summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docs/slave_nfs_node.sh2
-rw-r--r--kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat2
-rwxr-xr-xkubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh3
-rwxr-xr-xkubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh4
-rwxr-xr-xkubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh3
-rwxr-xr-xkubernetes/cds/components/cds-blueprints-processor/values.yaml17
-rw-r--r--kubernetes/common/cassandra/resources/config/docker-entrypoint.sh2
-rw-r--r--kubernetes/common/certInitializer/templates/job.yaml4
-rw-r--r--kubernetes/common/common/templates/_secret.tpl11
-rwxr-xr-xkubernetes/common/music/resources/config/startup.sh4
-rw-r--r--kubernetes/common/timescaledb/resources/init/init-schema.sh2
-rwxr-xr-xkubernetes/config/prepull_docker.sh2
-rwxr-xr-xkubernetes/contrib/components/ejbca/resources/ejbca-config.sh2
-rwxr-xr-xkubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh5
-rwxr-xr-xkubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh6
-rwxr-xr-xkubernetes/contrib/tools/check-for-staging-images.sh2
-rwxr-xr-xkubernetes/contrib/tools/rke/rke_setup.sh3
-rw-r--r--kubernetes/cps/components/cps-core/resources/config/application-helm.yml62
-rw-r--r--kubernetes/cps/components/cps-core/templates/deployment.yaml11
-rw-r--r--kubernetes/cps/components/cps-core/templates/serviceMonitor.yaml (renamed from kubernetes/cps/README.md)27
-rw-r--r--kubernetes/cps/components/cps-core/values.yaml81
-rw-r--r--kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml15
-rw-r--r--kubernetes/cps/components/cps-temporal/values.yaml15
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml12
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/resources/config/logback.xml36
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/templates/NOTES.txt39
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml23
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/templates/serviceMonitor.yaml23
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/values.yaml55
-rwxr-xr-xkubernetes/cps/values.yaml13
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml5
-rwxr-xr-xkubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh13
-rwxr-xr-xkubernetes/oof/components/oof-has/resources/config/healthy.sh2
-rwxr-xr-xkubernetes/robot/demo-k8s.sh3
-rwxr-xr-xkubernetes/robot/ete-k8s.sh2
-rwxr-xr-xkubernetes/robot/eteHelm-k8s.sh2
-rwxr-xr-xkubernetes/robot/instantiate-k8s.sh2
-rwxr-xr-xkubernetes/robot/scripts/etescript/hvves-etescript.sh2
-rwxr-xr-xkubernetes/robot/scripts/etescript/security-etescript.sh2
-rwxr-xr-xkubernetes/robot/scripts/etescript/vnfsdk-etescript.sh2
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh4
-rwxr-xr-xkubernetes/sdnc/resources/config/bin/installSdncDb.sh4
-rwxr-xr-xkubernetes/so/components/soHelpers/values.yaml2
-rwxr-xr-xkubernetes/so/requirements.yaml3
-rwxr-xr-xkubernetes/so/values.yaml21
-rw-r--r--tox.ini3
46 files changed, 309 insertions, 249 deletions
diff --git a/docs/slave_nfs_node.sh b/docs/slave_nfs_node.sh
index fb2e230b7a..1035ff5ad6 100644
--- a/docs/slave_nfs_node.sh
+++ b/docs/slave_nfs_node.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
usage () {
echo "Usage:"
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
index 84bd723aad..298274ed0f 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
@@ -62,7 +62,7 @@ so@so.onap.org|sdc-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|roo
so@so.onap.org|sdnc-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'localhost', 'sdnc-simulator'}|aaf_admin@osaaf.org|{'pkcs12'}
so@so.onap.org|so-apih|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30|{'mso-asdc-controller-svc', 'mso-bpmn-infra-svc', 'mso-catalog-db-adapter-svc', 'mso-openstack-adapter-svc', 'mso-request-db-adapter-svc', 'mso-sdnc-adapter-svc'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
so@so.onap.org|so-client|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30||mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-so@so.onap.org|so|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so.api.simpledemo.onap.org', 'so.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
+so@so.onap.org|so|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so.api.simpledemo.onap.org', 'so.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12', 'script'}
so@so.onap.org|so-vnfm-adapter|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so-vnfm-adapter', 'so-vnfm-adapter.onap'}|aaf_admin@osaaf.org|{'pkcs12'}
so@so.onap.org|so-vnfm-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so-vnfm-simulator', 'so-vnfm-simulator.onap'}|aaf_admin@osaaf.org|{'pkcs12'}
tester1@test.portal.onap.org|tester1|aaf|/||mailto:|org.onap.portal.test|root|30||@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh
index f2675b0404..424074aa8c 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/health_check.sh
@@ -1,4 +1,5 @@
-#!/bin/bash -x
+#!/bin/sh -x
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
index 97df772ba7..789f1b38a1 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh
@@ -1,6 +1,6 @@
-#!/bin/bash -x
-{{/*
+#!/bin/sh -x
+{{/*
###
# ============LICENSE_START=======================================================
# APPC
diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh
index 29761a0200..7257d186e6 100755
--- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh
+++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh
@@ -1,4 +1,5 @@
-#!/bin/bash
+#!/bin/sh
+
{{/*
###
diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
index d21598a4ba..dc2002877a 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
@@ -31,6 +31,17 @@ global:
sdncOamService: sdnc-oam
sdncOamPort: 8282
+ #AAF is enabled by default
+ #aafEnabled: true
+
+ #enable importCustomCerts to add custom CA to blueprint processor pod
+ #importCustomCertsEnabled: true
+
+ #use below configmap to add custom CA certificates
+ #certificates with *.pem will be added to JAVA truststore $JAVA_HOME/lib/security/cacerts in the pod
+ #certificates with *.crt will be added to /etc/ssl/certs/ca-certificates.crt in the pod
+ #customCertsConfigMap: onap-cds-blueprints-processor-configmap
+
#################################################################
# Secrets metaconfig
#################################################################
@@ -51,7 +62,7 @@ secrets:
# AAF part
#################################################################
certInitializer:
- nameOverride: cds-blueprints-processor-initializer
+ nameOverride: cds-blueprints-processor-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
# aafDeployCredsExternalSecret: some secret
@@ -63,6 +74,10 @@ certInitializer:
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
fqi_namespace: org.onap.sdnc-cds
+ #enable below if we need custom CA to be added to blueprint processor pod
+ #importCustomCertsEnabled: true
+ #truststoreMountpath: /opt/onap/cds
+ #truststoreOutputFileName: truststoreONAPall.jks
aaf_add_config: >
/opt/app/aaf_config/bin/agent.sh;
/opt/app/aaf_config/bin/agent.sh local showpass
diff --git a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
index 2d30f2e068..4dcebc8883 100644
--- a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
+++ b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
set -e
diff --git a/kubernetes/common/certInitializer/templates/job.yaml b/kubernetes/common/certInitializer/templates/job.yaml
index 331a58c310..2acb423511 100644
--- a/kubernetes/common/certInitializer/templates/job.yaml
+++ b/kubernetes/common/certInitializer/templates/job.yaml
@@ -20,12 +20,13 @@ kind: Job
{{- $suffix := "set-tls-secret" }}
metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
spec:
+ backoffLimit: 20
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers: {{ include "common.certInitializer.initContainer" (dict "dot" . "initRoot" .Values) | nindent 6 }}
containers:
- - name: create tls secret
+ - name: create-tls-secret
command:
- /ingress/onboard.sh
image: {{ include "repositoryGenerator.image.kubectl" . }}
@@ -41,4 +42,5 @@ spec:
configMap:
name: {{ include "common.fullname" . }}-ingress
defaultMode: 0777
+ restartPolicy: Never
{{- end}}
diff --git a/kubernetes/common/common/templates/_secret.tpl b/kubernetes/common/common/templates/_secret.tpl
index 2490debffb..9d284de500 100644
--- a/kubernetes/common/common/templates/_secret.tpl
+++ b/kubernetes/common/common/templates/_secret.tpl
@@ -193,7 +193,7 @@ type: Opaque
{{- $entry := dict }}
{{- $uid := tpl (default "" $secret.uid) $global }}
{{- $keys := keys $secret }}
- {{- range $key := (without $keys "annotations" "filePaths" )}}
+ {{- range $key := (without $keys "annotations" "filePaths" "envs" )}}
{{- $_ := set $entry $key (tpl (index $secret $key) $global) }}
{{- end }}
{{- if $secret.annotations }}
@@ -213,12 +213,21 @@ type: Opaque
{{- $_ := set $entry "filePaths" $secret.filePaths }}
{{- end }}
{{- end }}
+ {{- if $secret.envs }}
+ {{- $envsCache := (list) }}
+ {{- range $env := $secret.envs }}
+ {{- $tplValue := tpl (default "" $env.value) $global }}
+ {{- $envsCache = append $envsCache (dict "name" $env.name "policy" $env.policy "value" $tplValue) }}
+ {{- end }}
+ {{- $_ := set $entry "envs" $envsCache }}
+ {{- end }}
{{- $realName := default (include "common.secret.genNameFast" (dict "global" $global "uid" $uid "name" $entry.name) ) $entry.externalSecret }}
{{- $_ := set $entry "realName" $realName }}
{{- $_ := set $secretCache $uid $entry }}
{{- end }}
{{- $_ := set $global.Values "_secretsCache" $secretCache }}
{{- end }}
+
{{- end -}}
{{/*
diff --git a/kubernetes/common/music/resources/config/startup.sh b/kubernetes/common/music/resources/config/startup.sh
index e3cee36f1f..eb84b084d0 100755
--- a/kubernetes/common/music/resources/config/startup.sh
+++ b/kubernetes/common/music/resources/config/startup.sh
@@ -1,6 +1,6 @@
-#!/bin/bash
+#!/bin/sh
+
{{/*
-#
# ============LICENSE_START==========================================
# org.onap.music
# ===================================================================
diff --git a/kubernetes/common/timescaledb/resources/init/init-schema.sh b/kubernetes/common/timescaledb/resources/init/init-schema.sh
index ab83cffae2..9cc0f5ff9f 100644
--- a/kubernetes/common/timescaledb/resources/init/init-schema.sh
+++ b/kubernetes/common/timescaledb/resources/init/init-schema.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# ============LICENSE_START=======================================================
