aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitmodules6
-rw-r--r--docs/conf.py2
-rw-r--r--docs/index.rst2
-rw-r--r--docs/oom_developer_guide.rst4
-rw-r--r--docs/oom_hardcoded_certificates.rst2
-rw-r--r--docs/oom_quickstart_guide_helm3.rst252
-rw-r--r--docs/oom_user_guide.rst6
-rw-r--r--docs/oom_user_guide_helm3.rst728
-rw-r--r--docs/release-notes-amsterdam.rst2
-rw-r--r--docs/release-notes-beijing.rst2
-rw-r--r--docs/release-notes-casablanca.rst2
-rw-r--r--docs/release-notes-dublin.rst2
-rw-r--r--docs/release-notes-elalto.rst2
-rw-r--r--docs/release-notes-frankfurt.rst2
-rw-r--r--kubernetes/.gitignore1
-rw-r--r--kubernetes/Makefile2
m---------kubernetes/aai0
-rw-r--r--kubernetes/aai/Chart.yaml (renamed from kubernetes/common/music/charts/music/Chart.yaml)7
-rw-r--r--kubernetes/aai/components/aai-babel/.helmignore21
-rw-r--r--kubernetes/aai/components/aai-babel/Chart.yaml19
-rw-r--r--kubernetes/aai/components/aai-babel/requirements.yaml22
-rw-r--r--kubernetes/aai/components/aai-babel/resources/config/artifact-generator.properties285
-rw-r--r--kubernetes/aai/components/aai-babel/resources/config/auth/auth_policy.json47
-rw-r--r--kubernetes/aai/components/aai-babel/resources/config/auth/tomcat_keystorebin0 -> 2483 bytes
-rw-r--r--kubernetes/aai/components/aai-babel/resources/config/babel-auth.properties16
-rw-r--r--kubernetes/aai/components/aai-babel/resources/config/logback.xml194
-rw-r--r--kubernetes/aai/components/aai-babel/resources/config/tosca-mappings.json193
-rw-r--r--kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12bin0 -> 2556 bytes
-rw-r--r--kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystorebin0 -> 2214 bytes
-rw-r--r--kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties2
-rw-r--r--kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml45
-rw-r--r--kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt1
-rw-r--r--kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12bin0 -> 2556 bytes
-rw-r--r--kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystorebin0 -> 3594 bytes
-rw-r--r--kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json93
-rw-r--r--kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties25
-rw-r--r--kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties4
-rw-r--r--kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml45
-rw-r--r--kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties3
-rw-r--r--kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt1
-rw-r--r--kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties1
-rw-r--r--kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile27
-rw-r--r--kubernetes/aai/components/aai-babel/templates/configmap.yaml70
-rw-r--r--kubernetes/aai/components/aai-babel/templates/deployment.yaml254
-rw-r--r--kubernetes/aai/components/aai-babel/templates/ingress.yaml1
-rw-r--r--kubernetes/aai/components/aai-babel/templates/secrets.yaml88
-rw-r--r--kubernetes/aai/components/aai-babel/templates/service.yaml52
-rw-r--r--kubernetes/aai/components/aai-babel/values.yaml87
-rw-r--r--kubernetes/aai/components/aai-data-router/.helmignore21
-rw-r--r--kubernetes/aai/components/aai-data-router/Chart.yaml18
-rw-r--r--kubernetes/aai/components/aai-data-router/resources/config/auth/client-cert-onap.p12bin0 -> 2556 bytes
-rw-r--r--kubernetes/aai/components/aai-data-router/resources/config/auth/data-router_policy.json18
-rw-r--r--kubernetes/aai/components/aai-data-router/resources/config/auth/tomcat_keystorebin0 -> 4767 bytes
-rw-r--r--kubernetes/aai/components/aai-data-router/resources/config/data-router.properties0
-rw-r--r--kubernetes/aai/components/aai-data-router/resources/config/log/logback.xml193
-rw-r--r--kubernetes/aai/components/aai-data-router/resources/config/schemaIngest.properties65
-rw-r--r--kubernetes/aai/components/aai-data-router/resources/dynamic/conf/data-router-oxm.xml17
-rw-r--r--kubernetes/aai/components/aai-data-router/resources/dynamic/conf/entity-event-policy.xml56
-rw-r--r--kubernetes/aai/components/aai-data-router/resources/dynamic/routes/entity-event.route4
-rw-r--r--kubernetes/aai/components/aai-data-router/templates/configmap.yaml68
-rw-r--r--kubernetes/aai/components/aai-data-router/templates/deployment.yaml188
-rw-r--r--kubernetes/aai/components/aai-data-router/templates/secret.yaml27
-rw-r--r--kubernetes/aai/components/aai-data-router/values.yaml112
-rw-r--r--kubernetes/aai/components/aai-elasticsearch/.helmignore21
-rw-r--r--kubernetes/aai/components/aai-elasticsearch/Chart.yaml18
-rw-r--r--kubernetes/aai/components/aai-elasticsearch/resources/config/elasticsearch.yml372
-rw-r--r--kubernetes/aai/components/aai-elasticsearch/resources/config/jvm.options117
-rw-r--r--kubernetes/aai/components/aai-elasticsearch/resources/config/log4j2.properties88
-rw-r--r--kubernetes/aai/components/aai-elasticsearch/templates/configmap.yaml26
-rw-r--r--kubernetes/aai/components/aai-elasticsearch/templates/deployment.yaml120
-rw-r--r--kubernetes/aai/components/aai-elasticsearch/templates/pv.yaml42
-rw-r--r--kubernetes/aai/components/aai-elasticsearch/templates/pvc.yaml36
-rw-r--r--kubernetes/aai/components/aai-elasticsearch/templates/service.yaml44
-rw-r--r--kubernetes/aai/components/aai-elasticsearch/values.yaml108
-rw-r--r--kubernetes/aai/components/aai-graphadmin/.helmignore (renamed from kubernetes/common/music/charts/music-cassandra-job/.helmignore)0
-rw-r--r--kubernetes/aai/components/aai-graphadmin/Chart.yaml23
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties126
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/application.properties111
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-cached.properties97
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-realtime.properties91
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/localhost-access-logback.xml60
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml958
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-cached.properties70
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-real.properties65
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/realm.properties42
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml63
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml187
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml141
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml150
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml309
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/pv.yaml44
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/pvc.yaml42
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/service.yaml49
-rw-r--r--kubernetes/aai/components/aai-graphadmin/values.yaml158
-rw-r--r--kubernetes/aai/components/aai-modelloader/.helmignore21
-rw-r--r--kubernetes/aai/components/aai-modelloader/Chart.yaml18
-rw-r--r--kubernetes/aai/components/aai-modelloader/resources/config/auth/aai-os-cert.p12bin0 -> 4357 bytes
-rw-r--r--kubernetes/aai/components/aai-modelloader/resources/config/auth/babel-client-cert.p12bin0 -> 2817 bytes
-rw-r--r--kubernetes/aai/components/aai-modelloader/resources/config/auth/tomcat_keystorebin0 -> 2483 bytes
-rw-r--r--kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml168
-rw-r--r--kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties46
-rw-r--r--kubernetes/aai/components/aai-modelloader/templates/configmap.yaml39
-rw-r--r--kubernetes/aai/components/aai-modelloader/templates/deployment.yaml109
-rw-r--r--kubernetes/aai/components/aai-modelloader/templates/ingress.yaml1
-rw-r--r--kubernetes/aai/components/aai-modelloader/templates/secret.yaml27
-rw-r--r--kubernetes/aai/components/aai-modelloader/templates/service.yaml43
-rw-r--r--kubernetes/aai/components/aai-modelloader/values.yaml86
-rw-r--r--kubernetes/aai/components/aai-resources/.helmignore21
-rw-r--r--kubernetes/aai/components/aai-resources/Chart.yaml (renamed from kubernetes/common/music/charts/music-cassandra-job/Chart.yaml)8
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/aaf/bath_config.csv33
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/aaf/cadi.properties8
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.keyfile27
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.p12bin0 -> 4347 bytes
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props15
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/aaf/org.osaaf.location.props24
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/aaf/permissions.properties2
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties88
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties14
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/application.properties96
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/auth/aai_policy.json298
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/janusgraph-cached.properties100
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties94
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml63
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/logback.xml344
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/realm.properties37
-rw-r--r--kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12bin0 -> 3617 bytes
-rw-r--r--kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststorebin0 -> 4639 bytes
-rw-r--r--kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystorebin0 -> 2214 bytes
-rw-r--r--kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties2
-rw-r--r--kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml45
-rw-r--r--kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt1
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12bin0 -> 4291 bytes
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12bin0 -> 4158 bytes
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystorebin0 -> 4943 bytes
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json99
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties39
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties4
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml45
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties3
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt1
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties1
-rw-r--r--kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile27
-rw-r--r--kubernetes/aai/components/aai-resources/templates/configmap.yaml159
-rw-r--r--kubernetes/aai/components/aai-resources/templates/deployment.yaml1484
-rw-r--r--kubernetes/aai/components/aai-resources/templates/service.yaml44
-rw-r--r--kubernetes/aai/components/aai-resources/values.yaml123
