name: aaf_locator_fqdn + value: "{{ index .Values $aafRoot "fqdn" }}" + - name: aaf_locator_app_ns + value: "{{ index .Values $aafRoot "app_ns" }}" + - name: DEPLOY_FQI + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 6 }} + - name: DEPLOY_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 6 }} + #Note: want to put this on Nodes, evenutally + - name: cadi_longitude + value: "{{ default "52.3" (index .Values $aafRoot "cadi_longitude") }}" + - name: cadi_latitude + value: "{{ default "13.2" (index .Values $aafRoot "cadi_latitude") }}" + #Hello specific. Clients don't don't need this, unless Registering with AAF Locator + - name: aaf_locator_public_fqdn + value: "{{ (index .Values $aafRoot "public_fqdn") | default "" }}" +{{- end -}} +{{- end -}} + + +{{- define "common.aaf-config-volume-mountpath" -}} +{{ if .Values.global.aafEnabled }} +- mountPath: "/opt/app/osaaf" + name: {{ include "common.fullname" . }}-aaf-config-vol +{{- end -}} +{{- end -}} + +{{- define "common.aaf-config-volumes" -}} +{{ if .Values.global.aafEnabled }} +{{- $dot := default . .dot -}} +{{- $aafRoot := default "aafConfig" .aafRoot -}} +- name: {{ include "common.fullname" . }}-aaf-config-vol + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-aaf-config-pvc +{{- if (index .Values $aafRoot "addconfig") }} +- name: aaf-add-config + configMap: + name: {{ include "common.fullname" . }}-aaf-add-config + defaultMode: 0700 +{{- end }} +{{- end -}} +{{- end }} + +{{- define "common.aaf-config-pv" -}} +{{- $dot := default . .dot -}} +{{- $aafRoot := default "aafConfig" .aafRoot -}} +metadata: + name: {{ include "common.fullname" . }}-aaf-config-pv + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-aaf-config-pv + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ index .Values $aafRoot "persistence" "config" "size"}} + accessModes: + - {{ index .Values $aafRoot "persistence" "config" "accessMode" }} + persistentVolumeReclaimPolicy: {{ index .Values $aafRoot "persistence" "config" "volumeReclaimPolicy" }} + hostPath: + path: {{ index .Values $aafRoot "persistence" "config" "mountPath" }}/{{ .Release.Name }}/{{ index .Values $aafRoot "persistence" "config" "mountSubPath" }} +{{- if (index .Values $aafRoot "persistence" "config" "storageClass") }} +{{- if (eq "-" (index .Values $aafRoot "persistence" "config" "storageClass")) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ index .Values $aafRoot "persistence" "config" "storageClass" }}" +{{- end }} +{{- end }} +{{- end -}} + +{{- define "common.aaf-config-pvc" -}} +{{- $dot := default . .dot -}} +{{- $aafRoot := default "aafConfig" .aafRoot -}} +metadata: + name: {{ include "common.fullname" . }}-aaf-config-pvc + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if (index .Values $aafRoot "persistence" "annotations") }} + annotations: +{{ toYaml (index .Values $aafRoot "persistence" "annotations" ) | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }}-aaf-config-pv + accessModes: + - {{ index .Values $aafRoot "persistence" "config" "accessMode" }} + resources: + requests: + storage: {{ index .Values $aafRoot "persistence" "config" "size" }} +{{- if (index .Values $aafRoot "persistence" "config" "storageClass") }} +{{- if (eq "-" (index .Values $aafRoot "persistence" "config" "storageClass")) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ index .Values $aafRoot "persistence" "config" "storageClass" }}" +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/common/common/templates/_labels.tpl b/kubernetes/common/common/templates/_labels.tpl index 95d51e17b7..854019c197 100644 --- a/kubernetes/common/common/templates/_labels.tpl +++ b/kubernetes/common/common/templates/_labels.tpl @@ -18,45 +18,81 @@ {{/* Common labels +The function takes several arguments (inside a dictionary): + - .dot : environment (.) + - .labels : labels to add (dict) */}} {{- define "common.labels" -}} -app.kubernetes.io/name: {{ include "common.name" . }} -helm.sh/chart: {{ include "common.chart" . }} -app.kubernetes.io/instance: {{ include "common.release" . }} -app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- $dot := default . .dot -}} +app.kubernetes.io/name: {{ include "common.name" $dot }} +helm.sh/chart: {{ include "common.chart" $dot }} +app.kubernetes.io/instance: {{ include "common.release" $dot }} +app.kubernetes.io/managed-by: {{ $dot.Release.Service }} +{{ if .labels }} +{{- include "common.tplValue" (dict "value" .labels "context" $dot) }} +{{- end -}} {{- end -}} {{/* Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +The function takes several arguments (inside a dictionary): + - .dot : environment (.) + - .matchLabels: selectors/matchlLabels to add (dict) */}} {{- define "common.matchLabels" -}} -app.kubernetes.io/name: {{ include "common.name" . }} -app.kubernetes.io/instance: {{ include "common.release" . }} +{{- $dot := default . .dot -}} +{{- if not .matchLabels.nameNoMatch -}} +app.kubernetes.io/name: {{ include "common.name" $dot }} +{{- end }} +app.kubernetes.io/instance: {{ include "common.release" $dot }} +{{ if .matchLabels }} +{{$_ := unset .matchLabels "nameNoMatch"}} +{{- include "common.tplValue" (dict "value" .matchLabels "context" $dot) }} +{{- end -}} {{- end -}} {{/* Generate "top" metadata for Deployment / StatefulSet / ... + The function takes several arguments (inside a dictionary): + - .dot : environment (.) + - .labels: labels to add (dict) + - .suffix: suffix to name + */}} {{- define "common.resourceMetadata" -}} -name: {{ include "common.fullname" . }} -namespace: {{ include "common.namespace" . }} -labels: {{- include "common.labels" . | nindent 2 }} +{{- $dot := default . .dot -}} +{{- $suffix := default "" .suffix -}} +{{- $labels := default (dict) .labels -}} + +name: {{ include "common.fullname" (dict "suffix" $suffix "dot" $dot )}} +namespace: {{ include "common.namespace" $dot }} +labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot ) | nindent 2 }} {{- end -}} {{/* Generate selectors for Deployment / StatefulSet / ... + The function takes several arguments (inside a dictionary): + - .dot : environment (.) + - .matchLabels: labels to add (dict) */}} {{- define "common.selectors" -}} -matchLabels: {{- include "common.matchLabels" . | nindent 2 }} +{{- $dot := default . .dot -}} +{{- $matchLabels := default (dict) .matchLabels -}} +matchLabels: {{- include "common.matchLabels" (dict "matchLabels" $matchLabels "dot" $dot) | nindent 2 }} {{- end -}} {{/* Generate "template" metadata for Deployment / StatefulSet / ... + The function takes several arguments (inside a dictionary) + - .dot : environment (.) + - .labels: labels to add (dict) */}} {{- define "common.templateMetadata" -}} -{{- if .Values.podAnnotations }} -annotations: {{- include "common.tplValue" (dict "value" .Values.podAnnotations "context" $) | nindent 2 }} +{{- $dot := default . .dot -}} +{{- $labels := default (dict) .labels -}} +{{- if $dot.Values.podAnnotations }} +annotations: {{- include "common.tplValue" (dict "value" $dot.Values.podAnnotations "context" $) | nindent 2 }} {{- end }} -labels: {{- include "common.labels" . | nindent 2 }} -name: {{ include "common.name" . }} +labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 }} +name: {{ include "common.name" $dot }} {{- end -}} diff --git a/kubernetes/common/common/templates/_name.tpl b/kubernetes/common/common/templates/_name.tpl