# Copyright (c) 2021 Bell Canada.
diff --git a/kubernetes/config/prepull_docker.sh b/kubernetes/config/prepull_docker.sh
index 54d7a2d7ff..596ace6ad5 100755
--- a/kubernetes/config/prepull_docker.sh
+++ b/kubernetes/config/prepull_docker.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
#function to provide help
#desc: this function provide help menu
diff --git a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
index 2c672e2f07..94c95d6c30 100755
--- a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
+++ b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
waitForEjbcaToStart() {
until $(curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth --output /dev/null --silent --head --fail)
diff --git a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh
index 7e9077d972..3c66feeb46 100755
--- a/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh
+++ b/kubernetes/contrib/dns-server-for-vhost-ingress-testing/deploy_dns.sh
@@ -1,4 +1,4 @@
-#!/bin/bash -e
+#!/bin/sh -e
# Copyright 2020 Samsung Electronics Co., Ltd.
#
@@ -33,7 +33,8 @@ $0 --info Display howto configure target machine
}
-target_machine_notice_info() {
+target_machine_notice_info()
+{
cat << ==infodeploy
Extra DNS server already deployed:
1. You can add the DNS server to the target machine using following commands:
diff --git a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh
index ce5a19ba25..c62e2a51bd 100755
--- a/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh
+++ b/kubernetes/contrib/metallb-loadbalancer-inst/install-metallb-on-cluster.sh
@@ -1,4 +1,5 @@
-#!/bin/bash -e
+#!/bin/sh -e
+
#
# Copyright 2020 Samsung Electronics Co., Ltd.
#
@@ -15,7 +16,8 @@
# limitations under the License.
#
-usage() {
+usage()
+{
cat << ==usage
$0 Automatic configuration using external addresess from nodes
$0 --help This message
diff --git a/kubernetes/contrib/tools/check-for-staging-images.sh b/kubernetes/contrib/tools/check-for-staging-images.sh
index 543e918cfa..9705ee6ea8 100755
--- a/kubernetes/contrib/tools/check-for-staging-images.sh
+++ b/kubernetes/contrib/tools/check-for-staging-images.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Copyright © 2020 Samsung Electronics
#
diff --git a/kubernetes/contrib/tools/rke/rke_setup.sh b/kubernetes/contrib/tools/rke/rke_setup.sh
index 2ee123b36a..a8938a96ee 100755
--- a/kubernetes/contrib/tools/rke/rke_setup.sh
+++ b/kubernetes/contrib/tools/rke/rke_setup.sh
@@ -1,4 +1,5 @@
-#!/bin/bash
+#!/bin/sh
+
#############################################################################
# Copyright © 2019 Bell.
#
diff --git a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
index f181b82fec..0bc7d5bccb 100644
--- a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
@@ -16,25 +16,7 @@
# limitations under the License.
*/}}
-server:
- port: 8080
-
-rest:
- api:
- cps-base-path: /cps/api
- xnf-base-path: /cps-nf-proxy/api
-
spring:
- main:
- banner-mode: "off"
- jpa:
- ddl-auto: create
- open-in-view: false
- properties:
- hibernate:
- enable_lazy_load_no_trans: true
- dialect: org.hibernate.dialect.PostgreSQLDialect
-
datasource:
url: jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }}
username: ${DB_USERNAME}
@@ -42,46 +24,32 @@ spring:
driverClassName: org.postgresql.Driver
initialization-mode: always
- cache:
- type: caffeine
- cache-names: yangSchema
- caffeine:
- spec: maximumSize=10000,expireAfterAccess=10m
-
liquibase:
change-log: classpath:changelog/changelog-master.yaml
labels: {{ .Values.config.liquibaseLabels }}
security:
- # comma-separated uri patterns which do not require authorization
- permit-uri: /manage/health/**,/manage/info,/swagger-ui/**,/swagger-resources/**,/v3/api-docs
- auth:
- username: ${CPS_USERNAME}
- password: ${CPS_PASSWORD}
-
-# Actuator
-management:
- endpoints:
- web:
- base-path: /manage
- exposure:
- include: info,health,loggers
- endpoint:
- health:
- show-details: always
- # kubernetes probes: liveness and readiness
- probes:
- enabled: true
- loggers:
- enabled: true
-
+ # comma-separated uri patterns which do not require authorization
+ permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/api-docs
+ auth:
+ username: ${CPS_USERNAME}
+ password: ${CPS_PASSWORD}
logging:
level:
org:
springframework: {{ .Values.logging.level }}
+dmi:
+ auth:
+ username: ${DMI_USERNAME}
+ password: ${DMI_PASSWORD}
+
+{{- if .Values.config.eventPublisher }}
+{{ toYaml .Values.config.eventPublisher | nindent 2 }}
+{{- end }}
+
{{- if .Values.config.additional }}
{{ toYaml .Values.config.additional | nindent 2 }}
{{- end }}
-
# Last empty line is required otherwise the last property will be missing from application.yml file in the pod.
+
diff --git a/kubernetes/cps/components/cps-core/templates/deployment.yaml b/kubernetes/cps/components/cps-core/templates/deployment.yaml
index 2047a39497..e6ee161feb 100644
--- a/kubernetes/cps/components/cps-core/templates/deployment.yaml
+++ b/kubernetes/cps/components/cps-core/templates/deployment.yaml
@@ -21,6 +21,12 @@ kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
selector: {{- include "common.selectors" . | nindent 4 }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
@@ -47,6 +53,11 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
- name: CPS_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
+ - name: DMI_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "login") | indent 12 }}
+ - name: DMI_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "password") | indent 12 }}
+
volumeMounts:
- mountPath: /config-input
name: init-data-input
diff --git a/kubernetes/cps/README.md b/kubernetes/cps/components/cps-core/templates/serviceMonitor.yaml
index 876da2ca57..a49a662aed 100644
--- a/kubernetes/cps/README.md
+++ b/kubernetes/cps/components/cps-core/templates/serviceMonitor.yaml
@@ -1,22 +1,23 @@
-# ============LICENSE_START==========================================
-# ===================================================================
-# Copyright (C) 2021 Pantheon.tech
-#
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-#============LICENSE_END============================================
-
-# Helm Chart for CPS Applications
-
-ONAP Configuration Persistence Service (CPS) includes the following Kubernetes services:
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
-1) cps-core - Configuration Persistence Service together with Nf Configuration Persistence Service \ No newline at end of file
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml
index ae8bccd2a8..4f788e7977 100644
--- a/kubernetes/cps/components/cps-core/values.yaml
+++ b/kubernetes/cps/components/cps-core/values.yaml
@@ -17,15 +17,15 @@
#################################################################
secrets:
- uid: pg-root-pass
- name: &pgRootPassSecretName '{{ include "common.release" . }}-cps-pg-root-pass'
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-cps-core-pg-root-pass'
type: password
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "cps-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "cps-core-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
password: '{{ .Values.postgres.config.pgRootpassword }}'
policy: generate
- uid: pg-user-creds
- name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-pg-user-creds'
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-cps-core-pg-user-creds'
type: basicAuth
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "cps-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "cps-core-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
login: '{{ .Values.postgres.config.pgUserName }}'
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
@@ -35,6 +35,12 @@ secrets:
login: '{{ .Values.config.appUserName }}'
password: '{{ .Values.config.appUserPassword }}'
passwordPolicy: generate
+ - uid: dmi-plugin-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.dmiPluginUserExternalSecret) . }}'
+ login: '{{ .Values.config.dmiPluginUserName }}'
+ password: '{{ .Values.config.dmiPluginUserPassword }}'
+ passwordPolicy: generate
#################################################################
# Global configuration defaults.
@@ -47,8 +53,9 @@ global:
virtualhost:
baseurl: "simpledemo.onap.org"
-image: onap/cps-and-nf-proxy:1.0.1
+image: onap/cps-and-ncmp:2.0.0
containerPort: &svc_port 8080
+managementPort: &mgt_port 8081
service:
type: ClusterIP
@@ -56,6 +63,24 @@ service:
ports:
- name: &port http
port: *svc_port
+ - name: management
+ port: *mgt_port
+ targetPort: *mgt_port
+
+prometheus:
+ enabled: true
+
+metrics:
+ serviceMonitor:
+ enabled: true
+ port: management
+ ## specify target port if name is not given to the port in the service definition
+ ##
+ # targetPort: 8080
+ path: /manage/prometheus
+ interval: 60s
+ basicAuth:
+ enabled: false
pullPolicy: Always
# flag to enable debugging - application support required
@@ -91,13 +116,13 @@ liveness:
# in debugger so K8s doesn't restart unresponsive container
enabled: true
path: /manage/health
- port: *port
+ port: *mgt_port
readiness:
initialDelaySeconds: 15
periodSeconds: 15
path: /manage/health
- port: *port
+ port: *mgt_port
ingress:
enabled: true
@@ -130,13 +155,31 @@ config:
spring:
profile: helm
#appUserPassword:
-
+ dmiPluginUserName: dmiuser
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format insead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
+ eventPublisher:
+ spring.kafka.bootstrap-servers: message-router-kafka:9092
+ spring.kafka.security.protocol: SASL_PLAINTEXT
+ spring.kafka.properties.sasl.mechanism: PLAIN
+ spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=admin_secret;
+ spring.kafka.producer.client-id: cps-core
+
+ additional:
+ notification.data-updated.enabled: true
+ notification.data-updated.topic: cps.data-updated-events
