diff options
45 files changed, 317 insertions, 131 deletions
diff --git a/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json b/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json index 3ede31dc44..c14f7ee4ba 100644 --- a/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json +++ b/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json @@ -99,14 +99,14 @@ "UserName": "${OSDF_OPT_ENGINE_USER}", "Password": "${OSDF_OPT_ENGINE_PASS}" } - }, + }{{ if .Values.cps.enabled }}, { "name": "cps", "values": { "UserName": "${CPS_USER}", "Password": "${CPS_PASS}" } - } + }{{ end }} ] } } diff --git a/kubernetes/aaf/components/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml index 6d9ecaa7cb..8dbe276d97 100644 --- a/kubernetes/aaf/components/aaf-sms/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml @@ -52,7 +52,9 @@ spec: export OSDF_OPT_ENGINE_PASS=${OSDF_OPT_ENGINE_PASS_PLAIN}; export SO_PASS=${SO_PASS_PLAIN}; export SDC_PASS=${SDC_PASS_PLAIN}; + {{- if .Values.cps.enabled }} export CPS_PASS=${CPS_PASS_PLAIN}; + {{- end }} cd /config-input; for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; @@ -137,11 +139,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "login") | indent 10 }} - name: SDC_PASS_PLAIN {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "password") | indent 10 }} - + {{- if .Values.cps.enabled }} - name: CPS_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "login") | indent 10 }} - name: CPS_PASS_PLAIN {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "password") | indent 10 }} + {{- end }} volumeMounts: - mountPath: /config-input diff --git a/kubernetes/aaf/components/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml index cde8529cc1..da268ccf06 100644 --- a/kubernetes/aaf/components/aaf-sms/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/values.yaml @@ -116,6 +116,9 @@ persistence: ingress: enabled: false +cps: + enabled: true + secrets: - uid: aai-creds type: basicAuth diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml index d0147aa1a4..5241c6edf2 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml @@ -63,9 +63,10 @@ spec: echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar") + export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml index 07307134d8..b8adba8117 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml @@ -68,9 +68,10 @@ spec: echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar") + export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml index b483489141..76a11fad54 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml @@ -63,9 +63,10 @@ spec: echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar") + export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml index 0d471f7d78..d2d0809afb 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml @@ -68,9 +68,10 @@ spec: echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar") + export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop @@ -266,9 +267,10 @@ spec: echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar") + export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml index 22f0dbcd05..47c13af86e 100644 --- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml @@ -56,8 +56,9 @@ spec: echo "*** obfuscate them " export KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD} export TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD} - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar") + export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop image: {{ include "repositoryGenerator.image.jetty" . }} diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml index cb58120159..cd58b959ad 100644 --- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml @@ -52,9 +52,9 @@ spec: echo "*** obfuscate them " export KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD} export TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD} - ls -l /usr/local/jetty/lib - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar") + export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop image: {{ include "repositoryGenerator.image.jetty" . }} diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg index 9fa6d2ee9b..6e7acef17f 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg @@ -88,6 +88,15 @@ frontend IST_8443 http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)] http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)] http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)] +####################################### +## Request blocking configuration ### +####################################### + {{- if eq $.Values.haproxy.requestBlocking.enabled true }} + {{- range $custom_config := $.Values.haproxy.requestBlocking.customConfigs }} + {{ $custom_config }} + {{- end }} + {{- end }} + reqadd X-Forwarded-Proto:\ https reqadd X-Forwarded-Port:\ 