diff options
33 files changed, 362 insertions, 88 deletions
diff --git a/.gitignore b/.gitignore index 6d071f6cb1..8b573a454f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ +# Helm generated stuff +Chart.lock +**/charts/ # auto generated certificates kubernetes/platform/components/oom-cert-service/resources/*.jks kubernetes/platform/components/oom-cert-service/resources/*.p12 diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml index cccc2b1e66..d0147aa1a4 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml @@ -63,9 +63,9 @@ spec: echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml index 95c3fe2fbf..07307134d8 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml @@ -68,9 +68,9 @@ spec: echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml index 62e27b6321..b483489141 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml @@ -63,9 +63,9 @@ spec: echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml index 07009b2fbd..0d471f7d78 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml @@ -68,9 +68,9 @@ spec: echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop @@ -266,9 +266,9 @@ spec: echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml index c4098b1a3b..22f0dbcd05 100644 --- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml @@ -56,8 +56,8 @@ spec: echo "*** obfuscate them " export KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD} export TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD} - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop image: {{ include "repositoryGenerator.image.jetty" . }} diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml index e4f1d72d7b..cb58120159 100644 --- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml @@ -52,8 +52,9 @@ spec: echo "*** obfuscate them " export KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD} export TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD} - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + ls -l /usr/local/jetty/lib + export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop image: {{ include "repositoryGenerator.image.jetty" . }} @@ -75,8 +76,6 @@ spec: - | echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) - echo "keystore pass: $KEYSTORE_PASSWORD" - echo "truststore pass: $TRUSTSTORE_PASSWORD" echo "*** actual launch of AAI Schema Service" /bin/bash /opt/app/aai-schema-service/docker-entrypoint.sh {{- end }} diff --git a/kubernetes/common/cassandra/templates/servicemonitor.yaml b/kubernetes/common/cassandra/templates/servicemonitor.yaml new file mode 100644 index 0000000000..5297e692d2 --- /dev/null +++ b/kubernetes/common/cassandra/templates/servicemonitor.yaml @@ -0,0 +1,19 @@ +{{/* +# Copyright © 2022 Amdocs, Bitnami, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.metrics.serviceMonitor.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index 840e95b490..43367ee542 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada +# Copyright © 2022 Amdocs, AT&T, Bell Canada, Bitnami # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,6 +26,15 @@ spec: type: {{ .Values.updateStrategy.type }} template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} + {{- if or .Values.podAnnotations (and .Values.metrics.serviceMonitor.enabled .Values.metrics.podAnnotations) }} + annotations: + {{- if .Values.podAnnotations }} + {{- include "common.tplValue" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.podAnnotations }} + {{- include "common.tplValue" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} spec: hostNetwork: {{ .Values.hostNetwork }} imagePullSecrets: @@ -126,6 +135,41 @@ spec: command: ["/bin/sh", "-c", "PID=$(pidof java) && kill $PID && while ps -p $PID > /dev/null; do sleep 1; done"] {{- end }} resources: {{ toYaml .Values.resources | nindent 10 }} + {{- if .Values.metrics.serviceMonitor.enabled }} + - name: {{ include "common.name" . }}-metrics + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.metrics.