+ notification.data-updated.filters.enabled-dataspaces: ""
+ notification.async.enabled: false
+ notification.async.executor.core-pool-size: 2
+ notification.async.executor.max-pool-size: 1
+ notification.async.executor.queue-capacity: 500
+ notification.async.executor.wait-for-tasks-to-complete-on-shutdown: true
+ notification.async.executor.thread-name-prefix: Async-
+
logging:
level: INFO
path: /tmp
@@ -145,18 +188,18 @@ logging:
# Postgres overriding defaults in the postgres
#################################################################
postgres:
- nameOverride: &postgresName cps-postgres
+ nameOverride: &postgresName cps-core-postgres
service:
name: *postgresName
- name2: cps-pg-primary
- name3: cps-pg-replica
+ name2: cps-core-pg-primary
+ name3: cps-core-pg-replica
container:
name:
- primary: cps-pg-primary
- replica: cps-pg-replica
+ primary: cps-core-pg-primary
+ replica: cps-core-pg-replica
persistence:
- mountSubPath: cps/data
- mountInitPath: cps
+ mountSubPath: cps-core/data
+ mountInitPath: cps-core
config:
pgUserName: cps
pgDatabase: cpsdb
@@ -165,4 +208,10 @@ postgres:
readinessCheck:
wait_for:
- - cps-postgres
+ - *postgresName
+
+minReadySeconds: 10
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
diff --git a/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml b/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml
index 6654b26556..32ae51b51a 100644
--- a/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml
@@ -23,23 +23,18 @@ spring:
url: jdbc:postgresql://{{ .Values.timescaledb.service.name }}:5432/{{ .Values.timescaledb.config.pgDatabase }}
username: ${DB_USERNAME}
password: ${DB_PASSWORD}
- kafka:
- bootstrap-servers: [{{ .Values.config.kafka.service }}:{{ .Values.config.kafka.port }}]
- security:
- protocol: {{ .Values.config.kafka.protocol }}
- consumer:
- group-id: {{ .Values.config.kafka.consumerGroupId }}
security:
auth:
username: ${APP_USERNAME}
password: ${APP_PASSWORD}
-app:
- listener:
- data-updated:
- topic: {{ .Values.config.kafka.listenerTopic }}
+# Event consumption properties (kafka)
+{{- if .Values.config.eventConsumption }}
+{{ toYaml .Values.config.eventConsumption | nindent 2 }}
+{{- end }}
+# Additional properties
{{- if .Values.config.additional }}
{{ toYaml .Values.config.additional | nindent 2 }}
{{- end }}
diff --git a/kubernetes/cps/components/cps-temporal/values.yaml b/kubernetes/cps/components/cps-temporal/values.yaml
index 6874fa2ff0..da055d0242 100644
--- a/kubernetes/cps/components/cps-temporal/values.yaml
+++ b/kubernetes/cps/components/cps-temporal/values.yaml
@@ -140,19 +140,20 @@ config:
profile: helm
#appUserPassword:
+ # Event consumption (kafka) properties
+ # All Kafka properties must be in "key: value" format instead of yaml.
+ eventConsumption:
+ spring.kafka.bootstrap-servers: message-router-kafka:9092
+ spring.kafka.security.protocol: PLAINTEXT
+ spring.kafka.consumer.group-id: cps-temporal-group
+ app.listener.data-updated.topic: cps.data-updated-events
+
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
- kafka:
- service: message-router-kafka
- port: 9092
- listenerTopic: cps.cfg-state-events
- consumerGroupId: cps-temporal-group
- protocol: PLAINTEXT
-
logging:
level: INFO
path: /tmp
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml
index d388823f9e..2e5018807c 100644
--- a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml
@@ -18,19 +18,19 @@
# ============LICENSE_END=========================================================
*/}}
-server:
- port: 8080
+dmi:
+ service:
+ name: {{ .Values.config.dmiServiceName }}
cps-core:
- baseUrl: http://${CPS_CORE_HOST:cps}:${CPS_CORE_PORT:8080}
- dmiRegistrationUrl : /cps-ncmp/api/ncmp-dmi/v1/ch
+ baseUrl: {{ .Values.config.cpsCore.url }}
auth:
username: ${CPS_CORE_USERNAME}
password: ${CPS_CORE_PASSWORD}
sdnc:
- baseUrl: http://${SDNC_HOST:sdnc}:${SDNC_PORT:8181}
- topologyId: ${SDNC_TOPOLOGY_ID:topology-netconf}
+ baseUrl: {{ .Values.config.sdnc.url }}
+ topologyId: {{ .Values.config.sdnc.topologyId }}
auth:
username: ${SDNC_USERNAME}
password: ${SDNC_PASSWORD}
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/logback.xml b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/logback.xml
deleted file mode 100644
index 2a62c86e77..0000000000
--- a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/logback.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
- ============LICENSE_START=======================================================
- Copyright (C) 2021 Nordix Foundation
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- SPDX-License-Identifier: Apache-2.0
- ============LICENSE_END=========================================================
--->
-
-<configuration scan="true" scanPeriod="30 seconds" debug="false">
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <pattern>%d - %highlight(%-5level) [%-20.20thread] %cyan(%logger{36}) - %msg%n</pattern>
- </encoder>
- </appender>
- <appender name="AsyncSysOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="STDOUT" />
- </appender>
-
- <root level="INFO">
- <appender-ref ref="AsyncSysOut" />
- </root>
-
-</configuration>
-
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/NOTES.txt b/kubernetes/cps/components/ncmp-dmi-plugin/templates/NOTES.txt
deleted file mode 100644
index 66f5302a11..0000000000
--- a/kubernetes/cps/components/ncmp-dmi-plugin/templates/NOTES.txt
+++ /dev/null
@@ -1,39 +0,0 @@
-# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- export SERVICE_PORT=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.spec.ports[0].port}')
- echo http://$SERVICE_IP:$SERVICE_PORT
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- export POD_PORT=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].spec.containers[0].ports[0].containerPort}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:$POD_PORT
-{{- end }}
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml
index d2fd5c9c49..3d154dba64 100644
--- a/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml
@@ -23,18 +23,18 @@ kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
replicas: {{ .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
selector: {{- include "common.selectors" . | nindent 4 }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "common.name" . }}
app.kubernetes.io/instance: {{ include "common.release" . }}
- {{- if .Values.prometheus.enabled }}
- annotations:
- prometheus.io/scrape: "true"
- prometheus.io/path: 'manage/prometheus'
- prometheus.io/port: {{ .Values.managementPort | quote }}
- {{- end }}
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim}}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
@@ -49,17 +49,17 @@ spec:
- "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- name: DMI_PLUGIN_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "user-creds" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
- name: DMI_PLUGIN_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "user-creds" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
- name: SDNC_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "login") | indent 12 }}
- name: SDNC_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "password") | indent 12 }}
- name: CPS_CORE_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "core-creds" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-core-creds" "key" "login") | indent 12 }}
- name: CPS_CORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "core-creds" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-core-creds" "key" "password") | indent 12 }}
volumeMounts:
- mountPath: /config-input
name: init-data-input
@@ -101,9 +101,6 @@ spec:
- mountPath: /app/resources/application-helm.yml
subPath: application-helm.yml
name: init-data
- - mountPath: /app/resources/logback.xml
- subPath: logback.xml
- name: init-data
- mountPath: /tmp
name: init-temp
volumes:
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/serviceMonitor.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/templates/serviceMonitor.yaml
new file mode 100644
index 0000000000..a49a662aed
--- /dev/null
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/templates/serviceMonitor.yaml
@@ -0,0 +1,23 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2021 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.prometheus.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml
index 245a5d7048..3f40a79b84 100644
--- a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml
@@ -20,7 +20,7 @@
# Secrets.
#################################################################
secrets:
- - uid: user-creds
+ - uid: app-user-creds
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
login: '{{ .Values.config.appUserName }}'
@@ -29,14 +29,14 @@ secrets:
- uid: sdnc-creds
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
- login: '{{ .Values.config.sdncUser }}'
- password: '{{ .Values.config.sdncPassword }}'
+ login: '{{ .Values.config.sdnc.username }}'
+ password: '{{ .Values.config.sdnc.password }}'
passwordPolicy: required
- - uid: core-creds
+ - uid: cps-core-creds
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.coreCredsExternalSecret) . }}'
- login: '{{ .Values.config.coreUser }}'
- password: '{{ .Values.config.corePassword }}'
+ externalSecret: '{{ tpl (default "" .Values.config.cpsCore.credsExternalSecret) . }}'
+ login: '{{ .Values.config.cpsCore.username }}'
+ password: '{{ .Values.config.cpsCore.password }}'
passwordPolicy: generate
#################################################################
@@ -53,11 +53,10 @@ managementPort: &mgt_port 8081
prometheus:
enabled: true
- interval: 60s
service:
type: ClusterIP
- name: ncmp-dmi-plugin
+ name: &svc_name ncmp-dmi-plugin
ports:
- name: &port http
port: *svc_port
@@ -65,6 +64,18 @@ service:
port: *mgt_port
targetPort: *mgt_port
+metrics:
+ serviceMonitor:
+ enabled: true
+ port: management
+ ## specify target port if name is not given to the port in the service definition
+ ##
+ # targetPort: 8080
+ path: /manage/prometheus
+ interval: 60s
+ basicAuth:
+ enabled: false
+
pullPolicy: IfNotPresent
# flag to enable debugging - application support required
debugEnabled: false
@@ -112,7 +123,7 @@ ingress:
service:
- baseaddr: "ncmp-dmi-plugin"
path: "/"
- name: "ncmp-dmi-plugin"
+ name: *svc_name
port: *svc_port
serviceAccount:
@@ -132,14 +143,20 @@ config:
# REST API basic authentication credentials (passsword is generated if not provided)
appUserName: ncmpuser
+ #appUserPassword:
spring:
profile: helm
- #appUserPassword:
- sdncUser: admin
- sdncPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-
- coreUser: cpsuser
+ dmiServiceName: http://*svc_name:*svc_port
+ sdnc:
+ url: http://sdnc:8181
+ username: admin
+ password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ topologyId: topology-netconf
+ cpsCore:
+ url: http://cps-core:8080
+ username: cpsuser
+ #password:
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format insead of yaml.