-rw-r--r--kubernetes/aai/components/aai-schema-service/.helmignore21
-rw-r--r--kubernetes/aai/components/aai-schema-service/Chart.yaml19
-rw-r--r--kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties43
-rw-r--r--kubernetes/aai/components/aai-schema-service/config/application.properties71
-rw-r--r--kubernetes/aai/components/aai-schema-service/config/localhost-access-logback.xml58
-rw-r--r--kubernetes/aai/components/aai-schema-service/config/logback.xml295
-rw-r--r--kubernetes/aai/components/aai-schema-service/config/realm.properties22
-rw-r--r--kubernetes/aai/components/aai-schema-service/templates/configmap.yaml78
-rw-r--r--kubernetes/aai/components/aai-schema-service/templates/deployment.yaml155
-rw-r--r--kubernetes/aai/components/aai-schema-service/templates/service.yaml44
-rw-r--r--kubernetes/aai/components/aai-schema-service/values.yaml88
-rw-r--r--kubernetes/aai/components/aai-search-data/.helmignore21
-rw-r--r--kubernetes/aai/components/aai-search-data/Chart.yaml18
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/config/analysis-config.json32
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/config/auth/search_policy.json18
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/config/auth/tomcat_keystorebin0 -> 3844 bytes
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/config/dynamic-custom-template.json12
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/config/elastic-search.properties25
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/config/es-payload-translation.json17
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/config/filter-config.json7
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/config/log/logback.xml193
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties2
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml48
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt1
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json11
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties39
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties4
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml48
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties3
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt1
-rw-r--r--kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties1
-rw-r--r--kubernetes/aai/components/aai-search-data/templates/configmap.yaml83
-rw-r--r--kubernetes/aai/components/aai-search-data/templates/deployment.yaml259
-rw-r--r--kubernetes/aai/components/aai-search-data/templates/secret.yaml53
-rw-r--r--kubernetes/aai/components/aai-search-data/templates/service.yaml53
-rw-r--r--kubernetes/aai/components/aai-search-data/values.yaml78
-rw-r--r--kubernetes/aai/components/aai-sparky-be/.helmignore21
-rw-r--r--kubernetes/aai/components/aai-sparky-be/Chart.yaml18
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties16
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties16
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties28
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties20
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties20
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties6
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application.properties35
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12bin0 -> 4117 bytes
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/auth/csp-cookie-filter.properties26
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12bin0 -> 4347 bytes
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/key.properties1
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties47
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties45
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/portal/keyFile27
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/portal/portal-authentication.properties31
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/roles.config20
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/users.config20
-rw-r--r--kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml72
-rw-r--r--kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml206
-rw-r--r--kubernetes/aai/components/aai-sparky-be/templates/ingress.yaml1
-rw-r--r--kubernetes/aai/components/aai-sparky-be/templates/secret.yaml27
-rw-r--r--kubernetes/aai/components/aai-sparky-be/templates/service.yaml38
-rw-r--r--kubernetes/aai/components/aai-sparky-be/values.yaml120
-rw-r--r--kubernetes/aai/components/aai-traversal/.helmignore21
-rw-r--r--kubernetes/aai/components/aai-traversal/Chart.yaml18
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/aaf/bath_config.csv33
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/aaf/cadi.properties8
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.keyfile27
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.p12bin0 -> 4347 bytes
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.props15
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/aaf/org.osaaf.location.props23
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/aaf/permissions.properties2
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties94
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/application.properties99
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/janusgraph-cached.properties100
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties94
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml63
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/logback.xml344
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/realm.properties37
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/configmap.yaml64
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/deployment.yaml812
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/job.yaml142
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/service.yaml44
-rw-r--r--kubernetes/aai/components/aai-traversal/values.yaml118
-rw-r--r--kubernetes/aai/requirements.yaml69
-rw-r--r--kubernetes/aai/resources/config/aai/aai_keystorebin0 -> 7544 bytes
-rw-r--r--kubernetes/aai/resources/config/auth/truststoreONAPall.jks (renamed from kubernetes/common/music/charts/music/resources/keys/truststoreONAPall.jks)bin117990 -> 117990 bytes
-rw-r--r--kubernetes/aai/resources/config/fproxy/auth/client-cert.p12bin0 -> 3591 bytes
-rw-r--r--kubernetes/aai/resources/config/fproxy/auth/fproxy_truststorebin0 -> 5569 bytes
-rw-r--r--kubernetes/aai/resources/config/fproxy/auth/tomcat_keystorebin0 -> 3607 bytes
-rw-r--r--kubernetes/aai/resources/config/haproxy/aai.pem88
-rw-r--r--kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg138
-rw-r--r--kubernetes/aai/resources/config/haproxy/haproxy.cfg126
-rw-r--r--kubernetes/aai/resources/config/log/filebeat/filebeat.yml55
-rw-r--r--kubernetes/aai/resources/config/rproxy/auth/client-cert.p12bin0 -> 2556 bytes
-rw-r--r--kubernetes/aai/resources/config/rproxy/auth/org.onap.aai.p12bin0 -> 4158 bytes
-rw-r--r--kubernetes/aai/resources/config/rproxy/auth/tomcat_keystorebin0 -> 3594 bytes
-rw-r--r--kubernetes/aai/resources/config/rproxy/security/keyfile27
-rw-r--r--kubernetes/aai/templates/configmap.yaml103
-rw-r--r--kubernetes/aai/templates/deployment.yaml134
-rw-r--r--kubernetes/aai/templates/ingress.yaml1
-rw-r--r--kubernetes/aai/templates/secret.yaml36
-rw-r--r--kubernetes/aai/templates/service.yaml40
-rw-r--r--kubernetes/aai/values.yaml382
-rw-r--r--kubernetes/cli/requirements.yaml3
-rw-r--r--kubernetes/cli/templates/deployment.yaml2
-rw-r--r--kubernetes/cli/values.yaml2
-rw-r--r--kubernetes/common/cmpv2Config/values.yaml4
-rw-r--r--kubernetes/common/common/templates/_affinities.tpl109
-rw-r--r--kubernetes/common/music/Makefile51
-rw-r--r--kubernetes/common/music/charts/music-cassandra-job/values.yaml71
-rw-r--r--kubernetes/common/music/charts/music/values.yaml177
-rw-r--r--kubernetes/common/music/components/Makefile51
-rw-r--r--kubernetes/common/music/components/music-cassandra/.helmignore (renamed from kubernetes/common/music/charts/music-cassandra/.helmignore)0
-rw-r--r--kubernetes/common/music/components/music-cassandra/Chart.yaml (renamed from kubernetes/common/music/charts/music-cassandra/Chart.yaml)0
-rw-r--r--kubernetes/common/music/components/music-cassandra/requirements.yaml (renamed from kubernetes/common/music/charts/music-cassandra/requirements.yaml)3
-rw-r--r--kubernetes/common/music/components/music-cassandra/resources/LICENSE.txt (renamed from kubernetes/common/music/charts/music-cassandra-job/resources/LICENSE.txt)0
-rw-r--r--kubernetes/common/music/components/music-cassandra/resources/cql/admin.cql (renamed from kubernetes/common/music/charts/music-cassandra-job/resources/cql/admin.cql)0
-rw-r--r--kubernetes/common/music/components/music-cassandra/resources/cql/admin_pw.cql (renamed from kubernetes/common/music/charts/music-cassandra-job/resources/cql/admin_pw.cql)0
-rw-r--r--kubernetes/common/music/components/music-cassandra/resources/cql/extra/check.cql (renamed from kubernetes/common/music/charts/music-cassandra-job/resources/cql/extra/check.cql)0
-rwxr-xr-xkubernetes/common/music/components/music-cassandra/templates/configmap.yaml (renamed from kubernetes/common/music/charts/music-cassandra-job/templates/configmap.yaml)0
-rwxr-xr-xkubernetes/common/music/components/music-cassandra/templates/configmap_extra.yaml (renamed from kubernetes/common/music/charts/music-cassandra-job/templates/configmap_extra.yaml)0
-rw-r--r--kubernetes/common/music/components/music-cassandra/templates/job.yaml (renamed from kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml)8
-rw-r--r--kubernetes/common/music/components/music-cassandra/templates/pv.yaml (renamed from kubernetes/common/music/charts/music-cassandra/templates/pv.yaml)0
-rw-r--r--kubernetes/common/music/components/music-cassandra/templates/service.yaml (renamed from kubernetes/common/music/charts/music-cassandra/templates/service.yaml)0
-rw-r--r--kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml (renamed from kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml)2
-rw-r--r--kubernetes/common/music/components/music-cassandra/values.yaml (renamed from kubernetes/common/music/charts/music-cassandra/values.yaml)44
-rw-r--r--kubernetes/common/music/requirements.yaml6
-rwxr-xr-xkubernetes/common/music/resources/config/logback.xml (renamed from kubernetes/common/music/charts/music/resources/config/logback.xml)0
-rwxr-xr-xkubernetes/common/music/resources/config/music-sb.properties (renamed from kubernetes/common/music/charts/music/resources/config/music-sb.properties)0