8443 diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg index 1db4addb5a..1accff9935 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg @@ -119,6 +119,15 @@ frontend IST_8443 http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)] http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)] http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)] +####################################### +## Request blocking configuration ### +####################################### + {{- if eq $.Values.haproxy.requestBlocking.enabled true }} + {{- range $custom_config := $.Values.haproxy.requestBlocking.customConfigs }} + {{ $custom_config }} + {{- end }} + {{- end }} + reqadd X-Forwarded-Proto:\ https reqadd X-Forwarded-Port:\ 8443 {{- end }} diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 68d74459f4..62d1d2eabd 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -349,6 +349,12 @@ nodeSelector: {} affinity: {} +# HAProxy configuration to block HTTP requests to AAI based on configurable URL patterns +haproxy: + requestBlocking: + enabled: false + customConfigs: [] + # probe configuration parameters liveness: initialDelaySeconds: 10 diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index 7058f865bc..34ce466f48 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -23,7 +23,7 @@ global: githubContainerRegistry: ghcr.io # common global images - busyboxImage: busybox:1.32 + busyboxImage: busybox:1.34.1 curlImage: curlimages/curl:7.80.0 envsubstImage: dibi/envsubst:1 # there's only latest image for htpasswd @@ -33,10 +33,10 @@ global: # (/usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar) for 9.4.45 jettyImage: jetty:9.4.45-jdk11-slim jreImage: onap/integration-java11:10.0.0 - kubectlImage: bitnami/kubectl:1.19 + kubectlImage: bitnami/kubectl:1.22.4 loggingImage: beats/filebeat:5.5.0 mariadbImage: bitnami/mariadb:10.6.5-debian-10-r28 - nginxImage: bitnami/nginx:1.18-debian-10 + nginxImage: bitnami/nginx:1.21.4 postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 readinessImage: onap/oom/readiness:3.0.1 dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 diff --git a/kubernetes/cps/components/cps-core/Chart.yaml b/kubernetes/cps/components/cps-core/Chart.yaml index c1ef7202a7..95201a0d4a 100644 --- a/kubernetes/cps/components/cps-core/Chart.yaml +++ b/kubernetes/cps/components/cps-core/Chart.yaml @@ -1,6 +1,7 @@ -# Copyright (C) Pantheon.tech, Orange +# Copyright (C) Pantheon.tech, Orange # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright (C) 2022 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,8 +31,7 @@ dependencies: - name: postgres-init version: ~10.x-0 repository: '@local' - condition: not global.postgres.localCluster - #condition: global.postgres.postgresInit + condition: postgres.postgresInit - name: readinessCheck version: ~10.x-0 repository: '@local' diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml index e67cfb250a..3da5d170b7 100644 --- a/kubernetes/cps/components/cps-core/values.yaml +++ b/kubernetes/cps/components/cps-core/values.yaml @@ -1,4 +1,5 @@ -# Copyright (C) 2021 Pantheon.tech, Orange, Bell Canada. +# Copyright (C) 2021 Pantheon.tech, Orange, Bell Canada. +# Modifications Copyright (C) 2022 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -200,6 +201,7 @@ logging: # Postgres overriding defaults in the postgres ################################################################# postgres: + postgresInit: true nameOverride: &postgresName cps-core-postgres service: name: *postgresName diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml index 856c4a0f6b..65a5d04d80 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml @@ -1,7 +1,7 @@ #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2021 J. F. Lucas. All rights reserved. -# Copyright (c) 2021 Nokia. All rights reserved. +# Copyright (c) 2021-2022 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -42,7 +42,7 @@ certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice- # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.9.1 +image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.10.0 pullPolicy: Always # log directory where logging sidecar should look for log files diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index d7314a4ac1..b1671f00f5 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -3,6 +3,7 @@ # Copyright (c) 2018-2021 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # Copyright (c) 2021 J. F. Lucas. All rights reserved. +# Copyright (c) 2022 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -99,7 +100,7 @@ componentImages: tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.1 ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.1 prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.1 - hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.9.1 + hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.10.