summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docs/onap_values.yaml104
-rw-r--r--docs/oom_cloud_setup_guide.rst29
-rw-r--r--docs/oom_quickstart_guide.rst133
-rw-r--r--docs/oom_setup_kubernetes_rancher.rst9
-rw-r--r--docs/oom_user_guide.rst35
-rw-r--r--docs/openstack-k8s-node.sh2
-rw-r--r--docs/openstack-rancher.sh4
-rw-r--r--docs/release-notes.rst43
-rw-r--r--kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml4
-rw-r--r--kubernetes/aai/charts/aai-babel/resources/fproxy/config/auth/client-cert.p12bin0 -> 2556 bytes
-rw-r--r--kubernetes/aai/charts/aai-babel/resources/fproxy/config/auth/tomcat_keystore (renamed from kubernetes/aai/charts/aai-sparky-be/resources/config/auth/tomcat_keystore)bin2214 -> 2214 bytes
-rw-r--r--kubernetes/aai/charts/aai-babel/resources/fproxy/config/fproxy.properties2
-rw-r--r--kubernetes/aai/charts/aai-babel/resources/fproxy/config/logback-spring.xml48
-rw-r--r--kubernetes/aai/charts/aai-babel/resources/fproxy/config/readme.txt1
-rw-r--r--kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/client-cert.p12bin0 -> 2556 bytes
-rw-r--r--kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/tomcat_keystorebin0 -> 3594 bytes
-rw-r--r--kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/uri-authorization.json93
-rw-r--r--kubernetes/aai/charts/aai-babel/resources/rproxy/config/cadi.properties25
-rw-r--r--kubernetes/aai/charts/aai-babel/resources/rproxy/config/forward-proxy.properties4
-rw-r--r--kubernetes/aai/charts/aai-babel/resources/rproxy/config/logback-spring.xml48
-rw-r--r--kubernetes/aai/charts/aai-babel/resources/rproxy/config/primary-service.properties3
-rw-r--r--kubernetes/aai/charts/aai-babel/resources/rproxy/config/readme.txt1
-rw-r--r--kubernetes/aai/charts/aai-babel/resources/rproxy/config/reverse-proxy.properties1
-rw-r--r--kubernetes/aai/charts/aai-babel/resources/rproxy/config/security/keyfile27
-rw-r--r--kubernetes/aai/charts/aai-babel/templates/configmap.yaml35
-rw-r--r--kubernetes/aai/charts/aai-babel/templates/deployment.yaml110
-rw-r--r--kubernetes/aai/charts/aai-babel/templates/secrets.yaml30
-rw-r--r--kubernetes/aai/charts/aai-babel/templates/service.yaml30
-rw-r--r--kubernetes/aai/charts/aai-babel/values.yaml8
-rw-r--r--kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/client-cert.p12bin0 -> 2556 bytes
-rw-r--r--kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/tomcat_keystorebin0 -> 3659 bytes
-rw-r--r--kubernetes/aai/charts/aai-champ/resources/fproxy/config/fproxy.properties2
-rw-r--r--kubernetes/aai/charts/aai-champ/resources/fproxy/config/logback-spring.xml48
-rw-r--r--kubernetes/aai/charts/aai-champ/resources/fproxy/config/readme.txt1
-rw-r--r--kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/client-cert.p12bin0 -> 2556 bytes
-rw-r--r--kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/tomcat_keystorebin0 -> 3594 bytes
-rw-r--r--kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json99
-rw-r--r--kubernetes/aai/charts/aai-champ/resources/rproxy/config/cadi.properties25
-rw-r--r--kubernetes/aai/charts/aai-champ/resources/rproxy/config/forward-proxy.properties4
-rw-r--r--kubernetes/aai/charts/aai-champ/resources/rproxy/config/logback-spring.xml48
-rw-r--r--kubernetes/aai/charts/aai-champ/resources/rproxy/config/primary-service.properties3
-rw-r--r--kubernetes/aai/charts/aai-champ/resources/rproxy/config/readme.txt1
-rw-r--r--kubernetes/aai/charts/aai-champ/resources/rproxy/config/reverse-proxy.properties1
-rw-r--r--kubernetes/aai/charts/aai-champ/resources/rproxy/config/security/keyfile27
-rw-r--r--kubernetes/aai/charts/aai-champ/templates/configmap.yaml34
-rw-r--r--kubernetes/aai/charts/aai-champ/templates/deployment.yaml108
-rw-r--r--kubernetes/aai/charts/aai-champ/templates/secrets.yaml29
-rw-r--r--kubernetes/aai/charts/aai-champ/templates/service.yaml13
-rw-r--r--kubernetes/aai/charts/aai-champ/values.yaml8
-rw-r--r--kubernetes/aai/charts/aai-data-router/values.yaml8
-rw-r--r--kubernetes/aai/charts/aai-elasticsearch/values.yaml6
-rw-r--r--kubernetes/aai/charts/aai-gizmo/resources/config/auth/client-cert.p12bin0 -> 2556 bytes
-rw-r--r--kubernetes/aai/charts/aai-gizmo/resources/config/crud-beans.xml4
-rw-r--r--kubernetes/aai/charts/aai-gizmo/resources/config/edgeprops-ingest.properties3
-rw-r--r--kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v14.json6
-rw-r--r--kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v15.json6
-rw-r--r--kubernetes/aai/charts/aai-gizmo/resources/config/schema-ingest.properties45
-rw-r--r--kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml13
-rw-r--r--kubernetes/aai/charts/aai-gizmo/values.yaml8
-rw-r--r--kubernetes/aai/charts/aai-graphadmin/values.yaml8
-rw-r--r--kubernetes/aai/charts/aai-modelloader/values.yaml8
-rw-r--r--kubernetes/aai/charts/aai-resources/resources/config/auth/aai_policy.json298
-rw-r--r--kubernetes/aai/charts/aai-resources/resources/fproxy/config/auth/client-cert.p12bin0 -> 3617 bytes
-rw-r--r--kubernetes/aai/charts/aai-resources/resources/fproxy/config/auth/fproxy_truststorebin0 -> 4639 bytes
-rw-r--r--kubernetes/aai/charts/aai-resources/resources/fproxy/config/auth/tomcat_keystorebin0 -> 2214 bytes
-rw-r--r--kubernetes/aai/charts/aai-resources/resources/fproxy/config/fproxy.properties2
-rw-r--r--kubernetes/aai/charts/aai-resources/resources/fproxy/config/logback-spring.xml48
-rw-r--r--kubernetes/aai/charts/aai-resources/resources/fproxy/config/readme.txt1
-rw-r--r--kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/client-cert.p12bin0 -> 4291 bytes
-rw-r--r--kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12bin0 -> 4158 bytes
-rw-r--r--kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/tomcat_keystorebin0 -> 4943 bytes
-rw-r--r--kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/uri-authorization.json99
-rw-r--r--kubernetes/aai/charts/aai-resources/resources/rproxy/config/cadi.properties39
-rw-r--r--kubernetes/aai/charts/aai-resources/resources/rproxy/config/forward-proxy.properties4
-rw-r--r--kubernetes/aai/charts/aai-resources/resources/rproxy/config/logback-spring.xml48
-rw-r--r--kubernetes/aai/charts/aai-resources/resources/rproxy/config/primary-service.properties3
-rw-r--r--kubernetes/aai/charts/aai-resources/resources/rproxy/config/readme.txt1
-rw-r--r--kubernetes/aai/charts/aai-resources/resources/rproxy/config/reverse-proxy.properties1
-rw-r--r--kubernetes/aai/charts/aai-resources/resources/rproxy/config/security/keyfile27
-rw-r--r--kubernetes/aai/charts/aai-resources/templates/configmap.yaml85
-rw-r--r--kubernetes/aai/charts/aai-resources/templates/deployment.yaml123
-rw-r--r--kubernetes/aai/charts/aai-resources/values.yaml13
-rw-r--r--kubernetes/aai/charts/aai-search-data/values.yaml8
-rw-r--r--kubernetes/aai/charts/aai-sparky-be/resources/config/application-ssl.properties7
-rw-r--r--kubernetes/aai/charts/aai-sparky-be/resources/config/application.properties2
-rw-r--r--kubernetes/aai/charts/aai-sparky-be/resources/config/auth/aai-os-cert.p12bin4357 -> 0 bytes
-rw-r--r--kubernetes/aai/charts/aai-sparky-be/resources/config/auth/org.onap.aai.p12bin0 -> 4307 bytes
-rw-r--r--kubernetes/aai/charts/aai-sparky-be/resources/config/auth/truststoreONAPall.jksbin0 -> 117990 bytes
-rw-r--r--kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml1
-rw-r--r--kubernetes/aai/charts/aai-sparky-be/values.yaml13
-rw-r--r--kubernetes/aai/charts/aai-spike/resources/config/auth/client-cert.p12bin0 -> 3617 bytes
-rw-r--r--kubernetes/aai/charts/aai-spike/resources/config/edgeprops-ingest.properties (renamed from kubernetes/aai/charts/aai-spike/resources/config/schemaIngest.properties)9
-rw-r--r--kubernetes/aai/charts/aai-spike/resources/config/model/edge_props/edge_properties_v15.json6
-rw-r--r--kubernetes/aai/charts/aai-spike/resources/config/schema-ingest.properties65
-rw-r--r--kubernetes/aai/charts/aai-spike/templates/deployment.yaml13
-rw-r--r--kubernetes/aai/charts/aai-spike/values.yaml8
-rw-r--r--kubernetes/aai/charts/aai-traversal/values.yaml8
-rw-r--r--kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg138
-rw-r--r--kubernetes/aai/templates/configmap.yaml4
-rw-r--r--kubernetes/aai/templates/deployment.yaml8
-rw-r--r--kubernetes/appc/values.yaml2
-rw-r--r--kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-policy_handler-inputs.yaml7
-rw-r--r--kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml10
-rw-r--r--kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml15
-rw-r--r--kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/pv.yaml37
-rw-r--r--kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/pvc.yaml (renamed from kubernetes/aai/charts/aai-gizmo/resources/config/schemaIngest.properties)65
-rw-r--r--kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml10
-rw-r--r--kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml2
-rw-r--r--kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/poddisruptionbudget.yaml28
-rw-r--r--kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pv.yaml35
-rw-r--r--kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/service.yaml3
-rw-r--r--kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/statefulset.yaml (renamed from kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/deployment.yaml)84
-rw-r--r--kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml15
-rw-r--r--kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/poddisruptionbudget.yaml28
-rw-r--r--kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pv.yaml35
-rw-r--r--kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/service.yaml15
-rw-r--r--kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/statefulset.yaml (renamed from kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/deployment.yaml)81
-rw-r--r--kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml25
-rwxr-xr-xkubernetes/dmaap/charts/message-router/resources/config/dmaap/MsgRtrApi.properties12
-rw-r--r--kubernetes/dmaap/charts/message-router/templates/statefulset.yaml (renamed from kubernetes/dmaap/charts/message-router/templates/deployment.yaml)4
-rw-r--r--kubernetes/dmaap/charts/message-router/values.yaml6
-rw-r--r--kubernetes/log/charts/log-logstash/values.yaml4
-rw-r--r--kubernetes/multicloud/charts/multicloud-ocata/values.yaml2
-rw-r--r--kubernetes/multicloud/charts/multicloud-pike/values.yaml2
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/Chart.yaml18
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/Chart.yaml18
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/resources/config/alertmanager.yml14
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/configmap.yaml32
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/deployment.yaml100
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pv.yaml41
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pvc.yaml52
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/service.yaml52
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/values.yaml87
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/Chart.yaml18
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/resources/config/grafana.ini11
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/configmap.yaml96
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/deployment.yaml139
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pv.yaml41
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pvc.yaml (renamed from kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pvc.yaml)7
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/service.yaml46
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/values.yaml114
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/resources/config/prometheus.yml37
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/templates/configmap.yaml32
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/templates/deployment.yaml125
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/templates/pv.yaml41
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/templates/pvc.yaml (renamed from kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pvc.yaml)7
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/templates/service.yaml46
-rw-r--r--kubernetes/multicloud/charts/multicloud-prometheus/values.yaml108
-rw-r--r--kubernetes/multicloud/charts/multicloud-windriver/values.yaml2
-rw-r--r--kubernetes/multicloud/values.yaml4
-rw-r--r--kubernetes/onap/resources/environments/dev.yaml2
-rw-r--r--kubernetes/onap/values.yaml4
-rw-r--r--kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml23
-rwxr-xr-xkubernetes/oof/charts/oof-has/values.yaml2
-rw-r--r--kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/scripts/bootstrap.sh14
-rw-r--r--kubernetes/pnda/charts/dcae-pnda-bootstrap/values.yaml2
-rw-r--r--kubernetes/pnda/charts/dcae-pnda-mirror/templates/service.yaml2
-rw-r--r--kubernetes/pnda/charts/dcae-pnda-mirror/values.yaml8
-rw-r--r--kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf20
-rw-r--r--kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json104
-rw-r--r--kubernetes/policy/charts/policy-distribution/resources/config/config.json7
-rw-r--r--kubernetes/policy/resources/config/pe/push-policies.sh29
-rw-r--r--kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties5
-rw-r--r--[-rwxr-xr-x]kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/ndcb.properties (renamed from kubernetes/pomba/charts/pomba-contextaggregator/resources/config/future-builders/ndcb.properties)0
-rw-r--r--kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/sdnc.properties27
-rw-r--r--kubernetes/pomba/charts/pomba-data-router/templates/deployment.yaml2
-rw-r--r--kubernetes/pomba/charts/pomba-elasticsearch/resources/config/elasticsearch.yml1
-rw-r--r--kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.crt.pem24
-rw-r--r--kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.key.pem28
-rw-r--r--kubernetes/pomba/charts/pomba-kibana/resources/bin/kibana_start.sh24
-rw-r--r--kubernetes/pomba/charts/pomba-kibana/resources/config/kibana.yml6
-rw-r--r--kubernetes/pomba/charts/pomba-kibana/templates/configmap.yaml16
-rw-r--r--kubernetes/pomba/charts/pomba-kibana/templates/deployment.yaml22
-rw-r--r--kubernetes/pomba/charts/pomba-kibana/values.yaml5
-rw-r--r--kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties35
-rw-r--r--kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/client-cert-onap.p12bin0 -> 2556 bytes
-rw-r--r--kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/enricher-client-cert.p12bin2605 -> 0 bytes
-rw-r--r--kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystorebin0 -> 2214 bytes
-rw-r--r--kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/logback.xml (renamed from kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/log/logback.xml)61
-rw-r--r--kubernetes/pomba/charts/pomba-networkdiscovery/templates/configmap.yaml59
-rw-r--r--kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml245
-rw-r--r--kubernetes/pomba/charts/pomba-networkdiscovery/templates/service.yaml3
-rw-r--r--kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml32
-rw-r--r--kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml265
-rw-r--r--kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml12
-rw-r--r--kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml6
-rw-r--r--kubernetes/pomba/charts/pomba-sdncctxbuilder/.helmignore21
-rw-r--r--kubernetes/pomba/charts/pomba-sdncctxbuilder/Chart.yaml18
-rw-r--r--kubernetes/pomba/charts/pomba-sdncctxbuilder/requirements.yaml18
-rw-r--r--kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/application.properties72
-rw-r--r--kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/logback.xml235
-rw-r--r--kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/configmap.yaml30
-rw-r--r--kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/deployment.yaml111
-rw-r--r--kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/service.yaml41
-rw-r--r--kubernetes/pomba/charts/pomba-sdncctxbuilder/values.yaml119
-rw-r--r--kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/application.properties5
-rw-r--r--kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy253
-rw-r--r--kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql137
-rw-r--r--kubernetes/portal/charts/portal-mariadb/values.yaml5
-rw-r--r--kubernetes/portal/docker/init/mariadb-client/Dockerfile2
-rw-r--r--kubernetes/robot/templates/deployment.yaml18
-rwxr-xr-xkubernetes/so/charts/so-mariadb/values.yaml2
-rwxr-xr-xkubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml8
-rw-r--r--kubernetes/vid/templates/deployment.yaml6
204 files changed, 5366 insertions, 1122 deletions
diff --git a/docs/onap_values.yaml b/docs/onap_values.yaml
deleted file mode 100644
index 663b05fb84..0000000000
--- a/docs/onap_values.yaml
+++ /dev/null
@@ -1,104 +0,0 @@
-#################################################################
-# Global configuration overrides.
-#
-# These overrides will affect all helm charts (ie. applications)
-# that are listed below and are 'enabled'.
-#################################################################
-global:
- # Change to an unused port prefix range to prevent port conflicts
- # with other instances running within the same k8s cluster
- nodePortPrefix: 302
-
- # image repositories
- repository: nexus3.onap.org:10001
- repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
- # readiness check
- readinessRepository: oomk8s
- # logging agent
- loggingRepository: docker.elastic.co
-
- # image pull policy
- pullPolicy: Always
-
- # default mount path root directory referenced
- # by persistent volumes and log files
- persistence:
- mountPath: /dockerdata-nfs
-
- # flag to enable debugging - application support required
- debugEnabled: false
-
-
-#################################################################
-# Enable/disable and configure helm charts (ie. applications)
-# to customize the ONAP deployment.
-#################################################################
-aaf:
- enabled: true
-aai:
- enabled: true
-appc:
- enabled: true
-clamp:
- enabled: true
-cli:
- enabled: true
-consul: # Consul Health Check Monitoring
- enabled: true
-dcaegen2:
- enabled: true
-esr:
- enabled: true
-log: # ONAP Logging ElasticStack
- enabled: true
-message-router:
- enabled: true
-mock:
- enabled: true
-msb:
- enabled: true
-multicloud:
- enabled: true
-policy:
- enabled: true
-portal:
- enabled: true
-robot: # Robot Health Check
- enabled: true
-sdc:
- enabled: true
-sdnc:
- enabled: true
-so: # Service Orchestrator
- enabled: true
-
- replicaCount: 1
-
- liveness:
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
- # so server configuration
- config:
- # message router configuration
- dmaapTopic: "AUTO"
- # openstack configuration
- openStackUserName: "vnf_user"
- openStackRegion: "RegionOne"
- openStackKeyStoneUrl: "http://1.2.3.4:5000"
- openStackServiceTenantName: "service"
- openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
-
- # configure embedded mariadb
- mariadb:
- config:
- mariadbRootPassword: password
-uui:
- enabled: true
-vfc:
- enabled: true
-vid:
- enabled: true
-vnfsdk:
- enabled: true
diff --git a/docs/oom_cloud_setup_guide.rst b/docs/oom_cloud_setup_guide.rst
index 4fe943cf18..9fb3ab73b1 100644
--- a/docs/oom_cloud_setup_guide.rst
+++ b/docs/oom_cloud_setup_guide.rst
@@ -45,34 +45,33 @@ The versions of Kubernetes that are supported by OOM are as follows:
.. table:: OOM Software Requirements
- ============== ========== ===== ======= ========
- Release Kubernetes Helm kubectl Docker
- ============== ========== ===== ======= ========
- amsterdam 1.7.x 2.3.x 1.7.x 1.12.x
- beijing 1.8.10 2.8.2 1.8.10 17.03.x
- casablanca/master 1.8.10 2.9.1 1.8.10 17.03.x
- ============== ========== ===== ======= ========
+ ============== =========== ===== ======== ========
+ Release Kubernetes Helm kubectl Docker
+ ============== =========== ===== ======== ========
+ amsterdam 1.7.x 2.3.x 1.7.x 1.12.x
+ beijing 1.8.10 2.8.2 1.8.10 17.03.x
+ casablanca 1.11.2 2.9.1 1.11.2 17.03.x
+ ============== =========== ===== ======== ========
Minimum Hardware Configuration
==============================
-The minimum hardware requirements are provided below. Note that although ONAP
-may operate on a single node as described production deployments will need at
-least three if not six nodes to ensure there is no single point of failure.
+The hardware requirements are provided below. Note that this is for a
+full ONAP deployment (all components). Customizing ONAP to deploy only
+components that are needed will drastically reduce the requirements.
.. table:: OOM Hardware Requirements
===== ===== ====== ====================
RAM HD vCores Ports
===== ===== ====== ====================
- 128GB 160GB 32 0.0.0.0/0 (all open)
+ 224GB 160GB 112 0.0.0.0/0 (all open)
===== ===== ====== ====================
.. note::
- Kubernetes supports a maximum of 110 pods per node which forces one to use at
- least two nodes to deploy all of ONAP although at least three are recommended
- (for example 4x32GB - 8 vCores each). Subsets of ONAP may still be deployed
- on a single node.
+ Kubernetes supports a maximum of 110 pods per node. The use of many small
+ nodes is preferred over a few larger nodes (for example 14x16GB - 8 vCores each).
+ Subsets of ONAP may still be deployed on a single node.
Cloud Installation
==================
diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst
index 077e7e7e1c..0029d5fb9a 100644
--- a/docs/oom_quickstart_guide.rst
+++ b/docs/oom_quickstart_guide.rst
@@ -16,119 +16,18 @@ available), follow the following instructions to deploy ONAP.
**Step 1.** Clone the OOM repository from ONAP gerrit::
- > git clone -b beijing http://gerrit.onap.org/r/oom
+ > git clone -b casablanca http://gerrit.onap.org/r/oom
> cd oom/kubernetes
+**Step 2.** Install Helm Plugins required to deploy the ONAP Casablanca release::
+ sudo cp -R ~/oom/kubernetes/helm/plugins/ ~/.helm
-**Step 2.** Customize the onap/values.yaml file to suit your deployment. You
+**Step 3.** Customize the onap/values.yaml file to suit your deployment. You
may want to selectively enable or disable ONAP components by changing the
`enabled: true/false` flags as shown below:
-.. code-block:: yaml
-
- #################################################################
- # Global configuration overrides.
- #
- # These overrides will affect all helm charts (ie. applications)
- # that are listed below and are 'enabled'.
- #################################################################
- global:
- # Change to an unused port prefix range to prevent port conflicts
- # with other instances running within the same k8s cluster
- nodePortPrefix: 302
-
- # image repositories
- repository: nexus3.onap.org:10001
- repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
- # readiness check
- readinessRepository: oomk8s
- # logging agent
- loggingRepository: docker.elastic.co
-
- # image pull policy
- pullPolicy: Always
-
- # default mount path root directory referenced
- # by persistent volumes and log files
- persistence:
- mountPath: /dockerdata-nfs
-
- # flag to enable debugging - application support required
- debugEnabled: false
-
- #################################################################
- # Enable/disable and configure helm charts (ie. applications)
- # to customize the ONAP deployment.
- #################################################################
- aaf:
- enabled: true
- aai:
- enabled: true
- appc:
- enabled: true
- clamp:
- enabled: true
- cli:
- enabled: true
- consul: # Consul Health Check Monitoring
- enabled: true
- dcaegen2:
- enabled: true
- esr:
- enabled: true
- log:
- enabled: true
- message-router:
- enabled: true
- mock:
- enabled: true
- msb:
- enabled: true
- multicloud:
- enabled: true
- policy:
- enabled: true
- portal:
- enabled: true
- robot: # Robot Health Check
- enabled: true
- sdc:
- enabled: true
- sdnc:
- enabled: true
- so: # Service Orchestrator
- enabled: true
-
- replicaCount: 1
-
- liveness:
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
- # so server configuration
- config:
- # message router configuration
- dmaapTopic: "AUTO"
- # openstack configuration
- openStackUserName: "vnf_user"
- openStackRegion: "RegionOne"
- openStackKeyStoneUrl: "http://1.2.3.4:5000"
- openStackServiceTenantName: "service"
- openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
-
- # configure embedded mariadb
- mariadb:
- config:
- mariadbRootPassword: password
- uui:
- enabled: true
- vfc:
- enabled: true
- vid:
- enabled: true
- vnfsdk:
- enabled: true
+.. literalinclude:: onap-values.yaml
+ :language: yaml
.. note::
To generate openStackEncryptedPasswordHere :
@@ -154,18 +53,12 @@ follows::
**Step 5.** Build a local Helm repository (from the kubernetes directory)::
- > make all
+ > make all; make onap
**Step 6.** Display the charts that available to be deployed::
> helm search -l
- NAME VERSION DESCRIPTION
- local/appc 2.0.0 Application Controller
- local/clamp 2.0.0 ONAP Clamp
- local/common 2.0.0 Common templates for inclusion in other charts
- local/onap 2.0.0 Open Network Automation Platform (ONAP)
- local/robot 2.0.0 A helm Chart for kubernetes-ONAP Robot
- local/so 2.0.0 ONAP Service Orchestrator
+.. literalinclude:: helm-search.txt
.. note::
The setup of the Helm repository is a one time activity. If you make changes to your deployment charts or values be sure to use `make` to update your local Helm repository.
@@ -173,11 +66,15 @@ follows::
**Step 7.** Once the repo is setup, installation of ONAP can be done with a
single command::
- > helm install local/onap -n dev --namespace onap
+ > helm deploy dev local/onap --namespace onap
-.. note::
- The requirement for the use of the `onap` namespace will be lifted once the OOM team completes their Beijing deveivers.
Use the following to monitor your deployment and determine when ONAP is ready for use::
> kubectl get pods --all-namespaces -o=wide
+
+Undeploying onap can be done using the following command::
+ > helm undeploy dev --purge
+
+
+More examples of using the deploy and undeploy plugins can be found here: https://wiki.onap.org/display/DW/OOM+Helm+%28un%29Deploy+plugins \ No newline at end of file
diff --git a/docs/oom_setup_kubernetes_rancher.rst b/docs/oom_setup_kubernetes_rancher.rst
index a20c0dfe96..fddccf8068 100644
--- a/docs/oom_setup_kubernetes_rancher.rst
+++ b/docs/oom_setup_kubernetes_rancher.rst
@@ -48,7 +48,7 @@ Select "No" on "Create New Volume"
Select Flavor
-------------
Known issues exist if flavor is too small for Rancher. Please select a flavor
-with at least 4 vCPU and 8GB ram.
+with at least 4 vCPU and 8GB ram. A size of 8 vCPU and 16GB ram is recommended.
.. image:: Rancher-Select_Flavor.jpeg
@@ -88,7 +88,7 @@ This customization script will:
* install nfs server
.. note::
- The Beijing release of OOM only supports Helm 2.8.2 not the 2.7.2 shown in
+ The Casablanca release of OOM only supports Helm 2.9.1 not the 2.7.2 shown in
the screen capture below. The supported versions of all the software components
are listed in the :ref:`cloud-setup-guide-label`.
@@ -133,8 +133,9 @@ Select Flavor
The size of a Kubernetes host depends on the size of the ONAP deployment that
will be installed.