-rwxr-xr-xkubernetes/common/music/resources/config/music.properties (renamed from kubernetes/common/music/charts/music/resources/config/music.properties)0
-rwxr-xr-xkubernetes/common/music/resources/config/startup.sh (renamed from kubernetes/common/music/charts/music/resources/config/startup.sh)0
-rw-r--r--kubernetes/common/music/resources/keys/org.onap.music.jks (renamed from kubernetes/common/music/charts/music/resources/keys/org.onap.music.jks)bin3635 -> 3635 bytes
-rw-r--r--kubernetes/common/music/resources/keys/truststoreONAPall.jksbin0 -> 117990 bytes
-rw-r--r--kubernetes/common/music/templates/configmap.yaml (renamed from kubernetes/common/music/charts/music/templates/configmap.yaml)0
-rw-r--r--kubernetes/common/music/templates/deployment.yaml (renamed from kubernetes/common/music/charts/music/templates/deployment.yaml)8
-rw-r--r--kubernetes/common/music/templates/secrets.yaml (renamed from kubernetes/common/music/charts/music/templates/secrets.yaml)0
-rw-r--r--kubernetes/common/music/templates/service.yaml (renamed from kubernetes/common/music/charts/music/templates/service.yaml)0
-rw-r--r--kubernetes/common/music/values.yaml139
-rw-r--r--kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml179
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json4
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml2
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml2
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml4
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml2
-rwxr-xr-xkubernetes/onap/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/templates/job-onboard.yaml2
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/.helmignore22
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/Chart.yaml18
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml138
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/requirements.yaml17
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml34
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml71
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml167
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml38
-rw-r--r--kubernetes/platform/components/cmpv2-cert-provider/values.yaml79
-rw-r--r--kubernetes/platform/components/oom-cert-service/.gitignore5
-rw-r--r--kubernetes/platform/components/oom-cert-service/.helmignore1
-rw-r--r--kubernetes/platform/components/oom-cert-service/Makefile36
-rw-r--r--kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json2
-rw-r--r--kubernetes/platform/components/oom-cert-service/templates/secret.yaml15
-rw-r--r--kubernetes/platform/components/oom-cert-service/values.yaml9
-rw-r--r--kubernetes/platform/requirements.yaml5
-rw-r--r--kubernetes/sdnc/values.yaml2
-rwxr-xr-xkubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml4
309 files changed, 18436 insertions, 335 deletions
diff --git a/.gitmodules b/.gitmodules
index 19cca65ede..3f0f4efe38 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,11 +1,5 @@
-[submodule "kubernetes/aai"]
- path = kubernetes/aai
- url = ../aai/oom
- branch = master
- ignore = dirty
[submodule "kubernetes/robot"]
path = kubernetes/robot
url = ../testsuite/oom
branch = master
ignore = dirty
-
diff --git a/docs/conf.py b/docs/conf.py
index 8f40e8b817..3b28eb74a8 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -12,4 +12,4 @@ intersphinx_mapping = {}
html_last_updated_fmt = '%d-%b-%y %H:%M'
def setup(app):
- app.add_stylesheet("css/ribbon_onap.css")
+ app.add_css_file("css/ribbon_onap.css")
diff --git a/docs/index.rst b/docs/index.rst
index c3902ecae0..68b38de9aa 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -12,7 +12,9 @@ OOM Documentation Repository
oom_project_description.rst
oom_quickstart_guide.rst
+ oom_quickstart_guide_helm3.rst
oom_user_guide.rst
+ oom_user_guide_helm3.rst
oom_developer_guide.rst
oom_cloud_setup_guide.rst
release-notes.rst
diff --git a/docs/oom_developer_guide.rst b/docs/oom_developer_guide.rst
index fccf453925..3d8cdb1128 100644
--- a/docs/oom_developer_guide.rst
+++ b/docs/oom_developer_guide.rst
@@ -8,7 +8,7 @@
.. _Helm Charts: https://github.com/kubernetes/charts
.. _Kubernetes: https://Kubernetes.io/
.. _Docker: https://www.docker.com/
-.. _Nexus: https://nexus.onap.org/#welcome
+.. _Nexus: https://nexus.onap.org/
.. _AWS Elastic Block Store: https://aws.amazon.com/ebs/
.. _Azure File: https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction
.. _GCE Persistent Disk: https://cloud.google.com/compute/docs/disks/
@@ -1131,7 +1131,7 @@ access to watch the kubernetes events and get service annotation by
Kubernetes APIs. The token can be found in the kubectl configuration file
*~/.kube/config*
-More details can be found here `MSB installation <http://onap.readthedocs.io/en/latest/submodules/msb/apigateway.git/docs/platform/installation.html>`__.
+More details can be found here `MSB installation <https://docs.onap.org/projects/onap-msb-apigateway/en/latest/platform/installation.html>`_.
.. MISC
.. ====
diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst
index 9f6aa1ff0e..c4392c701f 100644
--- a/docs/oom_hardcoded_certificates.rst
+++ b/docs/oom_hardcoded_certificates.rst
@@ -3,6 +3,8 @@
.. http://creativecommons.org/licenses/by/4.0
.. Copyright 2018 Amdocs, Bell Canada, 2020 Nokia Solutions and Networks
+:orphan:
+
.. Links
.. _hardcoded-certificates-label:
diff --git a/docs/oom_quickstart_guide_helm3.rst b/docs/oom_quickstart_guide_helm3.rst
new file mode 100644
index 0000000000..5a3076426e
--- /dev/null
+++ b/docs/oom_quickstart_guide_helm3.rst
@@ -0,0 +1,252 @@
+.. This work is licensed under a
+.. Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright 2019-2020 Amdocs, Bell Canada, Orange, Samsung
+.. _oom_quickstart_guide_helm3:
+.. _quick-start-label-helm3:
+
+OOM Quick Start Guide Helm3 (experimental)
+###########################################
+
+.. figure:: oomLogoV2-medium.png
+ :align: right
+
+Once a Kubernetes environment is available (follow the instructions in
+:ref:`cloud-setup-guide-label` if you don't have a cloud environment
+available), follow the following instructions to deploy ONAP.
+
+**Step 1.** Clone the OOM repository from ONAP gerrit::
+
+ > git clone -b <BRANCH> http://gerrit.onap.org/r/oom --recurse-submodules
+ > cd oom/kubernetes
+
+where <BRANCH> can be an official release tag, such as
+
+* 4.0.0-ONAP for Dublin
+* 5.0.1-ONAP for El Alto
+* 6.0.0 for Frankfurt
+* 7.0.0 for Guilin
+
+**Step 2.** Install Helm Plugins required to deploy ONAP::
+
+ > cp -R ~/oom/kubernetes/helm/plugins/ ~/.local/share/helm/plugins
+ > helm plugin install https://github.com/chartmuseum/helm-push.git
+
+**Step 3** Install Chartmuseum::
+
+ > curl -LO https://s3.amazonaws.com/chartmuseum/release/latest/bin/linux/amd64/chartmuseum
+ > chmod +x ./chartmuseum
+ > mv ./chartmuseum /usr/local/bin
+
+**Step 4.** Customize the Helm charts like `oom/kubernetes/onap/values.yaml` or
+an override file like `onap-all.yaml`, `onap-vfw.yaml` or `openstack.yaml` file
+to suit your deployment with items like the OpenStack tenant information.
+
+.. note::
+ Standard and example override files (e.g. `onap-all.yaml`, `openstack.yaml`) can be found in
+ the `oom/kubernetes/onap/resources/overrides/` directory.
+
+
+ a. You may want to selectively enable or disable ONAP components by changing
+ the ``enabled: true/false`` flags.
+
+
+ b. Encrypt the OpenStack password using the shell tool for Robot and put it in
+ the Robot Helm charts or Robot section of `openstack.yaml`
+
+
+ c. Encrypt the OpenStack password using the java based script for SO Helm charts
+ or SO section of `openstack.yaml`.
+
+
+ d. Update the OpenStack parameters that will be used by Robot, SO and APPC Helm
+ charts or use an override file to replace them.
+
+ e. Add in the command line a value for the global master password (global.masterPassword).
+
+
+
+a. Enabling/Disabling Components:
+Here is an example of the nominal entries that need to be provided.
+We have different values file available for different contexts.
+
+.. literalinclude:: ../kubernetes/onap/values.yaml
+ :language: yaml
+
+
+b. Generating ROBOT Encrypted Password:
+The Robot encrypted Password uses the same encryption.key as SO but an
+openssl algorithm that works with the python based Robot Framework.
+
+.. note::
+ To generate Robot ``openStackEncryptedPasswordHere``::
+
+ cd so/resources/config/mso/
+ /oom/kubernetes/so/resources/config/mso# echo -n "<openstack tenant password>" | openssl aes-128-ecb -e -K `cat encryption.key` -nosalt | xxd -c 256 -p``
+
+c. Generating SO Encrypted Password:
+The SO Encrypted Password uses a java based encryption utility since the
+Java encryption library is not easy to integrate with openssl/python that
+Robot uses in Dublin and upper versions.
+
+.. note::
+ To generate SO ``openStackEncryptedPasswordHere`` and ``openStackSoEncryptedPassword``
+ ensure `default-jdk` is installed::
+
+ apt-get update; apt-get install default-jdk
+
+ Then execute::
+
+ SO_ENCRYPTION_KEY=`cat ~/oom/kubernetes/so/resources/config/mso/encryption.key`
+ OS_PASSWORD=XXXX_OS_CLEARTESTPASSWORD_XXXX
+
+ git clone http://gerrit.onap.org/r/integration
+ cd integration/deployment/heat/onap-rke/scripts
+
+ javac Crypto.java
+ java Crypto "$OS_PASSWORD" "$SO_ENCRYPTION_KEY"
+
+d. Update the OpenStack parameters:
+
+There are assumptions in the demonstration VNF Heat templates about the
+networking available in the environment. To get the most value out of these
+templates and the automation that can help confirm the setup is correct, please
+observe the following constraints.
+
+
+``openStackPublicNetId:``
+ This network should allow Heat templates to add interfaces.
+ This need not be an external network, floating IPs can be assigned to the
+ ports on the VMs that are created by the heat template but its important that
+ neutron allow ports to be created on them.
+
+``openStackPrivateNetCidr: "10.0.0.0/16"``
+ This ip address block is used to assign OA&M addresses on VNFs to allow ONAP
+ connectivity. The demonstration Heat templates assume that 10.0 prefix can be
+ used by the VNFs and the demonstration ip addressing plan embodied in the
+ preload template prevent conflicts when instantiating the various VNFs. If
+ you need to change this, you will need to modify the preload data in the
+ Robot Helm chart like integration_preload_parameters.py and the
+ demo/heat/preload_data in the Robot container. The size of the CIDR should
+ be sufficient for ONAP and the VMs you expect to create.