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml index 7aa31769f4..34b7a8822a 100644 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ b/kubernetes/dmaap/components/message-router/values.yaml @@ -60,7 +60,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/dmaap-mr:1.3.0 +image: onap/dmaap/dmaap-mr:1.3.2 pullPolicy: Always kafka: diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index 229717a990..f92bfa78bc 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -29,6 +29,10 @@ postgres: enabled: true aaf: enabled: true + aaf-sms: + cps: + # you must always set the same values as value set in cps.enabled + enabled: true aai: enabled: true appc: diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml index 06ad5b7c9b..b07b6d3aa2 100644 --- a/kubernetes/onap/resources/overrides/sm-onap.yaml +++ b/kubernetes/onap/resources/overrides/sm-onap.yaml @@ -58,6 +58,10 @@ aai: replicaCount: 1 aaf: enabled: false + aaf-sms: + cps: + # you must always set the same values as value set in cps.enabled + enabled: false appc: enabled: false cassandra: diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 08f404a70c..73f96d3eb8 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -78,7 +78,7 @@ global: # common global images # Busybox for simple shell manipulation - busyboxImage: busybox:1.32 + busyboxImage: busybox:1.34.1 # curl image curlImage: curlimages/curl:7.80.0 @@ -91,7 +91,7 @@ global: htpasswdImage: xmartlabs/htpasswd:latest # kubenretes client image - kubectlImage: bitnami/kubectl:1.19 + kubectlImage: bitnami/kubectl:1.22.4 # logging agent loggingImage: beats/filebeat:5.5.0 @@ -100,7 +100,7 @@ global: mariadbImage: bitnami/mariadb:10.6.5-debian-10-r28 # nginx server image - nginxImage: bitnami/nginx:1.18-debian-10 + nginxImage: bitnami/nginx:1.21.4 # postgreSQL client and server image postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 @@ -259,8 +259,13 @@ global: # Enable/disable and configure helm charts (ie. applications) # to customize the ONAP deployment. ################################################################# + aaf: enabled: false + aaf-sms: + cps: + # you must always set the same values as value set in cps.enabled + enabled: false aai: enabled: false appc: diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml index fd6de7e5c0..184adb6f0a 100644 --- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# Copyright (C) 2021-2022 Nordix Foundation. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -57,4 +57,21 @@ server: # Configuration of the HTTP/REST server. The parameters are defined and handled by the springboot framework. # See springboot documentation. port: 8083 + servlet: + context-path: /onap/policy/clamp/acm/k8sparticipant +logging: + # Configuration of logging + level: + ROOT: ERROR + org.springframework: ERROR + org.springframework.data: ERROR + org.springframework.web.reactive.function.client.ExchangeFunctions: ERROR + org.onap.policy.clamp.controlloop.participant.kubernetes: INFO + + file: + name: /var/log/onap/policy/clamp/application.log + +chart: + api: + enabled: false
\ No newline at end of file diff --git a/kubernetes/portal/components/portal-app/Chart.yaml b/kubernetes/portal/components/portal-app/Chart.yaml index a73fffed58..c9c8b1b388 100644 --- a/kubernetes/portal/components/portal-app/Chart.yaml +++ b/kubernetes/portal/components/portal-app/Chart.yaml @@ -29,3 +29,6 @@ dependencies: - name: repositoryGenerator version: ~10.x-0 repository: '@local' + - name: serviceAccount + version: ~10.x-0 + repository: '@local' diff --git a/kubernetes/portal/components/portal-app/templates/deployment.yaml b/kubernetes/portal/components/portal-app/templates/deployment.yaml index db4454d5e5..02926f59d6 100644 --- a/kubernetes/portal/components/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-app/templates/deployment.yaml @@ -170,6 +170,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} {{ include "common.log.sidecar" . | nindent 6 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime diff --git a/kubernetes/portal/components/portal-app/values.yaml b/kubernetes/portal/components/portal-app/values.yaml index 6cf2513c44..039f56016e 100644 --- a/kubernetes/portal/components/portal-app/values.yaml +++ b/kubernetes/portal/components/portal-app/values.yaml @@ -171,3 +171,8 @@ resources: log: path: /var/log/onap logConfigMapNamePrefix: '{{ include "common.fullname" . }}' +#Pods Service Account +serviceAccount: + nameOverride: portal-app + roles: + - read diff --git a/kubernetes/portal/components/portal-cassandra/Chart.yaml b/kubernetes/portal/components/portal-cassandra/Chart.yaml index f65b413f19..b85fc84b94 100644 --- a/kubernetes/portal/components/portal-cassandra/Chart.yaml +++ b/kubernetes/portal/components/portal-cassandra/Chart.yaml @@ -27,3 +27,6 @@ dependencies: - name: repositoryGenerator version: ~10.x-0 repository: '@local' + - name: serviceAccount + version: ~10.x-0 + repository: '@local' diff --git a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml index 59eace693a..9becdaa707 100644 --- a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml @@ -139,6 +139,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: cassandra-docker-entrypoint-initdb configMap: diff --git a/kubernetes/portal/components/portal-cassandra/values.yaml b/kubernetes/portal/components/portal-cassandra/values.yaml index bed75e5051..c3ffb4ffec 100644 --- a/kubernetes/portal/components/portal-cassandra/values.yaml +++ b/kubernetes/portal/components/portal-cassandra/values.yaml @@ -139,4 +139,10 @@ heap: max: 3G new: 100M large: {} - unlimited: {}
\ No newline at end of file + unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: portal-cassandra + roles: + - read diff --git a/kubernetes/portal/components/portal-mariadb/Chart.yaml b/kubernetes/portal/components/portal-mariadb/Chart.yaml index cef1b64e51..a152d71d89 100644 --- a/kubernetes/portal/components/portal-mariadb/Chart.yaml +++ b/kubernetes/portal/components/portal-mariadb/Chart.yaml @@ -27,3 +27,6 @@ dependencies: - name: repositoryGenerator version: ~10.x-0 repository: '@local' + - name: serviceAccount + version: ~10.x-0 + repository: '@local' diff --git a/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml b/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml index 7e94c76896..1d0d5bc5e5 100644 --- a/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml @@ -102,6 +102,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{- if .Values.persistence.enabled }} - name: mariadb-data diff --git a/kubernetes/portal/components/portal-mariadb/values.yaml b/kubernetes/portal/components/portal-mariadb/values.yaml index 99dda390b4..a7fdb54d78 100644 --- a/kubernetes/portal/components/portal-mariadb/values.yaml +++ b/kubernetes/portal/components/portal-mariadb/values.yaml @@ -145,3 +145,9 @@ resources: cpu: 800m memory: 1Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: portal-db + roles: + - read diff --git a/kubernetes/portal/components/portal-sdk/Chart.yaml b/kubernetes/portal/components/portal-sdk/Chart.yaml index 6535998331..02c17333ab 100644 --- a/kubernetes/portal/components/portal-sdk/Chart.yaml +++ b/kubernetes/portal/components/portal-sdk/Chart.yaml @@ -30,3 +30,6 @@ dependencies: - name: repositoryGenerator version: ~10.x-0 repository: '@local' + - name: serviceAccount + version: ~10.x-0 + repository: '@local' diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml index abc5daab80..66e80651c3 100644 --- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml @@ -161,6 +161,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} {{ include "common.log.sidecar" . | nindent 6 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml index f0c3954c11..617ed100ef 100644 --- a/kubernetes/portal/components/portal-sdk/values.yaml +++ b/kubernetes/portal/components/portal-sdk/values.yaml @@ -166,3 +166,8 @@ resources: log: path: /var/log/onap logConfigMapNamePrefix: '{{ include "common.fullname" . }}' +#Pods Service Account +serviceAccount: + nameOverride: portal-sdk + roles: + - read diff --git a/kubernetes/portal/components/portal-widget/Chart.yaml b/kubernetes/portal/components/portal-widget/Chart.yaml index 283009bfa0..03b9344622 100644 --- a/kubernetes/portal/components/portal-widget/Chart.yaml +++ b/kubernetes/portal/components/portal-widget/Chart.yaml @@ -27,3 +27,6 @@ dependencies: - name: repositoryGenerator version: ~10.x-0 repository: '@local' + - name: serviceAccount + version: ~10.x-0 + repository: '@local' diff --git a/kubernetes/portal/components/portal-widget/templates/deployment.yaml b/kubernetes/portal/components/portal-widget/templates/deployment.yaml index 246257651a..e9ecece41e 100644 --- a/kubernetes/portal/components/portal-widget/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-widget/templates/deployment.yaml @@ -125,6 +125,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/portal/components/portal-widget/values.yaml b/kubernetes/portal/components/portal-widget/values.yaml index f86ff85f75..dfa51d8c7b 100644 --- a/kubernetes/portal/components/portal-widget/values.yaml +++ b/kubernetes/portal/components/portal-widget/values.yaml @@ -124,3 +124,9 @@ resources: cpu: 1 memory: 4Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: portal-widget + roles: + - read