-As of the Beijing release a minimum of 3 x 32GB hosts will be needed to run a
-full ONAP deployment (all components).
+As of the Casablanca release a minimum 224GB will be needed to run a
+full ONAP deployment (all components). It is recommended that more hosts are used
+with fewer resources instead of only a few large hosts. For example 14 x 16GB hosts.
If a small subset of ONAP components are being deployed for testing purposes,
then a single 16GB or 32GB host should suffice.
diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst
index db410a69aa..ea658f0893 100644
--- a/docs/oom_user_guide.rst
+++ b/docs/oom_user_guide.rst
@@ -108,7 +108,7 @@ stable which should be removed to avoid confusion::
To prepare your system for an installation of ONAP, you'll need to::
- > git clone -b beijing http://gerrit.onap.org/r/oom
+ > git clone -b casablanca http://gerrit.onap.org/r/oom
> cd oom/kubernetes
@@ -282,7 +282,7 @@ value for the vnfDeployment/openstack/oam_network_cidr key as shown below.
To deploy ONAP with this environment file, enter::
- > helm install local/onap -n beijing -f environments/onap-production.yaml
+ > helm deploy local/onap -n casablanca -f environments/onap-production.yaml
.. include:: environments_onap_demo.yaml
:code: yaml
@@ -381,16 +381,31 @@ below::
10.12.6.155 portal.api.simpledemo.onap.org
10.12.6.155 vid.api.simpledemo.onap.org
10.12.6.155 sdc.api.fe.simpledemo.onap.org
+ 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
+ 10.12.6.155 sdc.dcae.plugin.simpledemo.onap.org
10.12.6.155 portal-sdk.simpledemo.onap.org
10.12.6.155 policy.api.simpledemo.onap.org
10.12.6.155 aai.api.sparky.simpledemo.onap.org
10.12.6.155 cli.api.simpledemo.onap.org
10.12.6.155 msb.api.discovery.simpledemo.onap.org
+ 10.12.6.155 msb.api.simpledemo.onap.org
+ 10.12.6.155 clamp.api.simpledemo.onap.org
+ 10.12.6.155 so.api.simpledemo.onap.org
Ensure you've disabled any proxy settings the browser you are using to access
-the portal and then simply access the familiar URL:
-http://portal.api.simpledemo.onap.org:8989/ONAPPORTAL/login.htm
+the portal and then simply access now the new ssl-encrypted URL:
+https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm
+.. note::
+ Using the HTTPS based Portal URL the Browser needs to be configured to accept
+ unsecure credentials.
+ Additionally when opening an Application inside the Portal, the Browser
+ might block the content, which requires to disable the blocking and reloading
+ of the page
+
+.. note::
+ Besides the ONAP Portal the Components can deliver additional user interfaces,
+ please check the Component specific documentation.
.. note::
@@ -572,14 +587,14 @@ sequence of events described in the previous paragraph would be initiated.
For example, to upgrade a container by changing configuration, specifically an
environment value::
- > helm upgrade beijing onap/so --version 2.0.1 --set enableDebug=true
+ > helm deploy casablanca onap/so --version 2.0.1 --set enableDebug=true
Issuing this command will result in the appropriate container being stopped by
Kubernetes and replaced with a new container with the new environment value.
To upgrade a component to a new version with a new configuration file enter::
- > helm upgrade beijing onap/so --version 2.0.2 -f environments/demo.yaml
+ > helm deploy casablanca onap/so --version 2.0.2 -f environments/demo.yaml
To fetch release history enter::
@@ -672,18 +687,18 @@ from a running deployment the operator perform a 'dry-run' to display exactly
what will happen with a given command prior to actually deleting anything. For
example::
- > helm delete --dry-run beijing
+ > helm undeploy casablanca --dry-run
-will display the outcome of deleting the 'beijing' release from the deployment.
+will display the outcome of deleting the 'casablanca' release from the deployment.
To completely delete a release and remove it from the internal store enter::
- > helm delete --purge beijing
+ > helm undeploy casablanca --purge
One can also remove individual components from a deployment by changing the
ONAP configuration values. For example, to remove `so` from a running
deployment enter::
- > helm upgrade beijing osn/onap --set so.enabled=false
+ > helm undeploy casablanca-so --purge
will remove `so` as the configuration indicates it's no longer part of the
deployment. This might be useful if a one wanted to replace just `so` by
diff --git a/docs/openstack-k8s-node.sh b/docs/openstack-k8s-node.sh
index 66dc629398..b8462aa5e9 100644
--- a/docs/openstack-k8s-node.sh
+++ b/docs/openstack-k8s-node.sh
@@ -1,7 +1,7 @@
#!/bin/bash
DOCKER_VERSION=17.03
-KUBECTL_VERSION=1.8.10
+KUBECTL_VERSION=1.11.2
HELM_VERSION=2.9.1
# setup root access - default login: oom/oom - comment out to restrict access too ssh key only
diff --git a/docs/openstack-rancher.sh b/docs/openstack-rancher.sh
index 1f1d2e4639..bcf542aedc 100644
--- a/docs/openstack-rancher.sh
+++ b/docs/openstack-rancher.sh
@@ -1,8 +1,8 @@
#!/bin/bash
DOCKER_VERSION=17.03
-RANCHER_VERSION=1.6.18
-KUBECTL_VERSION=1.8.10
+RANCHER_VERSION=1.6.22
+KUBECTL_VERSION=1.11.2
HELM_VERSION=2.9.1
# setup root access - default login: oom/oom - comment out to restrict access too ssh key only
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index c87eee0114..3e8a1be1b7 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -8,6 +8,49 @@
Release Notes
=============
+Version 3.0.0 Casablanca Release
+--------------------------------
+
+:Release Date: 2018-11-30
+
+Summary
+=======
+
+The focus of this release was on incremental improvements in the following areas:
+* Pluggable persistent storage with support for GlusterFS as the first storage class provisioner
+* CPU and Memory limits in Helm Charts to improve Pod placement based on resource availablity in Kubernetes Cluster
+* Support of Node Selectors for Pod placement
+* Common "shared" Helm Charts referencing common images
+ - mariadb-galera
+ - postgres
+ - cassandra
+ - mysql
+ - mongo
+* Integration of ARK Backup and Restore solution
+* Introduction of Helm deploy and undeploy plugins to better manage ONAP deployments
+
+
+**Security Notes**
+
+OOM code has been formally scanned during build time using NexusIQ and no Critical vulnerability was found.
+
+Quick Links:
+ - `OOM project page <https://wiki.onap.org/display/DW/ONAP+Operations+Manager+Project>`_
+
+ - `Passing Badge information for OOM <https://bestpractices.coreinfrastructure.org/en/projects/1631>`_
+
+
+**Known Issues**
+
+Problem: kubectl connections to pods (kubectl exec|logs) will fail after a while due to a known bug in Kubernetes (1.11.2)
+Workaround: Restart of the kubelet daemons on the k8s hosts
+Fix: Will be delivered in the next release via a new Kubernetes version (1.12)
+- `K8S Bug Report <https://github.com/kubernetes/kubernetes/issues/67659>`_
+- `OOM-1532 <https://jira.onap.org/browse/OOM-1532>`_
+- `OOM-1516 <https://jira.onap.org/browse/OOM-1516>`_
+- `OOM-1520 <https://jira.onap.org/browse/OOM-1520>`_
+
+
Version 2.0.0 Beijing Release
-----------------------------
diff --git a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml
index 58017bdf40..355cd608cb 100644
--- a/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/charts/aaf-sms-vault/values.yaml
@@ -81,11 +81,11 @@ persistence:
mountSubPath: sms/consul/data
service:
- type: NodePort
+ type: ClusterIP
name: aaf-sms-db
portName: aaf-sms-db
internalPort: 8200
- nodePort: 44
+ externalPort: 8200
ingress:
enabled: false
diff --git a/kubernetes/aai/charts/aai-babel/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-babel/resources/fproxy/config/auth/client-cert.p12
new file mode 100644
index 0000000000..dbf4fcacec
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/fproxy/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-babel/resources/fproxy/config/auth/tomcat_keystore
index 9eec841aa2..9eec841aa2 100644
--- a/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/tomcat_keystore
+++ b/kubernetes/aai/charts/aai-babel/resources/fproxy/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/charts/aai-babel/resources/fproxy/config/fproxy.properties b/kubernetes/aai/charts/aai-babel/resources/fproxy/config/fproxy.properties
new file mode 100644
index 0000000000..f512fb71a6
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/fproxy/config/fproxy.properties
@@ -0,0 +1,2 @@
+credential.cache.timeout.ms=180000
+transactionid.header.name=X-TransactionId \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-babel/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/charts/aai-babel/resources/fproxy/config/logback-spring.xml
new file mode 100644
index 0000000000..3a35b76f7b
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/fproxy/config/logback-spring.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/AAF-FPS" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="info">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "com.baeldung*" at TRACE level -->
+ <logger name="org.onap.aaf.fproxy" level="trace" additivity="false">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </logger>
+
+</configuration> \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-babel/resources/fproxy/config/readme.txt b/kubernetes/aai/charts/aai-babel/resources/fproxy/config/readme.txt
new file mode 100644
index 0000000000..79cf29e73c
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/fproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/client-cert.p12
new file mode 100644
index 0000000000..dbf4fcacec
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/tomcat_keystore
new file mode 100644
index 0000000000..99129c145f
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/uri-authorization.json
new file mode 100644
index 0000000000..acc940987c
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/auth/uri-authorization.json
@@ -0,0 +1,93 @@
+[
+ {
+ "uri": "\/not\/allowed\/at\/all$",
+ "permissions": [
+ "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
+ ]
+ },
+ {
+ "uri": "\/one\/auth\/required$",
+ "permissions": [
+ "test.auth.access.aSimpleSingleAuth"
+ ]
+ },
+ {
+ "uri": "\/multi\/auth\/required$",
+ "permissions": [
+ "test.auth.access.aMultipleAuth1",
+ "test.auth.access.aMultipleAuth2",
+ "test.auth.access.aMultipleAuth3"
+ ]
+ },
+ {
+ "uri": "\/one\/[^\/]+\/required$",
+ "permissions": [
+ "test.auth.access.aSimpleSingleAuth"
+ ]
+ },
+ {
+ "uri": "\/services\/getAAFRequest$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/admin\/getAAFRequest$",
+ "permissions": [
+ "test.auth.access|admin|GET,PUT,POST"
+ ]
+ },
+ {
+ "uri": "\/service\/aai\/webapp\/index.html$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/services\/aai\/webapp\/index.html$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/$",
+ "permissions": [
+ "\\|services\\|GET",
+ "test\\.auth\\.access\\|services\\|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
+ "permissions": [
+ "test\\.auth\\.access\\|rest\\|read"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
+ "permissions": [
+ "test.auth.access|clouds|read",
+ "test.auth.access|tenants|read"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
+ "permissions": [
+ "test.auth.access|clouds|read",
+ "test.auth.access|tenants|read",
+ "test.auth.access|vservers|read"
+ ]
+ },
+ {
+ "uri": "\/backend$",
+ "permissions": [
+ "test\\.auth\\.access\\|services\\|GET,PUT",
+ "\\|services\\|GET"
+ ]
+ },
+ {
+ "uri": "\/services\/babel-service\/.*",
+ "permissions": [
+ "org\\.access\\|\\*\\|\\*"
+ ]
+ }
+]
diff --git a/kubernetes/aai/charts/aai-babel/resources/rproxy/config/cadi.properties b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/cadi.properties
new file mode 100644
index 0000000000..a82e38caf6
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/cadi.properties
@@ -0,0 +1,25 @@
+# This is a normal Java Properties File
+# Comments are with Pound Signs at beginning of lines,
+# and multi-line expression of properties can be obtained by backslash at end of line
+
+#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
+#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
+#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
+#to your hosts file on your machine.
+#hostname=test.aic.cip.att.com
+
+cadi_loglevel=DEBUG
+cadi_keyfile=/opt/app/rproxy/config/security/keyfile
+
+cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
+cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+# Configure AAF
+aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}}
+aaf_env=DEV
+
+aaf_id=demo@people.osaaf.org
+aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
+
+# This is a colon separated list of client cert issuers
+cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
diff --git a/kubernetes/aai/charts/aai-babel/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/forward-proxy.properties
new file mode 100644
index 0000000000..1b58d4235c
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/forward-proxy.properties
@@ -0,0 +1,4 @@
+forward-proxy.protocol = https
+forward-proxy.host = localhost
+forward-proxy.port = 10680
+forward-proxy.cacheurl = /credential-cache \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-babel/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/logback-spring.xml
new file mode 100644
index 0000000000..289fe7512c
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/logback-spring.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/reverse-proxy" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="debug">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "com.baeldung*" at TRACE level -->
+ <logger name="org.onap.aaf.rproxy" level="trace" additivity="false">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </logger>
+
+</configuration>
diff --git a/kubernetes/aai/charts/aai-babel/resources/rproxy/config/primary-service.properties b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/primary-service.properties
new file mode 100644
index 0000000000..7055bf5303
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/primary-service.properties
@@ -0,0 +1,3 @@
+primary-service.protocol = https
+primary-service.host = localhost
+primary-service.port = 9516
diff --git a/kubernetes/aai/charts/aai-babel/resources/rproxy/config/readme.txt b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/readme.txt
new file mode 100644
index 0000000000..79cf29e73c
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-babel/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/reverse-proxy.properties
new file mode 100644
index 0000000000..8d46e1f429
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/reverse-proxy.properties
@@ -0,0 +1 @@
+transactionid.header.name=X-TransactionId \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-babel/resources/rproxy/config/security/keyfile b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/security/keyfile
new file mode 100644
index 0000000000..6cd12fcfb4
--- /dev/null
+++ b/kubernetes/aai/charts/aai-babel/resources/rproxy/config/security/keyfile
@@ -0,0 +1,27 @@
+bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM
+1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29
+xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK
+BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm
+6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99
+QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm
+zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6
+x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf
+8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz
+FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz
+UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r
+banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv
+6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG
+yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB
+xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB
+lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq
+ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE
+fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v
+1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5
+liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc
+0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u
+PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm
+8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv
+dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ
+-85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn
+c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J
+uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-babel/templates/configmap.yaml b/kubernetes/aai/charts/aai-babel/templates/configmap.yaml
index e75282df73..e018794035 100644
--- a/kubernetes/aai/charts/aai-babel/templates/configmap.yaml
+++ b/kubernetes/aai/charts/aai-babel/templates/configmap.yaml
@@ -25,3 +25,38 @@ metadata:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-babel/templates/deployment.yaml b/kubernetes/aai/charts/aai-babel/templates/deployment.yaml
index c2aa6e428e..5ac0792a2a 100644
--- a/kubernetes/aai/charts/aai-babel/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-babel/templates/deployment.yaml
@@ -31,6 +31,19 @@ spec:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
spec:
+ {{ if .Values.global.installSidecarSecurity }}
+ hostAliases:
+ - ip: {{ .Values.global.aaf.serverIp }}
+ hostnames:
+ - {{ .Values.global.aaf.serverHostname }}
+
+ initContainers:
+ - name: {{ .Values.global.tproxyConfig.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ privileged: true
+ {{ end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -108,6 +121,79 @@ spec:
- mountPath: /usr/share/filebeat/data
name: aai-filebeat
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ .Values.global.rproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/rproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.config.keyStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.rproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/forward-proxy.properties
+ subPath: forward-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/primary-service.properties
+ subPath: primary-service.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/reverse-proxy.properties
+ subPath: reverse-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/cadi.properties
+ subPath: cadi.properties
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ mountPath: /opt/app/rproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
+ subPath: uri-authorization.json
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
+ subPath: aaf_truststore.jks
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ mountPath: /opt/app/rproxy/config/security/keyfile
+ subPath: keyfile
+
+ ports:
+ - containerPort: {{ .Values.global.rproxy.port }}
+
+ - name: {{ .Values.global.fproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/fproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.config.keyStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.fproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ mountPath: /opt/app/fproxy/config/fproxy.properties
+ subPath: fproxy.properties
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ mountPath: /opt/app/fproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ ports:
+ - containerPort: {{ .Values.global.fproxy.port }}
+ {{ end }}
+
volumes:
- name: localtime
hostPath:
@@ -134,5 +220,29 @@ spec:
emptyDir: {}
- name: aai-filebeat
emptyDir: {}
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-rproxy-security-config
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-fproxy-auth-config
+ {{ end }}
+
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/charts/aai-babel/templates/secrets.yaml b/kubernetes/aai/charts/aai-babel/templates/secrets.yaml
index 5b21e17ba4..78a849be27 100644
--- a/kubernetes/aai/charts/aai-babel/templates/secrets.yaml
+++ b/kubernetes/aai/charts/aai-babel/templates/secrets.yaml
@@ -36,3 +36,33 @@ type: Opaque
data:
KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }}
KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-auth-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-auth-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-security-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-babel/templates/service.yaml b/kubernetes/aai/charts/aai-babel/templates/service.yaml
index eeb27edffb..9a8b8a22c6 100644
--- a/kubernetes/aai/charts/aai-babel/templates/service.yaml
+++ b/kubernetes/aai/charts/aai-babel/templates/service.yaml
@@ -26,15 +26,27 @@ metadata:
spec:
type: {{ .Values.service.type }}
ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort}}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort}}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
+ {{ if .Values.global.installSidecarSecurity }}
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.global.rproxy.port }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.global.rproxy.port }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ {{ else }}
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ {{ end }}
selector:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
diff --git a/kubernetes/aai/charts/aai-babel/values.yaml b/kubernetes/aai/charts/aai-babel/values.yaml
index b26b858c4f..8c192e531e 100644
--- a/kubernetes/aai/charts/aai-babel/values.yaml
+++ b/kubernetes/aai/charts/aai-babel/values.yaml
@@ -69,13 +69,13 @@ resources:
cpu: 2
memory: 4Gi
requests:
- cpu: 1
- memory: 2Gi
+ cpu: 0.5
+ memory: 1Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 2
+ memory: 2Gi
unlimited: {}
diff --git a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/client-cert.p12
new file mode 100644
index 0000000000..dbf4fcacec
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/tomcat_keystore
new file mode 100644
index 0000000000..f3ac0701a2
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/fproxy.properties b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/fproxy.properties
new file mode 100644
index 0000000000..f512fb71a6
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/fproxy.properties
@@ -0,0 +1,2 @@
+credential.cache.timeout.ms=180000
+transactionid.header.name=X-TransactionId \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/logback-spring.xml
new file mode 100644
index 0000000000..4fae434edd
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/logback-spring.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/AAF-FPS" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="info">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "com.baeldung*" at TRACE level -->
+ <logger name="org.onap.aaf.fproxy" level="trace" additivity="false">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </logger>
+
+</configuration> \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/resources/fproxy/config/readme.txt b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/readme.txt
new file mode 100644
index 0000000000..79cf29e73c
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/fproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/client-cert.p12
new file mode 100644
index 0000000000..dbf4fcacec
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/tomcat_keystore
new file mode 100644
index 0000000000..99129c145f
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json
new file mode 100644
index 0000000000..2865e01cd6
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/auth/uri-authorization.json
@@ -0,0 +1,99 @@
+ [
+ {
+ "uri": "\/not\/allowed\/at\/all$",
+ "permissions": [
+ "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
+ ]
+ },
+ {
+ "uri": "\/one\/auth\/required$",
+ "permissions": [
+ "test.auth.access.aSimpleSingleAuth"
+ ]
+ },
+ {
+ "uri": "\/multi\/auth\/required$",
+ "permissions": [
+ "test.auth.access.aMultipleAuth1",
+ "test.auth.access.aMultipleAuth2",
+ "test.auth.access.aMultipleAuth3"
+ ]
+ },
+ {
+ "uri": "\/one\/[^\/]+\/required$",
+ "permissions": [
+ "test.auth.access.aSimpleSingleAuth"
+ ]
+ },
+ {
+ "uri": "\/services\/getAAFRequest$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/admin\/getAAFRequest$",
+ "permissions": [
+ "test.auth.access|admin|GET,PUT,POST"
+ ]
+ },
+ {
+ "uri": "\/service\/aai\/webapp\/index.html$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/services\/aai\/webapp\/index.html$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/$",
+ "permissions": [
+ "\\|services\\|GET",
+ "test\\.auth\\.access\\|services\\|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
+ "permissions": [
+ "test\\.auth\\.access\\|rest\\|read"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
+ "permissions": [
+ "test.auth.access|clouds|read",
+ "test.auth.access|tenants|read"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
+ "permissions": [
+ "test.auth.access|clouds|read",
+ "test.auth.access|tenants|read",
+ "test.auth.access|vservers|read"
+ ]
+ },
+ {
+ "uri": "\/backend$",
+ "permissions": [
+ "test\\.auth\\.access\\|services\\|GET,PUT",
+ "\\|services\\|GET"
+ ]
+ },
+ {
+ "uri": "\/services\/inventory\/.*",
+ "permissions": [
+ "org\\.access\\|\\*\\|\\*"
+ ]
+ },
+ {
+ "uri": "\/services\/champ-service\/.*",
+ "permissions": [
+ "org\\.access\\|\\*\\|\\*"
+ ]
+ }
+ ]
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/cadi.properties b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/cadi.properties
new file mode 100644
index 0000000000..33daa73b67
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/cadi.properties
@@ -0,0 +1,25 @@
+# This is a normal Java Properties File
+# Comments are with Pound Signs at beginning of lines,
+# and multi-line expression of properties can be obtained by backslash at end of line
+
+#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
+#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
+#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
+#to your hosts file on your machine.