+
+``openStackOamNetworkCidrPrefix: "10.0"``
+ This ip prefix mush match the openStackPrivateNetCidr and is a helper
+ variable to some of the Robot scripts for demonstration. A production
+ deployment need not worry about this setting but for the demonstration VNFs
+ the ip asssignment strategy assumes 10.0 ip prefix.
+
+Example Keystone v2.0
+
+.. literalinclude:: example-integration-override.yaml
+ :language: yaml
+
+Example Keystone v3 (required for Rocky and later releases)
+
+.. literalinclude:: example-integration-override-v3.yaml
+ :language: yaml
+
+
+**Step 5.** To setup a local Helm server to server up the ONAP charts::
+
+ > chartmuseum --storage local --storage-local-rootdir ~/helm3-storage -port 8879 &
+
+Note the port number that is listed and use it in the Helm repo add as
+follows::
+
+ > helm repo add local http://127.0.0.1:8879
+
+**Step 6.** Verify your Helm repository setup with::
+
+ > helm repo list
+ NAME URL
+ local http://127.0.0.1:8879
+
+**Step 7.** Build a local Helm repository (from the kubernetes directory)::
+
+ > make SKIP_LINT=TRUE [HELM_BIN=<HELM_PATH>] all ; make SKIP_LINT=TRUE [HELM_BIN=<HELM_PATH>] onap
+
+`HELM_BIN`
+ Sets the helm binary to be used. The default value use helm from PATH
+
+
+**Step 8.** Display the onap charts that available to be deployed::
+
+ > helm repo update
+ > helm search repo onap
+
+.. literalinclude:: helm-search.txt
+
+.. note::
+ The setup of the Helm repository is a one time activity. If you make changes
+ to your deployment charts or values be sure to use ``make`` to update your
+ local Helm repository.
+
+**Step 9.** Once the repo is setup, installation of ONAP can be done with a
+single command
+
+.. note::
+ The ``--timeout 900s`` is currently required in Dublin and later
+ versions up to address long running initialization tasks for DMaaP
+ and SO. Without this timeout value both applications may fail to
+ deploy.
+
+.. danger::
+ We've added the master password on the command line.
+ You shouldn't put it in a file for safety reason
+ please don't forget to change the value to something random
+
+ A space is also added in front of the command so "history" doesn't catch it.
+ This masterPassword is very sensitive, please be careful!
+
+
+To deploy all ONAP applications use this command::
+
+ > cd oom/kubernetes
+ > helm deploy dev local/onap --namespace onap --set global.masterPassword=myAwesomePasswordThatINeedToChange -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900s
+
+All override files may be customized (or replaced by other overrides) as per
+needs.
+
+`onap-all.yaml`
+ Enables the modules in the ONAP deployment. As ONAP is very modular, it is
+ possible to customize ONAP and disable some components through this
+ configuration file.
+
+`onap-all-ingress-nginx-vhost.yaml`
+ Alternative version of the `onap-all.yaml` but with global ingress controller
+ enabled. It requires the cluster configured with the nginx ingress controller
+ and load balancer. Please use this file instead `onap-all.yaml` if you want
+ to use experimental ingress controller feature.
+
+`environment.yaml`
+ Includes configuration values specific to the deployment environment.
+
+ Example: adapt readiness and liveness timers to the level of performance of
+ your infrastructure
+
+`openstack.yaml`
+ Includes all the OpenStack related information for the default target tenant
+ you want to use to deploy VNFs from ONAP and/or additional parameters for the
+ embedded tests.
+
+**Step 10.** Verify ONAP installation
+
+Use the following to monitor your deployment and determine when ONAP is ready
+for use::
+
+ > kubectl get pods -n onap -o=wide
+
+.. note::
+ While all pods may be in a Running state, it is not a guarantee that all components are running fine.
+
+ Launch the healthcheck tests using Robot to verify that the components are healthy::
+
+ > ~/oom/kubernetes/robot/ete-k8s.sh onap health
+
+**Step 11.** Undeploy ONAP
+::
+
+ > helm undeploy dev
+
+More examples of using the deploy and undeploy plugins can be found here: https://wiki.onap.org/display/DW/OOM+Helm+%28un%29Deploy+plugins
diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst
index 70f19df7b6..ac716a3eb7 100644
--- a/docs/oom_user_guide.rst
+++ b/docs/oom_user_guide.rst
@@ -12,7 +12,7 @@
.. _Helm Documentation: https://docs.helm.sh/helm/
.. _Helm: https://docs.helm.sh/
.. _Kubernetes: https://Kubernetes.io/
-.. _Kubernetes LoadBalancer: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
+.. _Kubernetes LoadBalancer: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
.. _user-guide-label:
OOM User Guide
@@ -414,7 +414,7 @@ below::
Ensure you've disabled any proxy settings the browser you are using to access
the portal and then simply access now the new ssl-encrypted URL:
-https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm
+``https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm``
.. note::
Using the HTTPS based Portal URL the Browser needs to be configured to accept
@@ -481,7 +481,7 @@ have been created - a sample from the ONAP Integration labs follows:
.. figure:: consulHealth.png
:align: center
-To see the real-time health of a deployment go to: http://<kubernetes IP>:30270/ui/
+To see the real-time health of a deployment go to: ``http://<kubernetes IP>:30270/ui/``
where a GUI much like the following will be found:
diff --git a/docs/oom_user_guide_helm3.rst b/docs/oom_user_guide_helm3.rst
new file mode 100644
index 0000000000..b687fe8bd3
--- /dev/null
+++ b/docs/oom_user_guide_helm3.rst
@@ -0,0 +1,728 @@
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung
+.. _oom_user_guide:
+
+.. Links
+.. _Curated applications for Kubernetes: https://github.com/kubernetes/charts
+.. _Services: https://kubernetes.io/docs/concepts/services-networking/service/
+.. _ReplicaSet: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
+.. _StatefulSet: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
+.. _Helm Documentation: https://docs.helm.sh/helm/
+.. _Helm: https://docs.helm.sh/
+.. _Kubernetes: https://Kubernetes.io/
+.. _Kubernetes LoadBalancer: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
+.. _user-guide-label:
+
+OOM User Guide helm3 (experimental)
+###################################
+
+The ONAP Operations Manager (OOM) provide the ability to manage the entire
+life-cycle of an ONAP installation, from the initial deployment to final
+decommissioning. This guide provides instructions for users of ONAP to
+use the Kubernetes_/Helm_ system as a complete ONAP management system.
+
+This guide provides many examples of Helm command line operations. For a
+complete description of these commands please refer to the `Helm
+Documentation`_.
+
+.. figure:: oomLogoV2-medium.png
+ :align: right
+
+The following sections describe the life-cycle operations:
+
+- Deploy_ - with built-in component dependency management
+- Configure_ - unified configuration across all ONAP components
+- Monitor_ - real-time health monitoring feeding to a Consul UI and Kubernetes
+- Heal_- failed ONAP containers are recreated automatically
+- Scale_ - cluster ONAP services to enable seamless scaling
+- Upgrade_ - change-out containers or configuration with little or no service
+ impact
+- Delete_ - cleanup individual containers or entire deployments
+
+.. figure:: oomLogoV2-Deploy.png
+ :align: right
+
+Deploy
+======
+
+The OOM team with assistance from the ONAP project teams, have built a
+comprehensive set of Helm charts, yaml files very similar to TOSCA files, that
+describe the composition of each of the ONAP components and the relationship
+within and between components. Using this model Helm is able to deploy all of
+ONAP with a few simple commands.
+
+Pre-requisites
+--------------
+Your environment must have both the Kubernetes `kubectl` and Helm setup as a
+one time activity.
+
+Install Kubectl
+~~~~~~~~~~~~~~~
+Enter the following to install kubectl (on Ubuntu, there are slight differences
+on other O/Ss), the Kubernetes command line interface used to manage a
+Kubernetes cluster::
+
+ > curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.8.10/bin/linux/amd64/kubectl
+ > chmod +x ./kubectl
+ > sudo mv ./kubectl /usr/local/bin/kubectl
+ > mkdir ~/.kube
+
+Paste kubectl config from Rancher (see the :ref:`cloud-setup-guide-label` for
+alternative Kubernetes environment setups) into the `~/.kube/config` file.
+
+Verify that the Kubernetes config is correct::
+
+ > kubectl get pods --all-namespaces
+
+At this point you should see six Kubernetes pods running.
+
+Install Helm
+~~~~~~~~~~~~
+Helm is used by OOM for package and configuration management. To install Helm,
+enter the following::
+
+ > wget https://get.helm.sh/helm-v3.3.4-linux-amd64.tar.gz
+ > tar -zxvf helm-v3.3.4-linux-amd64.tar.gz
+ > sudo mv linux-amd64/helm /usr/local/bin/helm
+
+Verify the Helm version with::
+
+ > helm version
+
+Install the Helm Repo
+---------------------
+Once kubectl and Helm are setup, one needs to setup a local Helm server to
+server up the ONAP charts::
+
+ > helm install osn/onap
+
+.. note::
+ The osn repo is not currently available so creation of a local repository is
+ required.