@@ -154,4 +171,10 @@ logging:
readinessCheck:
wait_for:
- - cps-postgres
+ - cps-core
+
+minReadySeconds: 10
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 0
+ maxSurge: 1
diff --git a/kubernetes/cps/values.yaml b/kubernetes/cps/values.yaml
index cda726d0d3..6093fa72fa 100755
--- a/kubernetes/cps/values.yaml
+++ b/kubernetes/cps/values.yaml
@@ -23,6 +23,13 @@ secrets:
login: '{{ .Values.config.coreUserName }}'
password: '{{ .Values.config.coreUserPassword }}'
passwordPolicy: generate
+ - uid: dmi-plugin-user-creds
+ name: &dmi-plugin-creds-secret '{{ include "common.release" . }}-cps-dmi-plugin-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.dmiPluginUserExternalSecret) . }}'
+ login: '{{ .Values.config.dmiPluginUserName }}'
+ password: '{{ .Values.config.dmiPluginUserPassword }}'
+ passwordPolicy: generate
passwordStrengthOverride: basic
global:
@@ -32,12 +39,14 @@ global:
config:
coreUserName: cpsuser
+ dmiPluginUserName: dmiuser
# Enable all CPS components by default
cps-core:
enabled: true
config:
appUserExternalSecret: *core-creds-secret
+ dmiPluginUserExternalSecret: *dmi-plugin-creds-secret
cps-temporal:
enabled: true
@@ -45,4 +54,6 @@ cps-temporal:
ncmp-dmi-plugin:
enabled: true
config:
- coreCredsExternalSecret: *core-creds-secret
+ appUserExternalSecret: *dmi-plugin-creds-secret
+ cpsCore:
+ credsExternalSecret: *core-creds-secret
diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
index 0bb9bdce62..802c830005 100644
--- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
@@ -66,6 +66,11 @@ certDirectory: /opt/app/kpims/etc/cert/
tlsServer: true
enable_tls: true
+dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
+policies:
+ policyID: |
+ '["com.Config_KPIMS_CONFIG_POLICY"]'
+
# Dependencies
readinessCheck:
wait_for:
diff --git a/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh b/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh
index 2b42402102..18692d8afa 100755
--- a/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh
+++ b/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh
@@ -1,16 +1,11 @@
+#!/bin/sh
+
#!/usr/bin/dumb-init /bin/sh
+# As of docker 1.13, using docker run --init achieves the same outcome than dumb-init.
+
set -e
set -x
-# Note above that we run dumb-init as PID 1 in order to reap zombie processes
-# as well as forward signals to all processes in its session. Normally, sh
-# wouldn't do either of these functions so we'd leak zombies as well as do
-# unclean termination of all our sub-processes.
-# As of docker 1.13, using docker run --init achieves the same outcome.
-
-# You can set CONSUL_BIND_INTERFACE to the name of the interface you'd like to
-# bind to and this will look up the IP and pass the proper -bind= option along
-# to Consul.
CONSUL_BIND=
if [ -n "$CONSUL_BIND_INTERFACE" ]; then
CONSUL_BIND_ADDRESS=$(ip -o -4 addr list $CONSUL_BIND_INTERFACE | head -n1 | awk '{print $4}' | cut -d/ -f1)
diff --git a/kubernetes/oof/components/oof-has/resources/config/healthy.sh b/kubernetes/oof/components/oof-has/resources/config/healthy.sh
index 21296ff22a..5495e4271b 100755
--- a/kubernetes/oof/components/oof-has/resources/config/healthy.sh
+++ b/kubernetes/oof/components/oof-has/resources/config/healthy.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
{{/*
# Copyright © 2017 Amdocs, Bell Canada
diff --git a/kubernetes/robot/demo-k8s.sh b/kubernetes/robot/demo-k8s.sh
index 37631bc673..439390525f 100755
--- a/kubernetes/robot/demo-k8s.sh
+++ b/kubernetes/robot/demo-k8s.sh
@@ -1,4 +1,5 @@
-#!/bin/bash
+#!/bin/sh
+
# Copyright (C) 2018 Amdocs, Bell Canada
# Modifications Copyright (C) 2019 Samsung
# Modifications Copyright (C) 2020 Nokia
diff --git a/kubernetes/robot/ete-k8s.sh b/kubernetes/robot/ete-k8s.sh
index 01cf0922fa..4ef8f462f0 100755
--- a/kubernetes/robot/ete-k8s.sh
+++ b/kubernetes/robot/ete-k8s.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Copyright © 2018 Amdocs, Bell Canada
#
diff --git a/kubernetes/robot/eteHelm-k8s.sh b/kubernetes/robot/eteHelm-k8s.sh
index 8b74da77f8..1b31c16e81 100755
--- a/kubernetes/robot/eteHelm-k8s.sh
+++ b/kubernetes/robot/eteHelm-k8s.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
diff --git a/kubernetes/robot/instantiate-k8s.sh b/kubernetes/robot/instantiate-k8s.sh
index 623870b9f3..aef812b143 100755
--- a/kubernetes/robot/instantiate-k8s.sh
+++ b/kubernetes/robot/instantiate-k8s.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Copyright 2019 AT&T Intellectual Property. All rights reserved.