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.metrics.pullPolicy | quote}} + {{- if (.Values.metrics.enabled) }} + ports: + {{- range $index, $metricPort := .Values.metrics.ports }} + - name: {{ $metricPort.name }} + containerPort: {{ $metricPort.port }} + protocol: TCP + {{- end }} + livenessProbe: + httpGet: + path: {{ .Values.metrics.livenessProbe.httpGet.path }} + port: {{ .Values.metrics.livenessProbe.httpGet.port }} + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + path: {{ .Values.metrics.readinessProbe.httpGet.path }} + port: {{ .Values.metrics.readinessProbe.httpGet.port }} + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} + {{- end }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 10 }} + {{- end }} + {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end -}} diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml index 1d69993956..597174ee0a 100644 --- a/kubernetes/common/cassandra/values.yaml +++ b/kubernetes/common/cassandra/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 Amdocs, Bell Canada, AT&T +# Copyright © 2022 Amdocs, Bell Canada, AT&T, Bitnami # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -168,3 +168,63 @@ serviceAccount: nameOverride: cassandra roles: - nothing + +# Cassandra Metrics +metrics: + enabled: false + image: bitnami/cassandra-exporter:2.3.4-debian-10-r641 + pullPolicy: IfNotPresent + ports: + - name: tcp-metrics + port: 8080 + podAnnotations: + prometheus.io/scrape: 'true' + prometheus.io/port: '8080' + livenessProbe: + enabled: true + httpGet: + path: /metrics + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /metrics + port: 8080 + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + serviceMonitor: + enabled: false + targetPort: 8080 + path: /metrics + basicAuth: + enabled: false + ## Namespace in which Prometheus is running + ## + # namespace: monitoring + + ## Interval at which metrics should be scraped. + #interval: 30s + + ## Timeout after which the scrape is ended + # scrapeTimeout: 10s + + ## ServiceMonitor selector labels + selector: + app.kubernetes.io/name: '{{ include "common.name" . }}' + helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + app.kubernetes.io/instance: '{{ include "common.release" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + + ## RelabelConfigs to apply to samples before scraping + relabelings: [] + + ## MetricRelabelConfigs to apply to samples before ingestion + metricRelabelings: [] diff --git a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh index fa3de03ece..96b0c0c0c8 100755 --- a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh +++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh @@ -41,7 +41,7 @@ for f in $CERTS_DIR/*; do if echo $f | grep '\.sh$' >/dev/null; then continue fi - if echo $f | grep '\.b64$' >/dev/null; then + if echo $f | grep '\.b64$' >/dev/null then base64 -d $f > $WORK_DIR/`basename $f .b64` else @@ -87,4 +87,4 @@ if [ $? != 0 ] exit 1 else cp /etc/ssl/certs/ca-certificates.crt $WORK_DIR/. -fi
\ No newline at end of file +fi diff --git a/kubernetes/common/common/templates/_dmaapProvisioning.tpl b/kubernetes/common/common/templates/_dmaapProvisioning.tpl index d28494aacd..eefd00d7bf 100644 --- a/kubernetes/common/common/templates/_dmaapProvisioning.tpl +++ b/kubernetes/common/common/templates/_dmaapProvisioning.tpl @@ -138,6 +138,7 @@ args: - -c - | + set -uex -o pipefail if [ -d /opt/app/config/cache ]; then cd /opt/app/config/cache for file in $(ls feed*); do @@ -147,8 +148,6 @@ done for file in $(ls drpub*); do NUM=$(echo "$file" | sed 's/drpubConfig-\([0-9]\+\)-resp.json/\1/') - export DR_USERNAME_"$NUM"="$(grep -o '"username":"[^"]*' "$file" | cut -d '"' -f4)" - export DR_PASSWORD_"$NUM"="$(grep -o '"userpwd":"[^"]*' "$file" | cut -d '"' -f4)" export DR_FILES_PUBLISHER_ID_"$NUM"="$(grep -o '"pubId":"[^"]*' "$file" | cut -d '"' -f4)" done for file in $(ls drsub*); do diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index a488e0d5fa..f6a0f211a9 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -267,6 +267,11 @@ spec: {{- $ports := $dot.Values.service.headlessPorts -}} {{- $labels := default (dict) .labels -}} {{- $matchLabels := default (dict) .matchLabels -}} +{{- if ($dot.Values.metrics) }} +{{- range $index, $metricPort := $dot.Values.metrics.ports }} +{{- $ports = append $ports $metricPort }} +{{- end }} +{{- end }} {{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true "labels" $labels "matchLabels" $matchLabels) }} {{- end -}} diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index f49a898818..9f7c882134 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -608,8 +608,8 @@ metrics: ## ServiceMonitor selector labels ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration ## - selector: - prometheus: kube-prometheus + # selector: + # prometheus: kube-prometheus ## RelabelConfigs to apply to samples before scraping ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index 5a43eefc03..7058f865bc 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -1,6 +1,6 @@ # Copyright © 2020 Orange # Copyright © 2021 Nokia, AT&T -# Modifications Copyright (C) 2021 Nordix Foundation. +# Modifications Copyright (c) 2022 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,7 +28,10 @@ global: envsubstImage: dibi/envsubst:1 # there's only latest image for htpasswd htpasswdImage: xmartlabs/htpasswd:latest - jettyImage: jetty:9-jdk11-slim + # if you change jetty image, you'll also need to update jar file which is + # "hardcoded" to the value... + # (/usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar) for 9.4.45 + jettyImage: jetty:9.4.45-jdk11-slim jreImage: onap/integration-java11:10.0.0 kubectlImage: bitnami/kubectl:1.19 loggingImage: beats/filebeat:5.5.0 @@ -37,7 +40,7 @@ global: postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 readinessImage: onap/oom/readiness:3.0.1 dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 - dbcClientImage: onap/dmaap/dbc-client:2.0.7 + dbcClientImage: onap/dmaap/dbc-client:2.0.9 quitQuitImage: onap/oom/readiness:4.1.0 # Default credentials diff --git a/kubernetes/cps/Chart.yaml b/kubernetes/cps/Chart.yaml index 40bf4889ea..5e951d7beb 100644 --- a/kubernetes/cps/Chart.yaml +++ b/kubernetes/cps/Chart.yaml @@ -23,9 +23,6 @@ dependencies: - name: common version: ~10.x-0 repository: '@local' - - name: roles-wrapper - version: ~10.x-0 - repository: '@local' - name: cps-core version: ~10.x-0 repository: '@local' diff --git a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml index 8f904efeae..e9958f1114 100644 --- a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml +++ b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml @@ -20,9 +20,9 @@ spring: datasource: {{- if .Values.global.postgres.localCluster }} - url: jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }} + url: jdbc:postgresql://{{ .Values.postgres.service.name2 }}:{{ .Values.postgres.service.externalPort2 }}/{{ .Values.postgres.config.pgDatabase }} {{- else }} - url: jdbc:postgresql://{{ .Values.global.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }} + url: jdbc:postgresql://{{ .Values.global.postgres.service.name2 }}:{{ .Values.global.postgres.service.externalPort2 }}/{{ .Values.postgres.config.pgDatabase }} {{- end }} username: ${DB_USERNAME} password: ${DB_PASSWORD} diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml index a482152582..e67cfb250a 100644 --- a/kubernetes/cps/components/cps-core/values.yaml +++ b/kubernetes/cps/components/cps-core/values.yaml @@ -58,8 +58,11 @@ global: localCluster: false service: name: pgset + externalPort: 5432 name2: tcp-pgset-primary + externalPort2: 5432 name3: tcp-pgset-replica + externalPort3: 5432 container: name: postgres @@ -200,8 +203,11 @@ postgres: nameOverride: &postgresName cps-core-postgres service: name: *postgresName + externalPort: 5432 name2: cps-core-pg-primary + externalPort2: 5432 name3: cps-core-pg-replica + externalPort3: 5432 container: name: primary: cps-core-pg-primary diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml new file mode 100644 index 0000000000..13a14a5e12 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml @@ -0,0 +1,19 @@ +{{/* +################################################################################ +# Copyright (c) 2022 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +{{ include "common.secretFast" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml index 7408f44416..2ce6c89775 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml @@ -1,6 +1,6 @@ # ================================ LICENSE_START ========================== # ========================================================================= -# Copyright (C) 2021 Nordix Foundation. +# Copyright (c) 2021 Nordix Foundation. # ========================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -31,6 +31,16 @@ filebeatConfig: logstashPort: 5044 ################################################################# +# Secrets Configuration. +################################################################# +secrets: + - uid: &drPubCredsUID drpubcreds + type: basicAuth + login: '{{ .Values.drPubscriberCreds.username }}' + password: '{{ .Values.drPubscriberCreds.password }}' + passwordPolicy: required + +################################################################# # InitContainer Images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 @@ -116,6 +126,19 @@ applicationEnv: # It's a workaround because DMAAP specific env variables are not available in main container. CBS_CLIENT_CONFIG_PATH: '' +# Data Router Publisher Credentials +drPubscriberCreds: + username: username + password: password + +credentials: +- name: DR_USERNAME + uid: *drPubCredsUID + key: login +- name: DR_PASSWORD + uid: *drPubCredsUID + key: password + # Initial Application Configuration applicationConfig: dmaap.certificateConfig.keyCert: /opt/app/datafile/etc/cert/cert.p12 @@ -139,8 +162,8 @@ applicationConfig: location: loc00 log_url: ${DR_LOG_URL_0} publish_url: ${DR_FILES_PUBLISHER_URL_0} - username: ${DR_USERNAME_0} - password: ${DR_PASSWORD_0} + username: ${DR_USERNAME} + password: ${DR_PASSWORD} type: data_router streams_subscribes: dmaap_subscriber: @@ -159,6 +182,8 @@ drFeedConfig: # DataRouter Publisher Configuration drPubConfig: - feedName: bulk_pm_feed + username: ${DR_USERNAME} + userpwd: ${DR_PASSWORD} dcaeLocationName: loc00 # ConfigMap Configuration for Feed, Dr_Publisher diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml index 84a3c1eee8..2bfa496bcd 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml @@ -79,7 +79,7 @@ spec: name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml - mountPath: {{ .Values.global.loggingDirectory }} - name: {{ include "common.fullname" . }}-logs + name: logs resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} @@ -106,7 +106,7 @@ spec: configMap: name: {{ include "common.fullname" . }}-log {{ include "common.log.volumes" . | nindent 8 }} - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} {{- if not .Values.persistence.enabled }} - name: {{ include "common.fullname" . }}-event-logs diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index 5f99ea3399..b7acbc9d8d 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -95,7 +95,7 @@ spec: name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml - mountPath: {{ .Values.global.loggingDirectory }} - name: {{ include "common.fullname" . }}-logs + name: logs resources: {{ include "common.resources" . }} {{- if .Values.nodeSelector }} @@ -123,7 +123,7 @@ spec: configMap: name: {{ include "common.fullname" . }}-log {{ include "common.log.volumes" . | nindent 6 }} - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml index 27b79fd7d1..455996b063 100644 --- a/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml +++ b/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml @@ -15,7 +15,7 @@ # limitations under the License. apiVersion: v2 -appVersion: "1.0" +appVersion: "2.0" description: Holmes Engine Management name: holmes-engine-mgmt version: 10.0.0 diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml index b625f6d72e..aef0c8c22a 100644 --- a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml +++ b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml @@ -20,6 +20,13 @@ apiVersion: apps/v1 kind: Deployment metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +{{- $sum := "" }} +{{- range $path, $bytes := .Files.Glob "resources/config/*.json"}} +{{- $sum = $.Files.Get $path | sha256sum | print $sum }} +{{- end }} + annotations: + checksum/config: {{ $sum | sha256sum }} + spec: replicas: 1 selector: {{- include "common.selectors" . | nindent 4 }} @@ -27,19 +34,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }} - - name: init-consul - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONSUL_HOST - value: {{ .Values.consulHost | default "consul-server-ui" }}.