aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docs/conf.py1
-rw-r--r--docs/sections/guides/access_guides/oom_access_info.rst163
-rw-r--r--docs/sections/guides/access_guides/oom_ingress_access.rst18
-rw-r--r--docs/sections/guides/deployment_guides/oom_customize_overrides.rst70
-rw-r--r--docs/sections/guides/infra_guides/oom_base_optional_addons.rst141
-rw-r--r--docs/sections/guides/infra_guides/oom_infra_setup.rst25
-rw-r--r--docs/sections/guides/user_guides/oom_user_guide.rst82
-rw-r--r--docs/sections/resources/csv/nodeports.csv62
-rw-r--r--docs/sections/resources/images/servicemesh/ServiceMesh.pngbin0 -> 475277 bytes
-rw-r--r--docs/sections/resources/yaml/envoyfilter-case.yaml40
-rw-r--r--docs/sections/resources/yaml/kiali-ingress.yaml30
-rw-r--r--docs/sections/resources/yaml/kiali.yaml24
-rw-r--r--kubernetes/README.md3
-rw-r--r--kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties5
-rw-r--r--kubernetes/aai/components/aai-modelloader/templates/aai-sdc-list-kafka-user.yaml37
-rw-r--r--kubernetes/aai/components/aai-modelloader/templates/deployment.yaml6
-rw-r--r--kubernetes/aai/components/aai-modelloader/templates/secret.yaml2
-rw-r--r--kubernetes/aai/components/aai-modelloader/values.yaml26
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties2
-rw-r--r--kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml5
-rw-r--r--kubernetes/aai/components/aai-sparky-be/templates/service.yaml15
-rw-r--r--kubernetes/aai/components/aai-sparky-be/values.yaml2
-rw-r--r--kubernetes/aai/values.yaml4
-rw-r--r--kubernetes/common/common/templates/_ingress.tpl204
-rw-r--r--kubernetes/common/common/templates/_service.tpl2
-rw-r--r--kubernetes/dmaap/Chart.yaml4
-rwxr-xr-xkubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties4
-rw-r--r--kubernetes/dmaap/components/message-router/templates/statefulset.yaml2
-rw-r--r--kubernetes/dmaap/components/message-router/values.yaml11
-rw-r--r--kubernetes/dmaap/values.yaml3
-rw-r--r--kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json10
-rw-r--r--kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml7
-rw-r--r--kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml36
-rw-r--r--kubernetes/multicloud/components/multicloud-k8s/templates/secret.yaml17
-rw-r--r--kubernetes/multicloud/components/multicloud-k8s/values.yaml26
-rw-r--r--kubernetes/multicloud/components/multicloud-starlingx/values.yaml2
-rw-r--r--kubernetes/multicloud/components/multicloud-windriver/values.yaml2
-rw-r--r--kubernetes/multicloud/values.yaml5
-rw-r--r--kubernetes/onap/resources/environments/core-onap.yaml20
-rw-r--r--kubernetes/onap/resources/environments/dev.yaml2
-rw-r--r--kubernetes/onap/resources/environments/disable-allcharts.yaml2
-rw-r--r--kubernetes/onap/resources/environments/minimal-onap.yaml20
-rw-r--r--kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml12
-rw-r--r--kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml12
-rw-r--r--kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml11
-rw-r--r--kubernetes/onap/resources/overrides/onap-all.yaml10
-rw-r--r--kubernetes/onap/resources/overrides/onap-vfw.yaml10
-rw-r--r--kubernetes/onap/resources/overrides/sm-onap.yaml20
-rwxr-xr-xkubernetes/onap/values.yaml42
-rw-r--r--kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml3
-rw-r--r--kubernetes/strimzi/Chart.yaml9
-rw-r--r--kubernetes/strimzi/components/strimzi-kafka-bridge/.helmignore (renamed from kubernetes/dmaap/components/dmaap-strimzi/.helmignore)0
-rw-r--r--kubernetes/strimzi/components/strimzi-kafka-bridge/Chart.yaml (renamed from kubernetes/dmaap/components/dmaap-strimzi/Chart.yaml)13
-rw-r--r--kubernetes/strimzi/components/strimzi-kafka-bridge/Makefile (renamed from kubernetes/dmaap/components/dmaap-strimzi/Makefile)0
-rw-r--r--kubernetes/strimzi/components/strimzi-kafka-bridge/templates/strimzi-kb.yaml (renamed from kubernetes/dmaap/components/dmaap-strimzi/templates/dmaap-strimzi-kb.yaml)23
-rw-r--r--kubernetes/strimzi/components/strimzi-kafka-bridge/values.yaml (renamed from kubernetes/dmaap/components/dmaap-strimzi/values.yaml)26
-rw-r--r--kubernetes/strimzi/templates/pv-kafka.yaml2
-rw-r--r--kubernetes/strimzi/templates/pv-zk.yaml3
-rw-r--r--kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml6
-rw-r--r--kubernetes/strimzi/templates/strimzi-kafka.yaml37
-rw-r--r--kubernetes/strimzi/values.yaml54
61 files changed, 1109 insertions, 326 deletions
diff --git a/docs/conf.py b/docs/conf.py
index 39f5051de4..29c57e6da0 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -54,5 +54,6 @@ def setup(app):
linkcheck_ignore = [
+ "https://istio-release.storage.googleapis.com/charts",
r'http://localhost:\d+/'
]
diff --git a/docs/sections/guides/access_guides/oom_access_info.rst b/docs/sections/guides/access_guides/oom_access_info.rst
index 2e779105f2..4e9866725e 100644
--- a/docs/sections/guides/access_guides/oom_access_info.rst
+++ b/docs/sections/guides/access_guides/oom_access_info.rst
@@ -3,19 +3,174 @@
.. http://creativecommons.org/licenses/by/4.0
.. Copyright (C) 2022 Nordix Foundation
+.. Links
+.. _Kubernetes LoadBalancer: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
+.. _Kubernetes NodePort: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+
.. _oom_access_info_guide:
OOM Access Info
----------------
+###############
.. figure:: ../../resources/images/oom_logo/oomLogoV2-medium.png
:align: right
+Access via NodePort/Loadbalancer
+********************************
+
+The ONAP deployment created by OOM operates in a private IP network that isn't
+publicly accessible (i.e. OpenStack VMs with private internal network) which
+blocks access to the ONAP User Interfaces.
+To enable direct access to a service from a user's own environment (a laptop etc.)
+the application's internal port is exposed through a `Kubernetes NodePort`_ or
+`Kubernetes LoadBalancer`_ object.
+
+Typically, to be able to access the Kubernetes nodes publicly a public address
+is assigned. In OpenStack this is a floating IP address.
+
+Most ONAP applications use the `NodePort` as predefined `service:type`,
+which opens allows access to the service through the the IP address of each
+Kubernetes node.
+When using the `Loadbalancer` as `service:type` `Kubernetes LoadBalancer`_ object
+which gets a separate IP address.
+
+.. note::
+ The following example uses the `ONAP Portal`, which is not actively maintained
+ in Kohn and will be replaced in the future
+
+When e.g. the `portal-app` chart is deployed a Kubernetes service is created that
+instantiates a load balancer. The LB chooses the private interface of one of
+the nodes as in the example below (10.0.0.4 is private to the K8s cluster only).
+Then to be able to access the portal on port 8989 from outside the K8s &
+OpenStack environment, the user needs to assign/get the floating IP address that
+corresponds to the private IP as follows::
+
+ > kubectl -n onap get services|grep "portal-app"
+ portal-app LoadBalancer 10.43.142.201 10.0.0.4 8989:30215/TCP,8006:30213/TCP,8010:30214/TCP 1d app=portal-app,release=dev
+
+
+In this example, use the 11.0.0.4 private address as a key find the
+corresponding public address which in this example is 10.12.6.155. If you're
+using OpenStack you'll do the lookup with the horizon GUI or the OpenStack CLI
+for your tenant (openstack server list). That IP is then used in your
+`/etc/hosts` to map the fixed DNS aliases required by the ONAP Portal as shown
+below::
+
+ 10.12.6.155 portal.api.simpledemo.onap.org
+ 10.12.6.155 vid.api.simpledemo.onap.org
+ 10.12.6.155 sdc.api.fe.simpledemo.onap.org
+ 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
+ 10.12.6.155 sdc.dcae.plugin.simpledemo.onap.org
+ 10.12.6.155 portal-sdk.simpledemo.onap.org
+ 10.12.6.155 policy.api.simpledemo.onap.org
+ 10.12.6.155 aai.api.sparky.simpledemo.onap.org
+ 10.12.6.155 cli.api.simpledemo.onap.org
+ 10.12.6.155 msb.api.discovery.simpledemo.onap.org
+ 10.12.6.155 msb.api.simpledemo.onap.org
+ 10.12.6.155 clamp.api.simpledemo.onap.org
+ 10.12.6.155 so.api.simpledemo.onap.org
+ 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
+
+Ensure you've disabled any proxy settings the browser you are using to access
+the portal and then simply access now the new ssl-encrypted URL:
+``https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm``
+
+.. note::
+ Using the HTTPS based Portal URL the Browser needs to be configured to accept
+ unsecure credentials.
+ Additionally when opening an Application inside the Portal, the Browser
+ might block the content, which requires to disable the blocking and reloading
+ of the page
+
+.. note::
+ Besides the ONAP Portal the Components can deliver additional user interfaces,
+ please check the Component specific documentation.
+
+.. note::
+
+ | Alternatives Considered:
+
+ - Kubernetes port forwarding was considered but discarded as it would
+ require the end user to run a script that opens up port forwarding tunnels
+ to each of the pods that provides a portal application widget.
+
+ - Reverting to a VNC server similar to what was deployed in the Amsterdam
+ release was also considered but there were many issues with resolution,
+ lack of volume mount, /etc/hosts dynamic update, file upload that were
+ a tall order to solve in time for the Beijing release.
+
+ Observations:
+
+ - If you are not using floating IPs in your Kubernetes deployment and
+ directly attaching a public IP address (i.e. by using your public provider
+ network) to your K8S Node VMs' network interface, then the output of
+ 'kubectl -n onap get services | grep "portal-app"'
+ will show your public IP instead of the private network's IP. Therefore,
+ you can grab this public IP directly (as compared to trying to find the
+ floating IP first) and map this IP in /etc/hosts.
+
Some relevant information regarding accessing OOM from outside the cluster etc
+ONAP Nodeports
+==============
+
+NodePorts are used to allow client applications, that run outside of
+Kubernetes, access to ONAP components deployed by OOM.