+#hostname=test.aic.cip.att.com
+
+cadi_loglevel=DEBUG
+cadi_keyfile=/opt/app/rproxy/config/security/keyfile
+
+cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
+cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+# Configure AAF
+aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}}
+aaf_env=DEV
+
+aaf_id=demo@people.osaaf.org
+aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
+
+# This is a colon separated list of client cert issuers
+cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/forward-proxy.properties
new file mode 100644
index 0000000000..1b58d4235c
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/forward-proxy.properties
@@ -0,0 +1,4 @@
+forward-proxy.protocol = https
+forward-proxy.host = localhost
+forward-proxy.port = 10680
+forward-proxy.cacheurl = /credential-cache \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/logback-spring.xml
new file mode 100644
index 0000000000..fc04a978bb
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/logback-spring.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/reverse-proxy" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="debug">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "com.baeldung*" at TRACE level -->
+ <logger name="org.onap.aaf.rproxy" level="trace" additivity="false">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </logger>
+
+</configuration> \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/primary-service.properties b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/primary-service.properties
new file mode 100644
index 0000000000..8d64529da9
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/primary-service.properties
@@ -0,0 +1,3 @@
+primary-service.protocol = https
+primary-service.host = localhost
+primary-service.port = 9522 \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/readme.txt b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/readme.txt
new file mode 100644
index 0000000000..79cf29e73c
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/reverse-proxy.properties
new file mode 100644
index 0000000000..8d46e1f429
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/reverse-proxy.properties
@@ -0,0 +1 @@
+transactionid.header.name=X-TransactionId \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/resources/rproxy/config/security/keyfile b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/security/keyfile
new file mode 100644
index 0000000000..6cd12fcfb4
--- /dev/null
+++ b/kubernetes/aai/charts/aai-champ/resources/rproxy/config/security/keyfile
@@ -0,0 +1,27 @@
+bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM
+1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29
+xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK
+BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm
+6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99
+QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm
+zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6
+x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf
+8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz
+FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz
+UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r
+banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv
+6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG
+yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB
+xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB
+lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq
+ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE
+fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v
+1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5
+liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc
+0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u
+PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm
+8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv
+dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ
+-85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn
+c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J
+uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/templates/configmap.yaml b/kubernetes/aai/charts/aai-champ/templates/configmap.yaml
index b2f16d9034..db77ae2c27 100644
--- a/kubernetes/aai/charts/aai-champ/templates/configmap.yaml
+++ b/kubernetes/aai/charts/aai-champ/templates/configmap.yaml
@@ -51,3 +51,37 @@ metadata:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }}
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/templates/deployment.yaml b/kubernetes/aai/charts/aai-champ/templates/deployment.yaml
index 4e1866c8b9..aa9157fe47 100644
--- a/kubernetes/aai/charts/aai-champ/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-champ/templates/deployment.yaml
@@ -31,6 +31,12 @@ spec:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
spec:
+ {{ if .Values.global.installSidecarSecurity }}
+ hostAliases:
+ - ip: {{ .Values.global.aaf.serverIp }}
+ hostnames:
+ - {{ .Values.global.aaf.serverHostname }}
+ {{ end }}
initContainers:
- command:
- /root/ready.py
@@ -46,6 +52,13 @@ spec:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ .Values.global.tproxyConfig.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ privileged: true
+ {{ end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -123,6 +136,78 @@ spec:
name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/filebeat/data
name: aai-filebeat
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ .Values.global.rproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/rproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.config.keyStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.rproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/forward-proxy.properties
+ subPath: forward-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/primary-service.properties
+ subPath: primary-service.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/reverse-proxy.properties
+ subPath: reverse-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/cadi.properties
+ subPath: cadi.properties
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ mountPath: /opt/app/rproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
+ subPath: uri-authorization.json
+ #- name: {{ include "common.fullname" . }}-rproxy-auth-config
+ # mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
+ # subPath: aaf_truststore.jks
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ mountPath: /opt/app/rproxy/config/security/keyfile
+ subPath: keyfile
+
+ ports:
+ - containerPort: {{ .Values.global.rproxy.port }}
+
+ - name: {{ .Values.global.fproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/fproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.config.keyStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.fproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ mountPath: /opt/app/fproxy/config/fproxy.properties
+ subPath: fproxy.properties
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ mountPath: /opt/app/fproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ ports:
+ - containerPort: {{ .Values.global.fproxy.port }}
+ {{ end }}
volumes:
- name: localtime
@@ -156,5 +241,28 @@ spec:
name: aai-filebeat
- name: aai-filebeat
emptyDir: {}
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-rproxy-security-config
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-fproxy-auth-config
+ {{ end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/charts/aai-champ/templates/secrets.yaml b/kubernetes/aai/charts/aai-champ/templates/secrets.yaml
index dddf15609b..a0a1519c26 100644
--- a/kubernetes/aai/charts/aai-champ/templates/secrets.yaml
+++ b/kubernetes/aai/charts/aai-champ/templates/secrets.yaml
@@ -37,3 +37,32 @@ data:
KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }}
KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }}
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-auth-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-auth-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-security-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-champ/templates/service.yaml b/kubernetes/aai/charts/aai-champ/templates/service.yaml
index eeb27edffb..e67d42a5ff 100644
--- a/kubernetes/aai/charts/aai-champ/templates/service.yaml
+++ b/kubernetes/aai/charts/aai-champ/templates/service.yaml
@@ -26,6 +26,18 @@ metadata:
spec:
type: {{ .Values.service.type }}
ports:
+ {{ if .Values.global.installSidecarSecurity }}
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ targetPort: {{ .Values.global.rproxy.port }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.global.rproxy.port }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ {{ else }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort}}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort}}
@@ -35,6 +47,7 @@ spec:
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
{{- end}}
+ {{ end }}
selector:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
diff --git a/kubernetes/aai/charts/aai-champ/values.yaml b/kubernetes/aai/charts/aai-champ/values.yaml
index c247313a39..b865b0050e 100644
--- a/kubernetes/aai/charts/aai-champ/values.yaml
+++ b/kubernetes/aai/charts/aai-champ/values.yaml
@@ -69,15 +69,15 @@ resources:
cpu: 2
memory: 4Gi
requests:
- cpu: 2
- memory: 4Gi
+ cpu: 0.5
+ memory: 1Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 1
+ memory: 2Gi
unlimited: {}
# XML beans configuration
diff --git a/kubernetes/aai/charts/aai-data-router/values.yaml b/kubernetes/aai/charts/aai-data-router/values.yaml
index dbcea40a51..ddc7fd0ee4 100644
--- a/kubernetes/aai/charts/aai-data-router/values.yaml
+++ b/kubernetes/aai/charts/aai-data-router/values.yaml
@@ -88,15 +88,15 @@ resources:
cpu: 2
memory: 4Gi
requests:
- cpu: 1
- memory: 2Gi
+ cpu: 0.25
+ memory: 750Mi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 0.5
+ memory: 1536Mi
unlimited: {}
# Entity Event route configuration
diff --git a/kubernetes/aai/charts/aai-elasticsearch/values.yaml b/kubernetes/aai/charts/aai-elasticsearch/values.yaml
index 8eb4d279bd..5ce8f8016b 100644
--- a/kubernetes/aai/charts/aai-elasticsearch/values.yaml
+++ b/kubernetes/aai/charts/aai-elasticsearch/values.yaml
@@ -86,13 +86,13 @@ resources:
cpu: 2
memory: 4Gi
requests:
- cpu: 1
+ cpu: 0.5
memory: 2Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 1
+ memory: 4Gi
unlimited: {}
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-gizmo/resources/config/auth/client-cert.p12
new file mode 100644
index 0000000000..dbf4fcacec
--- /dev/null
+++ b/kubernetes/aai/charts/aai-gizmo/resources/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/config/crud-beans.xml b/kubernetes/aai/charts/aai-gizmo/resources/config/crud-beans.xml
index 48db706b1f..e0ab32b584 100644
--- a/kubernetes/aai/charts/aai-gizmo/resources/config/crud-beans.xml
+++ b/kubernetes/aai/charts/aai-gizmo/resources/config/crud-beans.xml
@@ -44,8 +44,4 @@
<constructor-arg name="graphDataService" ref="graphDataService" />
</bean>
- <bean id="aaiResourceService" class="org.onap.crud.service.AaiResourceService" init-method="startup" >
- <constructor-arg name="graphDataService" ref="graphDataService" />
- </bean>
-
</beans>
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/config/edgeprops-ingest.properties b/kubernetes/aai/charts/aai-gizmo/resources/config/edgeprops-ingest.properties
new file mode 100644
index 0000000000..fbefd30219
--- /dev/null
+++ b/kubernetes/aai/charts/aai-gizmo/resources/config/edgeprops-ingest.properties
@@ -0,0 +1,3 @@
+# DB Edge Property files are copied here:
+edgePropsDir=/opt/app/crud-service/config/model
+
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v14.json b/kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v14.json
new file mode 100644
index 0000000000..8d00636d27
--- /dev/null
+++ b/kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v14.json
@@ -0,0 +1,6 @@
+{
+ "contains-other-v": "java.lang.String",
+ "delete-other-v": "java.lang.String",
+ "SVC-INFRA": "java.lang.String",
+ "prevent-delete": "java.lang.String"
+} \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v15.json b/kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v15.json
new file mode 100644
index 0000000000..8d00636d27
--- /dev/null
+++ b/kubernetes/aai/charts/aai-gizmo/resources/config/model/edge_properties_v15.json
@@ -0,0 +1,6 @@
+{
+ "contains-other-v": "java.lang.String",
+ "delete-other-v": "java.lang.String",
+ "SVC-INFRA": "java.lang.String",
+ "prevent-delete": "java.lang.String"
+} \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/config/schema-ingest.properties b/kubernetes/aai/charts/aai-gizmo/resources/config/schema-ingest.properties
new file mode 100644
index 0000000000..647d4d963e
--- /dev/null
+++ b/kubernetes/aai/charts/aai-gizmo/resources/config/schema-ingest.properties
@@ -0,0 +1,45 @@
+###############################################################################
+# Schema Version Related Attributes
+###############################################################################
+schema.uri.base.path=/aai
+# Lists all of the versions in the schema
+schema.version.list=v10,v11,v12,v13,v14,v15
+# Specifies from which version should the depth parameter to default to zero
+schema.version.depth.start=v10
+# Specifies from which version should the related link be displayed in response payload
+schema.version.related.link.start=v10
+# Specifies from which version should the client see only the uri excluding host info
+# Before this version server base will also be included
+schema.version.app.root.start=v11
+# Specifies from which version should the namespace be changed
+schema.version.namespace.change.start=v11
+# Specifies from which version should the client start seeing the edge label in payload
+schema.version.edge.label.start=v12
+# Specifies the version that the application should default to
+schema.version.api.default=v15
+
+###############################################################################
+# Schema Location Related Attributes
+###############################################################################
+# Schema Location Related Attributes
+schema.configuration.location=NA
+schema.nodes.location=/opt/app/crud-api/bundleconfig/etc/onap/oxm
+schema.edges.location=/opt/app/crud-api/bundleconfig/etc/onap/dbedgerules
+
+###############################################################################
+# Schema Service Related Attributes
+###############################################################################
+# Specifies whether to use the schema service or local schema files
+schema.translator.list=config
+
+schema.service.base.url=https://<host>:8452/aai/schema-service/v1/
+schema.service.nodes.endpoint=nodes?version=
+schema.service.edges.endpoint=edgerules?version=
+schema.service.versions.endpoint=versions
+
+#Default rest client is the two-way-ssl
+schema.service.client=two-way-ssl
+#Replace the below with the A&AI client key store
+schema.service.ssl.key-store=${CONFIG_HOME}/auth/client-cert.p12
+#Replace the below with the A&AI tomcat trust store
+schema.service.ssl.trust-store=${CONFIG_HOME}/auth/tomcat_keystore \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml b/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml
index 1e68712749..0a30388279 100644
--- a/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml
@@ -86,8 +86,11 @@ spec:
- mountPath: /opt/app/crud-service/config/crud-api.properties
subPath: crud-api.properties
name: {{ include "common.fullname" . }}-config
- - mountPath: /opt/app/crud-service/config/schemaIngest.properties
- subPath: schemaIngest.properties
+ - mountPath: /opt/app/crud-service/config/schema-ingest.properties
+ subPath: schema-ingest.properties
+ name: {{ include "common.fullname" . }}-config
+ - mountPath: /opt/app/crud-service/config/edgeprops-ingest.properties
+ subPath: edgeprops-ingest.properties
name: {{ include "common.fullname" . }}-config
- mountPath: /opt/app/crud-service/config/model/
name: {{ include "common.fullname" . }}-model-config
@@ -217,8 +220,10 @@ spec:
items:
- key: crud-api.properties
path: crud-api.properties
- - key: schemaIngest.properties
- path: schemaIngest.properties
+ - key: schema-ingest.properties
+ path: schema-ingest.properties
+ - key: edgeprops-ingest.properties
+ path: edgeprops-ingest.properties
- key: crud-beans.xml
path: crud-beans.xml
- name: {{ include "common.fullname" . }}-logback-config
diff --git a/kubernetes/aai/charts/aai-gizmo/values.yaml b/kubernetes/aai/charts/aai-gizmo/values.yaml
index 7220cd52fd..9d93663175 100644
--- a/kubernetes/aai/charts/aai-gizmo/values.yaml
+++ b/kubernetes/aai/charts/aai-gizmo/values.yaml
@@ -66,13 +66,13 @@ resources:
cpu: 2
memory: 4Gi
requests:
- cpu: 1
- memory: 2Gi
+ cpu: 0.5
+ memory: 1Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 1
+ memory: 1536Mi
unlimited: {}
diff --git a/kubernetes/aai/charts/aai-graphadmin/values.yaml b/kubernetes/aai/charts/aai-graphadmin/values.yaml
index 3b893194e4..b6192c391b 100644
--- a/kubernetes/aai/charts/aai-graphadmin/values.yaml
+++ b/kubernetes/aai/charts/aai-graphadmin/values.yaml
@@ -113,13 +113,13 @@ resources:
cpu: 2
memory: 4Gi
requests:
- cpu: 2
- memory: 4Gi
+ cpu: 0.5
+ memory: 1536Mi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 1
+ memory: 2Gi
unlimited: {}
diff --git a/kubernetes/aai/charts/aai-modelloader/values.yaml b/kubernetes/aai/charts/aai-modelloader/values.yaml
index 038be90410..563ea6bba0 100644
--- a/kubernetes/aai/charts/aai-modelloader/values.yaml
+++ b/kubernetes/aai/charts/aai-modelloader/values.yaml
@@ -68,13 +68,13 @@ resources:
cpu: 2
memory: 4Gi
requests:
- cpu: 1
- memory: 2Gi
+ cpu: 0.5
+ memory: 1Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 1
+ memory: 1536Mi
unlimited: {}
diff --git a/kubernetes/aai/charts/aai-resources/resources/config/auth/aai_policy.json b/kubernetes/aai/charts/aai-resources/resources/config/auth/aai_policy.json
new file mode 100644
index 0000000000..65f13eff5f
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/config/auth/aai_policy.json
@@ -0,0 +1,298 @@
+{
+ "roles": [
+ {
+ "name": "admin",
+ "functions": [
+ {
+ "name": "actions",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "servers",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "cloudinfra",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "cloud-infrastructure",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "sdandc",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "service-design-and-creation",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "business",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "network",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "search",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "POST"
+ }
+ ]
+ },
+ {
+ "name": "util",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "license-management",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "examples",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "resources",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "generateurl",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "bulkadd",
+ "methods": [
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "nodes",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "query",
+ "methods": [
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "dbquery",
+ "methods": [
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "bulk",
+ "methods": [
+ {
+ "name": "POST"
+ }
+ ]
+ },
+ {
+ "name": "bulkprocess",
+ "methods": [
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "recents",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "dsl",
+ "methods": [
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "common",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ }
+ ],
+ "users": [
+ {
+ "username": "CN=aai, OU=OSAAF, OU=aai@aai.onap.org, O=ONAP, C=US"
+ }
+ ]
+ },
+ {
+ "name": "basicauth",
+ "functions": [
+ {
+ "name": "util",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ }
+ ],
+ "users": [
+ {
+ "user": "aai",
+ "pass": "OBF:1u2a1t2v1vgb1s3g1s3m1vgj1t3b1u30"
+ }
+ ]
+ },
+ {
+ "name": "HAProxy",
+ "functions": [
+ {
+ "name": "util",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ }
+ ],
+ "users": [
+ {
+ "username": "CN=haproxyuser, OU=OSAAF, OU=aai@aai.onap.org, O=ONAP, C=US"
+ }
+ ]
+ }
+ ]
+}
diff --git a/kubernetes/aai/charts/aai-resources/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/auth/client-cert.p12
new file mode 100644
index 0000000000..d9fe86e4ec
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-resources/resources/fproxy/config/auth/fproxy_truststore b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/auth/fproxy_truststore
new file mode 100644
index 0000000000..f6ebc75ed8
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/auth/fproxy_truststore
Binary files differ
diff --git a/kubernetes/aai/charts/aai-resources/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/auth/tomcat_keystore
new file mode 100644
index 0000000000..9eec841aa2
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/charts/aai-resources/resources/fproxy/config/fproxy.properties b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/fproxy.properties
new file mode 100644
index 0000000000..f512fb71a6
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/fproxy.properties
@@ -0,0 +1,2 @@
+credential.cache.timeout.ms=180000
+transactionid.header.name=X-TransactionId \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-resources/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/logback-spring.xml
new file mode 100644
index 0000000000..4fae434edd
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/logback-spring.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/AAF-FPS" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="info">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "com.baeldung*" at TRACE level -->
+ <logger name="org.onap.aaf.fproxy" level="trace" additivity="false">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </logger>
+
+</configuration> \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-resources/resources/fproxy/config/readme.txt b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/readme.txt
new file mode 100644
index 0000000000..79cf29e73c
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/fproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/client-cert.p12
new file mode 100644
index 0000000000..071d407de5
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12
new file mode 100644
index 0000000000..023e2eaac6
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/tomcat_keystore
new file mode 100644
index 0000000000..6ad5f51ad3
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/uri-authorization.json
new file mode 100644
index 0000000000..e23c03d833
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/auth/uri-authorization.json
@@ -0,0 +1,99 @@
+[
+ {
+ "uri": "\/not\/allowed\/at\/all$",
+ "permissions": [
+ "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
+ ]
+ },
+ {
+ "uri": "\/one\/auth\/required$",
+ "permissions": [
+ "test.auth.access.aSimpleSingleAuth"
+ ]
+ },
+ {
+ "uri": "\/multi\/auth\/required$",
+ "permissions": [
+ "test.auth.access.aMultipleAuth1",
+ "test.auth.access.aMultipleAuth2",
+ "test.auth.access.aMultipleAuth3"
+ ]
+ },
+ {
+ "uri": "\/one\/[^\/]+\/required$",
+ "permissions": [
+ "test.auth.access.aSimpleSingleAuth"
+ ]
+ },
+ {
+ "uri": "\/services\/getAAFRequest$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/admin\/getAAFRequest$",
+ "permissions": [
+ "test.auth.access|admin|GET,PUT,POST"
+ ]
+ },
+ {
+ "uri": "\/service\/aai\/webapp\/index.html$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/services\/aai\/webapp\/index.html$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/$",
+ "permissions": [
+ "\\|services\\|GET",
+ "test\\.auth\\.access\\|services\\|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
+ "permissions": [
+ "test\\.auth\\.access\\|rest\\|read"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
+ "permissions": [
+ "test.auth.access|clouds|read",
+ "test.auth.access|tenants|read"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
+ "permissions": [
+ "test.auth.access|clouds|read",
+ "test.auth.access|tenants|read",
+ "test.auth.access|vservers|read"
+ ]
+ },
+ {
+ "uri": "\/backend$",
+ "permissions": [
+ "test\\.auth\\.access\\|services\\|GET,PUT",
+ "\\|services\\|GET"
+ ]
+ },
+ {
+ "uri": "\/aai\/.*",
+ "permissions": [
+ "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
+ ]
+ },
+ {
+ "uri": "\/aai\/util\/echo",
+ "permissions": [
+ "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
+ ]
+ }
+]
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/cadi.properties b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/cadi.properties
new file mode 100644
index 0000000000..c2b628dbb3
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/cadi.properties
@@ -0,0 +1,39 @@
+# This is a normal Java Properties File
+# Comments are with Pound Signs at beginning of lines,
+# and multi-line expression of properties can be obtained by backslash at end of line
+
+#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
+#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
+#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
+#to your hosts file on your machine.
+#hostname=test.aic.cip.att.com
+
+cadi_loglevel=DEBUG
+
+# OAuth2
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect
+
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
+
+# Locate URL (which AAF Env)
+aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
+
+# AAF URL
+aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0
+
+cadi_keyfile=/opt/app/rproxy/config/security/keyfile
+cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12
+cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV
+cadi_alias=aai@aai.onap.org
+cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
+cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+aaf_env=DEV
+
+aaf_id=demo@people.osaaf.org
+aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
+
+# This is a colon separated list of client cert issuers
+cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/forward-proxy.properties
new file mode 100644
index 0000000000..1b58d4235c
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/forward-proxy.properties
@@ -0,0 +1,4 @@
+forward-proxy.protocol = https
+forward-proxy.host = localhost
+forward-proxy.port = 10680
+forward-proxy.cacheurl = /credential-cache \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/logback-spring.xml
new file mode 100644
index 0000000000..57bc4e268f
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/logback-spring.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/reverse-proxy" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="debug">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "com.baeldung*" at TRACE level -->
+ <logger name="org.onap.aaf.rproxy" level="trace" additivity="false">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </logger>
+
+</configuration>
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/primary-service.properties b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/primary-service.properties
new file mode 100644
index 0000000000..2c89d28180
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/primary-service.properties
@@ -0,0 +1,3 @@
+primary-service.protocol = https
+primary-service.host = localhost
+primary-service.port = 8447
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/readme.txt b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/readme.txt
new file mode 100644
index 0000000000..79cf29e73c
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/reverse-proxy.properties
new file mode 100644
index 0000000000..8d46e1f429
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/reverse-proxy.properties
@@ -0,0 +1 @@
+transactionid.header.name=X-TransactionId \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-resources/resources/rproxy/config/security/keyfile b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/security/keyfile
new file mode 100644
index 0000000000..3416d4a737
--- /dev/null
+++ b/kubernetes/aai/charts/aai-resources/resources/rproxy/config/security/keyfile
@@ -0,0 +1,27 @@
+2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf
+jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm
+4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe
+moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf
+GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT
+74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh
+iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb
+p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt
+3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW
+hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7
+RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX
+xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk
+8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q
+ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i
+5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe
+GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE
+_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k
+zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf
+S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU
+LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw
+hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W
+nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP
+bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN
+JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk
+Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y
+J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP
+mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-resources/templates/configmap.yaml b/kubernetes/aai/charts/aai-resources/templates/configmap.yaml
index 001f5ead65..4fd939dbd0 100644
--- a/kubernetes/aai/charts/aai-resources/templates/configmap.yaml
+++ b/kubernetes/aai/charts/aai-resources/templates/configmap.yaml
@@ -136,3 +136,88 @@ data:
{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/truststoreONAPall.jks").AsSecrets . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-aai-policy-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/auth/aai_policy.json").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-auth-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-auth-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-security-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
+{{ end }}
diff --git a/kubernetes/aai/charts/aai-resources/templates/deployment.yaml b/kubernetes/aai/charts/aai-resources/templates/deployment.yaml
index 437763186e..d93ab5af46 100644
--- a/kubernetes/aai/charts/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-resources/templates/deployment.yaml
@@ -545,6 +545,12 @@ spec:
spec:
hostname: aai-resources
{{ if .Values.global.initContainers.enabled }}
+ {{ if .Values.global.installSidecarSecurity }}
+ hostAliases:
+ - ip: {{ .Values.global.aaf.serverIp }}
+ hostnames:
+ - {{ .Values.global.aaf.serverHostname }}
+ {{ end }}
initContainers:
- command:
{{ if .Values.global.jobs.createSchema.enabled }}
@@ -567,6 +573,13 @@ spec:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ .Values.global.tproxyConfig.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ privileged: true
+ {{ end }}
{{ end }}
containers:
- name: {{ include "common.name" . }}
@@ -601,6 +614,11 @@ spec:
- mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
name: {{ include "common.fullname" . }}-realm-conf
subPath: realm.properties
+ {{ if .Values.global.installSidecarSecurity }}
+ - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json
+ name: {{ include "common.fullname" . }}-aai-policy
+ subPath: aai_policy.json
+ {{ end }}
- mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
name: {{ include "common.fullname" . }}-aaf-certs
subPath: org.onap.aai.keyfile
@@ -674,6 +692,85 @@ spec:
name: {{ include "common.fullname" . }}-logs
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ .Values.global.rproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/rproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.sidecar.keyStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.rproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/forward-proxy.properties
+ subPath: forward-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/primary-service.properties
+ subPath: primary-service.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/reverse-proxy.properties
+ subPath: reverse-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/cadi.properties
+ subPath: cadi.properties
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ mountPath: /opt/app/rproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
+ subPath: uri-authorization.json
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
+ subPath: aaf_truststore.jks
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ mountPath: /opt/app/rproxy/config/security/keyfile
+ subPath: keyfile
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
+ subPath: org.onap.aai.p12
+ ports:
+ - containerPort: {{ .Values.global.rproxy.port }}
+
+ - name: {{ .Values.global.fproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/fproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.sidecar.keyStorePassword }}
+ - name: TRUST_STORE_PASSWORD
+ value: {{ .Values.sidecar.trustStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.fproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ mountPath: /opt/app/fproxy/config/fproxy.properties
+ subPath: fproxy.properties
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ mountPath: /opt/app/fproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
+ subPath: fproxy_truststore
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ ports:
+ - containerPort: {{ .Values.global.fproxy.port }}
+ {{ end }}
volumes:
- name: localtime
@@ -721,6 +818,32 @@ spec:
- key: {{ . }}
path: {{ . }}
{{ end }}
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ include "common.fullname" . }}-aai-policy
+ configMap:
+ name: {{ include "common.fullname" . }}-aai-policy-configmap
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-rproxy-security-config
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-fproxy-auth-config
+ {{ end }}
restartPolicy: {{ .Values.restartPolicy }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/charts/aai-resources/values.yaml b/kubernetes/aai/charts/aai-resources/values.yaml
index d7813ead11..e0a1156461 100644
--- a/kubernetes/aai/charts/aai-resources/values.yaml
+++ b/kubernetes/aai/charts/aai-resources/values.yaml
@@ -68,6 +68,11 @@ readiness:
initialDelaySeconds: 60
periodSeconds: 10
+# application configuration
+sidecar:
+ keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+ keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+ trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
service:
type: ClusterIP
@@ -102,13 +107,13 @@ resources:
cpu: 2
memory: 4Gi
requests:
- cpu: 2
- memory: 4Gi
+ cpu: 1
+ memory: 3Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 2
+ memory: 4Gi
unlimited: {}
diff --git a/kubernetes/aai/charts/aai-search-data/values.yaml b/kubernetes/aai/charts/aai-search-data/values.yaml
index 292e23c59c..6795fae485 100644
--- a/kubernetes/aai/charts/aai-search-data/values.yaml
+++ b/kubernetes/aai/charts/aai-search-data/values.yaml
@@ -67,13 +67,13 @@ resources:
cpu: 2
memory: 4Gi
requests:
- cpu: 1
- memory: 2Gi
+ cpu: 0.25
+ memory: 750Mi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 0.5
+ memory: 1Gi
unlimited: {}
diff --git a/kubernetes/aai/charts/aai-sparky-be/resources/config/application-ssl.properties b/kubernetes/aai/charts/aai-sparky-be/resources/config/application-ssl.properties
index 04a5096c0c..2ea1bf15ed 100644
--- a/kubernetes/aai/charts/aai-sparky-be/resources/config/application-ssl.properties
+++ b/kubernetes/aai/charts/aai-sparky-be/resources/config/application-ssl.properties