\ No newline at end of file diff --git a/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml index 28fd910d76..fcbca71f33 100644 --- a/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml +++ b/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml @@ -14,24 +14,45 @@ # limitations under the License. --> <configuration scan="true" scanPeriod="3 seconds"> - <property name="logDir" value="/var/log/onap" /> - <property name="componentName" scope="system" value="sdc"></property> - <property name="subComponentName" scope="system" value="sdc-be"></property> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property file="${config.home}/catalog-be/configuration.yaml" /> - <property name="enable-all-log" scope="context" value="false" /> + <property name="logDir" value="/var/log/onap"/> + <property name="componentName" scope="system" value="sdc"/> + <property name="subComponentName" scope="system" value="sdc-be"/> + <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}"/> + <property file="${config.home}/catalog-be/configuration.yaml"/> + <property name="enable-all-log" scope="context" value="false"/> <!-- log file names --> - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - <property name="transactionLogName" value="transaction" /> - <property name="allLogName" value="all" /> - <property name="queueSize" value="256" /> - <property name="maxFileSize" value="50MB" /> - <property name="maxHistory" value="30" /> - <property name="totalSizeCap" value="10GB" /> - <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" /> + <property name="errorLogName" value="error"/> + <property name="metricsLogName" value="metrics"/> + <property name="auditLogName" value="audit"/> + <property name="debugLogName" value="debug"/> + <property name="transactionLogName" value="transaction"/> + <property name="allLogName" value="all"/> + <property name="queueSize" value="256"/> + <property name="maxFileSize" value="50MB"/> + <property name="maxHistory" value="30"/> + <property name="totalSizeCap" value="10GB"/> + <property name="pattern" + value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n"/> + + <!-- STDOUT --> + <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT"> + <encoder> + <pattern>${pattern}</pattern> + </encoder> + </appender> + + <!-- STDERR --> + <appender class="ch.qos.logback.core.ConsoleAppender" name="STDERR"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>ERROR</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <encoder> + <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> + </encoder> + </appender> + <!-- All log --> <if condition='property("enable-all-log").equalsIgnoreCase("true")'> <then> @@ -50,7 +71,7 @@ </encoder> </appender> <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL"> - <appender-ref ref="ALL_ROLLING" /> + <appender-ref ref="ALL_ROLLING"/> </appender> </then> </if> @@ -170,30 +191,32 @@ <!-- Asynchronicity Configurations --> <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG"> <queueSize>${queueSize}</queueSize> - <appender-ref ref="DEBUG_ROLLING" /> + <appender-ref ref="DEBUG_ROLLING"/> </appender> <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION"> <queueSize>${queueSize}</queueSize> - <appender-ref ref="TRANSACTION_ROLLING" /> + <appender-ref ref="TRANSACTION_ROLLING"/> </appender> <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR"> <queueSize>${queueSize}</queueSize> - <appender-ref ref="ERROR_ROLLING" /> + <appender-ref ref="ERROR_ROLLING"/> </appender> <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT"> <queueSize>${queueSize}</queueSize> - <appender-ref ref="AUDIT_ROLLING" /> + <appender-ref ref="AUDIT_ROLLING"/> </appender> <root level="INFO"> - <appender-ref ref="ASYNC_ERROR" /> - <appender-ref ref="ASYNC_DEBUG" /> - <appender-ref ref="ASYNC_AUDIT" /> - <appender-ref ref="ASYNC_TRANSACTION" /> + <appender-ref ref="ASYNC_ERROR"/> + <appender-ref ref="ASYNC_DEBUG"/> + <appender-ref ref="ASYNC_AUDIT"/> + <appender-ref ref="ASYNC_TRANSACTION"/> <if condition='property("enable-all-log").equalsIgnoreCase("true")'> <then> - <appender-ref ref="ALL_ROLLING" /> + <appender-ref ref="ALL_ROLLING"/> </then> </if> + <appender-ref ref="STDOUT"/> + <appender-ref ref="STDERR"/> </root> - <logger level="INFO" name="org.openecomp.sdc" /> + <logger level="INFO" name="org.openecomp.sdc"/> </configuration> diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index 0ae39bf436..b7fa714e73 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -35,8 +35,8 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-backend-all-plugins:1.9.5 -backendInitImage: onap/sdc-backend-init:1.9.5 +image: onap/sdc-backend-all-plugins:1.10.1 +backendInitImage: onap/sdc-backend-init:1.10.1 pullPolicy: Always diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index 951249cfbd..3391af7864 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -51,8 +51,8 @@ cassandra: # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.9.5 -cassandraInitImage: onap/sdc-cassandra-init:1.9.5 +image: onap/sdc-cassandra:1.10.1 +cassandraInitImage: onap/sdc-cassandra-init:1.10.1 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-fe/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-fe/resources/config/logging/logback.xml index 1000982b6e..f3ebf76428 100644 --- a/kubernetes/sdc/components/sdc-fe/resources/config/logging/logback.xml +++ b/kubernetes/sdc/components/sdc-fe/resources/config/logging/logback.xml @@ -16,24 +16,45 @@ -->