+A NodePort maps an externally reachable port to an internal port of an ONAP
+microservice.
+It should be noted that the use of NodePorts is temporary.
+An alternative solution based on Ingress Controller, which initial support is
+already in place. It is planned to become a default deployment option in the
+London release.
+
+More information from official Kubernetes documentation about
+`Kubernetes NodePort`_.
+
+The following table lists all the NodePorts used by ONAP.
+
+.. csv-table:: NodePorts table
+ :file: ../../resources/csv/nodeports.csv
+ :widths: 20,20,20,20,20
+ :header-rows: 1
+
+
+This table retrieves information from the ONAP deployment using the following
+Kubernetes command:
+
+.. code-block:: bash
+
+ kubectl get svc -n onap -o go-template='{{range .items}}{{range.spec.ports}}{{if .nodePort}}{{.nodePort}}{{.}}{{"\n"}}{{end}}{{end}}{{end}}'
+
+
+(Optional) Access via Ingress
+*****************************
+
+Using Ingress as access method requires the installation of an Ingress
+controller and the configuration of the ONAP deployment to use it.
+
+For "ONAP on ServiceMesh" you can find the instructions in:
+
+- :ref:`oom_base_optional_addons`
+- :ref:`oom_customize_overrides`
+
+In the ServiceMesh deployment the Istio IngressGateway is the only access point
+for ONAP component interfaces.
+Usually the Ingress is accessed via a LoadBalancer IP (<ingress-IP>),
+which is used as central address.
+All APIs/UIs are provided via separate URLs which are routed to the component service.
+To use these URLs they need to be resolvable via DNS or via /etc/hosts.
+
+The domain name is usually defined in the `global` section of the ONAP helm-charts,
+`virtualhost.baseurl` (here "simpledemo.onap.org") whereas the hostname of
+the service (e.g. "sdc-fe-ui") is defined in the component's chart.
+
+.. code-block:: none
-.. toctree::
- :maxdepth: 1
+ <ingress-IP> kiali.simpledemo.onap.org
+ <ingress-IP> cds-ui.simpledemo.onap.org
+ <ingress-IP> sdc-fe-ui.simpledemo.onap.org
+ ...
- oom_ingress_access.rst
+To access e.g. the SDC UI now the new ssl-encrypted URL:
+``https://sdc-fe-ui.simpledemo.onap.org/sdc1``
diff --git a/docs/sections/guides/access_guides/oom_ingress_access.rst b/docs/sections/guides/access_guides/oom_ingress_access.rst
deleted file mode 100644
index 0c64375098..0000000000
--- a/docs/sections/guides/access_guides/oom_ingress_access.rst
+++ /dev/null
@@ -1,18 +0,0 @@
-.. This work is licensed under a Creative Commons Attribution 4.0
-.. International License.
-.. http://creativecommons.org/licenses/by/4.0
-.. Copyright (C) 2022 Nordix Foundation
-
-.. Links
-
-
-.. figure:: ../../resources/images/oom_logo/oomLogoV2-medium.png
- :align: right
-
-.. _oom_ingress_access:
-
-
-Ingress access to OOM
-#####################
-
-TBD
diff --git a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst
index 3acb8b6ee6..a49543cc0c 100644
--- a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst
+++ b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst
@@ -32,7 +32,7 @@ Users can customize the override files to suit their required deployment.
Enabling/Disabling Components
------------------------------
+*****************************
Here is an example of the nominal entries that need to be provided.
Different values files are available for different contexts.
@@ -43,6 +43,68 @@ Different values files are available for different contexts.
|
-Some other heading
-------------------
-adva \ No newline at end of file
+(Optional) "ONAP on Service Mesh"
+*********************************
+
+To enable "ONAP on Service Mesh" both "ServiceMesh" and "Ingress"
+configuration entries need to be configured before deployment.
+
+Global settings relevant for ServiceMesh:
+
+.. code-block:: yaml
+
+ global:
+ ingress:
+ # generally enable ingress for ONAP components
+ enabled: false
+ # enable all component's Ingress interfaces
+ enable_all: false
+ # default Ingress base URL
+ # can be overwritten in component by setting ingress.baseurlOverride
+ virtualhost:
+ baseurl: "simpledemo.onap.org"
+ # All http requests via ingress will be redirected on Ingress controller
+ # only valid for Istio Gateway (ServiceMesh enabled)
+ config:
+ ssl: "redirect"
+ # you can set an own Secret containing a certificate
+ # only valid for Istio Gateway (ServiceMesh enabled)
+ # tls:
+ # secret: 'my-ingress-cert'
+ # optional: Namespace of the Istio IngressGateway
+ # only valid for Istio Gateway (ServiceMesh enabled)
+ namespace: istio-ingress
+ ...
+ serviceMesh:
+ enabled: true
+ tls: true
+ # be aware that linkerd is not well tested
+ engine: "istio" # valid value: istio or linkerd
+ aafEnabled: false
+ cmpv2Enabled: false
+ tlsEnabled: false
+ msbEnabled: false
+
+ServiceMesh settings:
+
+- enabled: true → enables ServiceMesh functionality in the ONAP Namespace (Istio: enables Sidecar deployment)
+- tls: true → enables mTLS encryption in Sidecar communication
+- engine: istio → sets the SM engine (currently only Istio is supported)
+- aafEnabled: false → disables AAF usage for TLS interfaces
+- tlsEnabled: false → disables creation of TLS in component services
+- cmpv2Enabled: false → disable cmpv2 feature
+- msbEnabled: false → MSB is not used in Istio setup (Open, if all components are MSB independend)
+
+Ingress settings:
+
+- enabled: true → enables Ingress using: Nginx (when SM disabled), Istio IngressGateway (when SM enabled)
+- enable_all: true → enables Ingress configuration in each component
+- virtualhost.baseurl: "simpledemo.onap.org" → sets globally the URL for all Interfaces set by the components,
+ resulting in e.g. "aai-api.simpledemo.onap.org", can be overwritten in the component via: ingress.baseurlOverride
+- config.ssl: redirect → sets in the Ingress globally the redirection of all Interfaces from http (port 80) to https (port 443)
+- config.tls.secret: "..." → (optional) overrides the default selfsigned SSL certificate with a certificate stored in the specified secret
+- namespace: istio-ingress → (optional) overrides the namespace of the ingress gateway which is used for the created SSL certificate
+
+.. note::
+ For "ONAP on Istio" an example override file (`onap-all-ingress-istio.yaml`)
+ can be found in the `oom/kubernetes/onap/resources/overrides/` directory.
diff --git a/docs/sections/guides/infra_guides/oom_base_optional_addons.rst b/docs/sections/guides/infra_guides/oom_base_optional_addons.rst
index 4b4fbf7883..5f81a363e9 100644
--- a/docs/sections/guides/infra_guides/oom_base_optional_addons.rst
+++ b/docs/sections/guides/infra_guides/oom_base_optional_addons.rst
@@ -5,6 +5,10 @@
.. Links
.. _Prometheus stack README: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack#readme
+.. _ONAP Next Generation Security & Logging Structure: https://wiki.onap.org/pages/viewpage.action?pageId=103417456
+.. _Istio best practices: https://docs.solo.io/gloo-mesh-enterprise/latest/setup/prod/namespaces/
+.. _Istio setup guide: https://istio.io/latest/docs/setup/install/helm/
+.. _Kiali setup guide: https://kiali.io/docs/installation/installation-guide/example-install/
.. _oom_base_optional_addons:
@@ -39,3 +43,140 @@ To install the prometheus stack, execute the following:
- To install prometheus, execute the following, replacing the <recommended-pm-version> with the version defined in the :ref:`versions_table` table::
> helm install prometheus prometheus-community/kube-prometheus-stack --namespace=prometheus --create-namespace --version=<recommended-pm-version>
+
+ONAP on Service Mesh
+********************
+
+.. warning::
+ "ONAP on Service Mesh" is not fully supported in "Kohn". Full support is
+ planned for London release to support the
+ `ONAP Next Generation Security & Logging Structure`_
+
+.. figure:: ../../resources/images/servicemesh/ServiceMesh.png
+ :align: center
+
+ONAP is currenty planned to support Istio as default ServiceMesh platform.
+Therefor the following instructions describe the setup of Istio and required tools.
+Used `Istio best practices`_ and `Istio setup guide`_
+
+Istio Platform Installation
+===========================
+
+Install Istio Basic Platform
+----------------------------
+
+- Configure the Helm repository::
+
+ > helm repo add istio https://istio-release.storage.googleapis.com/charts
+
+ > helm repo update
+
+- Create a namespace for "mesh-level" configurations::
+
+ > kubectl create namespace istio-config
+
+- Create a namespace istio-system for Istio components::
+
+ > kubectl create namespace istio-system
+
+- Install the Istio Base chart which contains cluster-wide resources used by the
+ Istio control plane, replacing the <recommended-istio-version> with the version
+ defined in the :ref:`versions_table` table::
+
+ > helm upgrade -i istio-base istio/base -n istio-system --version <recommended-istio-version>
+
+- Install the Istio Base Istio Discovery chart which deploys the istiod service, replacing the
+ <recommended-istio-version> with the version defined in the :ref:`versions_table` table
+ (enable the variable to enforce the (sidecar) proxy startup before the container start)::
+
+ > helm upgrade -i istiod istio/istiod -n istio-system --version <recommended-istio-version>
+ --wait --set global.proxy.holdApplicationUntilProxyStarts=true --set meshConfig.rootNamespace=istio-config
+
+Add an EnvoyFilter for HTTP header case
+---------------------------------------
+
+When handling HTTP/1.1, Envoy will normalize the header keys to be all lowercase.
+While this is compliant with the HTTP/1.1 spec, in practice this can result in issues
+when migrating existing systems that might rely on specific header casing.