+
+Helm is able to use charts served up from a repository and comes setup with a
+default CNCF provided `Curated applications for Kubernetes`_ repository called
+stable which should be removed to avoid confusion::
+
+ > helm repo remove stable
+
+.. To setup the Open Source Networking Nexus repository for helm enter::
+.. > helm repo add osn 'https://nexus3.onap.org:10001/helm/helm-repo-in-nexus/master/'
+
+To prepare your system for an installation of ONAP, you'll need to::
+
+ > git clone -b guilin --recurse-submodules -j2 http://gerrit.onap.org/r/oom
+ > cd oom/kubernetes
+
+
+To install a local Helm server::
+
+ > curl -LO https://s3.amazonaws.com/chartmuseum/release/latest/bin/linux/amd64/chartmuseum
+ > chmod +x ./chartmuseum
+ > mv ./chartmuseum /usr/local/bin
+
+To setup a local Helm server to server up the ONAP charts::
+
+ > mkdir -p ~/helm3-storage
+ > chartmuseum --storage local --storage-local-rootdir ~/helm3-storage -port 8879 &
+
+Note the port number that is listed and use it in the Helm repo add as
+follows::
+
+ > helm repo add local http://127.0.0.1:8879
+
+To get a list of all of the available Helm chart repositories::
+
+ > helm repo list
+ NAME URL
+ local http://127.0.0.1:8879
+
+Then build your local Helm repository::
+
+ > make SKIP_LINT=TRUE [HELM_BIN=<HELM_PATH>] all
+
+`HELM_BIN`
+ Sets the helm binary to be used. The default value use helm from PATH
+
+The Helm search command reads through all of the repositories configured on the
+system, and looks for matches::
+
+ > helm search -l
+ NAME VERSION DESCRIPTION
+ local/appc 2.0.0 Application Controller
+ local/clamp 2.0.0 ONAP Clamp
+ local/common 2.0.0 Common templates for inclusion in other charts
+ local/onap 2.0.0 Open Network Automation Platform (ONAP)
+ local/robot 2.0.0 A helm Chart for kubernetes-ONAP Robot
+ local/so 2.0.0 ONAP Service Orchestrator
+
+In any case, setup of the Helm repository is a one time activity.
+
+Next, install Helm Plugins required to deploy the ONAP Casablanca release::
+
+ > cp -R ~/oom/kubernetes/helm/plugins/ ~/.local/share/helm/plugins
+
+Once the repo is setup, installation of ONAP can be done with a single
+command::
+
+ > helm deploy development local/onap --namespace onap
+
+This will install ONAP from a local repository in a 'development' Helm release.
+As described below, to override the default configuration values provided by
+OOM, an environment file can be provided on the command line as follows::
+
+ > helm deploy development local/onap --namespace onap -f overrides.yaml
+
+To get a summary of the status of all of the pods (containers) running in your
+deployment::
+
+ > kubectl get pods --all-namespaces -o=wide
+
+.. note::
+ The Kubernetes namespace concept allows for multiple instances of a component
+ (such as all of ONAP) to co-exist with other components in the same
+ Kubernetes cluster by isolating them entirely. Namespaces share only the
+ hosts that form the cluster thus providing isolation between production and
+ development systems as an example. The OOM deployment of ONAP in Beijing is
+ now done within a single Kubernetes namespace where in Amsterdam a namespace
+ was created for each of the ONAP components.
+
+.. note::
+ The Helm `--name` option refers to a release name and not a Kubernetes namespace.
+
+
+To install a specific version of a single ONAP component (`so` in this example)
+with the given release name enter::
+
+ > helm deploy so onap/so --version 3.0.1
+
+To display details of a specific resource or group of resources type::
+
+ > kubectl describe pod so-1071802958-6twbl
+
+where the pod identifier refers to the auto-generated pod identifier.
+
+.. figure:: oomLogoV2-Configure.png
+ :align: right
+
+Configure
+=========
+
+Each project within ONAP has its own configuration data generally consisting
+of: environment variables, configuration files, and database initial values.
+Many technologies are used across the projects resulting in significant
+operational complexity and an inability to apply global parameters across the
+entire ONAP deployment. OOM solves this problem by introducing a common
+configuration technology, Helm charts, that provide a hierarchical
+configuration with the ability to override values with higher
+level charts or command line options.
+
+The structure of the configuration of ONAP is shown in the following diagram.
+Note that key/value pairs of a parent will always take precedence over those
+of a child. Also note that values set on the command line have the highest
+precedence of all.
+
+.. graphviz::
+
+ digraph config {
+ {
+ node [shape=folder]
+ oValues [label="values.yaml"]
+ demo [label="onap-demo.yaml"]
+ prod [label="onap-production.yaml"]
+ oReq [label="requirements.yaml"]
+ soValues [label="values.yaml"]
+ soReq [label="requirements.yaml"]
+ mdValues [label="values.yaml"]
+ }
+ {
+ oResources [label="resources"]
+ }
+ onap -> oResources
+ onap -> oValues
+ oResources -> environments
+ oResources -> oReq
+ oReq -> so
+ environments -> demo
+ environments -> prod
+ so -> soValues
+ so -> soReq
+ so -> charts
+ charts -> mariadb
+ mariadb -> mdValues
+
+ }
+
+The top level onap/values.yaml file contains the values required to be set
+before deploying ONAP. Here is the contents of this file:
+
+.. include:: ../kubernetes/onap/values.yaml
+ :code: yaml
+
+One may wish to create a value file that is specific to a given deployment such
+that it can be differentiated from other deployments. For example, a
+onap-development.yaml file may create a minimal environment for development
+while onap-production.yaml might describe a production deployment that operates
+independently of the developer version.
+
+For example, if the production OpenStack instance was different from a
+developer's instance, the onap-production.yaml file may contain a different
+value for the vnfDeployment/openstack/oam_network_cidr key as shown below.
+
+.. code-block:: yaml
+
+ nsPrefix: onap
+ nodePortPrefix: 302
+ apps: consul msb mso message-router sdnc vid robot portal policy appc aai
+ sdc dcaegen2 log cli multicloud clamp vnfsdk aaf kube2msb
+ dataRootDir: /dockerdata-nfs
+
+ # docker repositories
+ repository:
+ onap: nexus3.onap.org:10001
+ oom: oomk8s
+ aai: aaionap
+ filebeat: docker.elastic.co
+
+ image:
+ pullPolicy: Never
+
+ # vnf deployment environment
+ vnfDeployment:
+ openstack:
+ ubuntu_14_image: "Ubuntu_14.04.5_LTS"
+ public_net_id: "e8f51956-00dd-4425-af36-045716781ffc"
+ oam_network_id: "d4769dfb-c9e4-4f72-b3d6-1d18f4ac4ee6"
+ oam_subnet_id: "191f7580-acf6-4c2b-8ec0-ba7d99b3bc4e"
+ oam_network_cidr: "192.168.30.0/24"
+ <...>
+
+
+To deploy ONAP with this environment file, enter::
+
+ > helm deploy local/onap -n onap -f environments/onap-production.yaml
+
+.. include:: environments_onap_demo.yaml
+ :code: yaml
+
+When deploying all of ONAP a requirements.yaml file control which and what
+version of the ONAP components are included. Here is an excerpt of this
+file:
+
+.. code-block:: yaml
+
+ # Referencing a named repo called 'local'.
+ # Can add this repo by running commands like:
+ # > helm serve
+ # > helm repo add local http://127.0.0.1:8879
+ dependencies:
+ <...>
+ - name: so
+ version: ~2.0.0
+ repository: '@local'
+ condition: so.enabled
+ <...>
+
+The ~ operator in the `so` version value indicates that the latest "2.X.X"
+version of `so` shall be used thus allowing the chart to allow for minor
+upgrades that don't impact the so API; hence, version 2.0.1 will be installed
+in this case.
+
+The onap/resources/environment/onap-dev.yaml (see the excerpt below) enables
+for fine grained control on what components are included as part of this
+deployment. By changing this `so` line to `enabled: false` the `so` component
+will not be deployed. If this change is part of an upgrade the existing `so`
+component will be shut down. Other `so` parameters and even `so` child values
+can be modified, for example the `so`'s `liveness` probe could be disabled
+(which is not recommended as this change would disable auto-healing of `so`).
+
+.. code-block:: yaml
+
+ #################################################################
+ # Global configuration overrides.
+ #
+ # These overrides will affect all helm charts (ie. applications)
+ # that are listed below and are 'enabled'.
+ #################################################################
+ global:
+ <...>
+
+ #################################################################
+ # Enable/disable and configure helm charts (ie. applications)
+ # to customize the ONAP deployment.
+ #################################################################
+ aaf:
+ enabled: false
+ <...>
+ so: # Service Orchestrator
+ enabled: true
+
+ replicaCount: 1
+
+ liveness:
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+ <...>
+
+Accessing the ONAP Portal using OOM and a Kubernetes Cluster
+------------------------------------------------------------
+
+The ONAP deployment created by OOM operates in a private IP network that isn't
+publicly accessible (i.e. OpenStack VMs with private internal network) which
+blocks access to the ONAP Portal. To enable direct access to this Portal from a
+user's own environment (a laptop etc.) the portal application's port 8989 is
+exposed through a `Kubernetes LoadBalancer`_ object.
+
+Typically, to be able to access the Kubernetes nodes publicly a public address
+is assigned. In OpenStack this is a floating IP address.
+
+When the `portal-app` chart is deployed a Kubernetes service is created that
+instantiates a load balancer. The LB chooses the private interface of one of
+the nodes as in the example below (10.0.0.4 is private to the K8s cluster only).
