diff options
27 files changed, 167 insertions, 430 deletions
diff --git a/docs/sections/guides/infra_guides/oom_base_config_setup.rst b/docs/sections/guides/infra_guides/oom_base_config_setup.rst index d228f5df56..dfc247a07d 100644 --- a/docs/sections/guides/infra_guides/oom_base_config_setup.rst +++ b/docs/sections/guides/infra_guides/oom_base_config_setup.rst @@ -147,6 +147,8 @@ Verify the installation:: strimzi-cluster-operator-7f7d6b46cf-mnpjr 1/1 Running 0 2m +.. _oom_base_setup_cert_manager: + Install Cert-Manager ******************** diff --git a/docs/sections/guides/infra_guides/oom_base_optional_addons.rst b/docs/sections/guides/infra_guides/oom_base_optional_addons.rst index b424c65c7d..f795a8664a 100644 --- a/docs/sections/guides/infra_guides/oom_base_optional_addons.rst +++ b/docs/sections/guides/infra_guides/oom_base_optional_addons.rst @@ -9,6 +9,7 @@ .. _Istio best practices: https://docs.solo.io/gloo-mesh-enterprise/latest/setup/prod/namespaces/ .. _Istio setup guide: https://istio.io/latest/docs/setup/install/helm/ .. _Kiali setup guide: https://kiali.io/docs/installation/installation-guide/example-install/ +.. _Kserve setup guide: https://kserve.github.io/website/0.10/admin/kubernetes_deployment/ .. _oom_base_optional_addons: @@ -59,6 +60,8 @@ ONAP is currenty planned to support Istio as default ServiceMesh platform. Therefor the following instructions describe the setup of Istio and required tools. Used `Istio best practices`_ and `Istio setup guide`_ +.. _oom_base_optional_addons_istio_installation: + Istio Platform Installation =========================== @@ -179,4 +182,40 @@ For setup the kiali operator is used, see `Kiali setup guide`_ Jaeger Installation =================== -To be done...
\ No newline at end of file +To be done... + + +Kserve Installation +******************** + +KServe is a standard Model Inference Platform on Kubernetes. It supports RawDeployment mode to enable InferenceService deployment with Kubernetes resources. Comparing to serverless deployment it unlocks Knative limitations such as mounting multiple volumes, on the other hand Scale down and from Zero is not supported in RawDeployment mode. + +This installation is necessary for the ML models to be deployed as inference service. Once deployed, the inference services can be queried for the prediction. + +**Kserve participant component in Policy ACM requires this installation. Kserve participant deploy/undeploy inference services in Kserve.** + +Dependent component version compatibility details and installation instructions can be found at `Kserve setup guide`_ + +Kserve installation requires the following components: + +- Istio. Its installation instructions can be found at :ref:`oom_base_optional_addons_istio_installation` + +- Cert-Manager. Its installation instructions can be found at :ref:`oom_base_setup_cert_manager` + +Installation instructions as follows, + +- Create kserve namespace:: + + > kubectl create namespace kserve + +- Install Kserve:: + + > kubectl apply -f https://github.com/kserve/kserve/releases/download/v<recommended-kserve-version>/kserve.yaml + +- Install Kserve default serving runtimes:: + + > kubectl apply -f https://github.com/kserve/kserve/releases/download/v<recommended-kserve-version>/kserve-runtimes.yaml + +- Patch ConfigMap inferenceservice-config as follows:: + + > kubectl patch configmap/inferenceservice-config -n kserve --type=strategic -p '{"data": {"deploy": "{\"defaultDeploymentMode\": \"RawDeployment\"}"}}' diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index 7065338cf9..30ef02295f 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -15,6 +15,21 @@ # limitations under the License. */}} {{/* + Helper function to check, if Ingress is globally enabled +*/}} +{{- define "common.ingressEnabled" -}} +{{- $dot := default . .dot -}} +{{- if $dot.Values.ingress -}} +{{- if $dot.Values.global.ingress -}} +{{- if (default false $dot.Values.global.ingress.enabled) -}} +true +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + + +{{/* Create the hostname as concatination <baseaddr>.<baseurl> - baseaddr: from component values: ingress.service.baseaddr - baseurl: from values: global.ingress.virtualhost.baseurl diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index 4b6e0a1aae..3db01396ca 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -250,7 +250,7 @@ spec: {{- $both_tls_and_plain:= default false $dot.Values.service.both_tls_and_plain }} {{- $labels := default (dict) .labels -}} {{- $matchLabels := default (dict) .matchLabels -}} -{{- if and (include "common.onServiceMesh" $dot) (eq $serviceType "NodePort") }} +{{- if and (include "common.ingressEnabled" $dot) (eq $serviceType "NodePort") -}} {{- $serviceType = "ClusterIP" }} {{- end }} diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index 6713031d9a..e7f9627a3d 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -1,7 +1,7 @@ {{/* #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved. # Copyright (c) 2021 AT&T Intellectual Property. All rights reserved. # Copyright (c) 2021 Nokia. All rights reserved. # Copyright (c) 