+In our case a problem was detected in the SDC client implementation, which relies on
+uppercase header values. To solve this problem in general we add a EnvoyFilter to keep
+the uppercase header in the istio-config namespace to apply for all namespaces, but
+set the context to SIDECAR_INBOUND to avoid problems in the connection between Istio-Gateway and Services
+
+- Create a EnvoyFilter file (e.g. envoyfilter-case.yaml)
+
+ .. collapse:: envoyfilter-case.yaml
+
+ .. include:: ../../resources/yaml/envoyfilter-case.yaml
+ :code: yaml
+
+- Apply the change to Istio::
+
+ > kubectl apply -f envoyfilter-case.yaml
+
+Install Istio Gateway
+---------------------
+
+- Create a namespace istio-ingress for the Istio Ingress gateway
+ and enable istio-injection::
+
+ > kubectl create namespace istio-ingress
+
+ > kubectl label namespace istio-ingress istio-injection=enabled
+
+- Install the Istio Gateway chart,replacing the
+ <recommended-istio-version> with the version defined in
+ the :ref:`versions_table` table::
+
+ > helm upgrade -i istio-ingressgateway istio/gateway -n istio-ingress
+ --version <recommended-istio-version> --wait
+
+Kiali Installation
+==================
+
+Kiali is used to visualize the Network traffic in a ServiceMesh enabled cluster
+For setup the kiali operator is used, see `Kiali setup guide`_
+
+- Install kiali-operator namespace::
+
+ > kubectl create namespace kiali-operator
+
+ > kubectl label namespace kiali-operator istio-injection=enabled
+
+- Install the kiali-operator::
+
+ > helm repo add kiali https://kiali.org/helm-charts
+
+ > helm repo update kiali
+
+ > helm install --namespace kiali-operator kiali/kiali-operator
+
+- Create Kiali CR file (e.g. kiali.yaml)
+
+ .. collapse:: kiali.yaml
+
+ .. include:: ../../resources/yaml/kiali.yaml
+ :code: yaml
+
+- Install kiali::
+
+ > kubectl apply -f kiali.yaml
+
+- Create Ingress gateway entry for the kiali web interface
+ using the configured Ingress <base-url> (here "simpledemo.onap.org")
+ as described in :ref:`oom_customize_overrides`
+
+ .. collapse:: kiali-ingress.yaml
+
+ .. include:: ../../resources/yaml/kiali-ingress.yaml
+ :code: yaml
+
+- Add the Ingress entry for Kiali::
+
+ > kubectl -n istio-system apply -f kiali-ingress.yaml
+
+
+Jaeger Installation
+===================
+
+To be done... \ No newline at end of file
diff --git a/docs/sections/guides/infra_guides/oom_infra_setup.rst b/docs/sections/guides/infra_guides/oom_infra_setup.rst
index f9668de458..ed7b05a103 100644
--- a/docs/sections/guides/infra_guides/oom_infra_setup.rst
+++ b/docs/sections/guides/infra_guides/oom_infra_setup.rst
@@ -52,14 +52,23 @@ The versions of software that are supported by OOM are as follows:
.. _versions_table:
-.. table:: OOM Software Requirements
-
- ============== =========== ======= ======== ======== ============ ================= =======
- Release Kubernetes Helm kubectl Docker Cert-Manager Prometheus Stack Strimzi
- ============== =========== ======= ======== ======== ============ ================= =======
- Jakarta 1.22.4 3.6.3 1.22.4 20.10.x 1.8.0 35.x 0.28.0
- Kohn 1.23.8 3.8.2 1.23.8 20.10.x 1.8.0 35.x 0.32.0
- ============== =========== ======= ======== ======== ============ ================= =======
+.. table:: OOM Software Requirements (base)
+
+ ============== =========== ======= ======== ======== ============ =======
+ Release Kubernetes Helm kubectl Docker Cert-Manager Strimzi
+ ============== =========== ======= ======== ======== ============ =======
+ Jakarta 1.22.4 3.6.3 1.22.4 20.10.x 1.8.0 0.28.0
+ Kohn 1.23.8 3.8.2 1.23.8 20.10.x 1.8.0 0.32.0
+ ============== =========== ======= ======== ======== ============ =======
+
+.. table:: OOM Software Requirements (optional)
+
+ ============== ================= ======
+ Release Prometheus Stack Istio
+ ============== ================= ======
+ Jakarta 35.x ---
+ Kohn 35.x 1.15.1
+ ============== ================= ======
.. toctree::
diff --git a/docs/sections/guides/user_guides/oom_user_guide.rst b/docs/sections/guides/user_guides/oom_user_guide.rst
index c0f4f6ef73..449d5de3fa 100644
--- a/docs/sections/guides/user_guides/oom_user_guide.rst
+++ b/docs/sections/guides/user_guides/oom_user_guide.rst
@@ -234,88 +234,6 @@ can be modified, for example the `so`'s `liveness` probe could be disabled
<...>
-Accessing the ONAP Portal using OOM and a Kubernetes Cluster
-------------------------------------------------------------
-
-The ONAP deployment created by OOM operates in a private IP network that isn't
-publicly accessible (i.e. OpenStack VMs with private internal network) which
-blocks access to the ONAP Portal. To enable direct access to this Portal from a
-user's own environment (a laptop etc.) the portal application's port 8989 is
-exposed through a `Kubernetes LoadBalancer`_ object.
-
-Typically, to be able to access the Kubernetes nodes publicly a public address
-is assigned. In OpenStack this is a floating IP address.
-
-When the `portal-app` chart is deployed a Kubernetes service is created that
-instantiates a load balancer. The LB chooses the private interface of one of
-the nodes as in the example below (10.0.0.4 is private to the K8s cluster only).
-Then to be able to access the portal on port 8989 from outside the K8s &
-OpenStack environment, the user needs to assign/get the floating IP address that
-corresponds to the private IP as follows::
-
- > kubectl -n onap get services|grep "portal-app"
- portal-app LoadBalancer 10.43.142.201 10.0.0.4 8989:30215/TCP,8006:30213/TCP,8010:30214/TCP 1d app=portal-app,release=dev
-
-
-In this example, use the 11.0.0.4 private address as a key find the
-corresponding public address which in this example is 10.12.6.155. If you're
-using OpenStack you'll do the lookup with the horizon GUI or the OpenStack CLI
-for your tenant (openstack server list). That IP is then used in your
-`/etc/hosts` to map the fixed DNS aliases required by the ONAP Portal as shown
-below::
-
- 10.12.6.155 portal.api.simpledemo.onap.org
- 10.12.6.155 vid.api.simpledemo.onap.org
- 10.12.6.155 sdc.api.fe.simpledemo.onap.org
- 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
- 10.12.6.155 sdc.dcae.plugin.simpledemo.onap.org
- 10.12.6.155 portal-sdk.simpledemo.onap.org
- 10.12.6.155 policy.api.simpledemo.onap.org
- 10.12.6.155 aai.api.sparky.simpledemo.onap.org
- 10.12.6.155 cli.api.simpledemo.onap.org
- 10.12.6.155 msb.api.discovery.simpledemo.onap.org
- 10.12.6.155 msb.api.simpledemo.onap.org
- 10.12.6.155 clamp.api.simpledemo.onap.org
- 10.12.6.155 so.api.simpledemo.onap.org
- 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
-
-Ensure you've disabled any proxy settings the browser you are using to access
-the portal and then simply access now the new ssl-encrypted URL:
-``https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm``
-
-.. note::
- Using the HTTPS based Portal URL the Browser needs to be configured to accept
- unsecure credentials.
- Additionally when opening an Application inside the Portal, the Browser
- might block the content, which requires to disable the blocking and reloading
- of the page
-
-.. note::
- Besides the ONAP Portal the Components can deliver additional user interfaces,
- please check the Component specific documentation.
-
-.. note::
-
- | Alternatives Considered:
-
- - Kubernetes port forwarding was considered but discarded as it would
- require the end user to run a script that opens up port forwarding tunnels
- to each of the pods that provides a portal application widget.
-
- - Reverting to a VNC server similar to what was deployed in the Amsterdam
- release was also considered but there were many issues with resolution,
- lack of volume mount, /etc/hosts dynamic update, file upload that were
- a tall order to solve in time for the Beijing release.
-
- Observations:
-
- - If you are not using floating IPs in your Kubernetes deployment and
- directly attaching a public IP address (i.e. by using your public provider
- network) to your K8S Node VMs' network interface, then the output of
- 'kubectl -n onap get services | grep "portal-app"'
- will show your public IP instead of the private network's IP. Therefore,
- you can grab this public IP directly (as compared to trying to find the
- floating IP first) and map this IP in /etc/hosts.