+Then to be able to access the portal on port 8989 from outside the K8s &
+OpenStack environment, the user needs to assign/get the floating IP address that
+corresponds to the private IP as follows::
+
+ > kubectl -n onap get services|grep "portal-app"
+ portal-app LoadBalancer 10.43.142.201 10.0.0.4 8989:30215/TCP,8006:30213/TCP,8010:30214/TCP 1d app=portal-app,release=dev
+
+
+In this example, use the 10.0.0.4 private address as a key find the
+corresponding public address which in this example is 10.12.6.155. If you're
+using OpenStack you'll do the lookup with the horizon GUI or the OpenStack CLI
+for your tenant (openstack server list). That IP is then used in your
+`/etc/hosts` to map the fixed DNS aliases required by the ONAP Portal as shown
+below::
+
+ 10.12.6.155 portal.api.simpledemo.onap.org
+ 10.12.6.155 vid.api.simpledemo.onap.org
+ 10.12.6.155 sdc.api.fe.simpledemo.onap.org
+ 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
+ 10.12.6.155 sdc.dcae.plugin.simpledemo.onap.org
+ 10.12.6.155 portal-sdk.simpledemo.onap.org
+ 10.12.6.155 policy.api.simpledemo.onap.org
+ 10.12.6.155 aai.api.sparky.simpledemo.onap.org
+ 10.12.6.155 cli.api.simpledemo.onap.org
+ 10.12.6.155 msb.api.discovery.simpledemo.onap.org
+ 10.12.6.155 msb.api.simpledemo.onap.org
+ 10.12.6.155 clamp.api.simpledemo.onap.org
+ 10.12.6.155 so.api.simpledemo.onap.org
+ 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
+
+Ensure you've disabled any proxy settings the browser you are using to access
+the portal and then simply access now the new ssl-encrypted URL:
+https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm
+
+.. note::
+ Using the HTTPS based Portal URL the Browser needs to be configured to accept
+ unsecure credentials.
+ Additionally when opening an Application inside the Portal, the Browser
+ might block the content, which requires to disable the blocking and reloading
+ of the page
+
+.. note::
+ Besides the ONAP Portal the Components can deliver additional user interfaces,
+ please check the Component specific documentation.
+
+.. note::
+
+ | Alternatives Considered:
+
+ - Kubernetes port forwarding was considered but discarded as it would require
+ the end user to run a script that opens up port forwarding tunnels to each of
+ the pods that provides a portal application widget.
+
+ - Reverting to a VNC server similar to what was deployed in the Amsterdam
+ release was also considered but there were many issues with resolution, lack
+ of volume mount, /etc/hosts dynamic update, file upload that were a tall order
+ to solve in time for the Beijing release.
+
+ Observations:
+
+ - If you are not using floating IPs in your Kubernetes deployment and directly attaching
+ a public IP address (i.e. by using your public provider network) to your K8S Node
+ VMs' network interface, then the output of 'kubectl -n onap get services | grep "portal-app"'
+ will show your public IP instead of the private network's IP. Therefore,
+ you can grab this public IP directly (as compared to trying to find the floating
+ IP first) and map this IP in /etc/hosts.
+
+.. figure:: oomLogoV2-Monitor.png
+ :align: right
+
+Monitor
+=======
+
+All highly available systems include at least one facility to monitor the
+health of components within the system. Such health monitors are often used as
+inputs to distributed coordination systems (such as etcd, Zookeeper, or Consul)
+and monitoring systems (such as Nagios or Zabbix). OOM provides two mechanisms
+to monitor the real-time health of an ONAP deployment:
+
+- a Consul GUI for a human operator or downstream monitoring systems and
+ Kubernetes liveness probes that enable automatic healing of failed
+ containers, and
+- a set of liveness probes which feed into the Kubernetes manager which
+ are described in the Heal section.
+
+Within ONAP, Consul is the monitoring system of choice and deployed by OOM in
+two parts:
+
+- a three-way, centralized Consul server cluster is deployed as a highly
+ available monitor of all of the ONAP components, and
+- a number of Consul agents.
+
+The Consul server provides a user interface that allows a user to graphically
+view the current health status of all of the ONAP components for which agents
+have been created - a sample from the ONAP Integration labs follows:
+
+.. figure:: consulHealth.png
+ :align: center
+
+To see the real-time health of a deployment go to: http://<kubernetes IP>:30270/ui/
+where a GUI much like the following will be found:
+
+
+.. figure:: oomLogoV2-Heal.png
+ :align: right
+
+Heal
+====
+
+The ONAP deployment is defined by Helm charts as mentioned earlier. These Helm
+charts are also used to implement automatic recoverability of ONAP components
+when individual components fail. Once ONAP is deployed, a "liveness" probe
+starts checking the health of the components after a specified startup time.
+
+Should a liveness probe indicate a failed container it will be terminated and a
+replacement will be started in its place - containers are ephemeral. Should the
+deployment specification indicate that there are one or more dependencies to
+this container or component (for example a dependency on a database) the
+dependency will be satisfied before the replacement container/component is
+started. This mechanism ensures that, after a failure, all of the ONAP
+components restart successfully.
+
+To test healing, the following command can be used to delete a pod::
+
+ > kubectl delete pod [pod name] -n [pod namespace]
+
+One could then use the following command to monitor the pods and observe the
+pod being terminated and the service being automatically healed with the
+creation of a replacement pod::
+
+ > kubectl get pods --all-namespaces -o=wide
+
+.. figure:: oomLogoV2-Scale.png
+ :align: right
+
+Scale
+=====
+
+Many of the ONAP components are horizontally scalable which allows them to
+adapt to expected offered load. During the Beijing release scaling is static,
+that is during deployment or upgrade a cluster size is defined and this cluster
+will be maintained even in the presence of faults. The parameter that controls
+the cluster size of a given component is found in the values.yaml file for that
+component. Here is an excerpt that shows this parameter:
+
+.. code-block:: yaml
+
+ # default number of instances
+ replicaCount: 1
+
+In order to change the size of a cluster, an operator could use a helm upgrade
+(described in detail in the next section) as follows::
+
+ > helm upgrade --set replicaCount=3 onap/so/mariadb
+
+The ONAP components use Kubernetes provided facilities to build clustered,
+highly available systems including: Services_ with load-balancers, ReplicaSet_,
+and StatefulSet_. Some of the open-source projects used by the ONAP components
+directly support clustered configurations, for example ODL and MariaDB Galera.
+
+The Kubernetes Services_ abstraction to provide a consistent access point for
+each of the ONAP components, independent of the pod or container architecture
+of that component. For example, SDN-C uses OpenDaylight clustering with a
+default cluster size of three but uses a Kubernetes service to and change the
+number of pods in this abstract this cluster from the other ONAP components
+such that the cluster could change size and this change is isolated from the
+other ONAP components by the load-balancer implemented in the ODL service
+abstraction.
+
+A ReplicaSet_ is a construct that is used to describe the desired state of the
+cluster. For example 'replicas: 3' indicates to Kubernetes that a cluster of 3
+instances is the desired state. Should one of the members of the cluster fail,
+a new member will be automatically started to replace it.
+
+Some of the ONAP components many need a more deterministic deployment; for
+example to enable intra-cluster communication. For these applications the
+component can be deployed as a Kubernetes StatefulSet_ which will maintain a
+persistent identifier for the pods and thus a stable network id for the pods.
+For example: the pod names might be web-0, web-1, web-{N-1} for N 'web' pods
+with corresponding DNS entries such that intra service communication is simple
+even if the pods are physically distributed across multiple nodes. An example
+of how these capabilities can be used is described in the Running Consul on
+Kubernetes tutorial.
+
+.. figure:: oomLogoV2-Upgrade.png
+ :align: right
+
+Upgrade
+=======
+
+Helm has built-in capabilities to enable the upgrade of pods without causing a
+loss of the service being provided by that pod or pods (if configured as a
+cluster). As described in the OOM Developer's Guide, ONAP components provide
+an abstracted 'service' end point with the pods or containers providing this
+service hidden from other ONAP components by a load balancer. This capability
+is used during upgrades to allow a pod with a new image to be added to the
+service before removing the pod with the old image. This 'make before break'
+capability ensures minimal downtime.
+
+Prior to doing an upgrade, determine of the status of the deployed charts::
+
+ > helm list
+ NAME REVISION UPDATED STATUS CHART NAMESPACE
+ so 1 Mon Feb 5 10:05:22 2018 DEPLOYED so-2.0.1 default
+
+When upgrading a cluster a parameter controls the minimum size of the cluster
+during the upgrade while another parameter controls the maximum number of nodes
+in the cluster. For example, SNDC configured as a 3-way ODL cluster might
+require that during the upgrade no fewer than 2 pods are available at all times
+to provide service while no more than 5 pods are ever deployed across the two
+versions at any one time to avoid depleting the cluster of resources. In this
+scenario, the SDNC cluster would start with 3 old pods then Kubernetes may add
+a new pod (3 old, 1 new), delete one old (2 old, 1 new), add two new pods (2
+old, 3 new) and finally delete the 2 old pods (3 new). During this sequence
+the constraints of the minimum of two pods and maximum of five would be
+maintained while providing service the whole time.
+
+Initiation of an upgrade is triggered by changes in the Helm charts. For
+example, if the image specified for one of the pods in the SDNC deployment
+specification were to change (i.e. point to a new Docker image in the nexus3
+repository - commonly through the change of a deployment variable), the
+sequence of events described in the previous paragraph would be initiated.
+
+For example, to upgrade a container by changing configuration, specifically an
+environment value::
+
+ > helm deploy onap onap/so --version 2.0.1 --set enableDebug=true
+
+Issuing this command will result in the appropriate container being stopped by
+Kubernetes and replaced with a new container with the new environment value.
+
+To upgrade a component to a new version with a new configuration file enter::
+
+ > helm deploy onap onap/so --version 2.0.2 -f environments/demo.yaml
+
+To fetch release history enter::
+
+ > helm history so
+ REVISION UPDATED STATUS CHART DESCRIPTION
+ 1 Mon Feb 5 10:05:22 2018 SUPERSEDED so-2.0.1 Install complete
+ 2 Mon Feb 5 10:10:55 2018 DEPLOYED so-2.0.2 Upgrade complete
+
+Unfortunately, not all upgrades are successful. In recognition of this the
+lineup of pods within an ONAP deployment is tagged such that an administrator
+may force the ONAP deployment back to the previously tagged configuration or to
+a specific configuration, say to jump back two steps if an incompatibility
+between two ONAP components is discovered after the two individual upgrades
+succeeded.