{{ include "common.namespace" . }} - args: - - --key - - holmes-engine-mgmt|/hemconfig/cfy.json - resources: {} - volumeMounts: - - mountPath: /hemconfig - name: {{ include "common.fullname" . }}-config - name: {{ include "common.name" . }}-env-config image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -73,6 +67,8 @@ spec: volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }} - name: {{ include "common.fullname" . }}-env-config mountPath: /opt/hemconfig + - name: {{ include "common.fullname" . }}-config + mountPath: /opt/hemtopics # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml index 1bdf35da21..d9dfa2d96e 100644 --- a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml +++ b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml @@ -25,7 +25,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/holmes/engine-management:9.0.0 +image: onap/holmes/engine-management:10.0.0 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 ################################################################# diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml index d224e94cb9..97d7fe3eea 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml @@ -15,7 +15,7 @@ # limitations under the License. apiVersion: v2 -appVersion: "1.0" +appVersion: "2.0" description: Holmes Rule Management name: holmes-rule-mgmt version: 10.0.0 diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/cfy.json b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/cfy.json deleted file mode 100644 index 8710f81d1b..0000000000 --- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/cfy.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "holmes.default.rule.volte.scenario1": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b$$$package org.onap.holmes.droolsRule;\n\nimport org.onap.holmes.common.dmaap.DmaapService;\nimport org.onap.holmes.common.api.stat.VesAlarm;\nimport org.onap.holmes.common.aai.CorrelationUtil;\nimport org.onap.holmes.common.dmaap.entity.PolicyMsg;\nimport org.onap.holmes.common.dropwizard.ioc.utils.ServiceLocatorHolder;\nimport org.onap.holmes.common.utils.DroolsLog;\n \n\nrule \"Relation_analysis_Rule\"\nsalience 200\nno-loop true\n when\n $root : VesAlarm(alarmIsCleared == 0,\n $sourceId: sourceId, sourceId != null && !sourceId.equals(\"\"),\n\t\t\t$sourceName: sourceName, sourceName != null && !sourceName.equals(\"\"),\n\t\t\t$startEpochMicrosec: startEpochMicrosec,\n eventName in (\"Fault_MultiCloud_VMFailure\"),\n $eventId: eventId)\n $child : VesAlarm( eventId != $eventId, parentId == null,\n CorrelationUtil.getInstance().isTopologicallyRelated(sourceId, $sourceId, $sourceName),\n eventName in (\"Fault_MME_eNodeB out of service alarm\"),\n startEpochMicrosec < $startEpochMicrosec + 60000 && startEpochMicrosec > $startEpochMicrosec - 60000 )\n then\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"Relation_analysis_Rule: rootId=\" + $root.getEventId() + \", childId=\" + $child.getEventId());\n\t\t$child.setParentId($root.getEventId());\n\t\tupdate($child);\n\t\t\nend\n\nrule \"root_has_child_handle_Rule\"\nsalience 150\nno-loop true\n\twhen\n\t\t$root : VesAlarm(alarmIsCleared == 0, rootFlag == 0, $eventId: eventId)\n\t\t$child : VesAlarm(eventId != $eventId, parentId == $eventId)\n\tthen\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"root_has_child_handle_Rule: rootId=\" + $root.getEventId() + \", childId=\" + $child.getEventId());\n\t\tDmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);\n\t\tPolicyMsg policyMsg = dmaapService.getPolicyMsg($root, $child, \"org.onap.holmes.droolsRule\");\n dmaapService.publishPolicyMsg(policyMsg, \"dcae_cl_out\");\n\t\t$root.setRootFlag(1);\n\t\tupdate($root);\nend\n\nrule \"root_no_child_handle_Rule\"\nsalience 100\nno-loop true\n when\n $root : VesAlarm(alarmIsCleared == 0, rootFlag == 0,\n sourceId != null && !sourceId.equals(\"\"),\n\t\t\tsourceName != null && !sourceName.equals(\"\"),\n eventName in (\"Fault_MultiCloud_VMFailure\"))\n then\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"root_no_child_handle_Rule: rootId=\" + $root.getEventId());\n\t\tDmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);\n\t\tPolicyMsg policyMsg = dmaapService.getPolicyMsg($root, null, \"org.onap.holmes.droolsRule\");\n dmaapService.publishPolicyMsg(policyMsg, \"dcae_cl_out\");\n\t\t$root.setRootFlag(1);\n\t\tupdate($root);\nend\n\nrule \"root_cleared_handle_Rule\"\nsalience 100\nno-loop true\n when\n $root : VesAlarm(alarmIsCleared == 1, rootFlag == 1)\n then\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"root_cleared_handle_Rule: rootId=\" + $root.getEventId());\n\t\tDmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);\n\t\tPolicyMsg policyMsg = dmaapService.getPolicyMsg($root, null, \"org.onap.holmes.droolsRule\");\n dmaapService.publishPolicyMsg(policyMsg, \"dcae_cl_out\");\n\t\tretract($root);\nend\n\nrule \"child_handle_Rule\"\nsalience 100\nno-loop true\n when\n $child : VesAlarm(alarmIsCleared == 1, rootFlag == 0)\n then\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"child_handle_Rule: childId=\" + $child.getEventId());\n\t\tretract($child);\nend", - "services_calls": {}, - "streams_publishes": {}, - "streams_subscribes": {} -} diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl b/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl new file mode 100644 index 0000000000..494333c2a8 --- /dev/null +++ b/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl @@ -0,0 +1,88 @@ +package org.onap.holmes.droolsRule; + +import org.onap.holmes.common.dmaap.DmaapService; +import org.onap.holmes.common.api.stat.VesAlarm; +import org.onap.holmes.common.aai.CorrelationUtil; +import org.onap.holmes.common.dmaap.entity.PolicyMsg; +import org.onap.holmes.common.dropwizard.ioc.utils.ServiceLocatorHolder; +import org.onap.holmes.common.utils.DroolsLog; + +rule "Relation_analysis_Rule" +salience 200 +no-loop true + when + $root : VesAlarm(alarmIsCleared == 0, + $sourceId: sourceId, sourceId != null && !sourceId.equals(""), + $sourceName: sourceName, sourceName != null && !sourceName.equals(""), + $startEpochMicrosec: startEpochMicrosec, + eventName in ("Fault_MultiCloud_VMFailure"), + $eventId: eventId) + $child : VesAlarm( eventId != $eventId, parentId == null, + CorrelationUtil.getInstance().isTopologicallyRelated(sourceId, $sourceId, $sourceName), + eventName in ("Fault_MME_eNodeB out of service alarm"), + startEpochMicrosec < $startEpochMicrosec + 60000 && startEpochMicrosec > $startEpochMicrosec - 60000 ) + then + DroolsLog.printInfo("==========================================================="); + DroolsLog.printInfo("Relation_analysis_Rule: rootId=" + $root.getEventId() + ", childId=" + $child.getEventId()); + $child.setParentId($root.getEventId()); + update($child); +end + +rule "root_has_child_handle_Rule" +salience 150 +no-loop true + when + $root : VesAlarm(alarmIsCleared == 0, rootFlag == 0, $eventId: eventId) + $child : VesAlarm(eventId != $eventId, parentId == $eventId) + then + DroolsLog.printInfo("==========================================================="); + DroolsLog.printInfo("root_has_child_handle_Rule: rootId=" + $root.getEventId() + ", childId=" + $child.getEventId()); + DmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class); + PolicyMsg policyMsg = dmaapService.getPolicyMsg($root, $child, "org.onap.holmes.droolsRule"); + dmaapService.publishPolicyMsg(policyMsg, "dcae_cl_out"); + $root.setRootFlag(1); + update($root); +end + +rule "root_no_child_handle_Rule" +salience 100 +no-loop true + when + $root : VesAlarm(alarmIsCleared == 0, rootFlag == 0, + sourceId != null && !sourceId.equals(""), + sourceName != null && !sourceName.equals(""), + eventName in ("Fault_MultiCloud_VMFailure")) + then + DroolsLog.printInfo("==========================================================="); + DroolsLog.printInfo("root_no_child_handle_Rule: rootId=" + $root.getEventId()); + DmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class); + PolicyMsg policyMsg = dmaapService.getPolicyMsg($root, null, "org.onap.holmes.droolsRule"); + dmaapService.publishPolicyMsg(policyMsg, "dcae_cl_out"); + $root.setRootFlag(1); + update($root); +end + +rule "root_cleared_handle_Rule" +salience 100 +no-loop true + when + $root : VesAlarm(alarmIsCleared == 1, rootFlag == 1) + then + DroolsLog.printInfo("==========================================================="); + DroolsLog.printInfo("root_cleared_handle_Rule: rootId=" + $root.getEventId()); + DmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class); + PolicyMsg policyMsg = dmaapService.getPolicyMsg($root, null, "org.onap.holmes.droolsRule"); + dmaapService.publishPolicyMsg(policyMsg, "dcae_cl_out"); + retract($root); +end + +rule "child_handle_Rule" +salience 100 +no-loop true + when + $child : VesAlarm(alarmIsCleared == 1, rootFlag == 0) + then + DroolsLog.printInfo("==========================================================="); + DroolsLog.printInfo("child_handle_Rule: childId=" + $child.getEventId()); + retract($child); +end diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/index.json b/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/index.json new file mode 100644 index 0000000000..70f9dd09db --- /dev/null +++ b/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/index.json @@ -0,0 +1,6 @@ +[ + { + "closedControlLoopName": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b", + "file": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl" + } +] diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/configmap.