@@ -13,5 +13,8 @@
# limitations under the License.
server.port=8000
-server.ssl.key-store=file:${CONFIG_HOME}/auth/tomcat_keystore
-server.ssl.key-store-password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+server.ssl.key-store=file:${CONFIG_HOME}/auth/org.onap.aai.p12
+server.ssl.key-store-password=OBF:1x0v1g131lps1cix1rjb1n5p22691qab1hm51hfc1i2t1lmr1liz1hyx1hfq1hn51qcr22651n5t1rh31cgl1lu61g2f1x1r
+server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
+server.ssl.trust-store=file:${CONFIG_HOME}/auth/truststoreONAPall.jks
+server.ssl.trust-store-password=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
diff --git a/kubernetes/aai/charts/aai-sparky-be/resources/config/application.properties b/kubernetes/aai/charts/aai-sparky-be/resources/config/application.properties
index aa93c06bca..da4812c646 100644
--- a/kubernetes/aai/charts/aai-sparky-be/resources/config/application.properties
+++ b/kubernetes/aai/charts/aai-sparky-be/resources/config/application.properties
@@ -22,7 +22,7 @@ spring.mvc.favicon.enabled=false
# and in the values.yaml change the internalPort to 9517
#
-spring.profiles.active=camel,http,fe-prod,oxm-schema-prod,oxm-default,resources,sync,portal
+spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,sync,portal
searchservice.hostname={{.Values.global.searchData.serviceName}}
searchservice.port=9509
diff --git a/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/aai-os-cert.p12 b/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/aai-os-cert.p12
deleted file mode 100644
index ee57120fa0..0000000000
--- a/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/aai-os-cert.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/org.onap.aai.p12 b/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/org.onap.aai.p12
new file mode 100644
index 0000000000..71cea3e57c
--- /dev/null
+++ b/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/org.onap.aai.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/truststoreONAPall.jks b/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/truststoreONAPall.jks
new file mode 100644
index 0000000000..ff844b109d
--- /dev/null
+++ b/kubernetes/aai/charts/aai-sparky-be/resources/config/auth/truststoreONAPall.jks
Binary files differ
diff --git a/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml
index d622be662d..a596a6b77d 100644
--- a/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml
@@ -109,7 +109,6 @@ spec:
ports:
- containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
diff --git a/kubernetes/aai/charts/aai-sparky-be/values.yaml b/kubernetes/aai/charts/aai-sparky-be/values.yaml
index fdcb2ab6e9..c60ce29e52 100644
--- a/kubernetes/aai/charts/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/charts/aai-sparky-be/values.yaml
@@ -37,7 +37,7 @@ ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
# application configuration
config:
elasticsearchHttpPort: 9200
- gerritBranch: master
+ gerritBranch: 3.0.0-ONAP
gerritProject: http://gerrit.onap.org/r/aai/test-config
portalUsername: aaiui
portalPassword: 1t2v1vfv1unz1vgz1t3b
@@ -75,9 +75,8 @@ readiness:
service:
type: NodePort
portName: aai-sparky-be
- internalPort: 9517
+ internalPort: 8000
nodePort: 20
- internalPort2: 8000
ingress:
enabled: false
@@ -90,13 +89,13 @@ resources:
cpu: 2
memory: 4Gi
requests:
- cpu: 2
- memory: 4Gi
+ cpu: 0.25
+ memory: 1Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 0.5
+ memory: 2Gi
unlimited: {}
diff --git a/kubernetes/aai/charts/aai-spike/resources/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-spike/resources/config/auth/client-cert.p12
new file mode 100644
index 0000000000..d9fe86e4ec
--- /dev/null
+++ b/kubernetes/aai/charts/aai-spike/resources/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/charts/aai-spike/resources/config/schemaIngest.properties b/kubernetes/aai/charts/aai-spike/resources/config/edgeprops-ingest.properties
index cc51f179dd..b0a315041d 100644
--- a/kubernetes/aai/charts/aai-spike/resources/config/schemaIngest.properties
+++ b/kubernetes/aai/charts/aai-spike/resources/config/edgeprops-ingest.properties
@@ -19,12 +19,5 @@
# ============LICENSE_END=========================================================
#
-# Properties for the SchemaLocationsBean
-# The AAI Schema jar will be unpacked to bundleconfig/etc
-schemaConfig=NA
-# Files named aai_oxm_v*.xml are unpacked here:
-nodeDir=/opt/app/spike/bundleconfig/etc/oxm
-# DB Edge Rules are unpacked here:
-edgeDir=/opt/app/spike/bundleconfig/etc/dbedgerules
# DB Edge Property files are copied here:
-edgePropsDir=/opt/app/spike/config/model/edge_props \ No newline at end of file
+edgePropsDir=/opt/app/spike/config/model/edge_props
diff --git a/kubernetes/aai/charts/aai-spike/resources/config/model/edge_props/edge_properties_v15.json b/kubernetes/aai/charts/aai-spike/resources/config/model/edge_props/edge_properties_v15.json
new file mode 100644
index 0000000000..8d00636d27
--- /dev/null
+++ b/kubernetes/aai/charts/aai-spike/resources/config/model/edge_props/edge_properties_v15.json
@@ -0,0 +1,6 @@
+{
+ "contains-other-v": "java.lang.String",
+ "delete-other-v": "java.lang.String",
+ "SVC-INFRA": "java.lang.String",
+ "prevent-delete": "java.lang.String"
+} \ No newline at end of file
diff --git a/kubernetes/aai/charts/aai-spike/resources/config/schema-ingest.properties b/kubernetes/aai/charts/aai-spike/resources/config/schema-ingest.properties
new file mode 100644
index 0000000000..15697615df
--- /dev/null
+++ b/kubernetes/aai/charts/aai-spike/resources/config/schema-ingest.properties
@@ -0,0 +1,65 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright © 2018 Amdocs
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+
+#######################################
+# Schema Version Related Attributes
+#######################################
+schema.uri.base.path=/aai
+# Lists all of the versions in the schema
+schema.version.list=v10,v11,v12,v13,v14,v15
+# Specifies from which version should the depth parameter to default to zero
+schema.version.depth.start=v10
+# Specifies from which version should the related link be displayed in response payload
+schema.version.related.link.start=v10
+# Specifies from which version should the client see only the uri excluding host info
+# Before this version server base will also be included
+schema.version.app.root.start=v11
+# Specifies from which version should the namespace be changed
+schema.version.namespace.change.start=v11
+# Specifies from which version should the client start seeing the edge label in payload
+schema.version.edge.label.start=v12
+# Specifies the version that the application should default to
+schema.version.api.default=v15
+
+#######################################
+# Schema Location Related Attributes
+#######################################
+schema.configuration.location=NA
+schema.nodes.location=/opt/app/spike/bundleconfig/etc/onap/oxm
+schema.edges.location=/opt/app/spike/bundleconfig/etc/onap/dbedgerules
+
+###############################################################################
+# Schema Service Related Attributes
+###############################################################################
+# Specifies whether to use the schema service (schema-service) or local schema files (config)
+schema.translator.list=config
+
+schema.service.base.url=https://<host>:8452/aai/schema-service/v1/
+schema.service.nodes.endpoint=nodes?version=
+schema.service.edges.endpoint=edgerules?version=
+schema.service.versions.endpoint=versions
+
+#Default rest client is the two-way-ssl
+schema.service.client=two-way-ssl
+#Replace the below with the A&AI client key store
+schema.service.ssl.key-store=${CONFIG_HOME}/auth/client-cert.p12
+#Replace the below with the A&AI tomcat trust store
+schema.service.ssl.trust-store=${CONFIG_HOME}/auth/tomcat_keystore
diff --git a/kubernetes/aai/charts/aai-spike/templates/deployment.yaml b/kubernetes/aai/charts/aai-spike/templates/deployment.yaml
index 38c5ac8a83..a3ff068971 100644
--- a/kubernetes/aai/charts/aai-spike/templates/deployment.yaml
+++ b/kubernetes/aai/charts/aai-spike/templates/deployment.yaml
@@ -92,8 +92,11 @@ spec:
- mountPath: /opt/app/spike/config/spike.properties
subPath: spike.properties
name: {{ include "common.fullname" . }}-config
- - mountPath: /opt/app/spike/config/schemaIngest.properties
- subPath: schemaIngest.properties
+ - mountPath: /opt/app/spike/config/schema-ingest.properties
+ subPath: schema-ingest.properties
+ name: {{ include "common.fullname" . }}-config
+ - mountPath: /opt/app/spike/config/edgeprops-ingest.properties
+ subPath: edgeprops-ingest.properties
name: {{ include "common.fullname" . }}-config
- mountPath: /opt/app/spike/config/model/edge_props
name: {{ include "common.fullname" . }}-edge-props-config
@@ -141,8 +144,10 @@ spec:
path: spike.properties
- key: spike-beans.xml
path: spike-beans.xml
- - key: schemaIngest.properties
- path: schemaIngest.properties
+ - key: schema-ingest.properties
+ path: schema-ingest.properties
+ - key: edgeprops-ingest.properties
+ path: edgeprops-ingest.properties
- key: logback.xml
path: logback.xml
- name: {{ include "common.fullname" . }}-edge-props-config
diff --git a/kubernetes/aai/charts/aai-spike/values.yaml b/kubernetes/aai/charts/aai-spike/values.yaml
index 324ec45225..0a6850b1a8 100644
--- a/kubernetes/aai/charts/aai-spike/values.yaml
+++ b/kubernetes/aai/charts/aai-spike/values.yaml
@@ -66,15 +66,15 @@ resources:
cpu: 2
memory: 4Gi
requests:
- cpu: 2
- memory: 4Gi
+ cpu: 0.5
+ memory: 1Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 1
+ memory: 1536Mi
unlimited: {}
# XML bean configuration
diff --git a/kubernetes/aai/charts/aai-traversal/values.yaml b/kubernetes/aai/charts/aai-traversal/values.yaml
index 58c5ebfd3d..92c60a24e9 100644
--- a/kubernetes/aai/charts/aai-traversal/values.yaml
+++ b/kubernetes/aai/charts/aai-traversal/values.yaml
@@ -83,13 +83,13 @@ resources:
cpu: 2
memory: 4Gi
requests:
- cpu: 2
- memory: 4Gi
+ cpu: 1
+ memory: 3Gi
large:
limits:
cpu: 4
memory: 8Gi
requests:
- cpu: 4
- memory: 8Gi
+ cpu: 2
+ memory: 4Gi
unlimited: {}
diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
new file mode 100644
index 0000000000..1c82050db0
--- /dev/null
+++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
@@ -0,0 +1,138 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global
+ log /dev/log local0
+ stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin
+ stats timeout 30s
+ user root
+ group root
+ daemon
+ #################################
+ # Default SSL material locations#
+ #################################
+ ca-base /etc/ssl/certs
+ crt-base /etc/ssl/private
+
+ # Default ciphers to use on SSL-enabled listening sockets.
+ # For more information, see ciphers(1SSL). This list is from:
+ # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+ # An alternative list with additional directives can be obtained from
+ # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
+ tune.ssl.default-dh-param 2048
+
+defaults
+ log global
+ mode http
+ option httplog
+ option ssl-hello-chk
+ option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==
+ default-server init-addr none
+# option dontlognull
+# errorfile 400 /etc/haproxy/errors/400.http
+# errorfile 403 /etc/haproxy/errors/403.http
+# errorfile 408 /etc/haproxy/errors/408.http
+# errorfile 500 /etc/haproxy/errors/500.http
+# errorfile 502 /etc/haproxy/errors/502.http
+# errorfile 503 /etc/haproxy/errors/503.http
+# errorfile 504 /etc/haproxy/errors/504.http
+
+ option http-server-close
+ option forwardfor except 127.0.0.1
+ retries 6
+ option redispatch
+ maxconn 50000
+ timeout connect 50000
+ timeout client 480000
+ timeout server 480000
+ timeout http-keep-alive 30000
+
+
+frontend IST_8443
+ mode http
+ bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem
+# log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r
+ log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
+ option httplog
+ log global
+ option logasap
+ option forwardfor
+ capture request header Host len 100
+ capture response header Host len 100
+ option log-separate-errors
+ option forwardfor
+ http-request set-header X-Forwarded-Proto https if { ssl_fc }
+ http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used }
+ http-request set-header X-AAI-SSL %[ssl_fc]
+ http-request set-header X-AAI-SSL-Client-Verify %[ssl_c_verify]
+ http-request set-header X-AAI-SSL-Client-DN %{+Q}[ssl_c_s_dn]
+ http-request set-header X-AAI-SSL-Client-CN %{+Q}[ssl_c_s_dn(cn)]
+ http-request set-header X-AAI-SSL-Issuer %{+Q}[ssl_c_i_dn]
+ http-request set-header X-AAI-SSL-Client-NotBefore %{+Q}[ssl_c_notbefore]
+ http-request set-header X-AAI-SSL-Client-NotAfter %{+Q}[ssl_c_notafter]
+ http-request set-header X-AAI-SSL-ClientCert-Base64 %{+Q}[ssl_c_der,base64]
+ http-request set-header X-AAI-SSL-Client-OU %{+Q}[ssl_c_s_dn(OU)]
+ http-request set-header X-AAI-SSL-Client-L %{+Q}[ssl_c_s_dn(L)]
+ http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)]
+ http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)]
+ http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)]
+ reqadd X-Forwarded-Proto:\ https
+ reqadd X-Forwarded-Port:\ 8443
+
+#######################
+#ACLS FOR PORT 8446####
+#######################
+
+ acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$
+ acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$
+ acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$
+ acl is_named-query path_beg -i /aai/search/named-query
+ acl is_search-model path_beg -i /aai/search/model
+ use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model
+
+ default_backend IST_Default_8447
+
+
+#######################
+#DEFAULT BACKEND 847###
+#######################
+
+backend IST_Default_8447
+ balance roundrobin
+ http-request set-header X-Forwarded-Port %[src_port]
+ http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+ server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
+
+
+#######################
+# BACKEND 8446#########
+#######################
+
+backend IST_AAI_8446
+ balance roundrobin
+ http-request set-header X-Forwarded-Port %[src_port]
+ http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+ server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
+
+listen IST_AAI_STATS
+ mode http
+ bind *:8080
+ stats uri /stats
+ stats enable
+ stats refresh 30s
+ stats hide-version
+ stats auth admin:admin
+ stats show-legends
+ stats show-desc IST AAI APPLICATION NODES
+ stats admin if TRUE
diff --git a/kubernetes/aai/templates/configmap.yaml b/kubernetes/aai/templates/configmap.yaml
index 212f9cdc4c..a23ed5fdc7 100644
--- a/kubernetes/aai/templates/configmap.yaml
+++ b/kubernetes/aai/templates/configmap.yaml
@@ -37,7 +37,11 @@ metadata:
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
+{{ if .Values.global.installSidecarSecurity }}
+{{ tpl (.Files.Glob "resources/config/haproxy/haproxy-pluggable-security.cfg").AsConfig . | indent 2 }}
+{{ else }}
{{ tpl (.Files.Glob "resources/config/haproxy/haproxy.cfg").AsConfig . | indent 2 }}
+{{ end }}
---
apiVersion: v1
kind: Secret
diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml
index 3f16e25ffd..1f337e4374 100644
--- a/kubernetes/aai/templates/deployment.yaml
+++ b/kubernetes/aai/templates/deployment.yaml
@@ -64,7 +64,11 @@ spec:
- mountPath: /dev/log
name: aai-service-log
- mountPath: /usr/local/etc/haproxy/haproxy.cfg
+ {{ if .Values.global.installSidecarSecurity }}
+ subPath: haproxy-pluggable-security.cfg
+ {{ else }}
subPath: haproxy.cfg
+ {{ end }}
name: haproxy-cfg
ports:
- containerPort: {{ .Values.service.internalPort }}
@@ -86,6 +90,10 @@ spec:
httpHeaders:
- name: X-FromAppId
value: OOM_ReadinessCheck
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: Authorization
+ value: Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==
+ {{ end }}
- name: X-TransactionId
value: {{ uuidv4 }}
- name: Accept
diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml
index 17f819b8ea..d8856164fb 100644
--- a/kubernetes/appc/values.yaml
+++ b/kubernetes/appc/values.yaml
@@ -61,7 +61,7 @@ config:
openStackServiceTenantName: default
openStackDomain: default
openStackUserName: admin
- openStackEncryptedPassword: admin
+ openStackEncryptedPassword: enc:LDEbHEAvTF1R
odlUser: admin
appc-ansible-server:
diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-policy_handler-inputs.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-policy_handler-inputs.yaml
index 50da2cc49c..50ac16ffc9 100644
--- a/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-policy_handler-inputs.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/resources/inputs/k8s-policy_handler-inputs.yaml
@@ -74,6 +74,10 @@ application_config:
tls_ca_mode : "cert_directory"
# optional tls_wss_ca_mode specifies the same for the tls based web-socket
tls_wss_ca_mode : "cert_directory"
+ # optional timeout_in_secs specifies the timeout for the http requests
+ timeout_in_secs: 60
+ # optional ws_ping_interval_in_secs specifies the ping interval for the web-socket connection
+ ws_ping_interval_in_secs: 180
# deploy_handler config
# changed from string "deployment_handler" in 2.3.1 to structure in 2.4.0
deploy_handler :
@@ -99,4 +103,5 @@ application_config:
#
# "do_not_verify" - special hack to turn off the verification by cacert and hostname
tls_ca_mode : "cert_directory"
-
+ # optional timeout_in_secs specifies the timeout for the http requests
+ timeout_in_secs: 60
diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml
index fcb0c73344..26067e0230 100644
--- a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml
@@ -85,18 +85,18 @@ image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.4.5
# Use to override default setting in blueprints
componentImages:
config_binding_service: onap/org.onap.dcaegen2.platform.configbinding.app-app:2.2.3
- datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.0.4
- deployment_handler: onap/org.onap.dcaegen2.platform.deployment-handler:3.0.3
+ datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.1.1
+ deployment_handler: onap/org.onap.dcaegen2.platform.deployment-handler:3.1.0
holmes_rules: onap/holmes/rule-management:1.2.3
holmes_engine: onap/holmes/engine-management:1.2.2
inventory: onap/org.onap.dcaegen2.platform.inventory-api:3.0.4
- policy_handler: onap/org.onap.dcaegen2.platform.policy-handler:4.4.0
+ policy_handler: onap/org.onap.dcaegen2.platform.policy-handler:4.5.0
service_change_handler: onap/org.onap.dcaegen2.platform.servicechange-handler:1.1.5
tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.1.0
ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.3.1
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
- prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.1.1
- hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.0.0
+ prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.2.0-SNAPSHOT
+ hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.1.0-SNAPSHOT
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
index 79bd8962da..62eeb45281 100644
--- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
@@ -70,18 +70,10 @@ spec:
- mountPath: /etc/localtime
name: localtime
readOnly: true
+ - mountPath: /cfy-persist
+ name: cm-persistent
securityContext:
privileged: True
- lifecycle:
- postStart:
- exec:
- command:
- - bash
- - "-c"
- - |
- set -ex
- mkdir -p /var/run/secrets/kubernetes.io/
- ln -s /secret /var/run/secrets/kubernetes.io/serviceaccount
volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
@@ -95,5 +87,8 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
+ - name: cm-persistent
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-data
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/pv.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/pv.yaml
new file mode 100644
index 0000000000..bef681ad27
--- /dev/null
+++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/pv.yaml
@@ -0,0 +1,37 @@
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
+spec:
+ storageClassName: manual
+ capacity:
+ storage: {{ .Values.persistence.size }}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
diff --git a/kubernetes/aai/charts/aai-gizmo/resources/config/schemaIngest.properties b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/pvc.yaml
index 605f7e3ba6..6740082b37 100644
--- a/kubernetes/aai/charts/aai-gizmo/resources/config/schemaIngest.properties
+++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/pvc.yaml
@@ -1,32 +1,33 @@
-#
-# ============LICENSE_START=======================================================
-# org.onap.aai
-# ================================================================================
-# Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
-# Copyright © 2017-2018 Amdocs
-# Modifications Copyright © 2018 Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-#
-
-# Properties for the SchemaLocationsBean
-
-# The AAI Schema jar will be unpacked to bundleconfig/etc
-schemaConfig=NA
-# OXM files named aai_oxm_v*.xml are unpacked here:
-nodeDir=/opt/app/crud-api/bundleconfig/etc/oxm
-# DB Edge Rules are unpacked here:
-edgeDir=/opt/app/crud-api/bundleconfig/etc/dbedgerules
-# DB Edge Property files are copied here:
-edgePropsDir=/opt/app/crud-service/config/model
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-data
+ labels:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+spec:
+ storageClassName: manual
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml
index 08e01d6258..ecaee65785 100644
--- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/values.yaml
@@ -43,7 +43,7 @@ config:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.cm-container:1.4.2
+image: onap/org.onap.dcaegen2.deployments.cm-container:1.5.0
pullPolicy: Always
# probe configuration parameters
@@ -87,3 +87,11 @@ resources:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+# Parameters for persistent storage
+persistence:
+ enabled: true
+ accessMode: ReadWriteOnce
+ size: 4Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: dcae-cm/data
diff --git a/kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml
index 6fc62af92e..3c9936b1b1 100644
--- a/kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml
+++ b/kubernetes/dcaegen2/charts/dcae-healthcheck/values.yaml
@@ -45,7 +45,7 @@ readiness:
periodSeconds: 10
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.1.2
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.2.1
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/poddisruptionbudget.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/poddisruptionbudget.yaml
new file mode 100644
index 0000000000..0bc64e7682
--- /dev/null
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/poddisruptionbudget.yaml
@@ -0,0 +1,28 @@
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ include "common.fullname" . }}-pdb
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.fullname" . }}
+ maxUnavailable: 1
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pv.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pv.yaml
index bf372b3744..44c9576abe 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pv.yaml
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pv.yaml
@@ -1,6 +1,4 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,26 +11,29 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
+{{- $root := . -}}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolume
+{{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }}
+---
apiVersion: v1
+kind: PersistentVolume
metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
+ name: {{ $root.Release.Name }}-{{ $root.Values.service.name }}-{{ $i }}
+ namespace: {{ $root.Release.Namespace }}
labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ .Release.Name }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
+ app: {{ $root.Values.service.name }}
+ chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }}
+ release: {{ $root.Release.Name }}
+ heritage: {{ $root.Release.Service }}
spec:
capacity:
- storage: {{ .Values.persistence.size }}
+ storage: {{ $root.Values.persistence.size }}
accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ - {{ $root.Values.persistence.accessMode }}
hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
+ path: {{ $root.Values.persistence.mountPath }}/{{ $root.Release.Name }}/{{ $root.Values.persistence.mountSubPath }}-{{ $i }}
+ persistentVolumeReclaimPolicy: {{ $root.Values.persistence.volumeReclaimPolicy }}
+{{ end }}
+{{ end }}
+
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/service.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/service.yaml
index a88cbc4738..88de96b2d5 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/service.yaml
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/service.yaml
@@ -24,10 +24,13 @@ metadata:
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
+ type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
+ clusterIP: None
selector:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
+
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/deployment.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/statefulset.yaml
index 52a3eddf86..163bbc23b6 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/deployment.yaml
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/statefulset.yaml
@@ -13,8 +13,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
+apiVersion: apps/v1beta1
+kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
@@ -24,32 +24,30 @@ metadata:
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
+ serviceName: {{ .Values.service.name }}
replicas: {{ .Values.replicaCount }}
+ podManagementPolicy: Parallel
template:
metadata:
labels:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
spec:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: "app"
+ operator: In
+ values:
+ - {{ include "common.name" . }}
+ topologyKey: "kubernetes.io/hostname"
initContainers:
- - name: {{ include "common.name" . }}-seed-kafka-topics
- command:
- - /bin/bash
- - -c
- - >
- if [ -d /tmp/topics/ECOMP-PORTAL-INBOX-0 ]; then
- echo "nothing to do";
- else
- git clone -b {{ .Values.config.gerritBranch }} --single-branch {{ .Values.config.gerritProject }} /tmp/gerrit;
- echo "Clone complete. Copying from /tmp/gerrit/oom-projects/data-kafka/kafka-logs/* to /tmp/topics";
- cp -var /tmp/gerrit/oom-topics/data-kafka/kafka-logs/* /tmp/topics;
- echo "Done.";
- fi
+ - name: {{ include "common.name" . }}-initcontainer
image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /tmp/topics
- name: kafka-data
- command:
- /root/ready.py
args:
@@ -72,7 +70,7 @@ spec:
{{ include "common.resources" . | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- {{ if eq .Values.liveness.enabled true }}
+ {{ if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
@@ -85,18 +83,36 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: HOST_NAME
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.name
+ - name: HOST_NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
- name: KAFKA_ZOOKEEPER_CONNECT
value: "{{.Values.zookeeper.name}}:{{.Values.zookeeper.port}}"
- name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
value: "INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT"
- name: KAFKA_ADVERTISED_LISTENERS
- value: "INTERNAL_PLAINTEXT://{{ include "common.servicename" . }}:{{.Values.service.internalPort}}"
+ value: "INTERNAL_PLAINTEXT://$(HOST_NAME).{{ .Values.service.name }}.$(HOST_NAMESPACE).svc.cluster.local:{{ .Values.service.internalPort}}"
- name: KAFKA_LISTENERS
value: "INTERNAL_PLAINTEXT://0.0.0.0:{{.Values.service.internalPort}}"
- name: KAFKA_INTER_BROKER_LISTENER_NAME
value: "INTERNAL_PLAINTEXT"
- name: KAFKA_LOG_DIRS
- value: "/kafka/logs"
+ value: "kafka/logs"
+ - name: BROKER_ID_COMMAND
+ value: "hostname | awk -F '-' '{print $NF}'"
+ - name: KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR
+ value: "{{ .Values.replicaCount }}"
+ - name: KAFKA_DEFAULT_REPLICATION_FACTOR
+ value: "{{ .Values.replicaCount }}"
+ - name: KAFKA_NUM_PARTITIONS
+ value: "{{ .Values.defaultpartitions }}"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
@@ -112,8 +128,30 @@ spec:
- name: docker-socket
hostPath:
path: /var/run/docker.sock
+{{ if not .Values.persistence.enabled }}
- name: kafka-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
+ emptyDir: {}
+{{ else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: kafka-data
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode | quote }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+ selector:
+ matchLabels:
+ release: "{{ .Release.Name }}"
+ app: {{ .Values.service.name }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ heritage: "{{ .Release.Service }}"
+{{ end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml
index 7f26ce28e8..6569729bee 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/values.yaml
@@ -41,16 +41,12 @@ zookeeper:
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- # gerrit branch where the latest code is checked in
- gerritBranch: master
- # gerrit project where the latest code is checked in
- gerritProject: http://gerrit.onap.org/r/dmaap/messagerouter/messageservice.git
+# default number of instances
+replicaCount: 3
+# defult partitions
+defaultpartitions: 3
-# default number of instances
-replicaCount: 1
nodeSelector: {}
@@ -92,7 +88,7 @@ persistence:
mountSubPath: message-router/data-kafka
service:
- type: NodePort
+ type: ClusterIP
name: message-router-kafka
portName: message-router-kafka
internalPort: 9092
@@ -120,3 +116,4 @@ resources:
cpu: 1000m
memory: 2Gi
unlimited: {}
+
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/poddisruptionbudget.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/poddisruptionbudget.yaml
new file mode 100644
index 0000000000..0bc64e7682
--- /dev/null
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/poddisruptionbudget.yaml
@@ -0,0 +1,28 @@
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ include "common.fullname" . }}-pdb
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.fullname" . }}
+ maxUnavailable: 1
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pv.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pv.yaml
index bf372b3744..44c9576abe 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pv.yaml
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pv.yaml
@@ -1,6 +1,4 @@
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,26 +11,29 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
+{{- $root := . -}}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolume
+{{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }}
+---
apiVersion: v1
+kind: PersistentVolume
metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
+ name: {{ $root.Release.Name }}-{{ $root.Values.service.name }}-{{ $i }}
+ namespace: {{ $root.Release.Namespace }}
labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ .Release.Name }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
+ app: {{ $root.Values.service.name }}
+ chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }}
+ release: {{ $root.Release.Name }}
+ heritage: {{ $root.Release.Service }}
spec:
capacity:
- storage: {{ .Values.persistence.size }}
+ storage: {{ $root.Values.persistence.size }}
accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ - {{ $root.Values.persistence.accessMode }}
hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
+ path: {{ $root.Values.persistence.mountPath }}/{{ $root.Release.Name }}/{{ $root.Values.persistence.mountSubPath }}-{{ $i }}
+ persistentVolumeReclaimPolicy: {{ $root.Values.persistence.volumeReclaimPolicy }}
+{{ end }}
+{{ end }}
+
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/service.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/service.yaml
index 06bf063857..da494b0ba5 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/service.yaml
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/service.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -24,10 +24,15 @@ metadata:
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
+ type: {{ .Values.service.type }}
ports:
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
+ - port: {{ .Values.service.clientPort }}
+ name: {{ .Values.service.clientPortName }}
+ - port: {{ .Values.service.serverPort }}
+ name: {{ .Values.service.serverPortName }}
+ - port: {{ .Values.service.leaderElectionPort }}
+ name: {{ .Values.service.leaderElectionPortName }}
+ clusterIP: None
selector:
app: {{ include "common.name" . }}
- release: {{ .Release.Name }}
- clusterIP: None
+ release: {{ .Release.Name }} \ No newline at end of file
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/deployment.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
index 6c1f762118..14f27949a7 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/deployment.yaml
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/statefulset.yaml
@@ -13,8 +13,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
+apiVersion: apps/v1beta1
+kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
@@ -24,15 +24,32 @@ metadata:
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
+ serviceName: {{ .Values.service.name }}
replicas: {{ .Values.replicaCount }}
+ updateStrategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxUnavailable: {{ .Values.maxUnavailable }}
+ podManagementPolicy: Parallel
template:
metadata:
labels:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
spec:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: "app"
+ operator: In
+ values:
+ - {{ include "common.name" . }}
+ topologyKey: "kubernetes.io/hostname"
initContainers:
- - name: {{ include "common.name" . }}-seed-zookeeper-topics
+ - name: {{ include "common.name" . }}-seed-topics-apikeys
command:
- /bin/bash
- -c
@@ -57,31 +74,73 @@ spec:
resources:
{{ include "common.resources" . | indent 12 }}
ports:
- - containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.clientPort }}
+ name: {{ .Values.service.clientPortName }}
+ - containerPort: {{ .Values.service.serverPort }}
+ name: {{ .Values.service.serverPortName }}
+ - containerPort: {{ .Values.service.leaderElectionPort }}
+ name: {{ .Values.service.leaderElectionPortName }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
+ exec:
+ command:
+ - sh
+ - -c
+ - "zookeeper-ready.sh 2181"
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
+ exec:
+ command:
+ - sh
+ - -c
+ - "zookeeper-ready.sh 2181"
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: ZK_REPLICAS
+ value: "{{ .Values.replicaCount }}"
+ - name: ZK_INIT_LIMIT
+ value: "{{ .Values.zk.initLimit }}"
+ - name: ZK_SYNC_LIMIT
+ value: "{{ .Values.zk.syncLimit }}"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /opt/zookeeper-3.4.9/data
+ - mountPath: /var/lib/zookeeper/data
name: zookeeper-data
volumes:
- name: localtime
hostPath:
path: /etc/localtime
+{{ if not .Values.persistence.enabled }}
- name: zookeeper-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
+ emptyDir: {}
+{{ else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: zookeeper-data
+ labels:
+ app: {{ include "common.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode | quote }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+ selector:
+ matchLabels:
+ release: "{{ .Release.Name }}"
+ app: {{ .Values.service.name }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ heritage: "{{ .Release.Service }}"
+{{ end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+
+
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml
index 6e61206818..7b9e9eb58a 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml
+++ b/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/values.yaml
@@ -29,8 +29,8 @@ global:
# Application configuration defaults.
#################################################################
# application image
-repository: docker.io
-image: wurstmeister/zookeeper:latest
+repository: nexus3.onap.org:10001
+image: onap/dmaap/zookeeper:1.0.0
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
@@ -45,7 +45,7 @@ config:
gerritProject: http://gerrit.onap.org/r/dmaap/messagerouter/messageservice.git
# default number of instances
-replicaCount: 1
+replicaCount: 3
nodeSelector: {}
@@ -63,6 +63,11 @@ readiness:
initialDelaySeconds: 10
periodSeconds: 10
+#Zookeeper properties
+zk:
+ initLimit: 5
+ syncLimit: 2
+
## Persist data to a persitent volume
persistence:
enabled: true
@@ -84,13 +89,21 @@ persistence:
accessMode: ReadWriteMany
size: 2Gi
mountPath: /dockerdata-nfs
- mountSubPath: message-router/data-zookeeper/
+ mountSubPath: message-router/data-zookeeper
+
+rollingUpdate:
+ maxUnavailable: 1
service:
- type: NodePort
+ type: ClusterIP
name: message-router-zookeeper
portName: message-router-zookeeper
- internalPort: 2181
+ clientPortName: client
+ clientPort: 2181
+ serverPortName: server
+ serverPort: 2888
+ leaderElectionPortName: leader-election
+ leaderElectionPort: 3888
ingress:
enabled: false
diff --git a/kubernetes/dmaap/charts/message-router/resources/config/dmaap/MsgRtrApi.properties b/kubernetes/dmaap/charts/message-router/resources/config/dmaap/MsgRtrApi.properties
index 99eaeb298c..d40d2a1468 100755
--- a/kubernetes/dmaap/charts/message-router/resources/config/dmaap/MsgRtrApi.properties
+++ b/kubernetes/dmaap/charts/message-router/resources/config/dmaap/MsgRtrApi.properties
@@ -1,5 +1,4 @@
-###############################################################################
-# ============LICENSE_START=======================================================
+# LICENSE_START=======================================================
# org.onap.dmaap
# ================================================================================
# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
@@ -122,7 +121,7 @@ cambria.consumer.cache.touchFreqMs=120000
## hostname is determined via InetAddress.getLocalHost ().getCanonicalHostName(),
## which is not always adequate.) You can set this value explicitly here.
##
-cambria.api.node.identifier=message-router
+#cambria.api.node.identifier=<use-something-unique-to-this-instance>
#cambria.rateLimit.maxEmptyPollsPerMinute=30
#cambria.rateLimitActual.delay.ms=10
@@ -138,7 +137,9 @@ cambria.api.node.identifier=message-router
#metrics.send.cambria.sendEverySeconds=60
cambria.consumer.cache.zkBasePath=/fe3c/cambria/consumerCache
-
+consumer.timeout=17
+default.partitions=3
+default.replicas=3
##############################################################################
#100mb
maxcontentlength=10000
@@ -165,4 +166,5 @@ msgRtr.mirrormaker.consumerid=1
kafka.max.poll.interval.ms=300000
kafka.heartbeat.interval.ms=60000
kafka.session.timeout.ms=240000
-kafka.max.poll.records=1000 \ No newline at end of file
+kafka.max.poll.records=1000
+
diff --git a/kubernetes/dmaap/charts/message-router/templates/deployment.yaml b/kubernetes/dmaap/charts/message-router/templates/statefulset.yaml
index 4e12ded493..bdd134ac64 100644
--- a/kubernetes/dmaap/charts/message-router/templates/deployment.yaml
+++ b/kubernetes/dmaap/charts/message-router/templates/statefulset.yaml
@@ -12,8 +12,8 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
-kind: Deployment
+apiVersion: apps/v1beta1
+kind: StatefulSet
metadata:
name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
diff --git a/kubernetes/dmaap/charts/message-router/values.yaml b/kubernetes/dmaap/charts/message-router/values.yaml
index bd1c660d9d..5d01e55077 100644
--- a/kubernetes/dmaap/charts/message-router/values.yaml
+++ b/kubernetes/dmaap/charts/message-router/values.yaml
@@ -28,7 +28,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dmaap/dmaap-mr:1.1.8
+image: onap/dmaap/dmaap-mr:1.1.9
pullPolicy: Always
kafka:
@@ -53,14 +53,14 @@ affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 70
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 120
+ initialDelaySeconds: 70
periodSeconds: 10
service:
diff --git a/kubernetes/log/charts/log-logstash/values.yaml b/kubernetes/log/charts/log-logstash/values.yaml
index 955a02a11e..246b812d42 100644
--- a/kubernetes/log/charts/log-logstash/values.yaml
+++ b/kubernetes/log/charts/log-logstash/values.yaml
@@ -41,7 +41,7 @@ config:
# default number of instances
# 30+ logs/sec will saturate a single node to 6+ vCores
-replicaCount: 5
+replicaCount: 3
nodeSelector: {}
@@ -93,4 +93,4 @@ resources:
requests:
cpu: 2
memory: 4Gi
- unlimited: {} \ No newline at end of file
+ unlimited: {}
diff --git a/kubernetes/multicloud/charts/multicloud-ocata/values.yaml b/kubernetes/multicloud/charts/multicloud-ocata/values.yaml
index c266bdbfae..8cc6b3baab 100644
--- a/kubernetes/multicloud/charts/multicloud-ocata/values.yaml
+++ b/kubernetes/multicloud/charts/multicloud-ocata/values.yaml
@@ -24,7 +24,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-ocata:1.2.1
+image: onap/multicloud/openstack-ocata:1.2.2
pullPolicy: Always
#Istio sidecar injection policy
diff --git a/kubernetes/multicloud/charts/multicloud-pike/values.yaml b/kubernetes/multicloud/charts/multicloud-pike/values.yaml
index 962a3ca175..eedef28483 100644
--- a/kubernetes/multicloud/charts/multicloud-pike/values.yaml
+++ b/kubernetes/multicloud/charts/multicloud-pike/values.yaml
@@ -23,7 +23,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-pike:1.2.1
+image: onap/multicloud/openstack-pike:1.2.2
pullPolicy: Always
#Istio sidecar injection policy
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/Chart.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/Chart.yaml
new file mode 100644
index 0000000000..fb82c2cb03
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Multicloud Prometheus
+name: multicloud-prometheus
+version: 3.0.0
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/Chart.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/Chart.yaml
new file mode 100644
index 0000000000..846ea6f292
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Multicloud Prometheus Alert Manager
+name: prometheus-alertmanager
+version: 3.0.0
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/resources/config/alertmanager.yml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/resources/config/alertmanager.yml
new file mode 100644
index 0000000000..3dd1acb5b0
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/resources/config/alertmanager.yml
@@ -0,0 +1,14 @@
+global: {}
+ # slack_api_url: ''
+
+receivers:
+ - name: default-receiver
+ # slack_configs:
+ # - channel: '@you'
+ # send_resolved: true
+
+route:
+ group_wait: 10s
+ group_interval: 5m
+ receiver: default-receiver
+ repeat_interval: 3h \ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/configmap.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/configmap.yaml
new file mode 100644
index 0000000000..af102b1d74
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/configmap.yaml
@@ -0,0 +1,32 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.alertmanager.enabled -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{- end -}}
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/deployment.yaml
new file mode 100644
index 0000000000..b105b12dc2
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/deployment.yaml
@@ -0,0 +1,100 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.alertmanager.enabled -}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ name: {{ include "common.name" . }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}-configmap-reload
+ image: "{{ .Values.global.configmapReload.image.repository }}:{{ .Values.global.configmapReload.image.tag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --volume-dir=/etc/config
+ - --webhook-url=http://localhost:9093/-/reload
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /etc/config
+ readOnly: true
+
+ - name: {{ include "common.name" . }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --config.file=/etc/config/alertmanager.yml
+ - --storage.path={{ .Values.persistence.containerMountPath }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ {{- if .Values.readiness.enabled }}
+ readinessProbe:
+ httpGet:
+ path: /#/status
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ {{ end -}}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /etc/config
+ - name: {{ include "common.fullname" . }}-storage
+ mountPath: {{ .Values.persistence.containerMountPath }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-storage
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ restartPolicy: Always
+
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pv.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pv.yaml
new file mode 100644
index 0000000000..62203fb329
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pv.yaml
@@ -0,0 +1,41 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.alertmanager.enabled -}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
+
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pvc.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pvc.yaml
new file mode 100644
index 0000000000..8ea5faca82
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/pvc.yaml
@@ -0,0 +1,52 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.alertmanager.enabled -}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if .Values.persistence.annotations }}
+ annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end -}}
+
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/service.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/service.yaml
new file mode 100644
index 0000000000..38e628ce08
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/templates/service.yaml
@@ -0,0 +1,52 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.alertmanager.enabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - name: {{ .Values.service.portName }}
+ {{if eq .Values.service.type "NodePort" -}}
+ port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }}
+ {{- else -}}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- end}}
+ protocol: TCP
+{{- if .Values.service.meshpeer.enabled }}
+ - name: {{ .Values.service.meshpeer.portName }}
+ port: {{ .Values.service.meshpeer.port }}
+ targetPort: {{ .Values.service.meshpeer.port }}
+ protocol: TCP
+{{- end }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/values.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/values.yaml
new file mode 100644
index 0000000000..ccd70b30cf
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-alertmanager/values.yaml
@@ -0,0 +1,87 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+#Alertmanager Configuration
+image:
+ repository: prom/alertmanager
+ tag: v0.15.2
+
+persistence:
+ enabled: true
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 2Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: multicloud/prometheus/alertmanager
+ containerMountPath: /alertmanager/data
+
+#Service configuration for this chart
+service:
+ type: ClusterIP
+ name: multicloud-prometheus-alertmanager
+ portName: prometheus-alertmanager
+ internalPort: 9093
+ externalPort: 9093
+
+ meshpeer:
+ enabled: false
+ portName: multicloud-prometheus-meshpeer
+ port: 6783
+
+# probe configuration parameters
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 30
+ timeoutSeconds: 30
+ enabled: true
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+ingress:
+ enabled: false
+
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 20m
+ memory: 2Gi
+ unlimited: {}
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/Chart.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/Chart.yaml
new file mode 100644
index 0000000000..efcd4328b3
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Multicloud Grafana for Prometheus
+name: prometheus-grafana
+version: 3.0.0
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/resources/config/grafana.ini b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/resources/config/grafana.ini
new file mode 100644
index 0000000000..9dc0f09cd9
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/resources/config/grafana.ini
@@ -0,0 +1,11 @@
+paths:
+ data: /var/lib/grafana/data
+ logs: /var/log/grafana
+ plugins: /var/lib/grafana/plugins
+ provisioning: /etc/grafana/provisioning
+analytics:
+ check_for_updates: true
+log:
+ mode: console
+grafana_net:
+ url: https://grafana.net \ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/configmap.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/configmap.yaml
new file mode 100644
index 0000000000..f55fc155aa
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/configmap.yaml
@@ -0,0 +1,96 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.grafana.enabled -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{- if .Values.datasources }}
+ {{- range $key, $value := .Values.datasources }}
+ {{ $key }}: |
+{{ toYaml $value | indent 4 }}
+ {{- end -}}
+{{- end -}}
+
+{{- if .Values.dashboardProviders }}
+ {{- range $key, $value := .Values.dashboardProviders }}
+ {{ $key }}: |
+{{ toYaml $value | indent 4 }}
+ {{- end -}}
+{{- end -}}
+
+{{- if .Values.dashboards }}
+ download_dashboards.sh: |
+ #!/usr/bin/env sh
+ set -euf
+ {{- if .Values.dashboardProviders }}
+ {{- range $key, $value := .Values.dashboardProviders }}
+ {{- range $value.providers }}
+ mkdir -p {{ .options.path }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- range $provider, $dashboards := .Values.dashboards }}
+ {{- range $key, $value := $dashboards }}
+ {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }}
+ curl -sk \
+ --connect-timeout 60 \
+ --max-time 60 \
+ -H "Accept: application/json" \
+ -H "Content-Type: application/json;charset=UTF-8" \
+ {{- if $value.url -}}{{ $value.url }}{{- else -}} https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download{{- end -}}{{ if $value.datasource }}| sed 's|\"datasource\":[^,]*|\"datasource\": \"{{ $value.datasource }}\"|g'{{ end }} \
+ > /var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{- end }}
+
+{{- if .Values.dashboards }}
+ {{- range $provider, $dashboards := .Values.dashboards }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" $ }}-dashboards-{{ $provider }}
+ namespace: {{ include "common.namespace" $ }}
+ labels:
+ app: {{ include "common.name" $ }}
+ chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }}
+ release: {{ $.Release.Name }}
+ heritage: {{ $.Release.Service }}
+ dashboard-provider: {{ $provider }}
+data:
+ {{- range $key, $value := $dashboards }}
+ {{- if hasKey $value "json" }}
+ {{ $key }}.json: |
+{{ $value.json | indent 4 }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+
+{{- end }}
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/deployment.yaml
new file mode 100644
index 0000000000..6c477983cb
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/deployment.yaml
@@ -0,0 +1,139 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.grafana.enabled -}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ name: {{ include "common.name" . }}
+ spec:
+ {{- if .Values.dashboards }}
+ initContainers:
+ - name: {{ include "common.name" . }}-download-dashboards
+ image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["sh", "/etc/grafana/download_dashboards.sh"]
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: "/etc/grafana/download_dashboards.sh"
+ subPath: download_dashboards.sh
+ - name: {{ include "common.fullname" . }}-storage
+ mountPath: {{ .Values.persistence.containerMountPath }}
+ {{- end }}
+
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ protocol: TCP
+ {{- if .Values.liveness.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /api/health
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end -}}
+ {{- if .Values.readiness.enabled }}
+ readinessProbe:
+ httpGet:
+ path: /api/health
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ {{ end -}}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: "/etc/grafana/grafana.ini"
+ subPath: grafana.ini
+ - name: {{ include "common.fullname" . }}-storage
+ mountPath: {{ .Values.persistence.containerMountPath }}
+ {{- if .Values.dashboards }}
+ {{- range $provider, $dashboards := .Values.dashboards }}
+ {{- range $key, $value := $dashboards }}
+ {{- if hasKey $value "json" }}
+ - name: {{ include "common.fullname" $ }}-dashboards-{{ $provider }}
+ mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json"
+ subPath: "{{ $key }}.json"
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end -}}
+ {{- if .Values.datasources }}
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: "/etc/grafana/provisioning/datasources/datasources.yaml"
+ subPath: datasources.yaml
+ {{- end }}
+ {{- if .Values.dashboardProviders }}
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: "/etc/grafana/provisioning/dashboards/dashboardproviders.yaml"
+ subPath: dashboardproviders.yaml
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-storage
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ {{- if .Values.dashboards }}
+ {{- range keys .Values.dashboards }}
+ - name: {{ include "common.fullname" $ }}-dashboards-{{ . }}
+ configMap:
+ name: {{ include "common.fullname" $ }}-dashboards-{{ . }}
+ {{- end }}
+ {{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ restartPolicy: Always
+
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pv.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pv.yaml
new file mode 100644
index 0000000000..aa3a956c06
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pv.yaml
@@ -0,0 +1,41 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.grafana.enabled -}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
+
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pvc.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pvc.yaml
index 1deed4e92a..2900395d17 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-zookeeper/templates/pvc.yaml
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/pvc.yaml
@@ -1,6 +1,5 @@
{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright 2018 Intel Corporation, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -15,6 +14,8 @@
# limitations under the License.
*/}}
+{{- if .Values.global.grafana.enabled -}}
+
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
kind: PersistentVolumeClaim
apiVersion: v1
@@ -47,3 +48,5 @@ spec:
{{- end }}
{{- end }}
{{- end -}}
+
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/service.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/service.yaml
new file mode 100644
index 0000000000..35ddd796f8
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/templates/service.yaml
@@ -0,0 +1,46 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.grafana.enabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - name: {{ .Values.service.portName }}
+ {{if eq .Values.service.type "NodePort" -}}
+ port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }}
+ {{- else -}}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- end}}
+ protocol: TCP
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/values.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/values.yaml
new file mode 100644
index 0000000000..43f4e93a6f
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/charts/prometheus-grafana/values.yaml
@@ -0,0 +1,114 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+#Alertmanager Configuration
+image:
+ repository: grafana/grafana
+ tag: 5.2.4
+
+downloadDashboardsImage:
+ repository: appropriate/curl
+ tag: latest
+
+persistence:
+ enabled: true
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 10Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: multicloud/prometheus/grafana
+ containerMountPath: /grafana/data
+
+#Service configuration for this chart
+service:
+ type: ClusterIP
+ name: multicloud-prometheus-grafana
+ portName: prometheus-grafana
+ internalPort: 3000
+ externalPort: 3000
+
+#Grafana Datasources
+datasources:
+ datasources.yaml:
+ apiVersion: 1
+ datasources:
+ - name: Prometheus
+ type: prometheus
+ #Make sure the port number matches for the prometheus service
+ url: http://multicloud-prometheus:9090
+ access: proxy
+ isDefault: true
+
+
+#Grafana Dashboard providers
+dashboardProviders: {}
+
+#Grafana Dashboards for importing
+#This requires dashboardProviders to be enabled with some data
+#The dashboards will be downloaded from the URL provided in
+#dashboardProviders
+dashboards: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 30
+ timeoutSeconds: 30
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 30
+ timeoutSeconds: 30
+ enabled: true
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+ingress:
+ enabled: false
+
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 20m
+ memory: 2Gi
+ unlimited: {}
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/resources/config/prometheus.yml b/kubernetes/multicloud/charts/multicloud-prometheus/resources/config/prometheus.yml
new file mode 100644
index 0000000000..0355b48ab5
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/resources/config/prometheus.yml
@@ -0,0 +1,37 @@
+global:
+ scrape_interval: 1m
+ scrape_timeout: 10s
+ evaluation_interval: 1m
+
+rule_files:
+ - /etc/config/rules
+ - /etc/config/alerts
+
+scrape_configs:
+ - job_name: prometheus
+ static_configs:
+ - targets:
+ - localhost:9090
+ {{/*
+ #Add more jobs after this indent if needed
+ */}}
+
+{{- if .Values.global.alertmanager.enabled }}
+alerting:
+ alertmanagers:
+ - kubernetes_sd_configs:
+ - role: pod
+ relabel_configs:
+ - source_labels: [__meta_kubernetes_namespace]
+ regex: {{ include "common.namespace" . }}
+ action: keep
+ - source_labels: [__meta_kubernetes_pod_label_app]
+ regex: prometheus
+ action: keep
+ - source_labels: [__meta_kubernetes_pod_label_component]
+ regex: alertmanager
+ action: keep
+ - source_labels: [__meta_kubernetes_pod_container_port_number]
+ regex:
+ action: drop
+{{- end -}}
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/configmap.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/templates/configmap.yaml
new file mode 100644
index 0000000000..a5aff3480b
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/templates/configmap.yaml
@@ -0,0 +1,32 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.prometheus.enabled -}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/templates/deployment.yaml
new file mode 100644
index 0000000000..562755db91
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/templates/deployment.yaml
@@ -0,0 +1,125 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.prometheus.enabled -}}
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ name: {{ include "common.name" . }}
+ spec:
+ initContainers:
+ - image: "{{ .Values.global.busyboxRepository }}/{{ .Values.global.busyboxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-chown-init
+ command: ["chown", "-R", "65534:65534", "{{ .Values.persistence.containerMountPath }}"]
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-storage
+ mountPath: {{ .Values.persistence.containerMountPath }}
+ containers:
+ - name: {{ include "common.name" . }}-configmap-reload
+ image: "{{ .Values.global.configmapReload.image.repository }}:{{ .Values.global.configmapReload.image.tag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --volume-dir=/etc/config
+ - --webhook-url=http://localhost:9090/-/reload
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /etc/config
+ readOnly: true
+
+ - name: {{ include "common.name" . }}-server
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --config.file=/etc/config/prometheus.yml
+ - --storage.tsdb.path={{ .Values.persistence.containerMountPath }}
+ - --web.console.libraries=/etc/prometheus/console_libraries
+ - --web.console.templates=/etc/prometheus/consoles
+ - --web.enable-lifecycle
+ {{- if .Values.server.enableAdminApi }}
+ - --web.enable-admin-api
+ {{- end }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if .Values.liveness.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /-/healthy
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ {{ end -}}
+ {{- if .Values.readiness.enabled }}
+ readinessProbe:
+ httpGet:
+ path: /-/ready
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ {{ end -}}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /etc/config
+ - name: {{ include "common.fullname" . }}-storage
+ mountPath: {{ .Values.persistence.containerMountPath }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-storage
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ restartPolicy: Always
+
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/pv.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/templates/pv.yaml
new file mode 100644
index 0000000000..961b6bba63
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/templates/pv.yaml
@@ -0,0 +1,41 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.prometheus.enabled -}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
+
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pvc.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/templates/pvc.yaml
index 1deed4e92a..73fcc30ba6 100644
--- a/kubernetes/dmaap/charts/message-router/charts/message-router-kafka/templates/pvc.yaml
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/templates/pvc.yaml
@@ -1,6 +1,5 @@
{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright 2018 Intel Corporation, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -15,6 +14,8 @@
