summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docs/sections/guides/infra_guides/oom_base_optional_addons.rst3
-rw-r--r--kubernetes/cps/components/cps-core/values.yaml2
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml5
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml10
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/templates/kafkauser.yaml16
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/values.yaml19
6 files changed, 50 insertions, 5 deletions
diff --git a/docs/sections/guides/infra_guides/oom_base_optional_addons.rst b/docs/sections/guides/infra_guides/oom_base_optional_addons.rst
index c98a388484..713aec6c8c 100644
--- a/docs/sections/guides/infra_guides/oom_base_optional_addons.rst
+++ b/docs/sections/guides/infra_guides/oom_base_optional_addons.rst
@@ -6,7 +6,6 @@
.. Links
.. _Prometheus stack README: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack#readme
.. _ONAP Next Generation Security & Logging Structure: https://wiki.onap.org/pages/viewpage.action?pageId=103417456
-.. _Istio best practices: https://docs.solo.io/gloo-mesh-enterprise/latest/setup/prod/namespaces/
.. _Istio setup guide: https://istio.io/latest/docs/setup/install/helm/
.. _Kiali setup guide: https://kiali.io/docs/installation/installation-guide/example-install/
.. _Kserve setup guide: https://kserve.github.io/website/0.10/admin/kubernetes_deployment/
@@ -58,7 +57,7 @@ ONAP on Service Mesh
ONAP is currenty planned to support Istio as default ServiceMesh platform.
Therefor the following instructions describe the setup of Istio and required tools.
-Used `Istio best practices`_ and `Istio setup guide`_
+Used `Istio setup guide`_
.. _oom_base_optional_addons_istio_installation:
diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml
index 7bdb79d8f9..e5c062ccf0 100644
--- a/kubernetes/cps/components/cps-core/values.yaml
+++ b/kubernetes/cps/components/cps-core/values.yaml
@@ -68,7 +68,7 @@ global:
container:
name: postgres
-image: onap/cps-and-ncmp:3.2.1
+image: onap/cps-and-ncmp:3.2.6
containerPort: &svc_port 8080
managementPort: &mgt_port 8081
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml
index 1c15a2dbce..7d764bf589 100644
--- a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml
@@ -49,9 +49,12 @@ logging:
onap:
cps: {{ .Values.logging.cps }}
+{{- with (first .Values.kafkaUser.acls) }}
+spring.kafka.consumer.group-id: {{ .name }}
+{{- end }}
spring.kafka.bootstrap-servers: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
spring.kafka.security.protocol: SASL_PLAINTEXT
-spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512
+spring.kafka.properties.sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
spring.kafka.properties.sasl.jaas.config: ${SASL_JAAS_CONFIG}
{{- if .Values.config.additional }}
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml
index 3d154dba64..4ff2851b0c 100644
--- a/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml
@@ -60,6 +60,11 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-core-creds" "key" "login") | indent 12 }}
- name: CPS_CORE_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-core-creds" "key" "password") | indent 12 }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
volumeMounts:
- mountPath: /config-input
name: init-data-input
@@ -90,6 +95,11 @@ spec:
env:
- name: SPRING_PROFILES_ACTIVE
value: {{ .Values.config.spring.profile }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/kafkauser.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/templates/kafkauser.yaml
new file mode 100644
index 0000000000..708e99dfe0
--- /dev/null
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/templates/kafkauser.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }} \ No newline at end of file
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml
index 44f11f5b9c..59a64905d1 100644
--- a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml
@@ -47,7 +47,7 @@ global:
virtualhost:
baseurl: "simpledemo.onap.org"
-image: onap/ncmp-dmi-plugin:1.2.2
+image: onap/ncmp-dmi-plugin:1.3.0
containerPort: &svc_port 8080
managementPort: &mgt_port 8081
@@ -177,3 +177,20 @@ updateStrategy:
type: RollingUpdate
maxUnavailable: 0
maxSurge: 1
+
+# Strimzi KafkaUser config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: ncmp-dmi-plugin-group
+ type: group
+ operations: [Read]
+ - name: ncmp-dmi-cm-avc-subscription-ncmp-dmi-plugin
+ type: topic
+ operations: [Read]
+ - name: dmi-ncmp-cm-avc-subscription
+ type: topic
+ operations: [Write]
+ - name: ncmp-async-m2m
+ type: topic
+ operations: [Write]