<configuration scan="true" scanPeriod="3 seconds">
- <property name="logDir" value="/var/log/onap" />
- <property name="componentName" scope="system" value="sdc"></property>
- <property name="subComponentName" scope="system" value="sdc-fe"></property>
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property file="${config.home}/catalog-fe/configuration.yaml" />
- <property name="enable-all-log" scope="context" value="false" />
+ <property name="logDir" value="/var/log/onap"/>
+ <property name="componentName" scope="system" value="sdc"/>
+ <property name="subComponentName" scope="system" value="sdc-fe"/>
+ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}"/>
+ <property file="${config.home}/catalog-fe/configuration.yaml"/>
+ <property name="enable-all-log" scope="context" value="false"/>
<!-- log file names -->
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="transactionLogName" value="transaction" />
- <property name="allLogName" value="all" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
+ <property name="errorLogName" value="error"/>
+ <property name="metricsLogName" value="metrics"/>
+ <property name="auditLogName" value="audit"/>
+ <property name="debugLogName" value="debug"/>
+ <property name="transactionLogName" value="transaction"/>
+ <property name="allLogName" value="all"/>
+ <property name="queueSize" value="256"/>
+ <property name="maxFileSize" value="50MB"/>
+ <property name="maxHistory" value="30"/>
+ <property name="totalSizeCap" value="10GB"/>
+ <property name="pattern"
+ value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n"/>
+
+ <!-- STDOUT -->
+ <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+
+ <!-- STDERR -->
+ <appender class="ch.qos.logback.core.ConsoleAppender" name="STDERR">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>ERROR</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+
<!-- All log -->
<if condition='property("enable-all-log").equalsIgnoreCase("true")'>
<then>
@@ -52,7 +73,7 @@ </encoder>
</appender>
<appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">
- <appender-ref ref="ALL_ROLLING" />
+ <appender-ref ref="ALL_ROLLING"/>
</appender>
</then>
</if>
@@ -174,30 +195,32 @@ <!-- Asynchronicity Configurations -->
<appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">
<queueSize>${queueSize}</queueSize>
- <appender-ref ref="DEBUG_ROLLING" />
+ <appender-ref ref="DEBUG_ROLLING"/>
</appender>
<appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">
<queueSize>${queueSize}</queueSize>
- <appender-ref ref="TRANSACTION_ROLLING" />
+ <appender-ref ref="TRANSACTION_ROLLING"/>
</appender>
<appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">
<queueSize>${queueSize}</queueSize>
- <appender-ref ref="ERROR_ROLLING" />
+ <appender-ref ref="ERROR_ROLLING"/>
</appender>
<appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">
<queueSize>${queueSize}</queueSize>
- <appender-ref ref="AUDIT_ROLLING" />
+ <appender-ref ref="AUDIT_ROLLING"/>
</appender>
<root level="INFO">
- <appender-ref ref="ASYNC_ERROR" />
- <appender-ref ref="ASYNC_DEBUG" />
- <appender-ref ref="ASYNC_AUDIT" />
- <appender-ref ref="ASYNC_TRANSACTION" />
+ <appender-ref ref="ASYNC_ERROR"/>
+ <appender-ref ref="ASYNC_DEBUG"/>
+ <appender-ref ref="ASYNC_AUDIT"/>
+ <appender-ref ref="ASYNC_TRANSACTION"/>
<if condition='property("enable-all-log").equalsIgnoreCase("true")'>
<then>
- <appender-ref ref="ALL_ROLLING" />
+ <appender-ref ref="ALL_ROLLING"/>
</then>
</if>
+ <appender-ref ref="STDOUT"/>
+ <appender-ref ref="STDERR"/>
</root>
- <logger level="INFO" name="org.openecomp.sdc" />
+ <logger level="INFO" name="org.openecomp.sdc"/>
</configuration>
diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index 09d9829c59..1dbf9ebd7a 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -47,7 +47,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-frontend:1.9.5 +image: onap/sdc-frontend:1.10.1 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-helm-validator/values.yaml b/kubernetes/sdc/components/sdc-helm-validator/values.yaml index e51c242d5c..363a05934d 100644 --- a/kubernetes/sdc/components/sdc-helm-validator/values.yaml +++ b/kubernetes/sdc/components/sdc-helm-validator/values.yaml @@ -18,7 +18,7 @@ global: pullPolicy: Always -image: onap/sdc-helm-validator:1.3.0 +image: onap/sdc-helm-validator:1.3.1 containerPort: &svc_port 8080 config: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml index b537709925..ee22ff2cfd 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml +++ b/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml @@ -15,24 +15,45 @@ # limitations under the License.