.. figure:: ../../resources/images/oom_logo/oomLogoV2-Monitor.png
:align: right
diff --git a/docs/sections/resources/csv/nodeports.csv b/docs/sections/resources/csv/nodeports.csv
new file mode 100644
index 0000000000..b1c6fb5333
--- /dev/null
+++ b/docs/sections/resources/csv/nodeports.csv
@@ -0,0 +1,62 @@
+NodePort,Component,Service name,targetPort,Port
+30200,VID,vid,8443,8443
+30201,SDNC,sdnc-portal,8443,8443
+30203,SDNC,sdnc-dgbuilder,3100,3000
+30204,SDC,sdc-be-external,8443,8443
+30207,SDC,sdc-fe,9443,9443
+30209,ROBOT,robot,443,443
+30210,AAI,aai-modelloader,8080,8080
+30211,APPC,appc,9191,9090
+30212,PORTAL,portal-sdk,8443,8443
+30218,POLICY,pap,9091,9091
+30219,POLICY,pap,8443,8443
+30220,AAI,aai-sparky-be,8000,8000
+30222,DCAE,xdcae-hv-ves-collector,6061,6061
+30225,PORTAL,portal-app,8443,8443
+30226,DMAAP,message-router-external,3905,3905
+30228,APPC,appc-dgbuilder,3100,3000
+30229,AAI,aai-modelloader,8443,8443
+30230,APPC,appc,8443,8443
+30231,APPC,appc,1830,1830
+30233,AAI,aai,8443,8443
+30234,POMBA*),pomba-kibana,5601,5601
+30242,DMAAP,dmaap-bc,8443,8443
+30248,OOF,oof-osdf,8699,8698
+30249,POMBA*),pomba-data-router,9502,9502
+30251,AAF,aaf-gui,8200,8200
+30253,LOG*),log-kibana,5601,5601
+30254,LOG*),log-es,9200,9200
+30255,LOG*),log-ls,5044,5044
+30256,SDC,sdc-wfd-fe,8443,8443
+30257,SDC,sdc-wfd-be,8443,8443
+30258,CLAMP,clamp-external,2443,2443
+30260,CLI,cli,443,443
+30264,DCAE,sdc-dcae-fe,9444,9444
+30266,DCAE,sdc-dcae-dt,9446,9446
+30267,SDNC,sdnc,8443,8443
+30269,DMAAP,dmaapr-prov,443,8443
+30271,CLI,cli,9090,9090
+30274,EXTAPI,nbi,8443,8443
+30275,OOF,oof-has-api,8091,8091
+30277,SO,so,8080,8080
+30279,AAI,aai-babel,9516,9516
+30283,MSB,msb-iag,443,443
+30284,MSB,msb-eag,443,443
+30288,SNIRO*),sniro-emulator,9999,80
+30289,APPC,appc-cdt,18080,18080
+30290,CLAMP,cdash-kibana,5601,5601
+30297,VNFSDK,refrepo,8703,8703
+30299,POMBA*),pomba-networkdiscovery,8443,9531
+30398,UUI,uui,8443,8443
+30399,UUI,uui-server,8082,8082
+30406,SO,so-vnfm-adapter,9092,9092
+30407,MUSIC,music,8443,8443
+30417,DCAE,xdcae-ves-collector,8443,8443
+30418,DCAE,dashboard,8443,8443
+30420,NETBOX,netbox-nginx,8080,8080
+30478,AWX,awx-web,8080,80
+30490,DMAAP,message-router-kafka-0,9091,9091
+30491,DMAAP,message-router-kafka-1,9091,9091
+30492,DMAAP,message-router-kafka-2,9091,9091
+30494,DMAAP,dmaap-dr-node-external,8443,8443
+30497,CDS,cds-ui,3000,3000 \ No newline at end of file
diff --git a/docs/sections/resources/images/servicemesh/ServiceMesh.png b/docs/sections/resources/images/servicemesh/ServiceMesh.png
new file mode 100644
index 0000000000..7448ff0dc2
--- /dev/null
+++ b/docs/sections/resources/images/servicemesh/ServiceMesh.png
Binary files differ
diff --git a/docs/sections/resources/yaml/envoyfilter-case.yaml b/docs/sections/resources/yaml/envoyfilter-case.yaml
new file mode 100644
index 0000000000..c919319ecc
--- /dev/null
+++ b/docs/sections/resources/yaml/envoyfilter-case.yaml
@@ -0,0 +1,40 @@
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+ name: header-casing
+ namespace: istio-config
+spec:
+ configPatches:
+ - applyTo: CLUSTER
+ match:
+ context: SIDECAR_INBOUND
+ patch:
+ operation: MERGE
+ value:
+ typed_extension_protocol_options:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ use_downstream_protocol_config:
+ http_protocol_options:
+ header_key_format:
+ stateful_formatter:
+ name: preserve_case
+ typed_config:
+ '@type': type.googleapis.com/envoy.extensions.http.header_formatters.preserve_case.v3.PreserveCaseFormatterConfig
+ - applyTo: NETWORK_FILTER
+ match:
+ listener:
+ filterChain:
+ filter:
+ name: envoy.filters.network.http_connection_manager
+ patch:
+ operation: MERGE
+ value:
+ typed_config:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ http_protocol_options:
+ header_key_format:
+ stateful_formatter:
+ name: preserve_case
+ typed_config:
+ '@type': type.googleapis.com/envoy.extensions.http.header_formatters.preserve_case.v3.PreserveCaseFormatterConfig \ No newline at end of file
diff --git a/docs/sections/resources/yaml/kiali-ingress.yaml b/docs/sections/resources/yaml/kiali-ingress.yaml
new file mode 100644
index 0000000000..44f806203a
--- /dev/null
+++ b/docs/sections/resources/yaml/kiali-ingress.yaml
@@ -0,0 +1,30 @@
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+ name: kiali-gateway
+spec:
+ selector:
+ istio: ingressgateway
+ servers:
+ - hosts:
+ - kiali.simpledemo.onap.org
+ port:
+ name: http
+ number: 80
+ protocol: HTTP
+---
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+ name: kiali-service
+spec:
+ hosts:
+ - kiali.simpledemo.onap.org
+ gateways:
+ - kiali-gateway
+ http:
+ - route:
+ - destination:
+ port:
+ number: 20001
+ host: kiali \ No newline at end of file
diff --git a/docs/sections/resources/yaml/kiali.yaml b/docs/sections/resources/yaml/kiali.yaml
new file mode 100644
index 0000000000..71d86ce265
--- /dev/null
+++ b/docs/sections/resources/yaml/kiali.yaml
@@ -0,0 +1,24 @@
+apiVersion: kiali.io/v1alpha1
+kind: Kiali
+metadata:
+ name: kiali
+ namespace: istio-system
+ annotations:
+ ansible.operator-sdk/verbosity: "1"
+spec:
+ auth:
+ strategy: anonymous
+ istio_component_namespaces:
+ prometheus: monitoring
+ external_services:
+ grafana:
+ in_cluster_url: http://prometheus-stack-grafana.monitoring
+ prometheus:
+ url: http://prometheus-stack-kube-prom-prometheus.monitoring:9090
+ tracing:
+ in_cluster_url: http://istio-query.observability:16686
+ deployment:
+ accessible_namespaces: ["**"]
+ view_only_mode: false
+ server:
+ web_root: "/kiali" \ No newline at end of file
diff --git a/kubernetes/README.md b/kubernetes/README.md
index 9d8d4cc9ab..696ede70c0 100644
--- a/kubernetes/README.md
+++ b/kubernetes/README.md
@@ -1,5 +1,8 @@
## **Quick Start Guide**
+> **WARNING**: This README is no longer maintained and will be deprecated.
+> Please refer to the official OOM guide here - [OOM Guide](https://docs.onap.org/projects/onap-oom/en/latest/sections/oom_project_description.html)
+
This is a quick start guide describing how to deploy ONAP on Kubernetes using Helm.
diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties b/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties
index 681da5d069..bc53b4b764 100644
--- a/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties
+++ b/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties
@@ -30,14 +30,13 @@ ml.distribution.KEYSTORE_PASSWORD=
ml.distribution.KEYSTORE_FILE=
ml.distribution.PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp
{{ end }}
-ml.distribution.CONSUMER_GROUP=aai-ml-group
-ml.distribution.CONSUMER_ID=aai-ml
+ml.distribution.CONSUMER_GROUP={{ .Values.config.kafka.sdcTopic.consumerGroup }}
+ml.distribution.CONSUMER_ID={{ .Values.config.kafka.sdcTopic.clientId }}
ml.distribution.ENVIRONMENT_NAME=AUTO
ml.distribution.POLLING_INTERVAL=30
ml.distribution.POLLING_TIMEOUT=20
ml.distribution.USER=aai
ml.distribution.ARTIFACT_TYPES=MODEL_QUERY_SPEC,TOSCA_CSAR
-ml.distribution.MSG_BUS_ADDRESSES=message-router.{{.Release.Namespace}}
# Model Loader AAI REST Client Configuration
{{ if ( include "common.needTLS" .) }}
diff --git a/kubernetes/aai/components/aai-modelloader/templates/aai-sdc-list-kafka-user.yaml b/kubernetes/aai/components/aai-modelloader/templates/aai-sdc-list-kafka-user.yaml
new file mode 100644
index 0000000000..d7e37e215a
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/templates/aai-sdc-list-kafka-user.yaml
@@ -0,0 +1,37 @@
+{{/*
+ # Copyright © 2022 Nordix Foundation
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ */}}
+
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.release" . }}-{{ .Values.global.aaiSdcListenerKafkaUser }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: {{ .Values.config.kafka.saslMechanism | lower }}
+ authorization:
+ type: {{ .Values.config.kafka.authType }}
+ acls:
+ - resource:
+ type: group
+ name: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
+ operation: All
+ - resource:
+ type: topic
+ patternType: prefix
+ name: {{ .Values.config.kafka.sdcTopic.pattern }}
+ operation: All
diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
index 8e481b9656..d3136d8dda 100644
--- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
@@ -102,6 +102,12 @@ spec:
env:
- name: CONFIG_HOME
value: /opt/app/model-loader/config/
+ - name: SECURITY_PROTOCOL
+ value: {{ .Values.config.kafka.securityProtocol }}
+ - name: SASL_MECHANISM
+ value: {{ .Values.config.kafka.saslMechanism }}
+ - name: SASL_JAAS_CONFIG
+ value: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 10 }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/aai/components/aai-modelloader/templates/secret.yaml b/kubernetes/aai/components/aai-modelloader/templates/secret.yaml
index d6013c832e..70b0857938 100644
--- a/kubernetes/aai/components/aai-modelloader/templates/secret.yaml
+++ b/kubernetes/aai/components/aai-modelloader/templates/secret.yaml
@@ -27,3 +27,5 @@ metadata:
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
+---
+{{ include "common.secretFast" . }} \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml
index 1188f9b645..09bb32dd43 100644
--- a/kubernetes/aai/components/aai-modelloader/values.yaml
+++ b/kubernetes/aai/components/aai-modelloader/values.yaml
@@ -18,6 +18,18 @@
# Declare variables to be passed into your templates.
global: # global defaults
nodePortPrefix: 302
+ aaiSdcListenerKafkaUser: aai-sdc-list-user
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: aai-sdc-kafka-secret
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
#################################################################
# Certificate configuration
@@ -56,13 +68,23 @@ certInitializer:
chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }}
# application image
-image: onap/model-loader:1.11.0
+image: onap/model-loader:1.12.0
pullPolicy: Always
restartPolicy: Always
flavor: small
flavorOverride: small
+
# application configuration
-config: {}
+config:
+ someConfig: blah
+ kafka:
+ securityProtocol: SASL_PLAINTEXT
+ saslMechanism: SCRAM-SHA-512
+ authType: simple
+ sdcTopic:
+ pattern: SDC-DIST
+ consumerGroup: aai
+ clientId: aai-model-loader
# default number of instances
replicaCount: 1
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
index 8bd4494a2b..7c82d1f90d 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
@@ -25,6 +25,6 @@ resources.trust-store-password=${TRUSTSTORE_PASSWORD}
resources.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
resources.client-cert-password=${KEYSTORE_PASSWORD}
{{ else }}
-resources.port=8080
+resources.port=80
resources.authType=HTTP_NOAUTH
{{ end }}
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
index a724129018..31ea946d9b 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
@@ -147,18 +147,19 @@ spec:
subPath: logback.xml
ports:
- containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPlainPort }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
resources:
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/service.yaml b/kubernetes/aai/components/aai-sparky-be/templates/service.yaml
index 457b3576a0..9e3ffd6f56 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/service.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/service.yaml
@@ -25,16 +25,13 @@ metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
- type: {{ .Values.service.type }}
ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
+ - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ {{- if eq .Values.service.type "NodePort" }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ ternary "s" "" (eq "true" (include "common.needTLS" .)) }}
- {{- end }}
+ {{- end }}
+ type: {{ .Values.service.type }}
selector:
app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
index ee3c5c41d9..29953b4b66 100644
--- a/kubernetes/aai/components/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -119,7 +119,9 @@ readiness:
service:
type: NodePort
portName: http
+ externalPort: 8000
internalPort: 8000
+ internalPlainPort: 9517
nodePort: 20
ingress:
diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
index 0ba461c4c7..d382b80ba0 100644
--- a/kubernetes/aai/values.yaml
+++ b/kubernetes/aai/values.yaml
@@ -277,12 +277,16 @@ global: # global defaults
# since when this is enabled, it prints a lot of information to console
enabled: false
+ aaiSdcListenerKafkaUser: aai-sdc-list-user
+
aai-babel:
logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
aai-graphadmin:
logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
aai-modelloader:
logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.aaiSdcListenerKafkaUser }}'
aai-resources:
logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
aai-schema-service:
diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl
index 4fc2e4b1c9..d8a944712a 100644
--- a/kubernetes/common/common/templates/_ingress.tpl
+++ b/kubernetes/common/common/templates/_ingress.tpl
@@ -14,13 +14,56 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
+{{/*
+ Create the hostname as concatination <baseaddr>.<baseurl>
+ - baseaddr: from component values: ingress.service.baseaddr
+ - baseurl: from values: global.ingress.virtualhost.baseurl
+ which van be overwritten in the component via: ingress.baseurlOverride
+*/}}
{{- define "ingress.config.host" -}}
{{- $dot := default . .dot -}}
{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
{{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}}
+{{- $burl := include "common.ingress._overrideIfDefined" (dict "currVal" $burl "parent" (default (dict) $dot.Values.ingress) "var" "baseurlOverride") -}}
{{ printf "%s.%s" $baseaddr $burl }}
{{- end -}}
+{{/*
+ Helper function to add the tls route
+*/}}
+{{- define "ingress.config.tls" -}}
+{{- $dot := default . .dot -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- if $dot.Values.global.ingress.config }}
+{{- if $dot.Values.global.ingress.config.ssl }}
+{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }}
+ tls:
+ httpsRedirect: true
+ - port:
+ number: 443
+ name: https
+ protocol: HTTPS
+ tls:
+{{- if $dot.Values.global.ingress.config }}
+{{- if $dot.Values.global.ingress.config.tls }}
+ credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
+{{- else }}
+ credentialName: "ingress-tls-secret"
+{{- end }}
+{{- else }}
+ credentialName: "ingress-tls-secret"
+{{- end }}
+ mode: SIMPLE
+ hosts:
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end -}}
+
+{{/*
+ Helper function to add the route to the service
+*/}}
{{- define "ingress.config.port" -}}
{{- $dot := default . .dot -}}
{{ range .Values.ingress.service }}
@@ -44,9 +87,11 @@
{{- end }}
{{- end -}}
+{{/*
+ Helper function to add the route to the service
+*/}}
{{- define "istio.config.route" -}}
{{- $dot := default . .dot -}}
-{{ range .Values.ingress.service }}
http:
- route:
- destination:
@@ -66,8 +111,10 @@
{{- end }}
host: {{ .name }}
{{- end -}}
-{{- end -}}
+{{/*
+ Helper function to add ssl annotations
+*/}}
{{- define "ingress.config.annotations.ssl" -}}
{{- if .Values.ingress.config -}}
{{- if .Values.ingress.config.ssl -}}
@@ -85,6 +132,9 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false"
{{- end -}}
+{{/*
+ Helper function to add annotations
+*/}}
{{- define "ingress.config.annotations" -}}
{{- if .Values.ingress -}}
{{- if .Values.ingress.annotations -}}
@@ -94,6 +144,9 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false"
{{ include "ingress.config.annotations.ssl" . | indent 4 | trim }}
{{- end -}}
+{{/*
+ Helper function to check the existance of an override value
+*/}}
{{- define "common.ingress._overrideIfDefined" -}}
{{- $currValue := .currVal }}
{{- $parent := .parent }}
@@ -109,20 +162,38 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false"
{{- end -}}
{{- end -}}
-{{- define "common.ingress" -}}
+{{/*
+ Helper function to check, if Ingress is enabled
+*/}}
+{{- define "common.ingress._enabled" -}}
{{- $dot := default . .dot -}}
-{{- if .Values.ingress -}}
- {{- $ingressEnabled := default false .Values.ingress.enabled -}}
- {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" (default (dict) .Values.global.ingress) "var" "enabled") }}
- {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" .Values.ingress "var" "enabledOverride") }}
-{{- if $ingressEnabled }}
-{{- if (include "common.onServiceMesh" .) }}
-{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }}
- {{- $dot := default . .dot -}}
+{{- if $dot.Values.ingress -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if (default false $dot.Values.global.ingress.enabled) -}}
+{{- if (default false $dot.Values.global.ingress.enable_all) -}}
+true
+{{- else -}}
+{{- if $dot.Values.ingress.enabled -}}
+true
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Create Istio Ingress resources per defined service
+*/}}
+{{- define "common.istioIngress" -}}
+{{- $dot := default . .dot -}}
+{{ range $dot.Values.ingress.service }}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
+---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
- name: {{ include "common.fullname" . }}-gateway
+ name: {{ $baseaddr }}-gateway
spec:
selector:
istio: ingressgateway # use Istio default gateway implementation
@@ -132,80 +203,87 @@ spec:
name: http
protocol: HTTP
hosts:
- {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
- - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
- {{- end }}
-{{- if .Values.global.ingress.config }}
-{{- if .Values.global.ingress.config.ssl }}
-{{- if eq .Values.global.ingress.config.ssl "redirect" }}
- tls:
- httpsRedirect: true
- - port:
- number: 443
- name: https
- protocol: HTTPS
- tls:
-{{- if .Values.global.ingress.config }}
-{{- if .Values.global.ingress.config.tls }}
- credentialName: {{ default "ingress-tls-secret" .Values.global.ingress.config.tls.secret }}
-{{- else }}
- credentialName: "ingress-tls-secret"
-{{- end }}
-{{- else }}
- credentialName: "ingress-tls-secret"
-{{- end }}
- mode: SIMPLE
- hosts:
- {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
- {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
- {{- end }}
-{{- end }}
-{{- end }}
-{{- end }}
+ {{ include "ingress.config.tls" (dict "dot" $dot "baseaddr" $baseaddr) }}
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
- name: {{ include "common.fullname" . }}-service
+ name: {{ $baseaddr }}-service
spec:
hosts:
- {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
- {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
- {{- end }}
gateways:
- - {{ include "common.fullname" . }}-gateway
+ - {{ $baseaddr }}-gateway
{{ include "istio.config.route" . | trim }}
+{{- end -}}
{{- end -}}
-{{- else -}}
+
+{{/*
+ Create default Ingress resource
+*/}}
+{{- define "common.nginxIngress" -}}
+{{- $dot := default . .dot -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
- name: {{ include "common.fullname" . }}-ingress
+ name: {{ include "common.fullname" $dot }}-ingress
annotations:
- {{ include "ingress.config.annotations" . }}
+ {{ include "ingress.config.annotations" $dot }}
labels:
- app: {{ .Chart.Name }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ app: {{ $dot.Chart.Name }}
+ chart: {{ $dot.Chart.Name }}-{{ $dot.Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" $dot }}
+ heritage: {{ $dot.Release.Service }}
spec:
rules:
- {{ include "ingress.config.port" . | trim }}
-{{- if .Values.ingress.tls }}
+ {{ include "ingress.config.port" $dot | trim }}
+{{- if $dot.Values.ingress.tls }}
tls:
-{{ toYaml .Values.ingress.tls | indent 4 }}
+{{ toYaml $dot.Values.ingress.tls | indent 4 }}
{{- end -}}
-{{- if .Values.ingress.config -}}
-{{- if .Values.ingress.config.tls -}}
+{{- if $dot.Values.ingress.config -}}
+{{- if $dot.Values.ingress.config.tls -}}
tls:
- hosts:
- {{- range .Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
+ {{- range $dot.Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
- {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
- {{- end }}
- secretName: {{ required "secret" (tpl (default "" .Values.ingress.config.tls.secret) $dot) }}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+ {{- end }}
+ secretName: {{ required "secret" (tpl (default "" $dot.Values.ingress.config.tls.secret) $dot) }}
+{{- end -}}
{{- end -}}
{{- end -}}
+
+{{/*
+ Create ingress template
+ Will create ingress template depending on the following values:
+ - .Values.global.ingress.enabled : enables Ingress globally
+ - .Values.global.ingress.enable_all : override default Ingress for all charts
+ - .Values.ingress.enabled : sets Ingress per chart basis
+
+ | global.ingress.enabled | global.ingress.enable_all |ingress.enabled | result |
+ |------------------------|---------------------------|----------------|------------|
+ | false | any | any | no ingress |
+ | true | false | false | no ingress |
+ | true | true | any | ingress |
+ | true | false | true | ingress |
+
+ If ServiceMesh (Istio) is enabled the respective resources are created:
+ - Gateway
+ - VirtualService
+
+ If ServiceMesh is disabled the standard Ingress resource is creates:
+ - Ingress
+*/}}
+{{- define "common.ingress" -}}
+{{- $dot := default . .dot -}}
+{{- if (include "common.ingress._enabled" (dict "dot" $dot)) }}
+{{- if (include "common.onServiceMesh" .) }}
+{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }}
+{{ include "common.istioIngress" (dict "dot" $dot) }}
+{{- end -}}
+{{- else -}}
+{{ include "common.nginxIngress" (dict "dot" $dot) }}
+{{- end -}}
+{{- end -}}
{{- end -}}
diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl
index 379992eae8..7b88af02aa 100644
--- a/kubernetes/common/common/templates/_service.tpl
+++ b/kubernetes/common/common/templates/_service.tpl
@@ -242,7 +242,7 @@ spec:
{{- $labels := default (dict) .labels -}}
{{- $matchLabels := default (dict) .matchLabels -}}
{{- if and (include "common.onServiceMesh" $dot) (eq $serviceType "NodePort") }}
-{{- $serviceType = "ClusterIP" }}
+{{- $serviceType = "ClusterIP" }}
{{- end }}
{{- if (and (include "common.needTLS" $dot) $both_tls_and_plain) }}
diff --git a/kubernetes/dmaap/Chart.yaml b/kubernetes/dmaap/Chart.yaml
index 25fa15a2cf..8d84a97ba2 100644
--- a/kubernetes/dmaap/Chart.yaml
+++ b/kubernetes/dmaap/Chart.yaml
@@ -24,10 +24,6 @@ dependencies:
- name: common
version: ~12.x-0
repository: '@local'
- - name: dmaap-strimzi
- version: ~12.x-0
- repository: 'file://components/dmaap-strimzi'
- condition: dmaap-strimzi.enabled
- name: message-router
version: ~12.x-0
repository: 'file://components/message-router'
diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties
index 3acea02bff..a9b0a012a4 100755
--- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties
+++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties
@@ -28,9 +28,9 @@
## Items below are passed through to Kafka's producer and consumer
## configurations (after removing "kafka.")
## if you want to change request.required.acks it can take this one value
-kafka.metadata.broker.list={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}:{{ .Values.global.kafkaInternalPort }}
-config.zk.servers=127.0.0.1:{{ .Values.global.zkTunnelService.internalPort }}
#kafka.request.required.acks=-1
+kafka.metadata.broker.list={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+config.zk.servers=127.0.0.1:{{ .Values.global.zkTunnelService.internalPort }}
consumer.timeout.ms=100
zookeeper.connection.timeout.ms=6000
zookeeper.session.timeout.ms=20000
diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
index 0fba655a69..904c160c70 100644
--- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
@@ -150,7 +150,7 @@ spec:
- name: JAASLOGIN
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "mr-kafka-admin-secret" "key" "sasl.jaas.config") | indent 12 }}
- name: SASLMECH
- value: {{ .Values.global.saslMechanism }}
+ value: scram-sha-512
- name: enableCadi
value: "{{ .Values.global.aafEnabled }}"
- name: useZkTopicStore
diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml
index f9904e67c8..80460ba570 100644
--- a/kubernetes/dmaap/components/message-router/values.yaml
+++ b/kubernetes/dmaap/components/message-router/values.yaml
@@ -19,15 +19,16 @@
#################################################################
global:
nodePortPrefix: 302
- kafkaBootstrap: strimzi-kafka-bootstrap
- saslMechanism: scram-sha-512
- kafkaInternalPort: 9092
zkTunnelService:
type: ClusterIP
name: zk-tunnel-svc
portName: tcp-zk-tunnel
internalPort: 2181
+zookeeper:
+ entrance:
+ image: scholzj/zoo-entrance:latest
+
#################################################################
# AAF part
#################################################################
@@ -71,10 +72,6 @@ certInitializer:
image: onap/dmaap/dmaap-mr:1.4.3
pullPolicy: Always
-zookeeper:
- entrance:
- image: scholzj/zoo-entrance:latest
-
secrets:
- uid: mr-kafka-admin-secret
externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml
index cf65674ffd..1cb537b5f4 100644
--- a/kubernetes/dmaap/values.yaml
+++ b/kubernetes/dmaap/values.yaml
@@ -38,10 +38,7 @@ global:
aafEnabled: true
#Strimzi config
- kafkaBootstrap: strimzi-kafka-bootstrap
kafkaStrimziAdminUser: strimzi-kafka-admin
- kafkaInternalPort: 9092
- saslMechanism: scram-sha-512
#Component overrides
message-router:
diff --git a/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json b/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json
index cf818798d4..4a08322634 100644
--- a/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json
+++ b/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json
@@ -27,15 +27,11 @@
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}",
- "messageBusAddress": [
- "message-router.{{ include "common.namespace" . }}"
- ],
+ "sdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}",
"user": "multicloud",
"password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
"pollingInterval":20,
"pollingTimeout":30,
- "consumerId": "multicloud-k8s-id",
"artifactTypes": [
"TOSCA_CSAR",
"HEAT",
@@ -48,13 +44,13 @@
"CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT",
"HELM"
],
- "consumerGroup": "multicloud-k8s-group",
+ "consumerGroup": "{{ .Values.config.kafka.sdcTopic.consumerGroup }}",
+ "consumerId": "{{ .Values.config.kafka.sdcTopic.clientId }}",
"environmentName": "AUTO",
"keystorePath": "null",
"keystorePassword": "null",
"activeserverTlsAuth": false,
"isFilterinEmptyResources": true,
- "isUseHttpsWithDmaap": false,
"isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }},
"httpsproxyHost": "null",
"httpproxyHost": "null",
diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml
index c9912ffd17..45494e1730 100644
--- a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml
@@ -86,6 +86,13 @@ spec:
subPath: config.json
- mountPath: /data
name: artifact-data
+ env:
+ - name: SECURITY_PROTOCOL
+ value: {{ .Values.config.kafka.securityProtocol }}
+ - name: SASL_MECHANISM
+ value: {{ .Values.config.kafka.saslMechanism }}
+ - name: SASL_JAAS_CONFIG
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "multicloud-k8s-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 10 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml
new file mode 100644
index 0000000000..7600facb08
--- /dev/null
+++ b/kubernetes/multicloud/components/multicloud-k8s/templates/multicloud-k8s-sdc-list-kafka-user.yaml
@@ -0,0 +1,36 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.release" . }}-{{ .Values.global.multicloudK8sKafkaUser }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: {{ .Values.config.kafka.saslMechanism | lower }}
+ authorization:
+ type: {{ .Values.config.kafka.authType }}
+ acls:
+ - resource:
+ type: group
+ name: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
+ operation: All
+ - resource:
+ type: topic
+ patternType: prefix
+ name: {{ .Values.config.kafka.sdcTopic.pattern }}
+ operation: All
diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/secret.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/secret.yaml
new file mode 100644
index 0000000000..bb5091f01a
--- /dev/null
+++ b/kubernetes/multicloud/components/multicloud-k8s/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml
index 36cb701a9b..cae151ae58 100644
--- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml
@@ -18,7 +18,20 @@
global:
nodePortPrefixExt: 304
persistence: {}
- artifactImage: onap/multicloud/framework-artifactbroker:1.8.1
+ artifactImage: onap/multicloud/framework-artifactbroker:1.9.0
+ multicloudK8sKafkaUser: mc-k8s-sdc-list-kafka-user
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: multicloud-k8s-sdc-kafka-secret
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
#################################################################
# Application configuration defaults.
@@ -27,6 +40,17 @@ global:
image: onap/multicloud/k8s:0.10.1
pullPolicy: Always
+config:
+ someConfig: blah
+ kafka:
+ securityProtocol: SASL_PLAINTEXT
+ saslMechanism: SCRAM-SHA-512
+ authType: simple
+ sdcTopic:
+ pattern: SDC-DIST
+ consumerGroup: multicloud
+ clientId: multicloud-k8s
+
# flag to enable debugging - application support required
debugEnabled: false
diff --git a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml
index 1232c3b79a..1fe7775aed 100644
--- a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml
@@ -17,7 +17,7 @@
#################################################################
global:
nodePortPrefixExt: 304
- artifactImage: onap/multicloud/framework-artifactbroker:1.8.1
+ artifactImage: onap/multicloud/framework-artifactbroker:1.9.0
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/multicloud/components/multicloud-windriver/values.yaml b/kubernetes/multicloud/components/multicloud-windriver/values.yaml
index 33802937cd..a328daedc6 100644
--- a/kubernetes/multicloud/components/multicloud-windriver/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-windriver/values.yaml
@@ -18,7 +18,7 @@
#################################################################
global:
nodePortPrefix: 302
- artifactImage: onap/multicloud/framework-artifactbroker:1.8.1
+ artifactImage: onap/multicloud/framework-artifactbroker:1.9.0
persistence: {}
#################################################################
diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml
index 9ea62aa98f..21e6a61cf5 100644
--- a/kubernetes/multicloud/values.yaml
+++ b/kubernetes/multicloud/values.yaml
@@ -18,11 +18,12 @@
#################################################################
global:
nodePortPrefix: 302
- artifactImage: onap/multicloud/framework-artifactbroker:1.8.1
+ artifactImage: onap/multicloud/framework-artifactbroker:1.9.0
prometheus:
enabled: false
persistence: {}
centralizedLoggingEnabled: true
+ multicloudK8sKafkaUser: mc-k8s-sdc-list-kafka-user
#################################################################
# Application configuration defaults.
@@ -39,6 +40,8 @@ multicloud-fcaps:
logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud'
multicloud-k8s:
enabled: true
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.multicloudK8sKafkaUser }}'
multicloud-pike:
enabled: true
logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud'
diff --git a/kubernetes/onap/resources/environments/core-onap.yaml b/kubernetes/onap/resources/environments/core-onap.yaml
index abf2cd1dfa..8a4bb706d9 100644
--- a/kubernetes/onap/resources/environments/core-onap.yaml
+++ b/kubernetes/onap/resources/environments/core-onap.yaml
@@ -16,7 +16,7 @@
# This override file is used to deploy a core configuration. It is based on
# minimal-onap.yaml and Orange accomplishments [1][2][3].
# It includes the following components:
-# AAI, DMAAP, SDC, SDNC, SO (+ Cassandra)
+# AAI, DMAAP Message Router, SDC, SDNC, SO (+ Cassandra), STRIMZI Kafka
#
# Minimal resources are also reviewed for the various containers
# AAI: no override => to be fixed
@@ -75,6 +75,14 @@ holmes:
enabled: false
dmaap:
enabled: true
+ message-router:
+ enabled: true
+ dmaap-bc:
+ enabled: false
+ dmaap-dr-prov:
+ enabled: false
+ dmaap-dr-node:
+ enabled: false
log:
enabled: false
mariadb-galera:
@@ -126,6 +134,16 @@ so:
openStackKeyStoneUrl: "$OPENSTACK_KEYSTONE_URL"
openStackServiceTenantName: "$OPENSTACK_TENANT_NAME"
openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD"
+strimzi:
+ enabled: true
+ replicaCount: 2
+ persistence:
+ kafka:
+ size: 1Gi
+ zookeeper:
+ size: 500Mbi
+ strimzi-kafka-bridge:
+ enabled: false
uui:
enabled: false
vid:
diff --git a/kubernetes/onap/resources/environments/dev.yaml b/kubernetes/onap/resources/environments/dev.yaml
index e2971f70cc..2caad2d530 100644
--- a/kubernetes/onap/resources/environments/dev.yaml
+++ b/kubernetes/onap/resources/environments/dev.yaml
@@ -137,6 +137,8 @@ so:
mariadb:
config:
mariadbRootPassword: password
+strimzi:
+ enabled: false
uui:
enabled: false
vfc:
diff --git a/kubernetes/onap/resources/environments/disable-allcharts.yaml b/kubernetes/onap/resources/environments/disable-allcharts.yaml
index 092dc1ab9b..43aa4c8c05 100644
--- a/kubernetes/onap/resources/environments/disable-allcharts.yaml
+++ b/kubernetes/onap/resources/environments/disable-allcharts.yaml
@@ -77,6 +77,8 @@ sdnc:
enabled: false
so:
enabled: false
+strimzi:
+ enabled: false
uui:
enabled: false
vfc:
diff --git a/kubernetes/onap/resources/environments/minimal-onap.yaml b/kubernetes/onap/resources/environments/minimal-onap.yaml