2021 Nordix Foundation. @@ -228,16 +228,6 @@ process into the microservice's configuration. See the documentation for the common DMaaP provisioning template (oom/kubernetes/common/common/templates/_dmaapProvisioning.tpl). -If the microservice acts as a TLS client or server, the Deployment will -include an initContainer that retrieves certificate information from -the AAF certificate manager. The information is mounted at the -mount point specified in .Values.certDirectory. If the microservice is -a TLS server (indicated by setting .Values.tlsServer to true), the -certificate information will include a server cert and key, in various -formats. It will also include the AAF CA cert. If the microservice is -a TLS client only (indicated by setting .Values.tlsServer to false), the -certificate information includes only the AAF CA cert. - If the microservice uses certificates from an external CMPv2 provider, the Deployment will include an initContainer that performs certificate post-processing. @@ -247,7 +237,6 @@ post-processing. {{- $log := default dict .Values.log -}} {{- $logDir := default "" $log.path -}} {{- $certDir := (eq "true" (include "common.needTLS" .)) | ternary (default "" .Values.certDirectory . ) "" -}} -{{- $tlsServer := default "" .Values.tlsServer -}} {{- $commonRelease := print (include "common.release" .) -}} {{- $policy := default dict .Values.policies -}} {{- $policyRls := default $commonRelease $policy.policyRelease -}} @@ -269,44 +258,6 @@ spec: {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} {{- end }} {{- include "common.dmaap.provisioning.initContainer" . | nindent 6 }} - {{- if $certDir }} - - name: {{ include "common.name" . }}-aaf-init-readiness - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /app/ready.py - args: - - --container-name - - aaf-cm - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - resources: - limits: - cpu: 100m - memory: 100Mi - requests: - cpu: 3m - memory: 20Mi - - name: init-tls - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.tlsImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: TLS_SERVER - value: {{ $tlsServer | quote }} - - name: POD_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - resources: {{ include "common.resources" . | nindent 10 }} - volumeMounts: - - mountPath: /opt/app/osaaf - name: tls-info - {{- end }} {{ include "dcaegen2-services-common._certPostProcessor" . | nindent 4 }} containers: - image: {{ default ( include "repositoryGenerator.repository" . ) .Values.imageRepositoryOverride }}/{{ .Values.image }} @@ -423,10 +374,6 @@ spec: volumeMounts: - mountPath: /etc/policies name: policy-shared - {{- if $certDir }} - - mountPath: /opt/ca-certificates/ - name: tls-info - {{- end }} {{- end }} hostname: {{ include "common.name" . }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml index cd9be3b30d..1cc450d936 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml @@ -2,7 +2,7 @@ # ========================================================================= # Copyright (c) 2021 Nordix Foundation. # Copyright (c) 2022 Nokia. All rights reserved. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ========================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -45,7 +45,6 @@ secrets: ################################################################# # InitContainer Images. ################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0 ################################################################# @@ -66,11 +65,6 @@ logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # if absent, no certs will be retrieved and stored certDirectory: /opt/app/datafile/etc/cert -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # CMPv2 certificate # It is used only when: # - certDirectory is set diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml index e18ea04ee1..06ff279207 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml @@ -1,7 +1,7 @@ # ============= LICENSE_START ================================================ # ============================================================================ # Copyright (C) 2021 Wipro Limited. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -32,21 +32,6 @@ filebeatConfig: logstashPort: 5044 ################################################################# -# Secrets Configuration. -################################################################# -secrets: - - uid: &aafCredsUID aafcreds - type: basicAuth - login: '{{ .Values.aafCreds.identity }}' - password: '{{ .Values.aafCreds.password }}' - passwordPolicy: required - -################################aafcreds################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - -################################################################# # Application Configuration Defaults. ################################################################# # Application Image @@ -59,15 +44,6 @@ log: path: /var/log/ONAP/dcaegen2/services/datalake-admin-ui logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/datalake-admin-ui/etc/cert/ - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # Dependencies readinessCheck: wait_for: @@ -91,11 +67,6 @@ service: port: 8088 port_protocol: http -# AAF Credentials -aafCreds: - identity: dcae@dcae.onap.org - password: demo123456! - # Initial Application Configuration applicationConfig: FEEDER_ADDR: dl-feeder diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml index cab2a953ec..9049e0a03c 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml @@ -1,7 +1,7 @@ # ============= LICENSE_START ================================================ # ============================================================================ # Copyright (C) 2021 Wipro Limited. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -36,22 +36,12 @@ filebeatConfig: # Secrets Configuration. ################################################################# secrets: - - uid: &aafCredsUID aafcreds - type: basicAuth - login: '{{ .Values.aafCreds.identity }}' - password: '{{ .Values.aafCreds.password }}' - passwordPolicy: required - uid: &pgUserCredsSecretUid pg-user-creds externalSecret: '{{ include "common.release" . }}-datalake-pg-user-creds' type: basicAuth login: '{{ .Values.postgres.config.pgUserName }}' passwordPolicy: required -################################aafcreds################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - ################################################################# # Application Configuration Defaults. ################################################################# @@ -65,15 +55,6 @@ log: path: /var/log/ONAP/dcaegen2/services/datalake logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/datalake/etc/cert/ - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # Dependencies readinessCheck: wait_for: @@ -97,11 +78,6 @@ service: port: 1681 port_protocol: http -# AAF Credentials -aafCreds: - identity: dcae@dcae.onap.org - password: demo123456! - #postgres configuration postgres: config: diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml index 25b74d7502..552e00cfbd 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml @@ -1,7 +1,7 @@ # ================================ LICENSE_START ============================= # ============================================================================ # Copyright (C) 2021 Wipro Limited. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -35,11 +35,6 @@ filebeatConfig: # Secrets Configuration. ################################################################# secrets: - - uid: &aafCredsUID aafcreds - type: basicAuth - login: '{{ .Values.aafCreds.identity }}' - password: '{{ .Values.aafCreds.password }}' - passwordPolicy: required - uid: &pgUserCredsSecretUid pg-user-creds name: &pgUserCredsSecretName '{{ include "common.release" . }}-datalake-pg-user-creds' type: basicAuth @@ -49,11 +44,6 @@ secrets: passwordPolicy: generate ################################################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - -################################################################# # Application Configuration Defaults. ################################################################# # Application Image @@ -67,15 +57,6 @@ log: path: /var/log/ONAP/dcaegen2/services/datalake logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/datalake/etc/certs - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # Dependencies readinessCheck: wait_for: @@ -99,11 +80,6 @@ service: port: 1680 port_protocol: http -# AAF Credentials -aafCreds: - identity: dcae@dcae.onap.org - password: demo123456! - credentials: - name: PG_USER uid: *pgUserCredsSecretUid diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml index 83acd545c8..115bd257c6 100644 --- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml @@ -1,7 +1,7 @@ # ================================ LICENSE_START ============================= # ============================================================================ # Copyright (c) 2021-2023 AT&T Intellectual Property. All rights reserved. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -35,11 +35,6 @@ filebeatConfig: # Secrets Configuration. ################################################################# secrets: - - uid: &aafCredsUID aafcreds - type: basicAuth - login: '{{ .Values.aafCreds.identity }}' - password: '{{ .Values.aafCreds.password }}' - passwordPolicy: required - uid: &pgUserCredsSecretUid pg-user-creds name: &pgUserCredsSecretName '{{ include "common.release" . }}-heartbeat-pg-user-creds' type: basicAuth @@ -49,11 +44,6 @@ secrets: passwordPolicy: generate ################################################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - -################################################################# # Application Configuration Defaults. ################################################################# # Application Image @@ -67,15 +57,6 @@ log: path: /var/log/ONAP/dcaegen2/services/heartbeat logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/heartbeat/etc/certs - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # Dependencies readinessCheck: wait_for: @@ -100,18 +81,7 @@ service: port: 10002 port_protocol: http -# AAF Credentials -aafCreds: - identity: dcae@dcae.onap.org - password: demo123456! - credentials: -- name: AAF_IDENTITY - uid: *aafCredsUID - key: login -- name: AAF_PASSWORD - uid: *aafCredsUID - key: password - name: HEARTBEAT_PG_USERNAME uid: *pgUserCredsSecretUid key: login diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml index 482d88e883..ab6d3f247c 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved. # Copyright (c) 2021-2022 Nokia. All rights reserved. # Modifications Copyright (C) 2022-2023 Nordix Foundation. # ================================================================================ @@ -35,7 +35,6 @@ filebeatConfig: ################################################################# # initContainer images. ################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0 ################################################################# @@ -59,11 +58,6 @@ logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # if absent, no certs will be retrieved and stored certDirectory: /etc/ves-hv/ssl -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # CMPv2 certificate # It is used only when: # - certDirectory is set diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml index 19ff61fa96..db85cfd045 100644 --- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml @@ -1,7 +1,7 @@ # ============= LICENSE_START ================================================ # ============================================================================ # Copyright (C) 2021-2022 Wipro Limited. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -32,21 +32,6 @@ filebeatConfig: logstashPort: 5044 ################################################################# -# Secrets Configuration. -################################################################# -secrets: - - uid: &aafCredsUID aafcreds - type: basicAuth - login: '{{ .Values.aafCreds.identity }}' - password: '{{ .Values.aafCreds.password }}' - passwordPolicy: required - -################################################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - -################################################################# # Application Configuration Defaults. ################################################################# # Application Image @@ -60,16 +45,6 @@ log: path: /var/log/ONAP/dcaegen2/services/kpims logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/kpims/etc/cert/ - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false -enable_tls: false - # Optional Policy configuration properties # if present, policy-sync side car will be deployed #dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 @@ -100,19 +75,6 @@ service: port: 8080 port_protocol: http -# AAF Credentials -aafCreds: - identity: dcae@dcae.onap.org - password: demo123456! - -credentials: -- name: AAF_IDENTITY - uid: *aafCredsUID - key: login -- name: AAF_PASSWORD - uid: *aafCredsUID - key: password - # Initial Application Configuration applicationConfig: trust_store_path: '/opt/app/kpims/etc/cert/trust.jks' diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml index 5cdd5db7b9..f3a7ae3977 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml @@ -2,7 +2,7 @@ # ========================================================================= # Copyright (C) 2021 Nordix Foundation. # Copyright (c) 2022 Nokia. All rights reserved. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ========================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -36,11 +36,6 @@ filebeatConfig: # Secrets Configuration. ################################################################# secrets: - - uid: &aafCredsUID aafcreds - type: basicAuth - login: '{{ .Values.aafCreds.identity }}' - password: '{{ .Values.aafCreds.password }}' - passwordPolicy: required - uid: &drSubCredsUID drsubcreds type: basicAuth login: '{{ .Values.drSubscriberCreds.username }}' @@ -48,11 +43,6 @@ secrets: passwordPolicy: required ################################################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - -################################################################# # Application Configuration Defaults. ################################################################# # Application Image @@ -66,15 +56,6 @@ log: path: /var/log/ONAP/dcaegen2/services/pm-mapper logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/pm-mapper/etc/cert - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # Dependencies readinessCheck: wait_for: @@ -104,23 +85,12 @@ service: plain_port: 8081 port_protocol: http -# AAF Credentials -aafCreds: - identity: dcae@dcae.onap.org - password: demo123456! - # Data Router Subscriber Credentials drSubscriberCreds: username: username password: password credentials: -- name: AAF_IDENTITY - uid: *aafCredsUID - key: login -- name: AAF_PASSWORD - uid: *aafCredsUID - key: password - name: DR_USERNAME uid: *drSubCredsUID key: login diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml index 7f306542b4..f6782db6c6 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml @@ -1,7 +1,7 @@ # ================================ LICENSE_START ============================= # ============================================================================ # Copyright (C) 2021 Nordix Foundation. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -35,11 +35,6 @@ filebeatConfig: # Secrets Configuration. ################################################################# secrets: - - uid: &aafCredsUID aafcreds - type: basicAuth - login: '{{ .Values.aafCreds.identity }}' - password: '{{ .Values.aafCreds.password }}' - passwordPolicy: required - uid: &pgUserCredsSecretUid pg-user-creds name: &pgUserCredsSecretName '{{ include "common.release" . }}-pmsh-pg-user-creds' type: basicAuth @@ -49,11 +44,6 @@ secrets: passwordPolicy: generate ################################################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - -################################################################# # Application Configuration Defaults. ################################################################# # Application Image @@ -67,15 +57,6 @@ log: path: /var/log/ONAP/dcaegen2/services/pmsh logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/pmsh/etc/certs - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # Dependencies readinessCheck: wait_for: @@ -101,24 +82,11 @@ service: plain_port: 8080 port_protocol: http -# AAF Credentials -aafCreds: - identity: dcae@dcae.onap.org - password: demo123456! - -credentials: -- name: AAF_IDENTITY - uid: *aafCredsUID - key: login -- name: AAF_PASSWORD - uid: *aafCredsUID - key: password - # Initial Application Configuration applicationConfig: enable_tls: false - aaf_identity: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} + aaf_identity: dummy_value + aaf_password: dummy_value key_path: /opt/app/pmsh/etc/certs/key.pem cert_path: /opt/app/pmsh/etc/certs/cert.pem ca_cert_path: /opt/app/pmsh/etc/certs/cacert.pem diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml index 80154c781f..da48074303 100644 --- a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved. # Copyright (c) 2022 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -32,11 +32,6 @@ filebeatConfig: logstashPort: 5044 ################################################################# -# initContainer images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - -################################################################# # Application configuration defaults. ################################################################# # application image @@ -50,15 +45,6 @@ log: path: /opt/app/prh/logs logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/prh/etc/cert - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - secrets: - uid: &aaiCredsUID aaicreds type: basicAuth diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml index dcbedf4b2f..92467f4a7c 100644 --- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml @@ -1,7 +1,7 @@ # ================================ LICENSE_START ============================= # ============================================================================ # Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -41,12 +41,6 @@ secrets: password: '{{ .Values.controllerCreds.password }}' passwordPolicy: required - -################################################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - ################################################################# # Application Configuration Defaults. ################################################################# @@ -61,15 +55,6 @@ log: path: null # /opt/app/restconfcollector/logs logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/dcae-certificate - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # Dependencies readinessCheck: wait_for: diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml index 3fdd251110..e57c781ed5 100644 --- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml @@ -1,7 +1,7 @@ # ============= LICENSE_START ================================================ # ============================================================================ # Copyright (C) 2021-2022 Wipro Limited. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # Copyright (C) 2022 Huawei Canada Limited. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -36,11 +36,6 @@ filebeatConfig: # Secrets Configuration. ################################################################# secrets: - - uid: &aafCredsUID aafcreds - type: basicAuth - login: '{{ .Values.aafCreds.identity }}' - password: '{{ .Values.aafCreds.password }}' - passwordPolicy: required - uid: &pgUserCredsSecretUid pg-user-creds name: &pgUserCredsSecretName '{{ include "common.release" . }}-sliceanalysisms-pg-user-creds' type: basicAuth @@ -49,11 +44,6 @@ secrets: password: '{{ .Values.postgres.config.pgUserPassword }}' passwordPolicy: generate -################################aafcreds################################# -# InitContainer Image -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - ################################################################# # Application Configuration Defaults. ################################################################# @@ -85,15 +75,6 @@ log: path: /var/log/ONAP/dcaegen2/services/sliceanalysisms logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/sliceanalysisms/etc/cert/ - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # Dependencies readinessCheck: wait_for: @@ -118,18 +99,7 @@ service: port: 8080 port_protocol: http -# AAF Credentials -aafCreds: - identity: dcae@dcae.onap.org - password: demo123456! - credentials: -- name: AAF_IDENTITY - uid: *aafCredsUID - key: login -- name: AAF_PASSWORD - uid: *aafCredsUID - key: password - name: PG_USERNAME uid: *pgUserCredsSecretUid key: login diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml index 5340f35770..5c888db790 100644 --- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml @@ -1,7 +1,7 @@ # ================================ LICENSE_START ============================= # ============================================================================ # Copyright (c) 2021 AT&T Intellectual Property. All rights reserved. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -31,12 +31,6 @@ filebeatConfig: logstashServiceName: log-ls logstashPort: 5044 - -################################################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - ################################################################# # Application Configuration Defaults. ################################################################# @@ -51,13 +45,6 @@ log: path: /opt/app/snmptrap/logs logConfigMapNamePrefix: '{{ include "common.fullname" . }}' - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - - # Dependencies readinessCheck: wait_for: diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml index bd684e3db5..6b007a330b 100644 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml @@ -1,7 +1,7 @@ # ============= LICENSE_START ================================================ # ============================================================================ # Copyright (C) 2021-2022 Wipro Limited. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -35,11 +35,6 @@ filebeatConfig: # Secrets Configuration. ################################################################# secrets: - - uid: &aafCredsUID aafcreds - type: basicAuth - login: '{{ .Values.aafCreds.identity }}' - password: '{{ .Values.aafCreds.password }}' - passwordPolicy: required - uid: &cpsCredsUID cpscreds type: basicAuth login: '{{ .Values.cpsCreds.identity }}' @@ -54,11 +49,6 @@ secrets: passwordPolicy: generate ################################################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - -################################################################# # Application Configuration Defaults. ################################################################# # Application Image @@ -72,15 +62,6 @@ log: path: /var/log/ONAP/dcaegen2/services/sonhms logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/sonhms/etc/certs - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # Optional Policy configuration properties # if present, policy-sync side car will be deployed #dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 @@ -112,21 +93,12 @@ service: port: 8080 port_protocol: http -# AAF Credentials -aafCreds: - identity: dcae@dcae.onap.org - password: demo123456! +# Credentials cpsCreds: identity: cps password: cpsr0cks! credentials: -- name: AAF_IDENTITY - uid: *aafCredsUID - key: login -- name: AAF_PASSWORD - uid: *aafCredsUID - key: password - name: CPS_IDENTITY uid: *cpsCredsUID key: login diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml index 08ca865aff..40a7c13dca 100644 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved. # Copyright (c) 2021 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -32,11 +32,6 @@ filebeatConfig: logstashPort: 5044 ################################################################# -# initContainer images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - -################################################################# # Application configuration defaults. ################################################################# # application image @@ -50,15 +45,6 @@ log: path: /opt/logs/dcae-analytics-tca logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /etc/tca-gen2/ssl - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - secrets: - uid: &aaiCredsUID aaicreds type: basicAuth diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml index 9e9750a56f..2ee3eb2ee4 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml @@ -1,7 +1,7 @@ #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2021-2022 Nokia. All rights reserved. -# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved. # Copyright (c) 2022 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -35,7 +35,6 @@ filebeatConfig: ################################################################# # initContainer images. ################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0 ################################################################# @@ -56,11 +55,6 @@ logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # if absent, no certs will be retrieved and stored certDirectory: /opt/app/dcae-certificate -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: false - # CMPv2 certificate # It is used only when: # - certDirectory is set diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml index 47eb5f1f20..4ee6ee72f4 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml @@ -1,7 +1,7 @@ # ================================ LICENSE_START ============================= # ============================================================================ # Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved. -# Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -32,11 +32,6 @@ filebeatConfig: logstashPort: 5044 ################################################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 - -################################################################# # Application Configuration Defaults. ################################################################# # Application Image @@ -50,15 +45,6 @@ log: path: /opt/app/VESAdapter/logs logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -#certDirectory: /opt/app/ves-mapper/etc/certs - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -#tlsServer: false - # Dependencies readinessCheck: wait_for: diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/ingress.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/templates/ingress.yaml new file mode 100644 index 0000000000..bcc60a0953 --- /dev/null +++ b/kubernetes/holmes/components/holmes-rule-mgmt/templates/ingress.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.ingress" . }} diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml index 0a2552719f..2320095652 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml @@ -1,6 +1,7 @@ #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2021 ZTE Corporation Intellectual Property. All rights reserved. +# Modifications 2023 Deutsche Telekom # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -71,6 +72,16 @@ service: port: 9104 nodePort: 93 +ingress: + enabled: false + service: + - baseaddr: 'holmes-api' + name: 'holmes-rule-mgmt' + port: 9101 + - baseaddr: 'holmes-ui' + name: 'holmes-rule-mgmt' + port: 9104 + # probe configuration parameters liveness: initialDelaySeconds: 10 diff --git a/kubernetes/strimzi/templates/ingress.yaml b/kubernetes/strimzi/templates/ingress.yaml new file mode 100644 index 0000000000..bcc60a0953 --- /dev/null +++ b/kubernetes/strimzi/templates/ingress.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2023 Deutsche Telekom +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.ingress" . }} diff --git a/kubernetes/strimzi/templates/strimzi-kafka.yaml b/kubernetes/strimzi/templates/strimzi-kafka.yaml index b35485f11c..99252ec3e6 100644 --- a/kubernetes/strimzi/templates/strimzi-kafka.yaml +++ b/kubernetes/strimzi/templates/strimzi-kafka.yaml @@ -35,20 +35,34 @@ spec: type: tls - name: external port: 9094 - type: nodeport + type: {{ if (include "common.ingressEnabled" .) }}cluster-ip{{ else }}nodeport{{ end }} tls: true authentication: type: tls configuration: + {{- if not (include "common.ingressEnabled" .) }} bootstrap: nodePort: {{ .Values.global.nodePortPrefixExt }}93 + {{- end }} brokers: - broker: 0 + advertisedHost: {{ .Values.config.advertisedHost }} + advertisedPort: {{ .Values.config.advertizedPortBroker0 }} + {{- if not (include "common.ingressEnabled" .) }} nodePort: {{ .Values.global.nodePortPrefixExt }}90 + {{- end }} - broker: 1 + advertisedHost: {{ .Values.config.advertisedHost }} + advertisedPort: {{ .Values.config.advertizedPortBroker1 }} + {{- if not (include "common.ingressEnabled" .) }} nodePort: {{ .Values.global.nodePortPrefixExt }}91 + {{- end }} - broker: 2 + advertisedHost: {{ .Values.config.advertisedHost }} + advertisedPort: {{ .Values.config.advertizedPortBroker2 }} + {{- if not (include "common.ingressEnabled" .) }} nodePort: {{ .Values.global.nodePortPrefixExt }}92 + {{- end }} authorization: type: {{ .Values.config.authType }} superUsers: diff --git a/kubernetes/strimzi/values.yaml b/kubernetes/strimzi/values.yaml index e6da1d55db..ec1ed887a7 100644 --- a/kubernetes/strimzi/values.yaml +++ b/kubernetes/strimzi/values.yaml @@ -29,6 +29,10 @@ config: saslMechanism: &saslMech scram-sha-512 kafkaInternalPort: &plainPort 9092 strimziKafkaAdminUser: &adminUser strimzi-kafka-admin + advertisedHost: kafka-api.simpledemo.onap.org + advertizedPortBroker0: &advertizedPortBroker0 9000 + advertizedPortBroker1: &advertizedPortBroker1 9001 + advertizedPortBroker2: &advertizedPortBroker2 9002 persistence: enabled: &pvenabled true @@ -56,6 +60,30 @@ serviceAccount: roles: - read +ingress: + enabled: false + service: + - baseaddr: "kafka-bootstrap-api" + name: "onap-strimzi-kafka-external-bootstrap" + port: 9094 + exposedPort: 9010 + exposedProtocol: TLS + - baseaddr: "kafka-0-api" + name: "onap-strimzi-kafka-0" + port: 9094 + exposedPort: *advertizedPortBroker0 + exposedProtocol: TLS + - baseaddr: "kafka-1-api" + name: "onap-strimzi-kafka-1" + port: 9094 + exposedPort: *advertizedPortBroker1 + exposedProtocol: TLS + - baseaddr: "kafka-2-api" + name: "onap-strimzi-kafka-2" + port: 9094 + exposedPort: *advertizedPortBroker2 + exposedProtocol: TLS + ###################### # Component overrides ###################### |