index 943078ff2f..e918cc1dd8 100644 --- a/kubernetes/common/common/templates/_name.tpl +++ b/kubernetes/common/common/templates/_name.tpl @@ -16,9 +16,14 @@ {{/* Expand the name of a chart. + The function takes from one to two arguments (inside a dictionary): + - .dot : environment (.) + - .suffix : add a suffix to the name */}} {{- define "common.name" -}} - {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} + {{- $dot := default . .dot -}} + {{- $suffix := .suffix -}} + {{- default $dot.Chart.Name $dot.Values.nameOverride | trunc 63 | trimSuffix "-" -}}{{ if $suffix }}{{ print "-" $suffix }}{{ end }} {{- end -}} {{/* @@ -28,16 +33,25 @@ {{- define "common.fullnameExplicit" -}} {{- $dot := .dot }} {{- $name := .chartName }} - {{- printf "%s-%s" (include "common.release" $dot) $name | trunc 63 | trimSuffix "-" -}} + {{- $suffix := default "" .suffix -}} + {{- printf "%s-%s-%s" (include "common.release" $dot) $name $suffix | trunc 63 | trimSuffix "-" | trimSuffix "-" -}} {{- end -}} {{/* Create a default fully qualified application name. Truncated at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). + Usage: + include "common.fullname" . + include "common.fullname" (dict "suffix" "mySuffix" "dot" .) + The function takes from one to two arguments: + - .dot : environment (.) + - .suffix : add a suffix to the fullname */}} {{- define "common.fullname" -}} - {{- $name := default .Chart.Name .Values.nameOverride -}} - {{- include "common.fullnameExplicit" (dict "dot" . "chartName" $name) }} +{{- $dot := default . .dot -}} +{{- $suffix := default "" .suffix -}} + {{- $name := default $dot.Chart.Name $dot.Values.nameOverride -}} + {{- include "common.fullnameExplicit" (dict "dot" $dot "chartName" $name "suffix" $suffix) }} {{- end -}} {{/* diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index cd1595b0ca..8b430ef2bd 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -31,11 +31,12 @@ {{- end -}} {{/* Define the metadata of Service - The function takes from one to three arguments (inside a dictionary): + The function takes from one to four arguments (inside a dictionary): - .dot : environment (.) - .suffix : a string which will be added at the end of the name (with a '-'). - .annotations: the annotations to add - .msb_informations: msb information in order to create msb annotation + - .labels : labels to add Usage example: {{ include "common.serviceMetadata" ( dict "suffix" "myService" "dot" .) }} {{ include "common.serviceMetadata" ( dict "annotations" .Values.service.annotation "dot" .) }} @@ -45,6 +46,7 @@ {{- $suffix := default "" .suffix -}} {{- $annotations := default "" .annotations -}} {{- $msb_informations := default "" .msb_informations -}} + {{- $labels := default (dict) .labels -}} {{- if or $annotations $msb_informations -}} annotations: {{- if $annotations }} @@ -65,7 +67,7 @@ annotations: {{- end }} name: {{ include "common.servicename" $dot }}{{ if $suffix }}{{ print "-" $suffix }}{{ end }} namespace: {{ include "common.namespace" $dot }} -labels: {{- include "common.labels" $dot | nindent 2 -}} +labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 -}} {{- end -}} {{/* Define the ports of Service @@ -125,6 +127,9 @@ labels: {{- include "common.labels" $dot | nindent 2 -}} - .publishNotReadyAddresses: if we publish not ready address - .headless: if the service is headless - .add_plain_port: add tls port AND plain port + - .labels : labels to add (dict) + - .matchLabels: selectors/machLabels to add (dict) + - .sessionAffinity: ClientIP - enables sticky sessions based on client IP, default: None */}} {{- define "common.genericService" -}} {{- $dot := default . .dot -}} @@ -136,9 +141,12 @@ labels: {{- include "common.labels" $dot | nindent 2 -}} {{- $ports := .ports -}} {{- $headless := default false .headless -}} {{- $add_plain_port := default false .add_plain_port }} +{{- $labels := default (dict) .labels -}} +{{- $matchLabels := default (dict) .matchLabels -}} +{{- $sessionAffinity := default "None" $dot.Values.service.sessionAffinity -}} apiVersion: v1 kind: Service -metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" $dot) | nindent 2 }} +metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "labels" $labels "dot" $dot) | nindent 2 }} spec: {{- if $headless }} clusterIP: None @@ -148,7 +156,8 @@ spec: publishNotReadyAddresses: true {{- end }} type: {{ $serviceType }} - selector: {{- include "common.matchLabels" $dot | nindent 4 }} + selector: {{- include "common.matchLabels" (dict "matchLabels" $matchLabels "dot" $dot) | nindent 4 }} + sessionAffinity: {{ $sessionAffinity }} {{- end -}} {{/* @@ -166,15 +175,19 @@ spec: ports and the other one is NodePort (or LoadBalancer) with crypted port only. */}} {{- define "common.service" -}} -{{- $suffix := default "" .Values.service.suffix -}} -{{- $annotations := default "" .Values.service.annotations -}} -{{- $publishNotReadyAddresses := default false .Values.service.publishNotReadyAddresses -}} -{{- $msb_informations := default "" .Values.service.msb -}} -{{- $serviceType := .Values.service.type -}} -{{- $ports := .Values.service.ports -}} -{{- $both_tls_and_plain:= default false .Values.service.both_tls_and_plain }} +{{- $dot := default . .dot -}} +{{- $suffix := default "" $dot.Values.service.suffix -}} +{{- $annotations := default "" $dot.Values.service.annotations -}} +{{- $publishNotReadyAddresses := default false $dot.Values.service.publishNotReadyAddresses -}} +{{- $msb_informations := default "" $dot.Values.service.msb -}} +{{- $serviceType := $dot.Values.service.type -}} +{{- $ports := $dot.Values.service.ports -}} +{{- $both_tls_and_plain:= default false $dot.Values.service.both_tls_and_plain }} +{{- $labels := default (dict) .labels -}} +{{- $matchLabels := default (dict) .matchLabels -}} + {{- if (and (include "common.needTLS" .) $both_tls_and_plain) }} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }} {{- if (ne $serviceType "ClusterIP") }} --- {{- if $suffix }} @@ -182,20 +195,23 @@ spec: {{- else }} {{- $suffix = "external" }} {{- end }} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }} {{- end }} {{- else }} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }} {{- end }} {{- end -}} {{/* Create headless service template */}} {{- define "common.headlessService" -}} -{{- $suffix := include "common._makeHeadlessSuffix" . -}} -{{- $annotations := default "" .Values.service.headless.annotations -}} -{{- $publishNotReadyAddresses := default false .Values.service.headless.publishNotReadyAddresses -}} -{{- $ports := .Values.service.headlessPorts -}} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true ) }} +{{- $dot := default . .dot -}} +{{- $suffix := include "common._makeHeadlessSuffix" $dot -}} +{{- $annotations := default "" $dot.Values.service.headless.annotations -}} +{{- $publishNotReadyAddresses := default false $dot.Values.service.headless.publishNotReadyAddresses -}} +{{- $ports := $dot.Values.service.headlessPorts -}} +{{- $labels := default (dict) .labels -}} +{{- $matchLabels := default (dict) .matchLabels -}} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true "labels" $labels "matchLabels" $matchLabels) }} {{- end -}} {{/* diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 872d01d6ae..a4200c3fd1 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -109,7 +109,7 @@ mongo: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.0 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.2 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager @@ -119,9 +119,9 @@ componentImages: holmes_engine: onap/holmes/engine-management:1.2.6 tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2 tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.0 - ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.3 + ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.4 snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0 - prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.0 + prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2 hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0 # Resource Limit flavor -By Default using small diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml index 9d38659f61..fd7069450e 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml @@ -44,7 +44,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.1 +image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.2 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml index 0043e8a95d..8b885895e0 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml @@ -49,7 +49,19 @@ spec: {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dashsecret" "key" "login") | indent 14 }} - name: DASHBOARD_PASSWORD {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dashsecret" "key" "password") | indent 14 }} - - name: ONAPDUBLIN_TOPICURL + - name: ONAP_TOPICURL value: {{ .Values.config.mrTopicURL }} + - name: ONAP_IMPORT_CLOUDIFYPLUGIN + value: {{ .Values.config.importCloudify }} + - name: ONAP_IMPORT_K8SPLUGIN + value: {{ .Values.config.importK8S }} + - name: ONAP_IMPORT_POLICYPLUGIN + value: {{ .Values.config.importPolicy }} + - name: ONAP_INPORT_POSTGRESPLUGIN + value: {{ .Values.config.importPostgres }} + - name: ONAP_IMPORT_CLAMPPLUGIN + value: {{ .Values.config.importClamp }} + - name: ONAP_IMPORT_DMAAPPLUGIN + value: {{ .Values.config.importDMaaP }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml index f21b7f9cb5..592def272f 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -34,6 +34,12 @@ config: dashboardUser: nobody #dashboardPassword: doesntmatter mrTopicURL: http://message-router:3904/events + importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml + importK8S: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/k8splugin/1.7.2/k8splugin_types.yaml + importPolicy: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/dcaepolicyplugin/2.4.0/dcaepolicyplugin_types.yaml + importPostgres: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.ccsdk.platform.plugins/type_files/pgaas/1.1.0/pgaas_types.yaml + importClamp: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/clamppolicyplugin/1.1.0/clamppolicyplugin_types.yaml + importDMaaP: https://nexus.onap.org/content/repositories/raw/org.onap.ccsdk.platform.plugins/type_files/dmaap/dmaap.yaml secrets: - uid: "dashsecret" diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env index cde43f95b7..84a42d6436 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env +++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env @@ -14,4 +14,4 @@ # Environment settings for starting a container DMAAPBC_WAIT_TO_EXIT=Y - +DMAAPBC_KSTOREFILE=/opt/app/osaaf/local/org.onap.dmaap-bc.jks diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties index e43182daa3..59f64bd99c 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties +++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties @@ -12,43 +12,47 @@ # See the License for the specific language governing permissions and # limitations under the License. -##################################################### -# -# ONAP Casablanca oom configurable deployment params: -# -##################################################### - ##################################################### # # Hooks for specific environment configurations # ##################################################### -# Indicator for whether to use AAF +# Indicator for whether to use AAF for authentication UseAAF: {{ .Values.global.aafEnabled }} -# csit: stubs out some southbound APIs for csit -csit: No +# Stub out southbound calls for Unit Test cases to run. e.g. not timeout +# Comment out in other environments to get default (No) +#UnitTest: Yes -# name of this DMaaP instance (deprecated) -#DmaapName: demo ##################################################### # # Settings for Southbound API: Datarouter # ##################################################### -# FQDN of DR Prov Server (deprecated) -#DR.provhost: dcae-drps.domain.not.set # URI to retrieve dynamic DR configuration ProvisioningURI: /internal/prov # indicator for handling feed delete: # DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility) -# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cfy environments. +# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cloudify environments. Feed.deleteHandling: SimulateDelete +########################################################### +# The following properties default to match ONAP DR instance. +# However, there are some non-ONAP DR instances that require other values. +# Sets the X-DR-ON-BEHALF-OF HTTP Header value +#DR.onBehalfHeader: +# Value for the Content-Type Header in DR Feed API +#DR.feedContentType: +# Value for the Content-Type Header in DR Subscription API +#DR.subContentType: +# +# END OF properties helpful for non-ONAP DR instance. +############################################################ + ##################################################### # # Settings for Soutbound API: Postgresql @@ -86,6 +90,9 @@ MR.multisite: false # In a multi-site, MR cluster deployment, use the CNAME DNS entry which resolves to the primary central MR MR.CentralCname: {{ .Values.dmaapMessageRouterService }} +# Indicator for whether we want hostname verification on SSL connection to MR +MR.hostnameVerify: false + # MR Client Delete Level thoroughness: # 0 = don't delete # 1 = delete from persistent store @@ -104,6 +111,12 @@ MR.projectID: mr # Use Basic Authentication when provisioning topics MR.authentication: basicAuth +# MR topic name style (default is FQTN_LEGACY_FORMAT) +#MR.topicStyle: FQTN_LEGACY_FORMAT +# +# end of MR Related Properties +################################################################################ + ##################################################### # @@ -136,14 +149,20 @@ aaf.AdminPassword: {{ .Values.adminPwd }} # Identity that is owner of any created namespaces for topics aaf.NsOwnerIdentity: {{ .Values.adminUser }} -# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF -CredentialCodeKeyfile: etc/LocalKey # this overrides the Class used for Decryption. # This allows for a plugin encryption/decryption method if needed. # Call this Class for decryption at runtime. #AafDecryption.Class: com.company.proprietaryDecryptor +# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF +# Not used in ONAP, but possibly used with Decryption override class. +#CredentialCodeKeyfile: etc/LocalKey + +# +# endof AAF Properties +#################################################### + ##################################################### # @@ -172,11 +191,53 @@ MM.ProvUserMechId: dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org # pwd for Identity used to publish MM prov cmds MM.ProvUserPwd: demo123456! -# AAF