index 12cccfb9e8..7bfa258e5a 100644
--- a/kubernetes/onap/resources/environments/minimal-onap.yaml
+++ b/kubernetes/onap/resources/environments/minimal-onap.yaml
@@ -16,7 +16,7 @@
# This override file is used to deploy a minimal configuration to
# onboard and deploy a VNF.
# It includes the following components:
-# A&AI, Cassandra, DMAAP, Portal, Robot, SDC, SDNC, SO, VID
+# A&AI, Cassandra, DMAAP Message Router, Portal, Robot, SDC, SDNC, SO, STRIMZI Kafka, VID
#
# Minimal resources are also reviewed for the various containers
# A&AI: no override => to be fixed
@@ -70,6 +70,14 @@ holmes:
enabled: false
dmaap:
enabled: true
+ message-router:
+ enabled: true
+ dmaap-bc:
+ enabled: false
+ dmaap-dr-prov:
+ enabled: false
+ dmaap-dr-node:
+ enabled: false
log:
enabled: false
mariadb-galera:
@@ -170,6 +178,16 @@ so:
openStackKeyStoneUrl: "$OPENSTACK_KEYSTONE_URL"
openStackServiceTenantName: "$OPENSTACK_TENANT_NAME"
openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD"
+strimzi:
+ enabled: true
+ replicaCount: 1
+ persistence:
+ kafka:
+ size: 1Gi
+ zookeeper:
+ size: 500Mbi
+ strimzi-kafka-bridge:
+ enabled: false
uui:
enabled: false
vid:
diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
index 6686e160e5..506dd4f7fe 100644
--- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
+++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
@@ -102,6 +102,14 @@ holmes:
enabled: false
dmaap:
enabled: true
+ message-router:
+ enabled: true
+ dmaap-bc:
+ enabled: false
+ dmaap-dr-prov:
+ enabled: false
+ dmaap-dr-node:
+ enabled: false
log:
enabled: true
sniro-emulator:
@@ -161,6 +169,10 @@ so:
openStackServiceTenantName: "service"
openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
+strimzi:
+ enabled: true
+ strimzi-kafka-bridge:
+ enabled: false
uui:
enabled: true
vfc:
diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
index 3f2854efd7..c78ac8abd2 100644
--- a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
@@ -19,6 +19,8 @@
global:
ingress:
enabled: true
+ # enable all component's Ingress interfaces
+ enable_all: true
# All http requests via ingress will be redirected
config:
ssl: "redirect"
@@ -112,6 +114,14 @@ holmes:
enabled: true
dmaap:
enabled: true
+ message-router:
+ enabled: true
+ dmaap-bc:
+ enabled: true
+ dmaap-dr-prov:
+ enabled: true
+ dmaap-dr-node:
+ enabled: true
oof:
enabled: true
msb:
@@ -134,6 +144,8 @@ so:
enabled: true
strimzi:
enabled: true
+ strimzi-kafka-bridge:
+ enabled: true
uui:
enabled: true
vfc:
diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
index 54e2cf3c4f..9a090c1a41 100644
--- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
@@ -19,6 +19,7 @@
global:
ingress:
enabled: true
+ enable_all: true
addTestingComponents: &testing true
centralizedLoggingEnabled: &centralizedLogging false
cassandra:
@@ -61,6 +62,14 @@ holmes:
enabled: true
dmaap:
enabled: true
+ message-router:
+ enabled: true
+ dmaap-bc:
+ enabled: true
+ dmaap-dr-prov:
+ enabled: true
+ dmaap-dr-node:
+ enabled: true
oof:
enabled: true
msb:
@@ -83,6 +92,8 @@ so:
enabled: true
strimzi:
enabled: true
+ strimzi-kafka-bridge:
+ enabled: true
uui:
enabled: true
vfc:
diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml
index 849b55f0a9..aeac83f7ef 100644
--- a/kubernetes/onap/resources/overrides/onap-all.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all.yaml
@@ -99,6 +99,14 @@ holmes:
enabled: true
dmaap:
enabled: true
+ message-router:
+ enabled: true
+ dmaap-bc:
+ enabled: true
+ dmaap-dr-prov:
+ enabled: true
+ dmaap-dr-node:
+ enabled: true
oof:
enabled: true
msb:
@@ -121,6 +129,8 @@ so:
enabled: true
strimzi:
enabled: true
+ strimzi-kafka-bridge:
+ enabled: true
uui:
enabled: true
vfc:
diff --git a/kubernetes/onap/resources/overrides/onap-vfw.yaml b/kubernetes/onap/resources/overrides/onap-vfw.yaml
index 053f56e00f..fc0c94de24 100644
--- a/kubernetes/onap/resources/overrides/onap-vfw.yaml
+++ b/kubernetes/onap/resources/overrides/onap-vfw.yaml
@@ -37,6 +37,14 @@ holmes:
enabled: true
dmaap:
enabled: true
+ message-router:
+ enabled: true
+ dmaap-bc:
+ enabled: false
+ dmaap-dr-prov:
+ enabled: false
+ dmaap-dr-node:
+ enabled: false
log:
enabled: true
oof:
@@ -57,5 +65,7 @@ so:
enabled: true
strimzi:
enabled: true
+ strimzi-kafka-bridge:
+ enabled: false
vid:
enabled: true
diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml
index b4d928b089..1d3b2eb5c9 100644
--- a/kubernetes/onap/resources/overrides/sm-onap.yaml
+++ b/kubernetes/onap/resources/overrides/sm-onap.yaml
@@ -20,7 +20,8 @@
#
# Minimal resources are also reviewed for the various containers
# AAI: no override => to be fixed
-# DMAAP: no override # SO: no override
+# DMAAP: no override
+# SO: no override
# SDC: new values
# SDNC: no override
#
@@ -82,6 +83,16 @@ cps:
enabled: false
dcaegen2-services:
enabled: false
+dmaap:
+ enabled: true
+ message-router:
+ enabled: true
+ dmaap-bc:
+ enabled: true
+ dmaap-dr-prov:
+ enabled: true
+ dmaap-dr-node:
+ enabled: true
holmes:
enabled: false
log:
@@ -137,6 +148,8 @@ so:
openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD"
strimzi:
enabled: true
+ strimzi-kafka-bridge:
+ enabled: true
uui:
enabled: false
vid:
@@ -147,7 +160,4 @@ vnfsdk:
enabled: false
cds:
enabled: true
-dmaap:
- enabled: true
- dmaap-bc:
- enabled: false
+
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 8a6af16c17..bdbf5ab323 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -146,9 +146,26 @@ global:
# Global ingress configuration
ingress:
+ # generally enable ingress for ONAP components
enabled: false
+ # enable all component's Ingress interfaces
+ enable_all: false
+ # default Ingress base URL
+ # can be overwritten in component vy setting ingress.baseurlOverride
virtualhost:
baseurl: "simpledemo.onap.org"
+ # All http requests via ingress will be redirected on Ingress controller
+ # only valid for Istio Gateway (ServiceMesh enabled)
+ config:
+ ssl: "redirect"
+ # you can set an own Secret containing a certificate
+ # only valid for Istio Gateway (ServiceMesh enabled)
+ # tls:
+ # secret: 'my-ingress-cert'
+
+ # optional: Namespace of the Istio IngressGateway
+ # only valid for Istio Gateway (ServiceMesh enabled)
+ namespace: istio-ingress
# Global Service Mesh configuration
# POC Mode, don't use it in production
@@ -303,9 +320,17 @@ holmes:
enabled: false
dmaap:
enabled: false
+ message-router:
+ enabled: false
+ dmaap-bc:
+ enabled: false
+ dmaap-dr-prov:
+ enabled: false
+ dmaap-dr-node:
+ enabled: false
# Today, "logging" chart that perform the central part of logging must also be
# enabled in order to make it work. So `logging.enabled` must have the same
-# value than centralizedLoggingEnabled
+# value as centralizedLoggingEnabled
log:
enabled: *centralizedLogging
sniro-emulator:
@@ -370,8 +395,22 @@ so:
# server:
# monitoring:
# password: demo123456!
+
strimzi:
enabled: false
+ # Kafka replication & disk storage should be dimensioned
+ # according to each given system use case.
+ replicaCount: 3
+ persistence:
+ kafka:
+ size: 10Gi
+ zookeeper:
+ size: 1Gi
+ # Strimzi kafka bridge is an optional http api towards
+ # kafka provided by https://strimzi.io/docs/bridge/latest/
+ strimzi-kafka-bridge:
+ enabled: false
+
uui:
enabled: false
vfc:
@@ -386,7 +425,6 @@ platform:
enabled: false
a1policymanagement:
enabled: false
-
cert-wrapper:
enabled: true
repository-wrapper:
diff --git a/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml b/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml
index 348609b8da..dc9a4f2dad 100644
--- a/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml
@@ -9,6 +9,9 @@ server:
keyStorePassword: ${KEYSTORE_PASSWORD}
trustStore: ${TRUSTSTORE}
trustStorePassword: ${TRUSTSTORE_PASSWORD}
+ {{- else }}
+ ssl:
+ enabled: false
{{- end }}
tomcat:
max-threads: 50
diff --git a/kubernetes/strimzi/Chart.yaml b/kubernetes/strimzi/Chart.yaml
index 57201cff30..4ef20e19d2 100644
--- a/kubernetes/strimzi/Chart.yaml
+++ b/kubernetes/strimzi/Chart.yaml
@@ -13,16 +13,13 @@
# limitations under the License.
apiVersion: v2
-description: ONAP Strimzi kafka
+description: ONAP Strimzi Kafka
name: strimzi
version: 12.0.0
dependencies:
- name: common
version: ~12.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
@@ -30,4 +27,8 @@ dependencies:
- name: serviceAccount
version: ~12.x-0
repository: '@local'
+ - name: strimzi-kafka-bridge
+ version: ~12.x-0
+ repository: 'file://components/strimzi-kafka-bridge'
+ condition: strimzi-kafka-bridge.enabled
diff --git a/kubernetes/dmaap/components/dmaap-strimzi/.helmignore b/kubernetes/strimzi/components/strimzi-kafka-bridge/.helmignore
index 0f976e9ff3..0f976e9ff3 100644
--- a/kubernetes/dmaap/components/dmaap-strimzi/.helmignore
+++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/.helmignore
diff --git a/kubernetes/dmaap/components/dmaap-strimzi/Chart.yaml b/kubernetes/strimzi/components/strimzi-kafka-bridge/Chart.yaml