# limitations under the License.
*/}}
+{{- if .Values.global.prometheus.enabled -}}
+
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
kind: PersistentVolumeClaim
apiVersion: v1
@@ -47,3 +48,5 @@ spec:
{{- end }}
{{- end }}
{{- end -}}
+
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/templates/service.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/templates/service.yaml
new file mode 100644
index 0000000000..88f5cac526
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/templates/service.yaml
@@ -0,0 +1,46 @@
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.prometheus.enabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - name: {{ .Values.service.portName }}
+ {{if eq .Values.service.type "NodePort" -}}
+ port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }}
+ {{- else -}}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- end}}
+ protocol: TCP
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/multicloud/charts/multicloud-prometheus/values.yaml b/kubernetes/multicloud/charts/multicloud-prometheus/values.yaml
new file mode 100644
index 0000000000..5065392214
--- /dev/null
+++ b/kubernetes/multicloud/charts/multicloud-prometheus/values.yaml
@@ -0,0 +1,108 @@
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:latest
+ alertmanager:
+ enabled: false
+ grafana:
+ enabled: false
+ configmapReload:
+ image:
+ repository: jimmidyson/configmap-reload
+ tag: v0.2.2
+ persistence: {}
+
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+#Server Configuration
+image:
+ repository: prom/prometheus
+ tag: v2.4.0
+
+server:
+ enableAdminApi: false
+
+persistence:
+ enabled: true
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ size: 8Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: multicloud/prometheus/server
+ containerMountPath: /prometheus/data
+
+#Service configuration for this chart
+service:
+ type: ClusterIP
+ name: multicloud-prometheus
+ portName: multicloud-prometheus
+ internalPort: 9090
+ externalPort: 9090
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 30
+ timeoutSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 30
+ timeoutSeconds: 30
+ enabled: true
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+ingress:
+ enabled: false
+
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 20m
+ memory: 2Gi
+ unlimited: {}
diff --git a/kubernetes/multicloud/charts/multicloud-windriver/values.yaml b/kubernetes/multicloud/charts/multicloud-windriver/values.yaml
index f9039d94e9..c453ed5a19 100644
--- a/kubernetes/multicloud/charts/multicloud-windriver/values.yaml
+++ b/kubernetes/multicloud/charts/multicloud-windriver/values.yaml
@@ -24,7 +24,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-windriver:1.2.1
+image: onap/multicloud/openstack-windriver:1.2.2
pullPolicy: Always
#Istio sidecar injection policy
diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml
index 01358410fe..8ebcb826ae 100644
--- a/kubernetes/multicloud/values.yaml
+++ b/kubernetes/multicloud/values.yaml
@@ -20,13 +20,15 @@ global:
nodePortPrefix: 302
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ prometheus:
+ enabled: false
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/framework:1.2.1
+image: onap/multicloud/framework:1.2.2
pullPolicy: Always
#Istio sidecar injection policy
diff --git a/kubernetes/onap/resources/environments/dev.yaml b/kubernetes/onap/resources/environments/dev.yaml
index 386a3cf395..6be1a0073c 100644
--- a/kubernetes/onap/resources/environments/dev.yaml
+++ b/kubernetes/onap/resources/environments/dev.yaml
@@ -75,6 +75,8 @@ esr:
enabled: false
log:
enabled: false
+ log-logstash:
+ replicaCount: 1
sniro-emulator:
enabled: false
oof:
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 62999b2bdc..1ca2b8470a 100644
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -112,7 +112,7 @@ portal:
robot:
enabled: true
config:
-# openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment
+ # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment
openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
sdc:
enabled: true
diff --git a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml
index a970f38157..98c6b4a050 100644
--- a/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml
+++ b/kubernetes/oof/charts/oof-cmso/charts/oof-cmso-service/values.yaml
@@ -65,7 +65,7 @@ service:
internalPort: 8080
externalPort: 8080
#nodePort: 23
- # as of 20181022 port 23 is reserved for cmso
+ # as of 20181022 port 23 is reserved for cmso
# see https://wiki.onap.org/display/DW/OOM+NodePort+List
@@ -94,9 +94,18 @@ ingress:
# Minimum memory for development is 2 CPU cores and 4GB memory
# Minimum memory for production is 4 CPU cores and 8GB memory
resources:
- limits:
- cpu: 1
- memory: 1.2Gi
- requests:
- cpu: 10m
- memory: 800Mi
+ small:
+ limits:
+ cpu: 1
+ memory: 1.2Gi
+ requests:
+ cpu: 10m
+ memory: 800Mi
+ large:
+ limits:
+ cpu: 1
+ memory: 1.2Gi
+ requests:
+ cpu: 10m
+ memory: 800Mi
+ unlimited: {}
diff --git a/kubernetes/oof/charts/oof-has/values.yaml b/kubernetes/oof/charts/oof-has/values.yaml
index d825e4437b..d223f4b9a2 100755
--- a/kubernetes/oof/charts/oof-has/values.yaml
+++ b/kubernetes/oof/charts/oof-has/values.yaml
@@ -25,7 +25,7 @@ global:
commonConfigPrefix: onap-oof-has
image:
readiness: oomk8s/readiness-check:2.0.0
- optf_has: onap/optf-has:1.2.4
+ optf_has: onap/optf-has:1.2.5
filebeat: docker.elastic.co/beats/filebeat:5.5.0
pullPolicy: Always
diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/scripts/bootstrap.sh b/kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/scripts/bootstrap.sh
index 1c2608ac7d..e9b6f34bd3 100644
--- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/scripts/bootstrap.sh
+++ b/kubernetes/pnda/charts/dcae-pnda-bootstrap/resources/scripts/bootstrap.sh
@@ -49,17 +49,21 @@ KUBE_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
for i in 1 2 3 4 5 6 7 8 9
do
- MIRROR_IP=$(curl -s $KUBE_API/namespaces/{{ include "common.namespace" . }}/services/dcae-pnda-mirror \
- --header "Authorization: Bearer $KUBE_TOKEN" \
- --insecure | jq -r '.status.loadBalancer.ingress[0].ip')
+ MIRROR_IP=$(curl -s $KUBE_API/namespaces/{{ include "common.namespace" . }}/pods \
+ --header "Authorization: Bearer $KUBE_TOKEN" \
+ --insecure | jq -r '.items[].status | select(.containerStatuses != null) | select(.containerStatuses[].ready and .containerStatuses[].name=="dcae-pnda-mirror") | .hostIP')
+ MIRROR_PORT=$(curl -s $KUBE_API/namespaces/{{ include "common.namespace" . }}/services/dcae-pnda-mirror \
+ --header "Authorization: Bearer $KUBE_TOKEN" \
+ --insecure | jq -r '.spec.ports[] | select(.name=="dcae-pnda-mirror") | .nodePort')
- if [ "$MIRROR_IP" != "null" ]; then
+ if [ "x${MIRROR_IP}" != "xnull" -a "x${MIRROR_PORT}" != "xnull" ]; then
+ PNDA_MIRROR="http://$MIRROR_IP:$MIRROR_PORT"
break
fi
sleep 5
done
-PNDA_MIRROR="http://$MIRROR_IP:80"
+[ -z "${PNDA_MIRROR}" ] && { echo "Unable to get PNDA mirror IP:PORT"; exit 1; }
sed -i -e 's?CLIENT_IP/32?CLIENT_IP?' bootstrap-scripts/package-install.sh
diff --git a/kubernetes/pnda/charts/dcae-pnda-bootstrap/values.yaml b/kubernetes/pnda/charts/dcae-pnda-bootstrap/values.yaml
index 43f35b62d1..e22b8d26e7 100644
--- a/kubernetes/pnda/charts/dcae-pnda-bootstrap/values.yaml
+++ b/kubernetes/pnda/charts/dcae-pnda-bootstrap/values.yaml
@@ -18,7 +18,7 @@
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
+ nodePortPrefixExt: 304
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
diff --git a/kubernetes/pnda/charts/dcae-pnda-mirror/templates/service.yaml b/kubernetes/pnda/charts/dcae-pnda-mirror/templates/service.yaml
index b233a17348..fd376d16bb 100644
--- a/kubernetes/pnda/charts/dcae-pnda-mirror/templates/service.yaml
+++ b/kubernetes/pnda/charts/dcae-pnda-mirror/templates/service.yaml
@@ -30,7 +30,7 @@ spec:
ports:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
diff --git a/kubernetes/pnda/charts/dcae-pnda-mirror/values.yaml b/kubernetes/pnda/charts/dcae-pnda-mirror/values.yaml
index 6f346b8a8d..34de52a7be 100644
--- a/kubernetes/pnda/charts/dcae-pnda-mirror/values.yaml
+++ b/kubernetes/pnda/charts/dcae-pnda-mirror/values.yaml
@@ -18,7 +18,7 @@
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
+ nodePortPrefixExt: 304
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
@@ -59,9 +59,9 @@ readiness:
periodSeconds: 10
service:
- type: LoadBalancer
- name: dcae-pnda-mirror
- portName: client
+ type: NodePort
+ portName: dcae-pnda-mirror
+ nodePort: "00"
externalPort: 80
internalPort: 80
diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf
index 7afaeaea61..cff0deec5a 100644
--- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf
+++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf
@@ -22,19 +22,19 @@ TRUSTSTORE_PASSWD=Pol1cy_0nap
# Telemetry credentials
-ENGINE_MANAGEMENT_PORT=9696
-ENGINE_MANAGEMENT_HOST=0.0.0.0
-ENGINE_MANAGEMENT_USER=demo@people.osaaf.org
-ENGINE_MANAGEMENT_PASSWORD=demo123456!
+TELEMETRY_PORT=9696
+TELEMETRY_HOST=0.0.0.0
+TELEMETRY_USER=demo@people.osaaf.org
+TELEMETRY_PASSWORD=demo123456!
# nexus repository
-snapshotRepositoryID=policy-nexus-snapshots
-snapshotRepositoryUrl=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots/
-releaseRepositoryID=policy-nexus-releases
-releaseRepositoryUrl=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases/
-repositoryUsername=admin
-repositoryPassword=admin123
+SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots
+SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots/
+RELEASE_REPOSITORY_ID=policy-nexus-releases
+RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases/
+REPOSITORY_USERNAME=admin
+REPOSITORY_PASSWORD=admin123
# Relational (SQL) DB access
diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json b/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json
index c8908c7b91..57542c3510 100644
--- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json
+++ b/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json
@@ -5,7 +5,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,63 +16,49 @@
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
{
- "engineServiceParameters": {
- "name": "PolicyApexPDPEngine",
- "version": "0.0.1",
- "id": 45,
- "instanceCount": 4,
- "deploymentPort": 12345,
- "engineParameters": {
- "executorParameters": {
- "JAVASCRIPT": {
- "parameterClassName": "org.onap.policy.apex.plugins.executor.javascript.JavascriptExecutorParameters"
- }
- },
- "contextParameters": {
- "parameterClassName": "org.onap.policy.apex.context.parameters.ContextParameters",
- "schemaParameters": {
- "Avro": {
- "parameterClassName": "org.onap.policy.apex.plugins.context.schema.avro.AvroSchemaHelperParameters"
- }
- }
- }
- }
- },
- "eventInputParameters": {
- "ApexConsumer": {
- "carrierTechnologyParameters" : {
- "carrierTechnology" : "RESTSERVER",
- "parameterClassName" :
- "org.onap.policy.apex.plugins.event.carrier.restserver.RestServerCarrierTechnologyParameters",
- "parameters" : {
- "standalone" : true,
- "host" : "localhost",
- "port" : 12346
- }
- },
- "eventProtocolParameters":{
- "eventProtocol" : "JSON"
- },
- "synchronousMode" : true,
- "synchronousPeer" : "ApexProducer",
- "synchronousTimeout" : 500
- }
- },
- "eventOutputParameters": {
- "ApexProducer": {
- "carrierTechnologyParameters":{
- "carrierTechnology" : "RESTSERVER",
- "parameterClassName" :
- "org.onap.policy.apex.plugins.event.carrier.restserver.RestServerCarrierTechnologyParameters"
- },
- "eventProtocolParameters":{
- "eventProtocol" : "JSON"
- },
- "synchronousMode" : true,
- "synchronousPeer" : "ApexConsumer",
- "synchronousTimeout" : 500
- }
+ "javaProperties" : [
+ ["javax.net.ssl.trustStore", "/opt/app/policy/apex-pdp/etc/ssl/policy-truststore"],
+ ["javax.net.ssl.trustStorePassword", "UG9sMWN5XzBuYXA="]
+ ],
+ "engineServiceParameters": {
+ "name": "MyApexEngine",
+ "version": "0.0.1",
+ "id": 45,
+ "instanceCount": 4,
+ "deploymentPort": 12345,
+ "policyModelFileName": "examples/models/SampleDomain/SamplePolicyModelJAVASCRIPT.json",
+ "engineParameters": {
+ "executorParameters": {
+ "JAVASCRIPT": {
+ "parameterClassName": "org.onap.policy.apex.plugins.executor.javascript.JavascriptExecutorParameters"
}
+ }
+ }
+ },
+ "eventOutputParameters": {
+ "FirstProducer": {
+ "carrierTechnologyParameters": {
+ "carrierTechnology": "FILE",
+ "parameters": {
+ "standardIo": true
+ }
+ },
+ "eventProtocolParameters": {
+ "eventProtocol": "JSON"
+ }
+ }
+ },
+ "eventInputParameters": {
+ "FirstConsumer": {
+ "carrierTechnologyParameters": {
+ "carrierTechnology": "FILE",
+ "parameters": {
+ "standardIo": true
+ }
+ },
+ "eventProtocolParameters": {
+ "eventProtocol": "JSON"
+ }
+ }
+ }
}
-
-
diff --git a/kubernetes/policy/charts/policy-distribution/resources/config/config.json b/kubernetes/policy/charts/policy-distribution/resources/config/config.json
index b0a6504555..5591e58e32 100644
--- a/kubernetes/policy/charts/policy-distribution/resources/config/config.json
+++ b/kubernetes/policy/charts/policy-distribution/resources/config/config.json
@@ -21,7 +21,8 @@
"host":"0.0.0.0",
"port":6969,
"userName":"healthcheck",
- "password":"zb!XztG34"
+ "password":"zb!XztG34",
+ "https":true
},
"receptionHandlerParameters":{
"SDCReceptionHandler":{
@@ -107,14 +108,14 @@
"xacmlPdpConfiguration":{
"parameterClassName":"org.onap.policy.distribution.forwarding.xacml.pdp.XacmlPdpPolicyForwarderParameterGroup",
"parameters":{
- "useHttps": false,
+ "useHttps": true,
"hostname": "pdp",
"port": 8081,
"userName": "testpdp",
"password": "alpha123",
"clientAuth": "cHl0aG9uOnRlc3Q=",
"isManaged": true,
- "pdpGroup": "pdpGroup"
+ "pdpGroup": "default"
}
},
"apexForwarderConfiguration":{
diff --git a/kubernetes/policy/resources/config/pe/push-policies.sh b/kubernetes/policy/resources/config/pe/push-policies.sh
index f591096cd3..9074b9a63a 100644
--- a/kubernetes/policy/resources/config/pe/push-policies.sh
+++ b/kubernetes/policy/resources/config/pe/push-policies.sh
@@ -139,6 +139,26 @@ curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'A
}
}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
+sleep 2
+
+echo "Create BRMSParamCCVPN Policy"
+curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
+ "policyConfigType": "BRMS_PARAM",
+ "policyName": "com.BRMSParamCCVPN",
+ "policyDescription": "BRMS Param CCVPN policy",
+ "policyScope": "com",
+ "attributes": {
+ "MATCHING": {
+ "controller" : "amsterdam"
+ },
+ "RULE": {
+ "templateName": "ClosedLoopControlName",
+ "closedLoopControlName": "ControlLoop-CCVPN-2179b738-fd36-4843-a71a-a8c24c70c66b",
+ "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-CCVPN-2179b738-fd36-4843-a71a-a8c24c70c66b%0D%0A++trigger_policy%3A+unique-policy-id-16-Reroute%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-16-Reroute%0D%0A++++name%3A+Connectivity Reroute%0D%0A++++description%3A%0D%0A++++actor%3A+SDNC%0D%0A++++recipe%3A+Reroute%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
+ }
+ }
+}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
+
#########################################Create Micro Service Config policies##########################################
echo "Create MicroService Config Policies"
@@ -414,6 +434,15 @@ curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'A
"policyType": "BRMS_Param"
}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
+sleep 2
+
+echo "pushPolicy : PUT : com.BRMSParamCCVPN"
+curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{
+ "pdpGroup": "default",
+ "policyName": "com.BRMSParamCCVPN",
+ "policyType": "BRMS_Param"
+}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
+
#########################################Pushing MicroService Config policies##########################################
echo "Pushing MicroService Config policies"
diff --git a/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties b/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties
index 194ab1d414..41ec250ac8 100644
--- a/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties
+++ b/kubernetes/pomba/charts/pomba-aaictxbuilder/resources/config/application.properties
@@ -28,6 +28,11 @@ server.tomcat.min-spare-threads=25
# AAI REST Client Configuration
aai.serviceName={{ .Values.config.aaiServiceName }}.{{.Release.Namespace}}
aai.servicePort={{ .Values.config.aaiPort }}
+# AAI APIs authentication mode. Valid values: [basic_auth, client_cert]
+aai.authentication=basic_auth
+aai.trustStorePath=n/a
+aai.keyStorePath=n/a
+aai.keyStorePassword=n/a
aai.username={{ .Values.config.aaiUsername }}
aai.password={{ .Values.config.aaiPassword }}
aai.httpProtocol={{ .Values.config.aaiHttpProtocol }}
diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/future-builders/ndcb.properties b/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/ndcb.properties
index f07cb65c31..f07cb65c31 100755..100644
--- a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/future-builders/ndcb.properties
+++ b/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/ndcb.properties
diff --git a/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/sdnc.properties b/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/sdnc.properties
new file mode 100644
index 0000000000..b36f0c3175
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-contextaggregator/resources/config/builders/sdnc.properties
@@ -0,0 +1,27 @@
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+server.host={{ .Values.config.sdncCtxBuilderHost }}
+basicauth.username={{ .Values.config.sdncCtxBuilderUsername }}
+basicauth.password={{ .Values.config.sdncCtxBuilderPassword }}
+server.port={{ .Values.config.ctxBuilderExternalPort }}
+server.protocol=http
+trust.store.path=/auth/tomcat_keystore
+key.store.path=/auth/aai-client-cert.p12
+key.store.password=70c87528c88dcd9f9c2558d30e817868
+key.store.type=PKCS12
+key.manager.factory.algorithm=SunX509
+security.protocol=TLS
+connection.timeout.ms=60000
+read.timeout.ms=60000
+base.uri=/sdnccontextbuilder/v1/service/context
diff --git a/kubernetes/pomba/charts/pomba-data-router/templates/deployment.yaml b/kubernetes/pomba/charts/pomba-data-router/templates/deployment.yaml
index 3244a74f1f..cb5c210da9 100644
--- a/kubernetes/pomba/charts/pomba-data-router/templates/deployment.yaml
+++ b/kubernetes/pomba/charts/pomba-data-router/templates/deployment.yaml
@@ -111,6 +111,8 @@ spec:
name: {{ include "common.fullname" . }}-dynamic-policy
- mountPath: /logs/
name: {{ include "common.fullname" . }}-logs
+ resources:
+{{ include "common.resources" . | indent 10 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
{{- if eq .Values.liveness.enabled true }}
diff --git a/kubernetes/pomba/charts/pomba-elasticsearch/resources/config/elasticsearch.yml b/kubernetes/pomba/charts/pomba-elasticsearch/resources/config/elasticsearch.yml
index 2e469d551f..2ffa686ba5 100644
--- a/kubernetes/pomba/charts/pomba-elasticsearch/resources/config/elasticsearch.yml
+++ b/kubernetes/pomba/charts/pomba-elasticsearch/resources/config/elasticsearch.yml
@@ -131,3 +131,4 @@ xpack.security.enabled: false
xpack.watcher.enabled: false
#Set to false to disable Watcher.
+
diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.crt.pem b/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.crt.pem
new file mode 100644
index 0000000000..11125eaef7
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.crt.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID/TCCAuWgAwIBAgIJALVJyrUvH8uGMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
+VQQGEwJBVTERMA8GA1UECAwIVmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTEd
+MBsGA1UECgwURXhhbXBsZSBPcmdhbml6YXRpb24xGzAZBgNVBAMMEmtpYmFuYS5l
+eGFtcGxlLm9yZzEiMCAGCSqGSIb3DQEJARYTZXhhbXBsZUBleGFtcGxlLm9yZzAe
+Fw0xNjA5MTgwMzU4NTNaFw0yNjA5MTYwMzU4NTNaMIGUMQswCQYDVQQGEwJBVTER
+MA8GA1UECAwIVmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTEdMBsGA1UECgwU
+RXhhbXBsZSBPcmdhbml6YXRpb24xGzAZBgNVBAMMEmtpYmFuYS5leGFtcGxlLm9y
+ZzEiMCAGCSqGSIb3DQEJARYTZXhhbXBsZUBleGFtcGxlLm9yZzCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAK3AKz7Jq8CGR75NcbuUKiLTJhSS0/TBGA9M
+k+OmradT5qWhFKbxUDoMwT4YpUTzkUGUzkGEVbUsrKK4XaYXldRoHOm8mS0aBErk
+g2ffmpi+TiGk5LHykZ0avmYeEsqVESAjVEMuU3fWJzZd4NfUcTKsBA7Ccqfnb3CB
+TS5fbAz/zw1K//XR5ZNCEBOsFD+0oFGKTNLCeMBCwccFNyVI2mNZpDA++HilNiQj
+TEJytBXGcMVZaS+Tc0vENfVWHAAtVdk8+dd6jkpNnDhK1W1TB7HvhScewyEGh9yb
+cK5asE8TBebEvUIrPaVFz+ef/o3lRev0Gq1QUYAoaG7ps9JlDcsCAwEAAaNQME4w
+HQYDVR0OBBYEFIKSLrYMY9fXpCS7OGnyxhS7JzRrMB8GA1UdIwQYMBaAFIKSLrYM
+Y9fXpCS7OGnyxhS7JzRrMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
+ABiu7+GH8WGNPqPUUHP17HHYK41xAyYoKSzCrELKmFLphYhnUQA6EeBY8rjYr3X0
+Z2O0F9J6Cik/kG/uBYW0Oi8PQ0EeSZwzvd+CsAc2EJAryOBpafWRXa2XrOtFkKjq
+jKWHSa0QJsBALiu8+JVfcwXYshbhmdVBxrktxMoY9WpGI7EcZkf77SW5enY4LtSF
+wuRr2lv29YADsa/Q7JV2I4oAbWUjW3513mR5JsefHPk7hXZbRCXqUxFTmWpnDomF
+HDeEDAdSgMgzODnbU/qHI9tmP6iDaCTz/eVfyCMKGYA0oIX1j5GdJ6HXK1OHafJK
+W/M9gDRhQKU0bTXC2CoEOAs=
+-----END CERTIFICATE-----
diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.key.pem b/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.key.pem
new file mode 100644
index 0000000000..db46f0d462
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-kibana/resources/auth/pomba.key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCtwCs+yavAhke+
+TXG7lCoi0yYUktP0wRgPTJPjpq2nU+aloRSm8VA6DME+GKVE85FBlM5BhFW1LKyi
+uF2mF5XUaBzpvJktGgRK5INn35qYvk4hpOSx8pGdGr5mHhLKlREgI1RDLlN31ic2
+XeDX1HEyrAQOwnKn529wgU0uX2wM/88NSv/10eWTQhATrBQ/tKBRikzSwnjAQsHH
+BTclSNpjWaQwPvh4pTYkI0xCcrQVxnDFWWkvk3NLxDX1VhwALVXZPPnXeo5KTZw4
+StVtUwex74UnHsMhBofcm3CuWrBPEwXmxL1CKz2lRc/nn/6N5UXr9BqtUFGAKGhu
+6bPSZQ3LAgMBAAECggEAKE5S+d7ItAGydOf8QTpux+NZix5Agx+kGDB4gi/xSsbA
+051ZcBy8sqqwzVnkROmHwcHmUvaC92NkrN6+AsCn5j08r9ArbHYDlugJv7f0YgiL
+kWxyDQGrW9mPX5sMWuhXr6/iZS9C96K7N/ZxKUBD/jA/RLlA5chfZqboI6DJLP5s
+u03ZW4toaGItLZtPxF07eElE4MGG/TbkoBZ5t79Y98TJP2oO95IpPQa8omqQcDEM
+w0DsbV/dJV9AtyZBfmIRNaG5beiIUH26OQzUJP7FP2eIN4F/CAXLdlMnHtQA1XJz
+QRwMxbfBQ+JfKD7YWedqivrjR0iPMx80M4HSU9DFaQKBgQDa+7F7zDRy4WU0GtfP
+g+ArDUMjQv5pTXA0b2hKjHJRXM3LVo5qNJYWlirHtPjkVL4BJSY+iVl9/lfV2Xrf
+gDXQLcUhABx5HNzZ5p+NyDHWrpZamFkfw9wLwQHXZGG8I+dla/iToHRWEH2QYxdz
+VvfntpyE7XbxzhPPiS5haHGerwKBgQDLHxPn/jm2dSHa6jAidJXFJCMblcDuwIBy
+7Cm7vnRro9Mbx/hZkRPXYWHQ/4WEVlWO9Sgkf4ambPSmdFg8ksQwBBd+l3K5K4Un
+2AIL/PqgZg+anoEYYn1sqiWSc+YiO2GiRaHh5wOWtekEBBH9HcYkmKIXm3JHVdSw
+SpQsryxppQKBgDi7qqDLJ+93a7PTHIRbwzEEL5esHKOFd4NuNZPSzS89HugGVcE4
+PIY/g3fX7/+f4NYFHOJozTGyOmlh/c53tfloUkEZeUb7blBZyo5+BkN7WeLAw55S
+LOkyqNp33EZU+vcwwObmVB2UCiPlOEceif2TNvvNVdqRrFpBTS3ZVE5rAoGAJivk
+9cgU2HESt60i9paqPq4X2us9oqCSgwZWoW2dO01CMwpVZZ+Z9vPaCgi68q+2zHLN
+5G4Cw+vd3honKtr5+3wJXkTfzmSbVW2GlPIpt1L2w7vdztNTdsRS4z7clLpMEs67
+KVTcm8n7zEFnkAW0YtQ8Qet4gmdi3O5nAi65TfECgYEA0Pw2X4R37IrYM7tFDJSz
+zDF4mRmk2qfhHBd8IaIDBpsXSgLcVRduro4HBzf/JeCt8rvw3VMLEFyqwyszpHro
+xNnqPvbMPMCtOvUcr1VtXnO7CzaFNCJrfjYdV8vmDgvbYmBEHzG+LGbnVZIBUhQa
+igVjtqU1uT83+VpR703IcBI=
+-----END PRIVATE KEY-----
diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/bin/kibana_start.sh b/kubernetes/pomba/charts/pomba-kibana/resources/bin/kibana_start.sh
new file mode 100644
index 0000000000..2323fe1280
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-kibana/resources/bin/kibana_start.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+mkdir -p /usr/share/kibana/auth
+chmod 0777 /usr/share/kibana/auth
+
+cp /opt/app/auth/* /usr/share/kibana/auth/.
+
+chmod 0400 /usr/share/kibana/auth/*
+
+/usr/share/kibana/node/bin/node --no-warnings /usr/share/kibana/src/cli --cpu.cgroup.path.override=/ --cpuacct.cgroup.path.override=/
diff --git a/kubernetes/pomba/charts/pomba-kibana/resources/config/kibana.yml b/kubernetes/pomba/charts/pomba-kibana/resources/config/kibana.yml
index 6d31c4453d..fdcdd02cc7 100644
--- a/kubernetes/pomba/charts/pomba-kibana/resources/config/kibana.yml
+++ b/kubernetes/pomba/charts/pomba-kibana/resources/config/kibana.yml
@@ -51,9 +51,9 @@ elasticsearch.username: "elastic"
elasticsearch.password: "changeme"
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
-#server.ssl.enabled: $server_ssl_enabled
-#server.ssl.certificate: $server_ssl_certificate
-#server.ssl.key: $server_ssl_key
+server.ssl.enabled: {{.Values.config.serverSslEnabled}}
+server.ssl.certificate: {{.Values.config.serverSslCertificate}}
+server.ssl.key: {{.Values.config.serverSslKey}}
# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files validate that your Elasticsearch backend uses the same key files.
diff --git a/kubernetes/pomba/charts/pomba-kibana/templates/configmap.yaml b/kubernetes/pomba/charts/pomba-kibana/templates/configmap.yaml
index fd8934b22c..4eb25fedcf 100644
--- a/kubernetes/pomba/charts/pomba-kibana/templates/configmap.yaml
+++ b/kubernetes/pomba/charts/pomba-kibana/templates/configmap.yaml
@@ -19,3 +19,19 @@ metadata:
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-auth
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/auth/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-bin
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/bin/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/pomba/charts/pomba-kibana/templates/deployment.yaml b/kubernetes/pomba/charts/pomba-kibana/templates/deployment.yaml
index e87a04faba..2bc9e796c9 100644
--- a/kubernetes/pomba/charts/pomba-kibana/templates/deployment.yaml
+++ b/kubernetes/pomba/charts/pomba-kibana/templates/deployment.yaml
@@ -117,12 +117,15 @@ spec:
- name: {{ include "common.name" . }}
image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/bin/bash"]
+ args: ["-c", "/opt/app/bin/kibana_start.sh"]
ports:
- containerPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.name }}
readinessProbe:
httpGet:
path: "/"
+ scheme: "HTTPS"
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
@@ -133,6 +136,7 @@ spec:
livenessProbe:
httpGet:
path: "/"
+ scheme: "HTTPS"
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
@@ -143,8 +147,12 @@ spec:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /usr/share/kibana/config/
+ - mountPath: /usr/share/kibana/config
name: {{ include "common.fullname" . }}
+ - mountPath: /opt/app/auth
+ name: {{ include "common.fullname" . }}-auth
+ - mountPath: /opt/app/bin
+ name: {{ include "common.fullname" . }}-bin
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -166,12 +174,20 @@ spec:
- key: kibana.yml
path: kibana.yml
- key: default.json
- path: default.json
+ path: default.json
- key: validationsDump.json
path: validationsDump.json
- key: violationsDump.json
path: violationsDump.json
- key: default-mapping.json
- path: default-mapping.json
+ path: default-mapping.json
+ - name: {{ include "common.fullname" . }}-auth
+ configMap:
+ name: {{ include "common.fullname" . }}-auth
+ defaultMode: 0777
+ - name: {{ include "common.fullname" . }}-bin
+ configMap:
+ name: {{ include "common.fullname" . }}-bin
+ defaultMode: 0777
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/pomba/charts/pomba-kibana/values.yaml b/kubernetes/pomba/charts/pomba-kibana/values.yaml
index aa48263521..fe50e47fda 100644
--- a/kubernetes/pomba/charts/pomba-kibana/values.yaml
+++ b/kubernetes/pomba/charts/pomba-kibana/values.yaml
@@ -45,6 +45,11 @@ config:
elasticsearchServiceName: pomba-es
elasticsearchPort: 9200
+ #Enable HTTPS
+ serverSslEnabled: true
+ serverSslCertificate: /usr/share/kibana/auth/pomba.crt.pem
+ serverSslKey: /usr/share/kibana/auth/pomba.key.pem
+
# default number of instances
replicaCount: 1
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties
index 274a872856..cccba6b7bc 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/application.properties
@@ -31,24 +31,25 @@ server.tomcat.max-idle-time=60000
#Servlet context parameters
server.context_parameters.p-name=value #context parameter with p-name as key and value as value.