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/templates/configmap.yaml index 76b339faea..3d54264723 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/configmap.yaml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/templates/configmap.yaml @@ -17,5 +17,12 @@ apiVersion: v1 kind: ConfigMap -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +metadata: + name: {{ include "common.fullname" . }}-general-config data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | nindent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rule-config +data: {{ tpl (.Files.Glob "resources/rules/*").AsConfig . | nindent 2 }} diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml index 19ccbc0cdc..f3e9ce5dde 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml @@ -20,6 +20,12 @@ apiVersion: apps/v1 kind: Deployment metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +{{- $sum := "" }} +{{- range $path, $bytes := .Files.Glob "resources/rules/*"}} +{{- $sum = $.Files.Get $path | sha256sum | print $sum }} +{{- end }} + annotations: + checksum/rules: {{ $sum | sha256sum }} spec: replicas: 1 selector: {{- include "common.selectors" . | nindent 4 }} @@ -27,19 +33,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }} - - name: init-consul - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONSUL_HOST - value: {{ .Values.consulHost | default "consul-server-ui" }}.{{ include "common.namespace" . }} - args: - - --key - - holmes-rule-mgmt|/hrmconfigs/cfy.json - resources: {} - volumeMounts: - - mountPath: /hrmconfigs - name: {{ include "common.fullname" . }}-config - name: {{ include "common.name" . }}-env-config image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -61,7 +54,7 @@ spec: value: "{{ .Values.config.pgConfig.dbPort }}" volumeMounts: - mountPath: /hrmconfig - name: {{ include "common.fullname" . }}-config + name: {{ include "common.fullname" . }}-general-config - mountPath: /config name: {{ include "common.fullname" . }}-env-config containers: @@ -72,6 +65,8 @@ spec: volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }} - name: {{ include "common.fullname" . }}-env-config mountPath: /opt/hrmconfig + - name: {{ include "common.fullname" . }}-rule-config + mountPath: /opt/hrmrules # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} @@ -119,10 +114,14 @@ spec: value: "{{ .Values.config.pgConfig.dbPort }}" serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - - name: {{ include "common.fullname" . }}-config + - name: {{ include "common.fullname" . }}-general-config + configMap: + defaultMode: 422 + name: {{ include "common.fullname" . }}-general-config + - name: {{ include "common.fullname" . }}-rule-config configMap: defaultMode: 422 - name: {{ include "common.fullname" . }} + name: {{ include "common.fullname" . }}-rule-config - name: {{ include "common.fullname" . }}-env-config emptyDir: medium: Memory diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml index 06248824b4..d26e88d193 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml @@ -25,7 +25,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/holmes/rule-management:9.0.1 +image: onap/holmes/rule-management:10.0.0 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 ################################################################# @@ -120,17 +120,17 @@ resources: small: limits: cpu: 250m - memory: 256Mi + memory: 1024Mi requests: cpu: 250m - memory: 1024Mi + memory: 256Mi large: limits: cpu: 500m - memory: 512Mi + memory: 2Gi requests: cpu: 500m - memory: 2Gi + memory: 512Mi unlimited: {} #Pods Service Account diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml index 312fc4b65f..06ad5b7c9b 100644 --- a/kubernetes/onap/resources/overrides/sm-onap.yaml +++ b/kubernetes/onap/resources/overrides/sm-onap.yaml @@ -44,6 +44,11 @@ ####################### global: aafEnabled: false + centralizedLoggingEnabled: false + serviceMesh: + enabled: true + tls: true + engine: "istio" aai: enabled: true global: |