Role of MirrorMaker agent subscribed to prov cmds +# AAF Role of MirrorMaker agent subscribed to prov cmds. MM.AgentRole: org.onal.dmaap-bc-mm-prov.agent ##################################################### # +# Certificate Management +# +##################################################### + +# Indicates how we are expecting certificates to be provided: +# cadi - a set of artifacts will be downloaded from AAF at deployment time, and details will be in a cadi properties file +# legacy (default) - artifacts will be installed manually or some other way and details will be in this file +CertificateManagement: cadi + +# When CertificateManagement is cadi, then this is where all the cadi properties will be. +# Note that the cadi properties include where the cert is, and the encrypted passwords to read. +cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props + +########################################################################################### +# When CertificateManagement is legacy, we need to provide more details about cert handling: +#CertificateManagement: legacy +# the type of keystore for https (for legacy CertificateManagment only) +#KeyStoreType: jks + +# path to the keystore file (for legacy CertificateManagment only) +#KeyStoreFile: etc/keystore + +# password for the https keystore (for legacy CertificateManagment only) +#KeyStorePassword: Y@Y5f&gm?PAz,CVQL,lk[VAF +# password for the private key in the https keystore (for legacy CertificateManagment only) +#KeyPassword: changeit + +# type of truststore for https (for legacy CertificateManagment only) +#TrustStoreType: jks + +# path to the truststore for https (for legacy CertificateManagment only) +#TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks + +# password for the https truststore (for legacy CertificateManagment only) +#TrustStorePassword: changeit +# +# END OF legacy CertificateManagement properties +########################################################################################### + + +##################################################### +# # HTTP Server Configuration # ##################################################### @@ -191,30 +252,24 @@ IntHttpPort: 8080 # set to 0 if no certificates are available. IntHttpsPort: 8443 -# external port number for https taking port mapping into account -ExtHttpsPort: 443 - -# the type of keystore for https -KeyStoreType: jks - -# path to the keystore file -KeyStoreFile: etc/keystore - -# password for the https keystore -KeyStorePassword: Y@Y5f&gm?PAz,CVQL,lk[VAF -# password for the private key in the https keystore -KeyPassword: Y@Y5f&gm?PAz,CVQL,lk[VAF -# type of truststore for https -TrustStoreType: jks - -# path to the truststore for https -TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks - -# password for the https truststore -TrustStorePassword: 8b&R5%l$l:@jSWz@FCs;rhY* - -# path to the file used to trigger an orderly shutdown -QuiesceFile: etc/SHUTDOWN inHttpsPort: 0 + +##################################################### +# +# Deprecated +# +##################################################### +# csit: stubs out some southbound APIs for csit (deprecated) +#csit: No +# name of this DMaaP instance (deprecated) +#DmaapName: demo +# external port number for https taking port mapping into account (deprecated) +#ExtHttpsPort: 443 +# path to the file used to trigger an orderly shutdown (deprecated) +#QuiesceFile: etc/SHUTDOWN +# FQDN of DR Prov Server (deprecated) +#DR.provhost: dcae-drps.domain.not.set +# root of topic namespace (decrecated) +#topicNsRoot: org.onap.dcae.dmaap diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml index 3e08185a20..ea2720f9ce 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml @@ -48,7 +48,7 @@ spec: command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"] volumeMounts: - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.name" . }}-aaf-config + name: {{ include "common.name" . }}-aaf-config-vol env: - name: APP_FQI value: "{{ .Values.aafConfig.fqi }}" @@ -75,6 +75,26 @@ spec: value: "{{ .Values.aafConfig.cadiLongitude }}" - name: cadi_latitude value: "{{ .Values.aafConfig.cadiLatitude }}" + - name: {{ include "common.name" . }}-permission-fixer + image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: {{ .Values.persistence.aafCredsPath }} + name: {{ include "common.name" . }}-aaf-config-vol + command: ["chown","-Rf","1000:1001", "/opt/app/"] +# See AAF-425 for explanation of why this is needed. +# This artifact is provisioned in AAF for both pks12 and jks format and apparently +# the cadi library is not using the jks password on the jks keystore. +# So, this attempts to "fix" the credential property file until this is fixed properly. + - name: {{ include "common.name" . }}-cred-fixer + image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: {{ .Values.persistence.aafCredsPath }} + name: {{ include "common.name" . }}-aaf-config-vol + command: ["/bin/sh"] + args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ] + {{- end }} {{- if .Values.PG.enabled }} - name: {{ include "common.name" . }}-postgres-readiness @@ -95,7 +115,7 @@ spec: {{- end }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: "{{ .Values.repository }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 10 }} {{ if eq .Values.liveness.enabled true -}} @@ -118,13 +138,12 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true + - mountPath: {{ .Values.persistence.aafCredsPath }} + name: {{ include "common.name" . }}-aaf-config-vol # NOTE: on the following several configMaps, careful to include / at end # since there may be more than one file in each mountPath - name: {{ include "common.name" . }}-config mountPath: /opt/app/config/conf/ - - name: {{ include "common.name" . }}-aaf-config - mountPath: /opt/app/dmaapbc/etc/org.onap.dmaap-bc.props - subPath: org.onap.dmaap-bc.props resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} @@ -139,8 +158,7 @@ spec: - name: {{ include "common.name" . }}-config configMap: name: {{ include "common.fullname" . }}-config - - name: {{ include "common.name" . }}-aaf-config - configMap: - name: {{ include "common.fullname" . }}-aaf-config + - name: {{ include "common.name" . }}-aaf-config-vol + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml index 28c77eb54c..3a18787826 100644 --- a/kubernetes/dmaap/components/dmaap-bc/values.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml @@ -30,7 +30,8 @@ pullPolicy: Always # application images repository: nexus3.onap.org:10001 -image: onap/dmaap/dmaap-bc:2.0.3 +#repository: 10.12.7.57:5000 +image: onap/dmaap/dmaap-bc:2.0.4 # application configuration @@ -49,7 +50,7 @@ adminPwd: demo123456! #AAF local config aafConfig: - aafDeployFqi: dmaap-bc@dmaap-bc.onap.org + aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! fqdn: dmaap-bc fqi: dmaap-bc@dmaap-bc.onap.org @@ -58,7 +59,7 @@ aafConfig: cadiLongitude: 0.0 persistence: - aafCredsPath: /opt/app/osaaf/local + aafCredsPath: /opt/app/osaaf/local/ # for Casablanca default deployment, leave this true to # get a topic namespace that matches MR. When set to false, diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml index 3f2d39e0d1..c7ecb07452 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml @@ -21,7 +21,7 @@ --- {{- $global := . }} {{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) -}} +{{- if (include "common.needPV" .) -}} {{- range $i := until (int $global.Values.replicaCount)}} kind: PersistentVolume apiVersion: v1 diff --git a/kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json b/kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json index ebec0adc6f..27df701b80 100644 --- a/kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json +++ b/kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json @@ -27,9 +27,9 @@ "sdcConfiguration":{ "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup", "parameters":{ - "asdcAddress": "sdc-be:8443", + "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443", "messageBusAddress": [ - "message-router" + "message-router.