index ec11510b09..8c290b2cec 100644
--- a/kubernetes/dmaap/components/dmaap-strimzi/Chart.yaml
+++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/Chart.yaml
@@ -13,20 +13,11 @@
# limitations under the License.
apiVersion: v2
-description: ONAP Dmaap Strimzi Kafka Bridge
-name: dmaap-strimzi
+description: ONAP Strimzi Kafka Bridge
+name: strimzi-kafka-bridge
version: 12.0.0
dependencies:
- name: common
version: ~12.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/dmaap/components/dmaap-strimzi/Makefile b/kubernetes/strimzi/components/strimzi-kafka-bridge/Makefile
index ef273d0e9b..ef273d0e9b 100644
--- a/kubernetes/dmaap/components/dmaap-strimzi/Makefile
+++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/Makefile
diff --git a/kubernetes/dmaap/components/dmaap-strimzi/templates/dmaap-strimzi-kb.yaml b/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/strimzi-kb.yaml
index 8dd7eb97cb..3abb04af10 100644
--- a/kubernetes/dmaap/components/dmaap-strimzi/templates/dmaap-strimzi-kb.yaml
+++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/strimzi-kb.yaml
@@ -15,23 +15,16 @@
*/}}
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaBridge
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- replicas: {{ .Values.kafkaBridgeReplicaCount }}
- enableMetrics: false
- bootstrapServers: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}:{{ .Values.global.kafkaInternalPort }}
+ replicas: {{ .Values.replicaCount }}
+ bootstrapServers: {{ include "common.release" . }}-strimzi-kafka-bootstrap:{{ .Values.config.kafkaInternalPort }}
authentication:
- type: {{ .Values.global.saslMechanism }}
- username: {{ .Values.global.kafkaStrimziAdminUser }}
+ type: {{ .Values.config.saslMechanism }}
+ username: {{ .Values.config.strimziKafkaAdminUser }}
passwordSecret:
- secretName: {{ .Values.global.kafkaStrimziAdminUser }}
+ secretName: {{ .Values.config.strimziKafkaAdminUser }}
password: password
+ enableMetrics: {{ .Values.config.enableMetrics }}
http:
- port: {{ .Values.kafkaBridgePort }}
+ port: {{ .Values.config.port }}
diff --git a/kubernetes/dmaap/components/dmaap-strimzi/values.yaml b/kubernetes/strimzi/components/strimzi-kafka-bridge/values.yaml
index 8e8802d8c5..8a4c4cdc6c 100644
--- a/kubernetes/dmaap/components/dmaap-strimzi/values.yaml
+++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/values.yaml
@@ -16,22 +16,20 @@
# Global configuration defaults.
#################################################################
global:
- kafkaBootstrap: strimzi-kafka-bootstrap
- kafkaStrimziAdminUser: strimzi-kafka-admin
- kafkaInternalPort: 9092
- saslMechanism: scram-sha-512
#################################################################
# Application configuration defaults.
#################################################################
-kafkaBridgeReplicaCount: 1
-kafkaBridgePort: 8080
+replicaCount: 1
+config:
+ port: 8080
+ enableMetrics: false
+ # The following config should be set/overridden
+ # from parent chart kubernetes/strimzi/values.yaml
+ saslMechanism: parentValue
+ kafkaInternalPort: parentValue
+ strimziKafkaAdminUser: parentValue
-ingress:
- enabled: false
-
-#Pods Service Account
-serviceAccount:
- nameOverride: dmaap-strimzi
- roles:
- - read
+# nameOverride is required to avoid duplication
+# in pod and service names ie ...-bridge-bridge-{random hex}
+nameOverride: strimzi-kafka
diff --git a/kubernetes/strimzi/templates/pv-kafka.yaml b/kubernetes/strimzi/templates/pv-kafka.yaml
index 616f03e788..efd4902562 100644
--- a/kubernetes/strimzi/templates/pv-kafka.yaml
+++ b/kubernetes/strimzi/templates/pv-kafka.yaml
@@ -13,4 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{ include "common.replicaPV" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistenceKafka) }}
+{{ include "common.replicaPV" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistence.kafka) }}
diff --git a/kubernetes/strimzi/templates/pv-zk.yaml b/kubernetes/strimzi/templates/pv-zk.yaml
index 60f4ca6e79..2c5a8e3678 100644
--- a/kubernetes/strimzi/templates/pv-zk.yaml
+++ b/kubernetes/strimzi/templates/pv-zk.yaml
@@ -13,5 +13,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-
-{{ include "common.replicaPV" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistenceZk) }}
+{{ include "common.replicaPV" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistence.zookeeper) }}
diff --git a/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml b/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml
index 2653c6799c..c1bf4b8b14 100644
--- a/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml
+++ b/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml
@@ -16,14 +16,14 @@
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
- name: {{ .Values.kafkaStrimziAdminUser }}
+ name: {{ .Values.config.strimziKafkaAdminUser }}
labels:
strimzi.io/cluster: {{ include "common.release" . }}-strimzi
spec:
authentication:
- type: {{ .Values.saslMechanism }}
+ type: {{ .Values.config.saslMechanism }}
authorization:
- type: simple
+ type: {{ .Values.config.authType }}
acls:
- resource:
type: group
diff --git a/kubernetes/strimzi/templates/strimzi-kafka.yaml b/kubernetes/strimzi/templates/strimzi-kafka.yaml
index 03ee56a7a4..b35485f11c 100644
--- a/kubernetes/strimzi/templates/strimzi-kafka.yaml
+++ b/kubernetes/strimzi/templates/strimzi-kafka.yaml
@@ -15,25 +15,18 @@
*/}}
apiVersion: kafka.strimzi.io/v1beta2
kind: Kafka
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
kafka:
- version: {{ .Values.version }}
+ version: {{ .Values.config.kafkaVersion }}
replicas: {{ .Values.replicaCount }}
listeners:
- name: plain
- port: {{ .Values.kafkaInternalPort }}
+ port: {{ .Values.config.kafkaInternalPort }}
type: internal
tls: false
authentication:
- type: {{ .Values.saslMechanism }}
+ type: {{ .Values.config.saslMechanism }}
- name: tls
port: 9093
type: internal
@@ -57,9 +50,9 @@ spec:
- broker: 2
nodePort: {{ .Values.global.nodePortPrefixExt }}92
authorization:
- type: simple
+ type: {{ .Values.config.authType }}
superUsers:
- - {{ .Values.kafkaStrimziAdminUser }}
+ - {{ .Values.config.strimziKafkaAdminUser }}
template:
pod:
securityContext:
@@ -67,21 +60,21 @@ spec:
fsGroup: 0
config:
default.replication.factor: {{ .Values.replicaCount }}
- min.insync.replicas: {{ .Values.replicaCount }}
+ min.insync.replicas: {{ (eq 1.0 (.Values.replicaCount)) | ternary 1 (sub .Values.replicaCount 1) }}
offsets.topic.replication.factor: {{ .Values.replicaCount }}
+ num.partitions: {{ mul .Values.replicaCount 2 }}
transaction.state.log.replication.factor: {{ .Values.replicaCount }}
- num.partitions: {{ .Values.numPartitions }}
- transaction.state.log.min.isr: {{ .Values.replicaCount }}
- log.message.format.version: {{ .Values.version }}
- inter.broker.protocol.version: {{ .Values.version }}
+ transaction.state.log.min.isr: {{ (eq 1.0 (.Values.replicaCount)) | ternary 1 (sub .Values.replicaCount 1) }}
+ log.message.format.version: {{ .Values.config.kafkaVersion }}
+ inter.broker.protocol.version: {{ .Values.config.kafkaVersion }}
storage:
type: jbod
volumes:
- id: 0
type: persistent-claim
- size: {{ .Values.persistenceKafka.size }}
+ size: {{ .Values.persistence.kafka.size }}
deleteClaim: true
- class: {{ include "common.storageClass" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistenceKafka) }}
+ class: {{ include "common.storageClass" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistence.kafka) }}
zookeeper:
template:
pod:
@@ -97,9 +90,9 @@ spec:
{{- end }}
storage:
type: persistent-claim
- size: {{ .Values.persistenceZk.size }}
+ size: {{ .Values.persistence.zookeeper.size }}
deleteClaim: true
- class: {{ include "common.storageClass" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistenceZk) }}
+ class: {{ include "common.storageClass" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistence.zookeeper) }}
entityOperator:
topicOperator: {}
userOperator: {}
diff --git a/kubernetes/strimzi/values.yaml b/kubernetes/strimzi/values.yaml
index 99ccde5040..e6da1d55db 100644
--- a/kubernetes/strimzi/values.yaml
+++ b/kubernetes/strimzi/values.yaml
@@ -19,35 +19,49 @@ global:
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
-
#################################################################
# Application configuration defaults.
#################################################################
replicaCount: 3
-numPartitions: 10
-kafkaInternalPort: 9092
-saslMechanism: scram-sha-512
-version: 3.2.3
-kafkaStrimziAdminUser: strimzi-kafka-admin
-persistence: {}
+config:
+ kafkaVersion: 3.2.3
+ authType: simple
+ saslMechanism: &saslMech scram-sha-512
+ kafkaInternalPort: &plainPort 9092
+ strimziKafkaAdminUser: &adminUser strimzi-kafka-admin
-persistenceKafka:
- enabled: true
- size: 2Gi
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- mountPath: /dockerdata-nfs
- mountSubPath: strimzi-kafka/kafka
-persistenceZk:
- enabled: true
- size: 2Gi
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
+persistence:
+ enabled: &pvenabled true
mountPath: /dockerdata-nfs
- mountSubPath: strimzi-kafka/zk
+ kafka:
+ enabled: *pvenabled
+ # default values of 2Gi for dev env.
+ # Production values should be dimensioned according to requirements. ie >= 10Gi
+ size: 2Gi
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ mountPath: /dockerdata-nfs
+ mountSubPath: strimzi-kafka/kafka
+ zookeeper:
+ enabled: *pvenabled
+ size: 1Gi
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ mountPath: /dockerdata-nfs
+ mountSubPath: strimzi-kafka/zk
#Pods Service Account
serviceAccount:
nameOverride: strimzi-kafka
roles:
- read
+
+######################
+# Component overrides
+######################
+strimzi-kafka-bridge:
+ enabled: true
+ config:
+ saslMechanism: *saslMech
+ kafkaInternalPort: *plainPort
+ strimziKafkaAdminUser: *adminUser \ No newline at end of file