+#Enable HTTPS
+server.port={{ .Values.config.serverSslPort }}
+server.ssl.key-store={{ .Values.config.serverSslKeyStore }}
+server.ssl.key-store-password={{ .Values.config.serverSslKeyStorePassword }}
+server.ssl.client-auth={{ .Values.config.serverSslClientAuth }}
+server.ssl.enabled={{ .Values.config.serverSslEnabled }}
+server.ssl.enabled-protocols={{ .Values.config.serverSslEnabledProtocols }}
+
# Basic Authentication
basicAuth.username={{ .Values.config.networkDiscoveryUserId }}
basicAuth.password={{ .Values.config.networkDiscoveryPassword }}
-enricher.types = vserver, l3-network
-enricher.type.vserver.url = /enricher/v11/cloud-infrastructure/vservers/vserver/{0}?sot=!aai
-enricher.type.l3-network.url = /enricher/v11/network/l3-networks/l3-network/{0}?sot=!aai
-
-# Mapping from Enricher Attribute name to POMBA Attribute name in the format
-# <Enricher Attribute Name>:<Pomba Attribute Name>; and separated by semicolon ";"
-# for example,
-# vserser-id:id;
-# means Attribute name "vserver-id" from Enricher will be converted to "id" in POMBA.
-enricher.attributeNameMappingList=Id:id;id:id;vserver-id:id;name:name;locked:inMaintenance; \
- hostname:hostName;status:status;vm_state:vmState;vm-state:vmState;admin_state_up:adminState; \
- favor.disk:flavorDisk;flavor.ephemeral:flavorEphemoral;flavor.extra_specs.hw.cpu_model:flavorHwCpuModel; \
- flavor.extra_specs.hw.cpu_policy:flavorHwCpuPolicy;flavor.extra_specs.hw.mem_page_size:flavorHwMemPageSize; \
- flavor.original_name:flavorOriginalName;flavor.ram:flavorRam;flavor.swap:flavorSwag;flavorvcpus:flavorVcpus; \
- image.id:imageId;hostId:hostId;host:host;host_status:hostStatus;security_group.name:securityGroupName; \
- serverName:serverName;metadata.myservername:otherServerName;shared:sharedNetwork;subnets:subnets; \
- userId:userId;tenant_id:tenantId
+openstack.identity.url ={{ .Values.config.openstackIdentityUrl }}
+openstack.identity.user ={{ .Values.config.openstackUserId }}
+openstack.identity.password ={{ .Values.config.openstackPassword }}
+
+openstack.types = vserver, l3-network
+openstack.type.vserver.url = {{ .Values.config.openstackTypeVserverUrl }}
+openstack.type.l3-network.url = {{ .Values.config.openstackTypeL3NetworkUrl }}
+
+openstack.api.microversion = 2.42
+
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/client-cert-onap.p12 b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/client-cert-onap.p12
new file mode 100644
index 0000000000..dbf4fcacec
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/client-cert-onap.p12
Binary files differ
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/enricher-client-cert.p12 b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/enricher-client-cert.p12
deleted file mode 100644
index 12e0ae94fa..0000000000
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/enricher-client-cert.p12
+++ /dev/null
Binary files differ
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore
new file mode 100644
index 0000000000..9eec841aa2
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/log/logback.xml b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/logback.xml
index 1f00cbddce..0a4b616453 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/log/logback.xml
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/resources/config/logback.xml
@@ -1,30 +1,31 @@
-<configuration>
- <property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}"/>
- <property name="p_lvl" value="%level"/>
- <property name="p_log" value="%logger"/>
- <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
- <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <!-- tabs -->
- <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_thr" value="%thread"/>
- <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <appender name="FILE" class="ch.qos.logback.core.FileAppender">
- <file>output.log</file>
- <encoder>
- <pattern>${pattern}</pattern>
- </encoder>
- </appender>
- <logger level="INFO" name="org.onap.logging.ref.slf4j" additivity="false">
- <appender-ref ref="STDOUT" />
- <appender-ref ref="FILE" />
- </logger>
- <root level="INFO">
- <appender-ref ref="STDOUT" />
- </root>
-</configuration>
+<configuration >
+ <property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}"/>
+ <property name="p_lvl" value="%level"/>
+ <property name="p_log" value="%logger"/>
+ <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
+ <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <!-- tabs -->
+ <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_thr" value="%thread"/>
+ <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="FILE" class="ch.qos.logback.core.FileAppender">
+ <file>/opt/app/logs/EELF/output.log</file>
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <logger level="INFO" name="org.onap.logging.ref.slf4j" additivity="false">
+ <appender-ref ref="STDOUT" />
+ <appender-ref ref="FILE" />
+ </logger>
+ <root level="info">
+ <appender-ref ref="STDOUT" />
+ <appender-ref ref="FILE" />
+ </root>
+</configuration>
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/configmap.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/configmap.yaml
index 1e377b9b1e..3c8606a835 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/configmap.yaml
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/configmap.yaml
@@ -1,30 +1,29 @@
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml
index 7f44106bf9..0f980bb402 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/deployment.yaml
@@ -1,118 +1,127 @@
-# Copyright © 2018 Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ .Release.Name }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - mountPath: /opt/app/config/logback.xml
- name: {{ include "common.fullname" . }}-log-conf
- subPath: logback.xml
- - mountPath: /opt/app/config/application.properties
- name: {{ include "common.fullname" . }}-config
- subPath: application.properties
- readOnly: true
- - mountPath: /opt/app/config/auth/enricher-client-cert.p12
- name: {{ include "common.fullname" . }}-auth-secret
- subPath: enricher-client-cert.p12
- readOnly: true
-
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # Filebeat sidecar container
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
-
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-log-conf
- configMap:
- name: {{ include "common.fullname" . }}-log
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- - name: {{ include "common.fullname" . }}-auth-secret
- secret:
- secretName: {{ include "common.fullname" . }}-auth
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ .Release.Name }}-pomba-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
-
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /opt/app/logs
+ readOnly: false
+ - mountPath: /opt/app/config/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
+ - mountPath: /opt/app/config/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ readOnly: true
+ - mountPath: /opt/app/config/auth/client-cert-onap.p12
+ name: {{ include "common.fullname" . }}-auth-secret
+ subPath: client-cert-onap.p12
+ readOnly: true
+ - mountPath: /opt/app/config/auth/tomcat_keystore
+ name: {{ include "common.fullname" . }}-auth-secret
+ subPath: tomcat_keystore
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs-eelf
+ mountPath: /opt/app/logs/EELF
+ readOnly: false
+
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /opt/app/logs
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-auth-secret
+ secret:
+ secretName: {{ include "common.fullname" . }}-auth
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-pomba-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs-eelf
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/service.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/service.yaml
index 2b54defa4e..913a2d8eaf 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/templates/service.yaml
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/templates/service.yaml
@@ -27,8 +27,7 @@ spec:
ports:
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.externalPort }}
- #Example internal target port if required
- #targetPort: {{ .Values.service.internalPort }}
+ targetPort: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName | default "http" }}
{{- else -}}
diff --git a/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml b/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml
index 0e42192c44..fdc44298e2 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml
+++ b/kubernetes/pomba/charts/pomba-networkdiscovery/values.yaml
@@ -24,7 +24,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/network-discovery:1.4.2
+image: onap/network-discovery:1.4.1-latest
pullPolicy: Always
# flag to enable debugging - application support required
@@ -34,10 +34,28 @@ debugEnabled: false
# Example:
config:
# Network Discovery Micro Service REST Client Configuration
+
+ #Enable HTTPS
+ serverSslPort: 8443
+ serverSslKeyStore: /opt/app/config/auth/tomcat_keystore
+ serverSslKeyStorePassword: password(OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10)
+ serverSslClientAuth: want
+ serverSslEnabled: true
+ serverSslEnabledProtocols: TLSv1.1,TLSv1.2
+
# Basic Authorization credentials for Network Discovery Micro Service Rest Service
networkDiscoveryUserId: admin
networkDiscoveryPassword: OBF:1u2a1toa1w8v1tok1u30
+ # Basic Authorization credentials for Openstack Rest APIs
+ openstackIdentityUrl: http://10.69.36.11:5000/v3/auth/tokens
+ openstackUserId: admin
+ openstackPassword: OBF:1w951ugg1vun1uha1w8l
+
+ # Openstack Rest API URLs:
+ openstackTypeVserverUrl: http://10.69.36.11:8774/v2.1/servers/{0}
+ openstackTypeL3NetworkUrl: http://10.69.36.11:9696/v2.0/networks/{0}
+
# default number of instances
replicaCount: 1
@@ -66,12 +84,12 @@ service:
#Services may use any combination of ports depending on the 'type' of
#service being defined.
- type: ClusterIP
+ type: NodePort
+ name: pomba-networkdiscovery
externalPort: 9531
- internalPort: 8080
-# nodePort: <replace with unused node port suffix eg. 23>
- # optional port name override - default can be defined in service.yaml
- #portName: http
+ internalPort: 8443
+ nodePort: 99
+ portName: https
ingress:
enabled: false
@@ -94,4 +112,4 @@ resources:
requests:
cpu: 20m
memory: 800Mi
- unlimited: {} \ No newline at end of file
+ unlimited: {}
diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml
index 79c5f0bfb3..0a4b616453 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml
+++ b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/resources/config/logback.xml
@@ -1,236 +1,31 @@
-<configuration scan="true" scanPeriod="10 seconds" debug="false">
- <jmxConfigurator />
- <property file="/opt/app/config/application.properties" />
- <property name="logDirectory" value="/var/log/onap/pomba-networkdiscoveryctxbuilder" />
- <!-- Example evaluator filter applied against console appender -->
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <!-- filter class="ch.qos.logback.classic.filter.LevelFilter"> <level>ERROR</level>
- <onMatch>ACCEPT</onMatch> <onMismatch>DENY</onMismatch> </filter -->
- <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <encoder>
- <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
- </pattern>
- </encoder>
- </appender>
-
- <appender name="ERROR"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>INFO</level>
- </filter>
- <file>${logDirectory}/error.log</file>
- <append>true</append>
- <encoder>
- <pattern>%date{"yyyy-MM-dd'T'HH:mm:ss,SSSXXX", UTC}|%X{RequestId}|%.20thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDescription}|%msg%n</pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>10</maxIndex>
- <FileNamePattern>${logDirectory}/error.%i.log.zip
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
-
- <appender name="DEBUG"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/debug.log</file>
- <append>true</append>
- <encoder>
- <pattern>%date{"yyyy-MM-dd'T'HH:mm:ss,SSSXXX",UTC}|%X{RequestId}|%.20thread|%.-5level|%logger{36}|%msg%n</pattern>
- </encoder>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>10MB</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>5</maxHistory>
- </rollingPolicy>
- </appender>
-
- <appender name="AUDIT"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/audit.log</file>
- <append>true</append>
- <encoder>
- <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
- </pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>10</maxIndex>
- <FileNamePattern>${logDirectory}/audit.%i.log.zip
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="AUDIT" />
- </appender>
-
- <appender name="METRIC"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/metric.log</file>
- <append>true</append>
- <encoder>
- <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|
- %msg%n</pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>10</maxIndex>
- <FileNamePattern>${logDirectory}/metric.%i.log.zip
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="METRIC" />
- </appender>
-
- <!-- SECURITY related loggers -->
- <appender name="SECURITY"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/security.log</file>
- <append>true</append>
- <encoder>
- <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
- </pattern>
- </encoder>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>10</maxIndex>
- <FileNamePattern>${logDirectory}/security.%i.log.zip
- </FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>10MB</maxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="SECURITY" />
- </appender>
-
- <!-- CLDS related loggers -->
- <logger name="org.onap.pomba.clds" level="INFO" additivity="true">
- <appender-ref ref="ERROR" />
- </logger>
-
- <!-- CLDS related loggers -->
- <logger name="com.att.eelf.error" level="OFF" additivity="true">
- <appender-ref ref="ERROR" />
- </logger>
- <!-- EELF related loggers -->
- <logger name="com.att.eelf.audit" level="INFO" additivity="false">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
- <logger name="com.att.eelf.metrics" level="DEBUG" additivity="false">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
- <logger name="com.att.eelf.security" level="DEBUG" additivity="false">
- <appender-ref ref="asyncEELFSecurity" />
- </logger>
-
-
- <!-- Spring related loggers -->
- <logger name="org.springframework" level="WARN" />
- <logger name="org.springframework.beans" level="WARN" />
- <logger name="org.springframework.web" level="WARN" />
- <logger name="com.blog.spring.jms" level="WARN" />
-
- <!-- Other Loggers that may help troubleshoot -->
- <logger name="net.sf" level="WARN" />
- <logger name="org.apache.commons.httpclient" level="WARN" />
- <logger name="org.apache.commons" level="WARN" />
- <logger name="org.apache.coyote" level="WARN" />
- <logger name="org.apache.jasper" level="WARN" />
-
- <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
- May aid in troubleshooting) -->
- <logger name="org.apache.camel" level="WARN" />
- <logger name="org.apache.cxf" level="WARN" />
- <logger name="org.apache.camel.processor.interceptor" level="WARN" />
- <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
- <logger name="org.apache.cxf.service" level="WARN" />
- <logger name="org.restlet" level="DEBUG" />
- <logger name="org.apache.camel.component.restlet" level="DEBUG" />
-
- <!-- logback internals logging -->
- <logger name="ch.qos.logback.classic" level="INFO" />
- <logger name="ch.qos.logback.core" level="INFO" />
-
- <!-- logback jms appenders & loggers definition starts here -->
- <!-- logback jms appenders & loggers definition starts here -->
- <appender name="auditLogs"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- </filter>
- <file>${logDirectory}/Audit.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/Audit.%i.log.zip
- </fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
- <appender name="perfLogs"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- </filter>
- <file>${logDirectory}/Perform.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/Perform.%i.log.zip
- </fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
- <logger name="AuditRecord" level="INFO" additivity="FALSE">
- <appender-ref ref="auditLogs" />
- </logger>
- <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE">
- <appender-ref ref="auditLogs" />
- </logger>
- <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
- <appender-ref ref="perfLogs" />
- </logger>
- <!-- logback jms appenders & loggers definition ends here -->
-
- <root level="WARN">
- <appender-ref ref="DEBUG" />
- <appender-ref ref="STDOUT" />
- </root>
-
+<configuration >
+ <property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}"/>
+ <property name="p_lvl" value="%level"/>
+ <property name="p_log" value="%logger"/>
+ <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
+ <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <!-- tabs -->
+ <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_thr" value="%thread"/>
+ <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="FILE" class="ch.qos.logback.core.FileAppender">
+ <file>/opt/app/logs/EELF/output.log</file>
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <logger level="INFO" name="org.onap.logging.ref.slf4j" additivity="false">
+ <appender-ref ref="STDOUT" />
+ <appender-ref ref="FILE" />
+ </logger>
+ <root level="info">
+ <appender-ref ref="STDOUT" />
+ <appender-ref ref="FILE" />
+ </root>
</configuration>
diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml
index 462ee68563..ebb1d3783e 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml
+++ b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/templates/deployment.yaml
@@ -56,7 +56,8 @@ spec:
name: localtime
readOnly: true
- name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
+ mountPath: /opt/app/logs
+ readOnly: false
- mountPath: /opt/app/config/logback.xml
name: {{ include "common.fullname" . }}-log-conf
subPath: logback.xml
@@ -64,6 +65,9 @@ spec:
name: {{ include "common.fullname" . }}-config
readOnly: true
subPath: application.properties
+ - name: {{ include "common.fullname" . }}-logs-eelf
+ mountPath: /opt/app/logs/EELF
+ readOnly: false
resources:
{{ include "common.resources" . | indent 12 }}
@@ -87,7 +91,7 @@ spec:
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
- name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
+ mountPath: /opt/app/logs
volumes:
- name: localtime
@@ -106,7 +110,7 @@ spec:
emptyDir: {}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
-
-
+ - name: {{ include "common.fullname" . }}-logs-eelf
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml
index ff1f6c86af..b45c24b9e9 100644
--- a/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml
+++ b/kubernetes/pomba/charts/pomba-networkdiscoveryctxbuilder/values.yaml
@@ -24,7 +24,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/pomba-network-discovery-context-builder:1.3.1
+image: onap/pomba-network-discovery-context-builder:1.4.0-SNAPSHOT-latest
pullPolicy: Always
# flag to enable debugging - application support required
@@ -52,7 +52,7 @@ config:
# Network Discovery Micro Service REST Client Configuration
networkDiscoveryServiceName: pomba-networkdiscovery
networkDiscoveryPort: 9531
- networkDiscoveryHttpProtocol: http
+ networkDiscoveryHttpProtocol: https
networkDiscoveryPath: /network-discovery/v1/network/resource
# Wait for Network Discovery MicroService response in milliseconds
networkDiscoveryTimeOutInMilliseconds: 60000
@@ -116,4 +116,4 @@ resources:
requests:
cpu: 200m
memory: 800Mi
- unlimited: {} \ No newline at end of file
+ unlimited: {}
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/.helmignore b/kubernetes/pomba/charts/pomba-sdncctxbuilder/.helmignore
new file mode 100644
index 0000000000..f0c1319444
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/Chart.yaml b/kubernetes/pomba/charts/pomba-sdncctxbuilder/Chart.yaml
new file mode 100644
index 0000000000..c9dad032aa
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP POMBA SDNC Context Builder
+name: pomba-sdncctxbuilder
+version: 3.0.0
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/requirements.yaml b/kubernetes/pomba/charts/pomba-sdncctxbuilder/requirements.yaml
new file mode 100644
index 0000000000..cf4086962c
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~3.0.0
+ repository: '@local'
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/application.properties b/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/application.properties
new file mode 100644
index 0000000000..fcfe9dc412
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/application.properties
@@ -0,0 +1,72 @@
+# Copyright © 2019 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License
+
+spring.jersey.type=filter
+spring.mvc.urls=swagger,docs,prometheus,auditevents,info,heapdump,autoconfig,beans,loggers,dump,env,trace,health,configprops,mappings,metrics,webjars
+camel.springboot.xmlRoutes = file:config/dynamic/routes/*.route
+service.xml.beans = config/dynamic/conf/*.xml
+
+server.contextPath=/sdnccontextbuilder/v1
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+
+#This property is used to set the Tomcat connector attributes.developers can define multiple attributes separated by comma
+#tomcat.connector.attributes=allowTrace-true
+#The max number of active threads in this pool
+server.tomcat.max-threads=200
+#The minimum number of threads always kept alive
+server.tomcat.min-spare-threads=25
+
+# Basic Authorization credentials for SDNC Context Builder REST Service
+sdncCtxBuilder.userId={{ .Values.config.sdncCtxBuilderUserId }}
+sdncCtxBuilder.password={{ .Values.config.sdncCtxBuilderPassword }}
+
+# AAI REST Client Configuration
+aai.serviceName={{ .Values.config.aaiServiceName }}.{{.Release.Namespace}}
+aai.servicePort={{ .Values.config.aaiPort }}
+# AAI APIs authentication mode. Valid values: [basic_auth, client_cert]
+aai.authentication=basic_auth
+aai.trustStorePath=n/a
+aai.keyStorePath=n/a
+aai.keyStorePassword=n/a
+aai.username={{ .Values.config.aaiUsername }}
+aai.password={{ .Values.config.aaiPassword }}
+aai.httpProtocol={{ .Values.config.aaiHttpProtocol }}
+aai.authentication={{ .Values.config.aaiAuthentication }}
+aai.trustStorePath={{ .Values.config.aaiTrustStorePath }}
+aai.keyStorePath={{ .Values.config.aaiKeyStorePath }}
+aai.keyStorePassword={{ .Values.config.aaiKeyStorePassword }}
+aai.connectionTimeout={{ .Values.config.aaiConnectionTimeout }}
+aai.readTimeout={{ .Values.config.aaiReadTimeout }}
+
+# HTTP Basic Authorization credentials for AAI Rest Service API
+aai.http.userId={{ .Values.config.aaiHttpUserId }}
+aai.http.password={{ .Values.config.aaiHttpPassword }}
+
+aai.searchNodeQuery=/aai/v11/search/nodes-query?search-node-type=service-instance&filter=service-instance-id:EQUALS:
+aai.customerQuery=/aai/v11/business/customers/customer/
+aai.serviceInstancePath=/aai/v11/business/customers/customer/{0}/service-subscriptions/service-subscription/{1}/service-instances/service-instance/{2}
+
+# SDNC REST Client Configuration
+sdnc.serviceName={{ .Values.config.sdncServiceName }}.{{.Release.Namespace}}
+sdnc.servicePort={{ .Values.config.sdncPort }}
+sdnc.user={{ .Values.config.sdncUsername }}
+sdnc.password={{ .Values.config.sdncPassword }}
+sdnc.httpProtocol={{ .Values.config.sdncHttpProtocol }}
+sdnc.connectionTimeout={{ .Values.config.sdncConnectionTimeout }}
+sdnc.readTimeout={{ .Values.config.sdncReadTimeout }}
+sdnc.genericResourcePath=/restconf/config/GENERIC-RESOURCE-API:services/service/{0}
+sdnc.vnfPath=/restconf/config/VNF-API:vnfs/vnf-list/{0}
+
+#Servlet context parameters
+server.context_parameters.p-name=value #context parameter with p-name as key and value as value.
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/logback.xml b/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/logback.xml
new file mode 100644
index 0000000000..519cf247ae
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/resources/config/logback.xml
@@ -0,0 +1,235 @@
+<configuration scan="true" scanPeriod="10 seconds" debug="false">
+ <jmxConfigurator />
+ <property name="logDirectory" value="/var/log/onap/pomba-sdncctxbuilder" />
+ <!-- Example evaluator filter applied against console appender -->
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <!-- filter class="ch.qos.logback.classic.filter.LevelFilter"> <level>ERROR</level>
+ <onMatch>ACCEPT</onMatch> <onMismatch>DENY</onMismatch> </filter -->
+ <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ <encoder>
+ <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="ERROR"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ <file>${logDirectory}/error.log</file>
+ <append>true</append>
+ <encoder>
+ <pattern>%date{"yyyy-MM-dd'T'HH:mm:ss,SSSXXX", UTC}|%X{RequestId}|%.20thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDescription}|%msg%n</pattern>
+ </encoder>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>10</maxIndex>
+ <FileNamePattern>${logDirectory}/error.%i.log.zip
+ </FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>10MB</maxFileSize>
+ </triggeringPolicy>
+ </appender>
+
+ <appender name="DEBUG"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/debug.log</file>
+ <append>true</append>
+ <encoder>
+ <pattern>%date{"yyyy-MM-dd'T'HH:mm:ss,SSSXXX",UTC}|%X{RequestId}|%.20thread|%.-5level|%logger{36}|%msg%n</pattern>
+ </encoder>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ <maxHistory>5</maxHistory>
+ </rollingPolicy>
+ </appender>
+
+ <appender name="AUDIT"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/audit.log</file>
+ <append>true</append>
+ <encoder>
+ <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
+ </pattern>
+ </encoder>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>10</maxIndex>
+ <FileNamePattern>${logDirectory}/audit.%i.log.zip
+ </FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>10MB</maxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="AUDIT" />
+ </appender>
+
+ <appender name="METRIC"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/metric.log</file>
+ <append>true</append>
+ <encoder>
+ <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|
+ %msg%n</pattern>
+ </encoder>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>10</maxIndex>
+ <FileNamePattern>${logDirectory}/metric.%i.log.zip
+ </FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>10MB</maxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="METRIC" />
+ </appender>
+
+ <!-- SECURITY related loggers -->
+ <appender name="SECURITY"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/security.log</file>
+ <append>true</append>
+ <encoder>
+ <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
+ </pattern>
+ </encoder>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>10</maxIndex>
+ <FileNamePattern>${logDirectory}/security.%i.log.zip
+ </FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>10MB</maxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="SECURITY" />
+ </appender>
+
+ <!-- CLDS related loggers -->
+ <logger name="org.onap.pomba.clds" level="INFO" additivity="true">
+ <appender-ref ref="ERROR" />
+ </logger>
+
+ <!-- CLDS related loggers -->
+ <logger name="com.att.eelf.error" level="OFF" additivity="true">
+ <appender-ref ref="ERROR" />
+ </logger>
+ <!-- EELF related loggers -->
+ <logger name="com.att.eelf.audit" level="INFO" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+ <logger name="com.att.eelf.metrics" level="DEBUG" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+ <logger name="com.att.eelf.security" level="DEBUG" additivity="false">
+ <appender-ref ref="asyncEELFSecurity" />
+ </logger>
+
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN" />
+ <logger name="org.springframework.beans" level="WARN" />
+ <logger name="org.springframework.web" level="WARN" />
+ <logger name="com.blog.spring.jms" level="WARN" />
+
+ <!-- Other Loggers that may help troubleshoot -->
+ <logger name="net.sf" level="WARN" />
+ <logger name="org.apache.commons.httpclient" level="WARN" />
+ <logger name="org.apache.commons" level="WARN" />
+ <logger name="org.apache.coyote" level="WARN" />
+ <logger name="org.apache.jasper" level="WARN" />
+
+ <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+ May aid in troubleshooting) -->
+ <logger name="org.apache.camel" level="WARN" />
+ <logger name="org.apache.cxf" level="WARN" />
+ <logger name="org.apache.camel.processor.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.service" level="WARN" />
+ <logger name="org.restlet" level="DEBUG" />
+ <logger name="org.apache.camel.component.restlet" level="DEBUG" />
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="INFO" />
+ <logger name="ch.qos.logback.core" level="INFO" />
+
+ <!-- logback jms appenders & loggers definition starts here -->
+ <!-- logback jms appenders & loggers definition starts here -->
+ <appender name="auditLogs"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ </filter>
+ <file>${logDirectory}/Audit.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/Audit.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+ <appender name="perfLogs"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ </filter>
+ <file>${logDirectory}/Perform.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/Perform.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+ <logger name="AuditRecord" level="INFO" additivity="FALSE">
+ <appender-ref ref="auditLogs" />
+ </logger>
+ <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE">
+ <appender-ref ref="auditLogs" />
+ </logger>
+ <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
+ <appender-ref ref="perfLogs" />
+ </logger>
+ <!-- logback jms appenders & loggers definition ends here -->
+
+ <root level="WARN">
+ <appender-ref ref="DEBUG" />
+ <appender-ref ref="STDOUT" />
+ </root>
+
+</configuration>
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/configmap.yaml b/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/configmap.yaml
new file mode 100644
index 0000000000..7c47fea02c
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/configmap.yaml
@@ -0,0 +1,30 @@
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/deployment.yaml b/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/deployment.yaml
new file mode 100644
index 0000000000..ca96dc6a12
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/deployment.yaml
@@ -0,0 +1,111 @@
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - mountPath: /opt/app/config/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
+ - mountPath: /opt/app/config/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ readOnly: true
+
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-pomba-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/service.yaml b/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/service.yaml
new file mode 100644
index 0000000000..defd063d2f
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/templates/service.yaml
@@ -0,0 +1,41 @@
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ #Example internal target port if required
+ #targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName | default "http" }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
diff --git a/kubernetes/pomba/charts/pomba-sdncctxbuilder/values.yaml b/kubernetes/pomba/charts/pomba-sdncctxbuilder/values.yaml
new file mode 100644
index 0000000000..7947b18ad2
--- /dev/null
+++ b/kubernetes/pomba/charts/pomba-sdncctxbuilder/values.yaml
@@ -0,0 +1,119 @@
+# Copyright © 2018 Amdocs
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/pomba-sdnc-context-builder:1.4.0-SNAPSHOT-latest
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+# Example:
+config:
+ # AAI Rest Client Connection
+ aaiServiceName: aai
+ aaiPort: 8443
+ aaiUsername: AAI
+ aaiPassword: OBF:1gfr1ev31gg7
+ aaiHttpProtocol: https
+ aaiAuthentication: basic_auth
+ aaiTrustStorePath: n/a
+ aaiKeyStorePath: n/a
+ aaiKeyStorePassword: n/a
+ aaiConnectionTimeout: 5000
+ aaiReadTimeout: 5000
+ # HTTP Basic Authorization credentials for Rest Service API
+ aaiHttpUserId: admin
+ aaiHttpPassword: OBF:1u2a1toa1w8v1tok1u30
+ sdncCtxBuilderUserId: admin
+ sdncCtxBuilderPassword: OBF:1u2a1toa1w8v1tok1u30
+
+ # SDNC Rest Client Connection
+ sdncServiceName: sdnc
+ sdncPort: 8282
+ sdncUsername: admin
+ sdncPassword: OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp
+ sdncHttpProtocol: http
+ sdncConnectionTimeout: 5000
+ sdncReadTimeout: 5000
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+
+#Example service definition with external, internal and node ports.