+
+This rollback functionality gives the administrator confidence that in the
+unfortunate circumstance of a failed upgrade the system can be rapidly brought
+back to a known good state. This process of rolling upgrades while under
+service is illustrated in this short YouTube video showing a Zero Downtime
+Upgrade of a web application while under a 10 million transaction per second
+load.
+
+For example, to roll-back back to previous system revision enter::
+
+ > helm rollback so 1
+
+ > helm history so
+ REVISION UPDATED STATUS CHART DESCRIPTION
+ 1 Mon Feb 5 10:05:22 2018 SUPERSEDED so-2.0.1 Install complete
+ 2 Mon Feb 5 10:10:55 2018 SUPERSEDED so-2.0.2 Upgrade complete
+ 3 Mon Feb 5 10:14:32 2018 DEPLOYED so-2.0.1 Rollback to 1
+
+.. note::
+
+ The description field can be overridden to document actions taken or include
+ tracking numbers.
+
+Many of the ONAP components contain their own databases which are used to
+record configuration or state information. The schemas of these databases may
+change from version to version in such a way that data stored within the
+database needs to be migrated between versions. If such a migration script is
+available it can be invoked during the upgrade (or rollback) by Container
+Lifecycle Hooks. Two such hooks are available, PostStart and PreStop, which
+containers can access by registering a handler against one or both. Note that
+it is the responsibility of the ONAP component owners to implement the hook
+handlers - which could be a shell script or a call to a specific container HTTP
+endpoint - following the guidelines listed on the Kubernetes site. Lifecycle
+hooks are not restricted to database migration or even upgrades but can be used
+anywhere specific operations need to be taken during lifecycle operations.
+
+OOM uses Helm K8S package manager to deploy ONAP components. Each component is
+arranged in a packaging format called a chart - a collection of files that
+describe a set of k8s resources. Helm allows for rolling upgrades of the ONAP
+component deployed. To upgrade a component Helm release you will need an
+updated Helm chart. The chart might have modified, deleted or added values,
+deployment yamls, and more. To get the release name use::
+
+ > helm ls
+
+To easily upgrade the release use::
+
+ > helm upgrade [RELEASE] [CHART]
+
+To roll back to a previous release version use::
+
+ > helm rollback [flags] [RELEASE] [REVISION]
+
+For example, to upgrade the onap-so helm release to the latest SO container
+release v1.1.2:
+
+- Edit so values.yaml which is part of the chart
+- Change "so: nexus3.onap.org:10001/openecomp/so:v1.1.1" to
+ "so: nexus3.onap.org:10001/openecomp/so:v1.1.2"
+- From the chart location run::
+
+ > helm upgrade onap-so
+
+The previous so pod will be terminated and a new so pod with an updated so
+container will be created.
+
+.. figure:: oomLogoV2-Delete.png
+ :align: right
+
+Delete
+======
+
+Existing deployments can be partially or fully removed once they are no longer
+needed. To minimize errors it is recommended that before deleting components
+from a running deployment the operator perform a 'dry-run' to display exactly
+what will happen with a given command prior to actually deleting anything. For
+example::
+
+ > helm undeploy onap --dry-run
+
+will display the outcome of deleting the 'onap' release from the
+deployment.
+To completely delete a release and remove it from the internal store enter::
+
+ > helm undeploy onap
+
+One can also remove individual components from a deployment by changing the
+ONAP configuration values. For example, to remove `so` from a running
+deployment enter::
+
+ > helm undeploy onap-so
+
+will remove `so` as the configuration indicates it's no longer part of the
+deployment. This might be useful if a one wanted to replace just `so` by
+installing a custom version.
diff --git a/docs/release-notes-amsterdam.rst b/docs/release-notes-amsterdam.rst
index 79d2e302f4..6fc229696c 100644
--- a/docs/release-notes-amsterdam.rst
+++ b/docs/release-notes-amsterdam.rst
@@ -5,6 +5,8 @@
.. reserved.
.. _release_notes_amsterdam:
+:orphan:
+
ONAP Operations Manager Release Notes
=====================================
diff --git a/docs/release-notes-beijing.rst b/docs/release-notes-beijing.rst
index 1af7c58dc7..1172a086d2 100644
--- a/docs/release-notes-beijing.rst
+++ b/docs/release-notes-beijing.rst
@@ -5,6 +5,8 @@
.. reserved.
.. _release_notes_beijing:
+:orphan:
+
ONAP Operations Manager Release Notes
=====================================
diff --git a/docs/release-notes-casablanca.rst b/docs/release-notes-casablanca.rst
index f983c59c9d..6a6a196b6b 100644
--- a/docs/release-notes-casablanca.rst
+++ b/docs/release-notes-casablanca.rst
@@ -5,6 +5,8 @@
.. reserved.
.. _release_notes_casablanca:
+:orphan:
+
ONAP Operations Manager Release Notes
=====================================
diff --git a/docs/release-notes-dublin.rst b/docs/release-notes-dublin.rst
index e948af5ebb..1974756ea3 100644
--- a/docs/release-notes-dublin.rst
+++ b/docs/release-notes-dublin.rst
@@ -5,6 +5,8 @@
.. reserved.
.. _release_notes_dublin:
+:orphan:
+
ONAP Operations Manager Release Notes
=====================================
diff --git a/docs/release-notes-elalto.rst b/docs/release-notes-elalto.rst
index 435889ef32..bbbf271a5f 100644
--- a/docs/release-notes-elalto.rst
+++ b/docs/release-notes-elalto.rst
@@ -5,6 +5,8 @@
.. reserved.
.. _release_notes_elalto:
+:orphan:
+
ONAP Operations Manager Release Notes
=====================================
diff --git a/docs/release-notes-frankfurt.rst b/docs/release-notes-frankfurt.rst
index da3ae2a956..7bd4474487 100644
--- a/docs/release-notes-frankfurt.rst
+++ b/docs/release-notes-frankfurt.rst
@@ -4,6 +4,8 @@
.. (c) ONAP Project and its contributors
.. _release_notes_frankfurt:
+:orphan:
+
*************************************
ONAP Operations Manager Release Notes
*************************************
diff --git a/kubernetes/.gitignore b/kubernetes/.gitignore
new file mode 100644
index 0000000000..bc3a4f1ee0
--- /dev/null
+++ b/kubernetes/.gitignore
@@ -0,0 +1 @@
+chartstorage/
diff --git a/kubernetes/Makefile b/kubernetes/Makefile
index 08b028afe1..81d35c5feb 100644
--- a/kubernetes/Makefile
+++ b/kubernetes/Makefile
@@ -32,7 +32,7 @@ else
HELM_LINT_CMD := echo "Skipping linting of"
endif
-SUBMODS := robot aai
+SUBMODS := robot
EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae $(SUBMODS)
HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PARENT_CHART)
diff --git a/kubernetes/aai b/kubernetes/aai
deleted file mode 160000
-Subproject 18d4bd165e12cb4d03baa318e506f0dda381cd8
diff --git a/kubernetes/common/music/charts/music/Chart.yaml b/kubernetes/aai/Chart.yaml
index 105f447bd3..41e4039464 100644
--- a/kubernetes/common/music/charts/music/Chart.yaml
+++ b/kubernetes/aai/Chart.yaml
@@ -1,4 +1,5 @@
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,6 +14,6 @@
# limitations under the License.
apiVersion: v1
-description: MUSIC api as a Service API Spring boot container.