#
diff --git a/kubernetes/robot/scripts/etescript/hvves-etescript.sh b/kubernetes/robot/scripts/etescript/hvves-etescript.sh
index eb04e07fa1..16fec57b15 100755
--- a/kubernetes/robot/scripts/etescript/hvves-etescript.sh
+++ b/kubernetes/robot/scripts/etescript/hvves-etescript.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# Copyright © 2019 Nokia
#
diff --git a/kubernetes/robot/scripts/etescript/security-etescript.sh b/kubernetes/robot/scripts/etescript/security-etescript.sh
index bf51329431..a114cf59ea 100755
--- a/kubernetes/robot/scripts/etescript/security-etescript.sh
+++ b/kubernetes/robot/scripts/etescript/security-etescript.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/bin/sh
# Copyright 2019 Samsung Electronics Co., Ltd.
#
diff --git a/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh b/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh
index a93f109085..e23e5ed83b 100755
--- a/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh
+++ b/kubernetes/robot/scripts/etescript/vnfsdk-etescript.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# SPDX-License-Identifier: Apache-2.0
diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh
index fa76a9ee40..6d7ada618d 100755
--- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/prom.sh
@@ -1,6 +1,6 @@
-#!/bin/bash
-{{/*
+#!/bin/sh
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh
index 3c08dd6c01..2406a48c37 100755
--- a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh
+++ b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh
@@ -1,6 +1,6 @@
-#!/bin/bash
-{{/*
+#!/bin/sh
+{{/*
###
# ============LICENSE_START=======================================================
# ONAP : SDN-C
diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml
index 938a6f9d00..2417d2553c 100755
--- a/kubernetes/so/components/soHelpers/values.yaml
+++ b/kubernetes/so/components/soHelpers/values.yaml
@@ -34,11 +34,11 @@ certInitializer:
fqdn: so
fqi: so@so.onap.org
public_fqdn: so.onap.org
+ fqi_namespace: org.onap.so
cadi_longitude: '0.0'
cadi_latitude: '0.0'
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
- qi_namespace: org.onap.so
aaf_add_config: |
echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop
echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop
diff --git a/kubernetes/so/requirements.yaml b/kubernetes/so/requirements.yaml
index f2fc70c1f9..af95ab85ce 100755
--- a/kubernetes/so/requirements.yaml
+++ b/kubernetes/so/requirements.yaml
@@ -18,6 +18,9 @@ dependencies:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
- name: readinessCheck
version: ~8.x-0
repository: '@local'
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index ca2fe07b22..064415927f 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -151,6 +151,24 @@ aaf:
trustore: org.onap.so.trust.jks
#################################################################
+# AAF part for Ingress
+#################################################################
+certInitializer:
+ nameOverride: so-tls-cert
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: so
+ fqi: so@so.onap.org
+ public_fqdn: so.onap.org
+ fqi_namespace: org.onap.so
+ cadi_longitude: '0.0'
+ cadi_latitude: '0.0'
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ ingressTlsSecret: '{{ include "common.release" . }}-so-ingress-certs'
+
+#################################################################
# Application configuration defaults.
#################################################################
@@ -263,7 +281,8 @@ ingress:
name: 'so'
port: 8080
config:
- ssl: 'none'
+ tls:
+ secret: '{{ include "common.release" . }}-so-ingress-certs'
mso:
adapters:
diff --git a/tox.ini b/tox.ini
index 01e9953617..7339601b92 100644
--- a/tox.ini
+++ b/tox.ini
@@ -4,6 +4,7 @@ envlist =
docs,
docs-linkcheck,
gitlint,
+ checkbashisms,
skipsdist=true
[doc8]
@@ -52,7 +53,7 @@ commands =
sh -c 'which checkbashisms>/dev/null || sudo yum install devscripts-minimal || sudo apt-get install devscripts \
|| (echo "checkbashisms command not found - please install it (e.g. sudo apt-get install devscripts | \
yum install devscripts-minimal )" >&2 && exit 1)'
- find . -not -path '*/\.*' -name *.sh -exec checkbashisms -f \{\} +
+ find . -not -path '*/\.*' -name *.sh -exec checkbashisms \{\} +
[testenv:autopep8]
deps = autopep8