-->
<configuration scan="true" scanPeriod="3 seconds">
- <property name="logDir" value="/var/log/onap" />
- <property name="componentName" scope="system" value="sdc"></property>
- <property name="subComponentName" scope="system" value="sdc-onboarding-be"></property>
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property file="${config.home}/catalog-be/configuration.yaml" />
- <property name="enable-all-log" scope="context" value="false" />
+ <property name="logDir" value="/var/log/onap"/>
+ <property name="componentName" scope="system" value="sdc"/>
+ <property name="subComponentName" scope="system" value="sdc-onboarding-be"/>
+ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}"/>
+ <property file="${config.home}/catalog-be/configuration.yaml"/>
+ <property name="enable-all-log" scope="context" value="false"/>
<!-- log file names -->
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="transactionLogName" value="transaction" />
- <property name="allLogName" value="all" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
+ <property name="errorLogName" value="error"/>
+ <property name="metricsLogName" value="metrics"/>
+ <property name="auditLogName" value="audit"/>
+ <property name="debugLogName" value="debug"/>
+ <property name="transactionLogName" value="transaction"/>
+ <property name="allLogName" value="all"/>
+ <property name="queueSize" value="256"/>
+ <property name="maxFileSize" value="50MB"/>
+ <property name="maxHistory" value="30"/>
+ <property name="totalSizeCap" value="10GB"/>
+ <property name="pattern"
+ value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n"/>
+
+ <!-- STDOUT -->
+ <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+
+ <!-- STDERR -->
+ <appender class="ch.qos.logback.core.ConsoleAppender" name="STDERR">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>ERROR</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+
<!-- All log -->
<if condition='property("enable-all-log").equalsIgnoreCase("true")'>
<then>
@@ -51,7 +72,7 @@ </encoder>
</appender>
<appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">
- <appender-ref ref="ALL_ROLLING" />
+ <appender-ref ref="ALL_ROLLING"/>
</appender>
</then>
</if>
@@ -171,30 +192,32 @@ <!-- Asynchronicity Configurations -->
<appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">
<queueSize>${queueSize}</queueSize>
- <appender-ref ref="DEBUG_ROLLING" />
+ <appender-ref ref="DEBUG_ROLLING"/>
</appender>
<appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">
<queueSize>${queueSize}</queueSize>
- <appender-ref ref="TRANSACTION_ROLLING" />
+ <appender-ref ref="TRANSACTION_ROLLING"/>
</appender>
<appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">
<queueSize>${queueSize}</queueSize>
- <appender-ref ref="ERROR_ROLLING" />
+ <appender-ref ref="ERROR_ROLLING"/>
</appender>
<appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">
<queueSize>${queueSize}</queueSize>
- <appender-ref ref="AUDIT_ROLLING" />
+ <appender-ref ref="AUDIT_ROLLING"/>
</appender>
<root level="INFO">
- <appender-ref ref="ASYNC_ERROR" />
- <appender-ref ref="ASYNC_DEBUG" />
- <appender-ref ref="ASYNC_AUDIT" />
- <appender-ref ref="ASYNC_TRANSACTION" />
+ <appender-ref ref="ASYNC_ERROR"/>
+ <appender-ref ref="ASYNC_DEBUG"/>
+ <appender-ref ref="ASYNC_AUDIT"/>
+ <appender-ref ref="ASYNC_TRANSACTION"/>
<if condition='property("enable-all-log").equalsIgnoreCase("true")'>
<then>
- <appender-ref ref="ALL_ROLLING" />
+ <appender-ref ref="ALL_ROLLING"/>
</then>
</if>
+ <appender-ref ref="STDOUT"/>
+ <appender-ref ref="STDERR"/>
</root>
- <logger level="INFO" name="org.openecomp.sdc" />
+ <logger level="INFO" name="org.openecomp.sdc"/>
</configuration>
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index f96d59b71a..ff5d031510 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -59,8 +59,8 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-onboard-backend:1.9.5 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.5 +image: onap/sdc-onboard-backend:1.10.1 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.10.1 pullPolicy: Always # flag to enable debugging - application support required |