{{ include "common.namespace" . }}" ], "user": "multicloud", "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json b/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json index 7ca5251d40..da0727c3a7 100644 --- a/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json +++ b/kubernetes/multicloud/charts/multicloud-starlingx/resources/config/log/config.json @@ -27,9 +27,9 @@ "sdcConfiguration":{ "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup", "parameters":{ - "asdcAddress": "sdc-be:8443", + "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443", "messageBusAddress": [ - "message-router" + "message-router.{{ include "common.namespace" . }}" ], "user": "multicloud", "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", diff --git a/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json b/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json index 0647844a7c..655076a901 100644 --- a/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json +++ b/kubernetes/multicloud/charts/multicloud-windriver/resources/config/log/config.json @@ -27,9 +27,9 @@ "sdcConfiguration":{ "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup", "parameters":{ - "asdcAddress": "sdc-be:8443", + "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443", "messageBusAddress": [ - "message-router" + "message-router.{{ include "common.namespace" . }}" ], "user": "multicloud", "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", diff --git a/kubernetes/portal/charts/portal-app/templates/service.yaml b/kubernetes/portal/charts/portal-app/templates/service.yaml index 1d78c14888..dd207ea0e6 100644 --- a/kubernetes/portal/charts/portal-app/templates/service.yaml +++ b/kubernetes/portal/charts/portal-app/templates/service.yaml @@ -37,18 +37,6 @@ spec: type: {{ .Values.service.type }} ports: {{ if or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer") -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName }}2 - - port: {{ .Values.service.externalPort3 }} - targetPort: {{ .Values.service.internalPort3 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} - name: {{ .Values.service.portName }}3 - port: {{ .Values.service.externalPort4 }} targetPort: {{ .Values.service.internalPort4 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }} diff --git a/kubernetes/robot b/kubernetes/robot -Subproject 3fa8381f2a1e5f030ee1388466417817dda0fbe +Subproject ac2783f70a211de9642de744a0a1d3c3dbe920c diff --git a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml index 1aa0010289..87fed417e6 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml @@ -80,7 +80,7 @@ spec: readinessProbe: exec: command: - - "/var/lib/ready-probe.sh" + - "/var/lib/jetty/ready-probe.sh" initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} @@ -99,7 +99,7 @@ spec: fieldPath: status.podIP volumeMounts: - name: {{ include "common.fullname" . }}-environments - mountPath: /root/chef-solo/environments/ + mountPath: /var/lib/jetty/chef-solo/environments/ - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true diff --git a/kubernetes/sdc/charts/sdc-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-be/templates/job.yaml index 994c407955..4b5ec51976 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/job.yaml +++ b/kubernetes/sdc/charts/sdc-be/templates/job.yaml @@ -53,7 +53,9 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-environments - mountPath: /root/chef-solo/environments/ + mountPath: /home/sdc/chef-solo/environments/ + - name: sdc-logs + mountPath: /var/lib/jetty/logs env: - name: ENVNAME value: {{ .Values.global.env.name }} @@ -66,6 +68,8 @@ spec: configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 + - name: sdc-logs + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" restartPolicy: Never diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml index a58e950b3e..b6bc635071 100644 --- a/kubernetes/sdc/charts/sdc-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-backend:1.6.2 -backendInitImage: onap/sdc-backend-init:1.6.2 +image: onap/sdc-backend:1.6.3 +backendInitImage: onap/sdc-backend-init:1.6.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/charts/sdc-cs/templates/job.yaml b/kubernetes/sdc/charts/sdc-cs/templates/job.yaml index 472975ff37..4e4aad46fc 100644 --- a/kubernetes/sdc/charts/sdc-cs/templates/job.yaml +++ b/kubernetes/sdc/charts/sdc-cs/templates/job.yaml @@ -57,9 +57,9 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-environments - mountPath: /root/chef-solo/environments/ + mountPath: /home/sdc/chef-solo/environments/ - name: {{ include "common.fullname" . }}-chef-cache - mountPath: /root/chef-solo/cache + mountPath: /home/sdc/chef-solo/cache env: - name: ENVNAME value: {{ .Values.global.env.name }} diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/charts/sdc-cs/values.yaml index c7c8da96b0..ddc194654d 100644 --- a/kubernetes/sdc/charts/sdc-cs/values.yaml +++ b/kubernetes/sdc/charts/sdc-cs/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.6.2 -cassandraInitImage: onap/sdc-cassandra-init:1.6.2 +image: onap/sdc-cassandra:1.6.3 +cassandraInitImage: onap/sdc-cassandra-init:1.6.3 pullPolicy: Always diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml index f8fb2f61e2..6072148d07 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-be/templates/deployment.yaml @@ -92,7 +92,7 @@ spec: fieldPath: status.podIP volumeMounts: - name: {{ include "common.fullname" . }}-environments - mountPath: /root/chef-solo/environments/ + mountPath: /var/lib/jetty/chef-solo/environments/ - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true diff --git a/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml index 57a25516af..9df959abd4 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-be/templates/job.yaml @@ -52,7 +52,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-environments - mountPath: /root/chef-solo/environments + mountPath: /var/lib/jetty/chef-solo/environments env: - name: ENVNAME value: {{ .Values.global.env.name }} diff --git a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml index 77544a75f3..051c076ea1 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml @@ -27,9 +27,9 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dcae-be:1.3.2 +image: onap/dcae-be:1.3.3 pullPolicy: Always -backendInitImage: onap/dcae-tools:1.3.2 +backendInitImage: onap/dcae-tools:v1.3.3 # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml index 586baeb609..20a6194e99 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-dt/templates/deployment.yaml @@ -91,7 +91,7 @@ spec: fieldPath: status.podIP volumeMounts: - name: {{ include "common.fullname" . }}-environments - mountPath: /root/chef-solo/environments/ + mountPath: /var/lib/jetty/chef-solo/environments/ - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml index df0606fdbe..26e1cacdd0 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dcae-dt:1.3.2 +image: onap/dcae-dt:1.3.3 pullPolicy: IfNotPresent config: javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml index 1bc0d880e7..e99d65b43b 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-fe/templates/deployment.yaml @@ -91,7 +91,7 @@ spec: fieldPath: status.podIP volumeMounts: - name: {{ include "common.fullname" . }}-environments - mountPath: /root/chef-solo/environments/ + mountPath: /var/lib/jetty/chef-solo/environments/ - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml index a5794b28c3..46024d57ca 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dcae-fe:1.3.2 +image: onap/dcae-fe:1.3.3 pullPolicy: Always config: javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml index 5634aec492..5ae706dee8 100644 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/templates/deployment.yaml @@ -77,7 +77,7 @@ spec: fieldPath: status.podIP volumeMounts: - name: {{ include "common.fullname" . }}-environments - mountPath: /root/chef-solo/environments/ + mountPath: /var/lib/jetty/chef-solo/environments/ - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true diff --git a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml index 06169df566..61beab34c4 100644 --- a/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-tosca-lab/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dcae-tosca-app:1.3.1 +image: onap/dcae-tosca-app:1.3.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml index 6f35f6bd06..8e19489f9a 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml @@ -80,7 +80,7 @@ spec: value: {{ .Values.config.javaOptions }} volumeMounts: - name: {{ include "common.fullname" . }}-environments - mountPath: /root/chef-solo/environments/ + mountPath: /var/lib/jetty/chef-solo/environments/ - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true diff --git a/kubernetes/sdc/charts/sdc-fe/templates/service.yaml b/kubernetes/sdc/charts/sdc-fe/templates/service.yaml index 1b9884a232..2133990b60 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/service.yaml +++ b/kubernetes/sdc/charts/sdc-fe/templates/service.yaml @@ -37,17 +37,24 @@ metadata: spec: type: {{ .Values.service.type }} ports: + {{ if not .Values.global.security.disableHttp }} + # setting http port only if enabled {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} name: {{ .Values.service.portName }} - - port: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName }}2 {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} name: {{ .Values.service.portName }} + {{ end }} + {{ end }} + + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort2 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + name: {{ .Values.service.portName }}2 + {{- else -}} - port: {{ .Values.service.externalPort2 }} targetPort: {{ .Values.service.internalPort2 }} name: {{ .Values.service.portName }}2 diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml index ce77dfda4a..64ccaa81b1 100644 --- a/kubernetes/sdc/charts/sdc-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-frontend:1.6.2 +image: onap/sdc-frontend:1.6.3 pullPolicy: Always config: diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml index 78b111658a..75779a319c 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml @@ -57,7 +57,7 @@ spec: livenessProbe: exec: command: - - "/var/lib/ready-probe.sh" + - "/var/lib/jetty/ready-probe.sh" initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} @@ -65,7 +65,7 @@ spec: readinessProbe: exec: command: - - "/var/lib/ready-probe.sh" + - "/var/lib/jetty/ready-probe.sh" initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} @@ -94,7 +94,7 @@ spec: value: {{ .Values.cert.certDir }} volumeMounts: - name: {{ include "common.fullname" . }}-environments - mountPath: /root/chef-solo/environments/ + mountPath: /var/lib/jetty/chef-solo/environments/ - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime readOnly: true diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/job.yaml index 11676147e7..0e5e63b772 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/job.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/job.yaml @@ -53,7 +53,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - name: {{ include "common.fullname" . }}-environments - mountPath: /root/chef-solo/environments/ + mountPath: /home/sdc/chef-solo/environments/ env: - name: ENVNAME value: {{ .Values.global.env.name }} diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml index 727d0a389b..b15f784dee 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-onboard-backend:1.6.2 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.2 +image: onap/sdc-onboard-backend:1.6.3 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml index 3e5a83aee7..78fdb32dcc 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-backend:1.6.1 -configInitImage: onap/workflow-init:1.6.1 +image: onap/workflow-backend:1.6.2 +configInitImage: onap/workflow-init:1.6.2 pullPolicy: Always initJob: @@ -47,13 +47,13 @@ config: serverSSLEnabled: true serverSSLKeyStoreType: jks - serverSSLKeyStorePath: /etc/keystore + serverSSLKeyStorePath: /home/sdc/etc/keystore serverSSLTrustStoreType: jks - serverSSLTrustStorePath: /etc/truststore + serverSSLTrustStorePath: /home/sdc/etc/truststore cassandraSSLEnabled: false - cassandraTrustStorePath: /etc/truststore + cassandraTrustStorePath: /home/sdc/etc/truststore # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml index 66eb22e50c..6b0669b5b6 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-frontend:1.6.1 +image: onap/workflow-frontend:1.6.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json index 2d99ab0c3a..57d774e59b 100755 --- a/kubernetes/sdc/resources/config/environments/AUTO.json +++ b/kubernetes/sdc/resources/config/environments/AUTO.json @@ -8,7 +8,7 @@ "chef_type": "environment", "default_attributes": { - "disableHttp": true, + "disableHttp": {{ .Values.global.security.disableHttp }}, "CS_VIP": "{{.Values.global.cassandra.serviceName}}.{{include "common.namespace" .}}", "BE_VIP": "sdc-be.{{include "common.namespace" .}}", "ONBOARDING_BE_VIP": "sdc-onboarding-be.{{include "common.namespace" .