+service:
+ # The default service name (exposed in the service.yaml) will be the same
+ # name as the chart. If the service name needs to be overriden (such as
+ # when a subchart is shared), uncomment the value below.
+ #name: <service-name-override>
+
+ #Services may use any combination of ports depending on the 'type' of
+ #service being defined.
+ type: ClusterIP
+ externalPort: 9530
+ internalPort: 8080
+# nodePort: <replace with unused node port suffix eg. 23>
+ # optional port name override - default can be defined in service.yaml
+ #portName: http
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 800Mi
+ requests:
+ cpu: 100m
+ memory: 400Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 1600Mi
+ requests:
+ cpu: 200m
+ memory: 800Mi
+ unlimited: {}
diff --git a/kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/application.properties b/kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/application.properties
index 5b64f841e2..8c7d27cab0 100644
--- a/kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/application.properties
+++ b/kubernetes/pomba/charts/pomba-servicedecomposition/resources/config/application.properties
@@ -34,6 +34,11 @@ basicAuth.password={{ .Values.config.serviceDecompositionPassword }}
# AAI REST Client Configuration
aai.serviceName={{ .Values.config.aaiServiceName }}.{{.Release.Namespace}}
aai.servicePort={{ .Values.config.aaiPort }}
+# AAI APIs authentication mode. Valid values: [basic_auth, client_cert]
+aai.authentication=basic_auth
+aai.trustStorePath=n/a
+aai.keyStorePath=n/a
+aai.keyStorePassword=n/a
aai.username={{ .Values.config.aaiUsername }}
aai.password={{ .Values.config.aaiPassword }}
aai.httpProtocol={{ .Values.config.aaiHttpProtocol }}
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy b/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy
index f74d832449..1dc97da288 100644
--- a/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy
+++ b/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy
@@ -65,6 +65,90 @@ entity {
attributes 'context-list.ndcb.vfList[*].vfModuleList[*].networkList[*]', 'context-list.aai.vfList[*].vfModuleList[*].networkList[*]'
}
+ // SDNC-AAI comparison: Context level
+ useRule {
+ name 'SDNC-AAI-attribute-comparison'
+ attributes 'context-list.sdnc', 'context-list.aai'
+ }
+
+ // SDNC-AAI comparison: Service entity
+ useRule {
+ name 'SDNC-AAI-attribute-comparison'
+ attributes 'context-list.sdnc.service', 'context-list.aai.service'
+ }
+
+ // SDNC-AAI comparison: VF list
+ useRule {
+ name 'SDNC-AAI-attribute-comparison'
+ attributes 'context-list.sdnc.vfList[*]', 'context-list.aai.vfList[*]'
+ }
+
+ // SDNC-AAI comparison: VF-Module list
+ useRule {
+ name 'SDNC-AAI-attribute-comparison'
+ attributes 'context-list.sdnc.vfList[*].vfModuleList[*]', 'context-list.aai.vfList[*].vfModuleList[*]'
+ }
+
+ // SDNC-AAI comparison: VNFC list
+ useRule {
+ name 'SDNC-AAI-attribute-comparison'
+ attributes 'context-list.sdnc.vfList[*].vnfcList[*]', 'context-list.aai.vfList[*].vnfcList[*]'
+ }
+
+ // SDNC-AAI comparison: VM list
+ useRule {
+ name 'SDNC-AAI-attribute-comparison'
+ attributes 'context-list.sdnc.vfList[*].vfModuleList[*].vmList[*]', 'context-list.aai.vfList[*].vfModuleList[*].vmList[*]'
+ }
+
+ // SDNC-AAI comparison: Network list
+ useRule {
+ name 'SDNC-AAI-attribute-comparison'
+ attributes 'context-list.sdnc.vfList[*].vfModuleList[*].networkList[*]', 'context-list.aai.vfList[*].vfModuleList[*].networkList[*]'
+ }
+
+ // SDNC-NDCB comparison: Context level
+ useRule {
+ name 'SDNC-NDCB-attribute-comparison'
+ attributes 'context-list.sdnc', 'context-list.ndcb'
+ }
+
+ // SDNC-NDCB comparison: Service entity
+ useRule {
+ name 'SDNC-NDCB-attribute-comparison'
+ attributes 'context-list.sdnc.service', 'context-list.ndcb.service'
+ }
+
+ // SDNC-NDCB comparison: VF list
+ useRule {
+ name 'SDNC-NDCB-attribute-comparison'
+ attributes 'context-list.sdnc.vfList[*]', 'context-list.ndcb.vfList[*]'
+ }
+
+ // SDNC-NDCB comparison: VF-Module list
+ useRule {
+ name 'SDNC-NDCB-attribute-comparison'
+ attributes 'context-list.sdnc.vfList[*].vfModuleList[*]', 'context-list.ndcb.vfList[*].vfModuleList[*]'
+ }
+
+ // SDNC-NDCB comparison: VNFC list
+ useRule {
+ name 'SDNC-NDCB-attribute-comparison'
+ attributes 'context-list.sdnc.vfList[*].vnfcList[*]', 'context-list.ndcb.vfList[*].vnfcList[*]'
+ }
+
+ // SDNC-NDCB comparison: VM list
+ useRule {
+ name 'SDNC-NDCB-attribute-comparison'
+ attributes 'context-list.sdnc.vfList[*].vfModuleList[*].vmList[*]', 'context-list.ndcb.vfList[*].vfModuleList[*].vmList[*]'
+ }
+
+ // SDNC-NDCB comparison: Network list
+ useRule {
+ name 'SDNC-NDCB-attribute-comparison'
+ attributes 'context-list.sdnc.vfList[*].vfModuleList[*].networkList[*]', 'context-list.ndcb.vfList[*].vfModuleList[*].networkList[*]'
+ }
+
// SDC-AAI VNFC type
useRule {
name 'SDC-AAI-vnfc-type'
@@ -155,7 +239,7 @@ rule {
name 'NDCB-AAI-attribute-comparison'
category 'Attribute Mismatch'
description 'Verify that all attributes in Network-Discovery are the same as in AAI'
- errorText 'Error found with attribute "{0}"; value "{1}" does not exist in Network-Discovery'
+ errorText 'Error found with attribute "{0}"; Network-Discovery value does not match AAI value "{1}"'
severity 'ERROR'
attributes 'ndcbItems', 'aaiItems'
validate '''
@@ -231,4 +315,169 @@ rule {
}
return new Tuple2(result, details)
'''
-} \ No newline at end of file
+}
+
+rule {
+ name 'SDNC-AAI-attribute-comparison'
+ category 'Attribute Mismatch'
+ description 'Verify that all attributes in SDN-C are the same as in AAI'
+ errorText 'Error found with attribute "{0}"; SDN-C value does not match AAI value "{1}"'
+ severity 'ERROR'
+ attributes 'sdncItems', 'aaiItems'
+ validate '''
+ Closure<java.util.Map> getAttributes = { parsedData ->
+ java.util.Map attributeMap = new java.util.HashMap()
+
+ def isAttributeDataQualityOk = { attribute ->
+ attribute.findResult{ k, v -> if(k.equals("dataQuality") ) {return v.get("status")}}.equals("ok")
+ }
+
+ def addToMap = { attrKey, attrValue ->
+ java.util.Set values = attributeMap.get("$attrKey")
+ if(values == null) {
+ values = new java.util.HashSet()
+ attributeMap.put("$attrKey", values)
+ }
+ values.add("$attrValue")
+ }
+
+ def addAttributeToMap = { attribute ->
+ if(isAttributeDataQualityOk(attribute)) {
+ String key, value
+ attribute.each { k, v ->
+ if(k.equals("name")) {key = "$v"}
+ if(k.equals("value")) {value = "$v"}
+ }
+ addToMap("$key", "$value")
+ }
+ }
+
+ def processKeyValue = { key, value ->
+ if(value instanceof java.util.ArrayList) {
+ if(key.equals("attributeList")) {
+ value.each {
+ addAttributeToMap(it)
+ }
+ }
+ } else if(!(value instanceof groovy.json.internal.LazyMap)) {
+ // only add key-value attributes, skip the rest
+ addToMap("$key", "$value")
+ }
+ }
+
+ if(parsedData instanceof java.util.ArrayList) {
+ parsedData.each {
+ it.each { key, value -> processKeyValue(key, value) }
+ }
+ } else {
+ parsedData.each { key, value -> processKeyValue(key, value) }
+ }
+ return attributeMap
+ }
+
+ def slurper = new groovy.json.JsonSlurper()
+ java.util.Map sdnc = getAttributes(slurper.parseText(sdncItems.toString()))
+ java.util.Map aai = getAttributes(slurper.parseText(aaiItems.toString()))
+
+ boolean result = true
+ List<String> details = new ArrayList<>();
+ sdnc.any{ sdncKey, sdncValueList ->
+ def aaiValueList = aai.get("$sdncKey")
+ aaiValueList.each{ aaiValue ->
+ if(!sdncValueList.any{ it == "$aaiValue" }) {
+ result = false
+ details.add("$sdncKey")
+ details.add("$aaiValue")
+ }
+ }
+ if(result == false) {
+ // break out of 'any' loop
+ return true
+ }
+ }
+ return new Tuple2(result, details)
+ '''
+}
+
+
+rule {
+ name 'SDNC-NDCB-attribute-comparison'
+ category 'Attribute Mismatch'
+ description 'Verify that all attributes in SDN-C are the same as in Network Discovery'
+ errorText 'Error found with attribute "{0}"; SDN-C value does not match Network-Discovery value "{1}"'
+ severity 'ERROR'
+ attributes 'sdncItems', 'ndcbItems'
+ validate '''
+ Closure<java.util.Map> getAttributes = { parsedData ->
+ java.util.Map attributeMap = new java.util.HashMap()
+
+ def isAttributeDataQualityOk = { attribute ->
+ attribute.findResult{ k, v -> if(k.equals("dataQuality") ) {return v.get("status")}}.equals("ok")
+ }
+
+ def addToMap = { attrKey, attrValue ->
+ java.util.Set values = attributeMap.get("$attrKey")
+ if(values == null) {
+ values = new java.util.HashSet()
+ attributeMap.put("$attrKey", values)
+ }
+ values.add("$attrValue")
+ }
+
+ def addAttributeToMap = { attribute ->
+ if(isAttributeDataQualityOk(attribute)) {
+ String key, value
+ attribute.each { k, v ->
+ if(k.equals("name")) {key = "$v"}
+ if(k.equals("value")) {value = "$v"}
+ }
+ addToMap("$key", "$value")
+ }
+ }
+
+ def processKeyValue = { key, value ->
+ if(value instanceof java.util.ArrayList) {
+ if(key.equals("attributeList")) {
+ value.each {
+ addAttributeToMap(it)
+ }
+ }
+ } else if(!(value instanceof groovy.json.internal.LazyMap)) {
+ // only add key-value attributes, skip the rest
+ addToMap("$key", "$value")
+ }
+ }
+
+ if(parsedData instanceof java.util.ArrayList) {
+ parsedData.each {
+ it.each { key, value -> processKeyValue(key, value) }
+ }
+ } else {
+ parsedData.each { key, value -> processKeyValue(key, value) }
+ }
+ return attributeMap
+ }
+
+ def slurper = new groovy.json.JsonSlurper()
+ java.util.Map sdnc = getAttributes(slurper.parseText(sdncItems.toString()))
+ java.util.Map ndcb = getAttributes(slurper.parseText(ndcbItems.toString()))
+
+ boolean result = true
+ List<String> details = new ArrayList<>();
+ sdnc.any{ sdncKey, sdncValueList ->
+ def ndcbValueList = ndcb.get("$sdncKey")
+ ndcbValueList.each{ ndcbValue ->
+ if(!sdncValueList.any{ it == "$ndcbValue" }) {
+ result = false
+ details.add("$sdncKey")
+ details.add("$ndcbValue")
+ }
+ }
+ if(result == false) {
+ // break out of 'any' loop
+ return true
+ }
+ }
+ return new Tuple2(result, details)
+ '''
+}
diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
index 964e3e8cdd..f34d247c88 100644
--- a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
+++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
@@ -1,62 +1,75 @@
-/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-*/
-
-USE portal;
-/*
-Any updates required by OOM to the portaldb are made here.
-1. split up SDC-FE and SDC-BE. Originally both FE and BE point to the same IP
-while the OOM K8s version has these service split up.
-*/
--- app_url is the FE, app_rest_endpoint is the BE
---portal-sdk => TODO: doesn't open a node port yet
-update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
---dmaap-bc => the dmaap-bc doesn't open a node port..
-update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
---sdc-be => 8443:30204, 8080:30205
---sdc-fe => 8181:30206, 9443:30207
-update fn_app set app_url = 'http://{{.Values.config.sdcFeHostName}}:{{.Values.config.sdcFePort}}/sdc1/portal', app_rest_endpoint = 'http://sdc-be:8080/api/v3' where app_name = 'SDC';
---pap => 8443:30219
-update fn_app set app_url = 'https://{{.Values.config.papHostName}}:{{.Values.config.papPort}}/onap/policy', app_rest_endpoint = 'https://pap:8443/onap/api/v3' where app_name = 'Policy';
---vid => 8080:30200
-update fn_app set app_url = 'https://{{.Values.config.vidHostName}}:{{.Values.config.vidPort}}/vid/welcome.htm', app_rest_endpoint = 'https://vid:8443/vid/api/v3' where app_name = 'Virtual Infrastructure Deployment';
---sparky => TODO: sparky doesn't open a node port yet
-update fn_app set app_url = 'http://{{.Values.config.aaiSparkyHostName}}:{{.Values.config.aaiSparkyPort}}/services/aai/webapp/index.html#/viewInspect', app_rest_endpoint = 'http://aai-sparky-be.{{.Release.Namespace}}:9517/api/v2' where app_name = 'A&AI UI';
---cli => 8080:30260
-update fn_app set app_url = 'http://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI';
---msb-iag => 80:30280
-update fn_app set app_url = 'http://{{.Values.config.msbHostName}}:{{.Values.config.msbPort}}/iui/microservices/default.html' where app_name = 'MSB';
-
-
-/*
-Additionally, some more update statments; these should be refactored to another SQL file in future releases
-*/
-
--- portal
-update fn_app set auth_central = 'Y' , auth_namespace = 'org.onap.portal' where app_id = 1;
--- portal-sdk
-update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='ueb_key' where app_id = 2;
--- SDC
-update fn_app set app_username='sdc', app_password='j85yNhyIs7zKYbR1VlwEfNhS6b7Om4l0Gx5O8931sCI=', ueb_key='ueb_key' where app_id = 4;
--- policy
-update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='ueb_key_5', auth_central = 'Y' , auth_namespace = 'org.onap.policy' where app_id = 5;
--- vid
-update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='2Re7Pvdkgw5aeAUD', auth_central = 'Y' , auth_namespace = 'org.onap.vid' where app_id = 6;
--- aai sparky
-update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7MLhzo03aoOx7dTvdjKQ=', ueb_key='ueb_key' where app_id = 7;
-
-
-
+/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+*/
+
+USE portal;
+/*
+Any updates required by OOM to the portaldb are made here.
+1. split up SDC-FE and SDC-BE. Originally both FE and BE point to the same IP
+while the OOM K8s version has these service split up.
+*/
+-- app_url is the FE, app_rest_endpoint is the BE
+--portal-sdk => TODO: doesn't open a node port yet
+update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
+--dmaap-bc => the dmaap-bc doesn't open a node port..
+update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
+--sdc-be => 8443:30204, 8080:30205
+--sdc-fe => 8181:30206, 9443:30207
+update fn_app set app_url = 'http://{{.Values.config.sdcFeHostName}}:{{.Values.config.sdcFePort}}/sdc1/portal', app_rest_endpoint = 'http://sdc-be:8080/api/v3' where app_name = 'SDC';
+--pap => 8443:30219
+update fn_app set app_url = 'https://{{.Values.config.papHostName}}:{{.Values.config.papPort}}/onap/policy', app_rest_endpoint = 'https://pap:8443/onap/api/v3' where app_name = 'Policy';
+--vid => 8080:30200
+update fn_app set app_url = 'https://{{.Values.config.vidHostName}}:{{.Values.config.vidPort}}/vid/welcome.htm', app_rest_endpoint = 'https://vid:8443/vid/api/v3' where app_name = 'Virtual Infrastructure Deployment';
+--sparky => TODO: sparky doesn't open a node port yet
+update fn_app set app_url = 'https://{{.Values.config.aaiSparkyHostName}}:{{.Values.config.aaiSparkyPort}}/services/aai/webapp/index.html#/viewInspect', app_rest_endpoint = 'https://aai-sparky-be.{{.Release.Namespace}}:8000/api/v2' where app_name = 'A&AI UI';
+--cli => 8080:30260
+update fn_app set app_url = 'http://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI';
+--msb-iag => 80:30280
+update fn_app set app_url = 'http://{{.Values.config.msbHostName}}:{{.Values.config.msbPort}}/iui/microservices/default.html' where app_name = 'MSB';
+
+
+/*
+Create SO-Monitoring App
+*/
+INSERT IGNORE INTO `fn_app` (`app_id`, `app_name`, `app_image_url`, `app_description`, `app_notes`, `app_url`, `app_alternate_url`, `app_rest_endpoint`, `ml_app_name`, `ml_app_admin_id`, `mots_id`, `app_password`, `open`, `enabled`, `thumbnail`, `app_username`, `ueb_key`, `ueb_secret`, `ueb_topic_name`, `app_type`,`auth_central`,`auth_namespace`) VALUES
+(10, 'SO-Monitoring', 'images/cache/portal-345993588_92550.png', NULL, NULL, 'http://{{.Values.config.soMonitoringHostName}}:{{.Values.config.soMonitoringPort}}', NULL, 'http://so-monitoring:30224', '', '', NULL, 'password', 'Y', 'Y', NULL, 'user', '', '', '', 1,'N','SO-Monitoring');
+
+/*
+Add SO Monitoring to Default apps
+*/
+INSERT IGNORE INTO `fn_pers_user_app_sel` VALUES (10,1,10,'S');
+
+/*
+Add Contact information for SO Monitoring
+*/
+INSERT IGNORE INTO `fn_app_contact_us` (app_id, contact_name, contact_email, url, active_yn, description) VALUES ( 10,"SO Team","so@lists.onap.org","https://wiki.onap.org/display/DW/Approved+Projects",NULL, "Service Orchestration (SO).");
+
+/*
+Additionally, some more update statments; these should be refactored to another SQL file in future releases
+*/
+
+-- portal
+update fn_app set auth_central = 'Y' , auth_namespace = 'org.onap.portal' where app_id = 1;
+-- portal-sdk
+update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='ueb_key' where app_id = 2;
+-- SDC
+update fn_app set app_username='sdc', app_password='j85yNhyIs7zKYbR1VlwEfNhS6b7Om4l0Gx5O8931sCI=', ueb_key='ueb_key' where app_id = 4;
+-- policy
+update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='ueb_key_5', auth_central = 'Y' , auth_namespace = 'org.onap.policy' where app_id = 5;
+-- vid
+update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='2Re7Pvdkgw5aeAUD', auth_central = 'Y' , auth_namespace = 'org.onap.vid' where app_id = 6;
+-- aai sparky
+update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7MLhzo03aoOx7dTvdjKQ=', ueb_key='ueb_key' where app_id = 7; \ No newline at end of file
diff --git a/kubernetes/portal/charts/portal-mariadb/values.yaml b/kubernetes/portal/charts/portal-mariadb/values.yaml
index 4b4463af40..24b92f3bc3 100644
--- a/kubernetes/portal/charts/portal-mariadb/values.yaml
+++ b/kubernetes/portal/charts/portal-mariadb/values.yaml
@@ -68,6 +68,11 @@ config:
msbPort: "30280"
# application's front end hostname. Must be resolvable on the client side environment
msbHostName: "msb.api.simpledemo.onap.org"
+ # SO Monitoring assignment for port 30224
+ soMonitoringPort: "30224"
+ # application's front end hostname. Must be resolvable on the client side environment
+ soMonitoringHostName: "so-monitoring"
+
# default number of instances
replicaCount: 1
diff --git a/kubernetes/portal/docker/init/mariadb-client/Dockerfile b/kubernetes/portal/docker/init/mariadb-client/Dockerfile
index 5eb5ad1843..72f60d35ad 100644
--- a/kubernetes/portal/docker/init/mariadb-client/Dockerfile
+++ b/kubernetes/portal/docker/init/mariadb-client/Dockerfile
@@ -14,7 +14,7 @@
FROM boxfuse/flyway:5.0.7-alpine
-ARG branch=master
+ARG branch=3.0.0-ONAP
ENV no_proxy "localhost,127.0.0.1,.cluster.local,$KUBERNETES_SERVICE_HOST"
# Setup Corporate proxy
ENV https_proxy ${HTTP_PROXY}
diff --git a/kubernetes/robot/templates/deployment.yaml b/kubernetes/robot/templates/deployment.yaml
index e230f4c3b6..7b0c140269 100644
--- a/kubernetes/robot/templates/deployment.yaml
+++ b/kubernetes/robot/templates/deployment.yaml
@@ -59,15 +59,15 @@ spec:
- name: robot-logs
mountPath: /share/logs
resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
volumes:
{{- if .Values.persistence.enabled }}
- name: robot-logs
diff --git a/kubernetes/so/charts/so-mariadb/values.yaml b/kubernetes/so/charts/so-mariadb/values.yaml
index fa16a7b11e..b1544aa5f7 100755
--- a/kubernetes/so/charts/so-mariadb/values.yaml
+++ b/kubernetes/so/charts/so-mariadb/values.yaml
@@ -40,7 +40,7 @@ ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
config:
mariadbRootPassword: password
# gerrit branch where the latest heat code is checked in
- gerritBranch: master
+ gerritBranch: 3.0.0-ONAP
# gerrit project where the latest heat code is checked in
gerritProject: http://gerrit.onap.org/r/so/docker-config.git
# default number of instances
diff --git a/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml
index 0eb083dbac..b06a975333 100755
--- a/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/charts/so-vfc-adapter/resources/config/overrides/override.yaml
@@ -24,6 +24,14 @@ spring:
max-total: 20
validation-query: select 1
test-on-borrow: true
+ security:
+ usercredentials:
+ - username: bpel
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: BPEL-Client
+ - username: mso_admin
+ password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
+ role: ACTUATOR
server:
port: {{ index .Values.containerPort }}
tomcat:
diff --git a/kubernetes/vid/templates/deployment.yaml b/kubernetes/vid/templates/deployment.yaml
index 3e6b319444..8bce2cf1dc 100644
--- a/kubernetes/vid/templates/deployment.yaml
+++ b/kubernetes/vid/templates/deployment.yaml
@@ -72,10 +72,8 @@ spec:
value: "{{ .Values.config.asdcclientrestauth }}"
- name: ASDC_CLIENT_REST_PORT
value: "{{ .Values.config.asdcclientrestport }}"
- - name: VID_AAI_HOST
- value: aai.{{ include "common.namespace" . }}
- - name: VID_AAI_PORT
- value: "{{ .Values.config.vidaaiport }}"
+ - name: VID_AAI_URL
+ value: https://aai.{{ include "common.namespace" . }}:{{ .Values.config.vidaaiport }}
- name: VID_ECOMP_SHARED_CONTEXT_REST_URL
value: http://portal-app.{{ include "common.namespace" . }}:{{ .Values.config.onapport }}/ONAPPORTAL/context
- name: VID_MSO_SERVER_URL