}}", diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index 3d35814f2e..dfbd8c80df 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -39,7 +39,8 @@ global: replicaCount: 3 clusterName: cassandra dataCenter: Pod - + security: + disableHttp: true config: logstashServiceName: log-ls logstashPort: 5044 diff --git a/kubernetes/sdnc/templates/service.yaml b/kubernetes/sdnc/templates/service.yaml index c5577a1cdb..0bbda1a364 100644 --- a/kubernetes/sdnc/templates/service.yaml +++ b/kubernetes/sdnc/templates/service.yaml @@ -35,33 +35,45 @@ metadata: } ]' spec: - type: {{ .Values.service.type }} + type: NodePort ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} + - name: "{{ .Values.service.portName }}-restconf" {{ if not .Values.global.aafEnabled }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }} - {{ end }} - name: "{{ .Values.service.portName }}-8282" - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: "{{ .Values.service.portName }}-8202" - - port: {{ .Values.service.externalPort3 }} - targetPort: {{ .Values.service.internalPort3 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} - name: "{{ .Values.service.portName }}-8280" - - port: {{ .Values.service.externalPort4 }} + port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + {{- else -}} + port: {{ .Values.service.externalPort4 }} targetPort: {{ .Values.service.internalPort4 }} - {{ if .Values.global.aafEnabled }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }} {{ end }} - name: "{{ .Values.service.portName }}-8443" - {{- else -}} - - port: {{ .Values.service.externalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} +--- +apiVersion: v1 +kind: Service +metadata: + name: "{{ .Values.service.name }}-oam" + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + ports: + - name: "{{ .Values.service.portName }}-restconf-alt" + {{ if .Values.global.aafEnabled }} + port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} + {{- else -}} + port: {{ .Values.service.internalPort4 }} + target: {{ .Values.service.internalPort4 }} + {{ end }} + - name: "{{ .Values.service.portName }}-karaf" + port: {{ .Values.service.externalPort2 }} + targetPort: {{ .Values.service.internalPort2 }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 8fd7590863..0e7d97f3ad 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -198,7 +198,7 @@ aaf_init: mariadb-galera: &mariadbGalera nameOverride: sdnc-db - config: + config: &mariadbGaleraConfig rootPasswordExternalSecret: '{{ ternary (include "common.release" .)-sdnc-db-root-password "" .Values.global.mariadbGalera.localCluster }}' userName: sdnctl userCredentialsExternalSecret: *dbSecretName @@ -217,8 +217,9 @@ cds: dmaap-listener: nameOverride: sdnc-dmaap-listener mariadb-galera: - << : *mariadbGalera + <<: *mariadbGalera config: + <<: *mariadbGaleraConfig mysqlDatabase: *sdncDbName config: sdncChartName: sdnc @@ -229,8 +230,9 @@ dmaap-listener: ueb-listener: mariadb-galera: - << : *mariadbGalera + <<: *mariadbGalera config: + <<: *mariadbGaleraConfig mysqlDatabase: *sdncDbName nameOverride: sdnc-ueb-listener config: @@ -241,8 +243,9 @@ ueb-listener: sdnc-portal: mariadb-galera: - << : *mariadbGalera + <<: *mariadbGalera config: + <<: *mariadbGaleraConfig mysqlDatabase: *sdncDbName config: sdncChartName: sdnc @@ -253,8 +256,9 @@ sdnc-ansible-server: config: restCredsExternalSecret: *ansibleSecretName mariadb-galera: - << : *mariadbGalera + <<: *mariadbGalera config: + <<: *mariadbGaleraConfig mysqlDatabase: ansible service: name: sdnc-ansible-server @@ -306,13 +310,10 @@ service: #port externalPort: 8282 - nodePort: "02" externalPort2: 8202 - nodePort2: "08" externalPort3: 8280 - nodePort3: 46 externalPort4: 8443 nodePort4: 67 diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/charts/so-monitoring/values.yaml index 240ca1511d..ae3f385c83 100644 --- a/kubernetes/so/charts/so-monitoring/values.yaml +++ b/kubernetes/so/charts/so-monitoring/values.yaml @@ -41,7 +41,8 @@ containerPort: 9091 logPath: app/logs/ app: so-monitoring service: - type: NodePort +#Since this is a feature for monitoring the service type is changed to internal, users can change it to NodePort on need basis... + type: ClusterIP nodePort: 24 internalPort: 9091 externalPort: 9091 diff --git a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml index ffebc4c794..117d270ab0 100755 --- a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml @@ -105,7 +105,12 @@ mso: endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine msoKey: {{ .Values.mso.msoKey }} config: + {{ if eq .Values.global.security.aaf.enabled true }} cadi: {{ include "cadi.keys" . | nindent 8}} + {{- else }} + cadi: + aafId: {{ .Values.mso.basicUser }} + {{- end }} catalog: db: spring: diff --git a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml index 6235bd2c88..7a1358cc88 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml @@ -104,6 +104,11 @@ org: rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}} bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService + opticalservice: + optical-service-create: + create: POST|270000|sdncurl13|sdnc-request-header|org:onap:sdnc:northbound:optical-service + optical-service-delete: + delete: POST|270000|sdncurl13|sdnc-request-header|org:onap:sdnc:northbound:optical-service generic-resource: network-topology-operation: create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource @@ -146,6 +151,7 @@ org: sdncurl10: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/GENERIC-RESOURCE-API:' sdncurl11: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNFTOPOLOGYAIC-API:' sdncurl12: 'http://sdnc.{{ include "common.namespace" . }}:8282/' + sdncurl13: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/opticalservice:' sdncurl5: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/config' sdncurl6: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNF-API:' sdncurl7: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/L3UCPE-API:' diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index a792ff9acd..807d2a6c7e 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -231,6 +231,7 @@ so-openstack-adapter: mso: msoKey: 07a7159d3bf51a0e53be7a8f89699be7 auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4 + basicUser: poBpmn config: cadi: aafId: so@so.onap.org diff --git a/kubernetes/uui/templates/deployment.yaml b/kubernetes/uui/templates/deployment.yaml index bff2f920c9..69f65569a3 100644 --- a/kubernetes/uui/templates/deployment.yaml +++ b/kubernetes/uui/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: command: - /bin/bash - -c - - /home/uui/tomcat/bin/catalina.sh run + - /home/uui/uuiStartup.sh ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger diff --git a/kubernetes/uui/templates/service.yaml b/kubernetes/uui/templates/service.yaml index cdab5c9fca..e11f7fb287 100644 --- a/kubernetes/uui/templates/service.yaml +++ b/kubernetes/uui/templates/service.yaml @@ -31,7 +31,8 @@ metadata: "path":"/iui/usecaseui", "protocol": "UI", "port": "{{ .Values.service.internalPort }}", - "visualRange":"1" + "visualRange":"1", + "enable_ssl": true } ]' spec: diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml index bfecdb7d4f..e76e46c64f 100644 --- a/kubernetes/uui/values.yaml +++ b/kubernetes/uui/values.yaml @@ -25,7 +25,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/usecase-ui:2.0.1 +image: onap/usecase-ui:2.0.5 pullPolicy: Always # application configuration @@ -59,7 +59,7 @@ service: type: NodePort name: uui portName: uui - internalPort: 8080 + internalPort: 8443 nodePort: 98 ingress: @@ -67,7 +67,7 @@ ingress: service: - baseaddr: uui name: "uui" - port: 8080 + port: 8443 config: ssl: "none" diff --git a/kubernetes/vfc/charts/vfc-catalog/.helmignore b/kubernetes/vfc/charts/vfc-catalog/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/vfc/charts/vfc-catalog/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/vfc/charts/vfc-catalog/resources/config/logging/log.yml b/kubernetes/vfc/charts/vfc-catalog/resources/config/logging/log.yml deleted file mode 100644 index 2daea32cae..0000000000 --- a/kubernetes/vfc/charts/vfc-catalog/resources/config/logging/log.yml +++ /dev/null @@ -1,50 +0,0 @@ -version: 1 -disable_existing_loggers: False - -loggers: - catalog: - handlers: [cataloglocal_handler, catalog_handler] - level: "DEBUG" - propagate: False - django: - handlers: [django_handler] - level: "DEBUG" - propagate: False -handlers: - cataloglocal_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "logs/runtime_catalog.log" - formatter: - "standard" - maxBytes: 52428800 - backupCount: 10 - catalog_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "/var/log/onap/vfc/catalog/runtime_catalog.log" - formatter: - "mdcFormat" - maxBytes: 52428800 - backupCount: 10 - django_handler: - level: "DEBUG" - class: - "logging.handlers.RotatingFileHandler" - filename: "logs/django.log" - formatter: - "standard" - maxBytes: 52428800 - backupCount: 10 -formatters: - standard: - format: - "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s" - mdcFormat: - format: - "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/vfc/charts/vfc-catalog/templates/configmap.yaml b/kubernetes/vfc/charts/vfc-catalog/templates/configmap.yaml deleted file mode 100644 index 1d0751a01b..0000000000 --- a/kubernetes/vfc/charts/vfc-catalog/templates/configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-logging-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml deleted file mode 100644 index 028b164e00..0000000000 --- a/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml +++ /dev/null @@ -1,150 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - annotations: - sidecar.istio.io/inject: "{{.Values.istioSidecar}}" - spec: - initContainers: - - command: - - /root/ready.py - args: - - --container-name - - {{ .Values.config.mariadbService }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - containers: - - name: {{ include "common.name" . }} - command: - - sh - args: - - -c - - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: MSB_PROTO - value: "{{ .Values.global.config.msbprotocol }}" - - name: SSL_ENABLED - value: "{{ .Values.global.config.ssl_enabled }}" - - name: MSB_ADDR - value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - - name: MYSQL_ADDR - value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - - name: MYSQL_ROOT_USER - value: "{{ .Values.global.config.mariadb_admin }}" - - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} - - name: REDIS_ADDR - value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" - - name: REG_TO_MSB_WHEN_START - value: "{{ .Values.global.config.reg_to_msb_when_start }}" - volumeMounts: - - name: {{ include "common.fullname" . }}-catalog - mountPath: /service/vfc/nfvo/catalog/static - - name: {{ include "common.fullname" . }}-localtime - mountPath: /etc/localtime - readOnly: true - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-logconfig - mountPath: /opt/vfc/catalog/config/log.yml - subPath: log.yml - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - - # side car containers - - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - - volumes: - - name: {{ include "common.fullname" . }}-catalog - {{- if .Values.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} - - name: {{ include "common.fullname" . }}-localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: {{ include "common.fullname" . }}-logconfig - configMap: - name : {{ include "common.fullname" . }}-logging-configmap - - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.release" . }}-vfc-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/vfc/charts/vfc-catalog/templates/pv.yaml b/kubernetes/vfc/charts/vfc-catalog/templates/pv.yaml deleted file mode 100644 index d672025068..0000000000 --- a/kubernetes/vfc/charts/vfc-catalog/templates/pv.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" . }}-data" - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} -{{- end -}} -{{- end -}} diff --git a/kubernetes/vfc/charts/vfc-catalog/templates/pvc.yaml b/kubernetes/vfc/charts/vfc-catalog/templates/pvc.yaml deleted file mode 100644 index e04a0b3ed3..0000000000 --- a/kubernetes/vfc/charts/vfc-catalog/templates/pvc.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- end -}} diff --git a/kubernetes/vfc/charts/vfc-catalog/templates/service.yaml b/kubernetes/vfc/charts/vfc-catalog/templates/service.yaml deleted file mode 100644 index a9c382a3f7..0000000000 --- a/kubernetes/vfc/charts/vfc-catalog/templates/service.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "catalog", - "version": "v1", - "url": "/api/catalog/v1", - "protocol": "REST", - "port": "{{.Values.service.externalPort}}", - "enable_ssl": {{ .Values.global.config.ssl_enabled }}, - "visualRange":"1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/vfc/charts/vfc-catalog/values.yaml b/kubernetes/vfc/charts/vfc-catalog/values.yaml deleted file mode 100644 index 3411c44799..0000000000 --- a/kubernetes/vfc/charts/vfc-catalog/values.yaml +++ /dev/null @@ -1,125 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: "db-root-pass" - externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' - type: password - password: '{{ .Values.config.mariadbRootPassword }}' - policy: required - -################################################################# -# Application configuration defaults. -################################################################# -# application image -flavor: small - -repository: nexus3.onap.org:10001 -image: onap/vfc/catalog:1.3.8 -pullPolicy: Always - -#Istio sidecar injection policy -istioSidecar: true - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: - mariadbService: vfc-mariadb - mariadbPort: 3306 - # mariadbRootPassword: secretpassword - # mariadbRootPasswordExternalSecret: some secret - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 120 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -## Persist data to a persitent volume -persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - volumeReclaimPolicy: Retain - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: <storageClass> - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessMode: ReadWriteOnce - size: 2Gi - mountPath: /dockerdata-nfs - mountSubPath: vfc/catalog - -service: - type: ClusterIP - name: vfc-catalog - portName: vfc-catalog - externalPort: 8806 - internalPort: 8806 -# nodePort: 30806 - -ingress: - enabled: false - -# Configure resource requests and limits -resources: - small: - limits: - cpu: 200m - memory: 500Mi - requests: - cpu: 100m - memory: 250Mi - large: - limits: - cpu: 400m - memory: 1000Mi - requests: - cpu: 200m - memory: 500Mi - unlimited: {} diff --git a/kubernetes/vfc/values.yaml b/kubernetes/vfc/values.yaml index b204c58f94..05e8c64974 100644 --- a/kubernetes/vfc/values.yaml +++ b/kubernetes/vfc/values.yaml @@ -62,10 +62,6 @@ db: &dbConfig mariadbPort: 3306 mariadbRootPasswordExternalSecret: *dbRootPassSecret -vfc-catalog: - config: - << : *dbConfig - vfc-nslcm: config: << : *dbConfig diff --git a/kubernetes/vid/resources/certs/org.onap.vid.jks b/kubernetes/vid/resources/certs/org.onap.vid.jks Binary files differindex 2b9338dc74..a05f12d857 100644 --- a/kubernetes/vid/resources/certs/org.onap.vid.jks +++ b/kubernetes/vid/resources/certs/org.onap.vid.jks diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index fb8f1a04f8..f22ea19e56 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -51,7 +51,7 @@ config: userName: vidadmin # userCredentialsExternalSecret: some secret # userPassword: password - vidkeystorepassword: '\^7w\!f+aR\{EJcTRsDuA7x\,+c\!' + vidkeystorepassword: 'F:.\,csU\&ew8\;tdVitnfo\}O\!g' asdcclientrestauth: "Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=" asdcclientrestport: "8443" vidaaiport: "8443" |