-name: music
+description: ONAP Active and Available Inventory
+name: aai
version: 7.0.0
diff --git a/kubernetes/aai/components/aai-babel/.helmignore b/kubernetes/aai/components/aai-babel/.helmignore
new file mode 100644
index 0000000000..daebc7da77
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/aai/components/aai-babel/Chart.yaml b/kubernetes/aai/components/aai-babel/Chart.yaml
new file mode 100644
index 0000000000..1fcad3077e
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Babel microservice
+name: aai-babel
+version: 7.0.0
diff --git a/kubernetes/aai/components/aai-babel/requirements.yaml b/kubernetes/aai/components/aai-babel/requirements.yaml
new file mode 100644
index 0000000000..193ad2dca0
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/requirements.yaml
@@ -0,0 +1,22 @@
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~7.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-babel/resources/config/artifact-generator.properties b/kubernetes/aai/components/aai-babel/resources/config/artifact-generator.properties
new file mode 100644
index 0000000000..e246b00c2e
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/config/artifact-generator.properties
@@ -0,0 +1,285 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+#action widget details
+AAI.model-version-id.action=fd7fb09e-d930-41b9-b83f-cfde9df48640
+AAI.model-invariant-id.action=af593b4b-490e-4665-ad74-2f6351c0a7ce
+#action-data widget details
+AAI.model-invariant-id.action-data=9551346c-7d8b-4daf-9926-b93e96e2344a
+AAI.model-version-id.action-data=2f80c596-27e5-4ca9-b5bb-e03a7fd4c0fd
+#allotted-resource widget details
+AAI.model-invariant-id.allotted-resource=f6d6a23d-a1a9-48ff-8419-b6530da2d381
+AAI.model-version-id.allotted-resource=7ad0915f-25c0-4a70-b9bc-185a75f87564
+#availability-zone widget details
+AAI.model-version-id.availability-zone=6c092fb1-21b2-456b-9e01-67fb4de1896e
+AAI.model-invariant-id.availability-zone=61b88c01-d819-41c0-8e21-7fd7ba47148e
+#az-and-dvs-switches widget details
+AAI.model-version-id.az-and-dvs-switches=b2dea88d-78a0-49bf-95c9-5819df08e966
+AAI.model-invariant-id.az-and-dvs-switches=53dc00d4-e6d9-48ec-b6cc-3d3797e9b896
+#class-of-service widget details
+AAI.model-version-id.class-of-service=d2fb27cc-15eb-4c4e-828e-71d41aaecc5b
+AAI.model-invariant-id.class-of-service=18094b19-d16d-4822-8acf-e92c6aefa178
+#cloud-region widget details
+AAI.model-version-id.cloud-region=2a160989-b202-47dd-874b-4a0f275998f7
+AAI.model-invariant-id.cloud-region=425b2158-e51d-4509-9945-dad4556474a3
+#complex widget details
+AAI.model-invariant-id.complex=af91c2f7-35fc-43cf-a13d-443f385b2353
+AAI.model-version-id.complex=3a8ab1ee-9220-4fe8-b89c-9251d160ddc2
+#configuration widget details
+AAI.model-invariant-id.configuration=166c050d-f69d-4305-943e-0bc58c3a26cf
+AAI.model-version-id.configuration=5a175add-57e4-4a5d-8b02-c36f1d69c52b
+#connector widget details
+AAI.model-version-id.connector=22104c9f-29fd-462f-be07-96cd6b46dd33
+AAI.model-invariant-id.connector=4c01c948-7607-4d66-8a6c-99c2c2717936
+#constrained-element-set widget details
+AAI.model-invariant-id.constrained-element-set=c0292b4f-ee97-40cc-8c2e-f967c48f5701
+AAI.model-version-id.constrained-element-set=01102126-9c04-4a89-945b-b131e61e95d7
+#ctag-assignment widget details
+AAI.model-version-id.ctag-assignment=44e5cb1f-0938-41aa-b766-d4595109fe89
+AAI.model-invariant-id.ctag-assignment=fcb8d46b-b656-4ad6-8fa4-22cef74b443f
+#ctag-pool widget details
+AAI.model-invariant-id.ctag-pool=46c51d4e-d67e-4a9c-b1f5-49b1e9c6fcaa
+AAI.model-version-id.ctag-pool=2056c41f-23b9-4de7-9f50-819adad37d76
+#customer widget details
+AAI.model-invariant-id.customer=c1d4305f-cdbd-4bbe-9069-a2f4978fd89e
+AAI.model-version-id.customer=d4df5c27-98a1-4812-a8aa-c17f055b7a3f
+#cvlan-tag-entry widget details
+AAI.model-version-id.cvlan-tag-entry=c3878ffb-8d85-4114-bee6-e4074a9db10b
+AAI.model-invariant-id.cvlan-tag-entry=245cf4b0-7cc5-4eea-bbd9-753e939adcab
+#dvs-switch widget details
+AAI.model-invariant-id.dvs-switch=98fbb471-1f86-428e-bd8a-c8a25de6fa23
+AAI.model-version-id.dvs-switch=4cb44ae8-e3ab-452a-9f95-bcc8a44c55ea
+#edge-prop-names widget details
+AAI.model-invariant-id.edge-prop-names=7a08cad4-8759-46a5-8245-095d1ba57ac6
+AAI.model-version-id.edge-prop-names=f0442326-8201-4d0e-857c-74b4ddcbfc9f
+#element-choice-set widget details
+AAI.model-invariant-id.element-choice-set=9a011958-7165-47a3-b872-00951d1f09ae
+AAI.model-version-id.element-choice-set=af27fbfd-598d-44da-aeae-0f9d3a5fcd6a
+#entitlement widget details
+AAI.model-version-id.entitlement=7e27ba2e-b7db-4e13-9fae-d142152ef98a
+AAI.model-invariant-id.entitlement=ae75b5a0-d5e1-4f3a-b8fb-37626a753da3
+#flavor widget details
+AAI.model-invariant-id.flavor=bace8d1c-a261-4041-9e37-823117415d0f
+AAI.model-version-id.flavor=36200fb5-f251-4f5d-a520-7c5ad5c2cd4b
+#generic-vnf widget details
+AAI.model-version-id.generic-vnf=93a6166f-b3d5-4f06-b4ba-aed48d009ad9
+AAI.model-invariant-id.generic-vnf=acc6edd8-a8d4-4b93-afaa-0994068be14c
+#group-assignment widget details
+AAI.model-invariant-id.group-assignment=7cc05f25-7ba2-42b7-a237-c5662a1689e1
+AAI.model-version-id.group-assignment=fe578080-ce19-4604-8760-fc264fbb2565
+#image widget details
+AAI.model-version-id.image=f6a038c2-820c-42ba-8c2b-375e24e8f932
+AAI.model-invariant-id.image=3f4c7204-739b-4bbb-87a7-8a6856439c90
+#include-node-filter widget details
+AAI.model-invariant-id.include-node-filter=2a2d8ad2-af0a-4e1f-9982-0c899e7dc827
+AAI.model-version-id.include-node-filter=f05f804d-7057-4ffe-bdc5-39f2f0c9c9fd
+#instance-group widget details
+AAI.model-version-id.instance-group=8e6ee9dc-9017-444a-83b3-219edb018128
+AAI.model-invariant-id.instance-group=3bf1e610-45f7-4ad6-b833-ca4c5ee6a3fd
+#inventory-item widget details
+AAI.model-invariant-id.inventory-item=cd57d844-9017-4078-aa19-926935a3d77c
+AAI.model-version-id.inventory-item=69957f4a-2155-4b95-8d72-d6dd9b88b27b
+#inventory-item-data widget details
+AAI.model-version-id.inventory-item-data=0e54bb87-bd6e-4a2b-ad1c-6d935b87ae51
+AAI.model-invariant-id.inventory-item-data=87a383ae-cf03-432e-a9de-04e6a622d0fd
+#ipsec-configuration widget details
+AAI.model-invariant-id.ipsec-configuration=aca4c310-cb45-42bd-9f88-73e40ba7b962
+AAI.model-version-id.ipsec-configuration=d949fd10-36bf-408a-ac7a-cad5004d2e0d
+#key-data widget details
+AAI.model-version-id.key-data=c23ea04d-1a3b-453d-bc49-a6c783a5e92b
+AAI.model-invariant-id.key-data=f5faa464-c2f2-4cc3-89d2-a90452dc3a07
+#l3-interface-ipv4-address-list widget details
+AAI.model-version-id.l3-interface-ipv4-address-list=41e76b6f-1e06-4fd4-82cd-81c50fc4574b
+AAI.model-invariant-id.l3-interface-ipv4-address-list=aad85df2-09be-40fa-b867-16415e4e10e2
+#l3-interface-ipv6-address-list widget details
+AAI.model-invariant-id.l3-interface-ipv6-address-list=82966045-43ee-4982-8307-7e9610866140
+AAI.model-version-id.l3-interface-ipv6-address-list=d040621d-541a-477b-bb1b-a2b61b14e295
+#l3-network widget details
+AAI.model-version-id.l3-network=9111f20f-e680-4001-b83f-19a2fc23bfc1
+AAI.model-invariant-id.l3-network=3d560d81-57d0-438b-a2a1-5334dba0651a
+#lag-interface widget details
+AAI.model-version-id.lag-interface=ce95f7c3-b61b-4758-ae9e-7e943b1c103d
+AAI.model-invariant-id.lag-interface=e0ee9bde-c1fc-4651-a95d-8e0597bf7d70
+#lag-link widget details
+AAI.model-version-id.lag-link=d29a087a-af59-4053-a3f8-0f95a92faa75
+AAI.model-invariant-id.lag-link=86ffe6e5-4d0e-4cec-80b5-5c38aa3eff98
+#license widget details
+AAI.model-invariant-id.license=b9a9b337-1f86-42d3-b9f9-f987a089507c
+AAI.model-version-id.license=6889274b-a1dc-40ab-9090-93677e13e2e6
+#license-key-resource widget details
+AAI.model-invariant-id.license-key-resource=9022ebfe-b54f-4911-a6b2-8c3f5ec189b7
+AAI.model-version-id.license-key-resource=24b25f8c-b8bd-4c62-9421-87c12667aac9
+#l-interface widget details
+AAI.model-version-id.l-interface=a32613fd-18b9-459e-aab8-fffb3912966a
+AAI.model-invariant-id.l-interface=cea0a982-8d55-4093-921e-418fbccf7060
+#logical-link widget details
+AAI.model-version-id.logical-link=a1481a38-f8ba-4ae4-bdf1-06c2c6af4c54
+AAI.model-invariant-id.logical-link=fe012535-2c31-4a39-a739-612374c638a0
+#metadatum widget details
+AAI.model-invariant-id.metadatum=86dbb63a-265e-4614-993f-6771c30b56a5
+AAI.model-version-id.metadatum=6bae950e-8939-41d3-a6a7-251b03e4c1fc
+#model widget details
+AAI.model-invariant-id.model=06d1418a-5faa-452d-a94b-a2829df5f67b
+AAI.model-version-id.model=1f51c05c-b164-4c27-9c03-5cbb239fd6be
+#model-constraint widget details
+AAI.model-invariant-id.model-constraint=c28966f3-e758-4483-b37b-a90b05d3dd33
+AAI.model-version-id.model-constraint=ad70dd19-f156-4fb5-a865-97b5563b0d37
+#model-element widget details
+AAI.model-invariant-id.model-element=2076e726-3577-477a-a300-7fa65cd4df11
+AAI.model-version-id.model-element=753e813a-ba9e-4a1d-ab34-b2f6dc6eec0c
+#multicast-configuration widget details
+AAI.model-invariant-id.multicast-configuration=ea78c9e3-514d-4a0a-9162-13837fa54c35
+AAI.model-version-id.multicast-configuration=666a06ee-4b57-46df-bacf-908da8f10c3f
+#named-query widget details
+AAI.model-version-id.named-query=5c3b7c33-afa3-4be5-8da7-1a5ac6f99896
+AAI.model-invariant-id.named-query=80b712fd-0ad3-4180-a99c-8c995cf1cc32
+#named-query-element widget details
+AAI.model-version-id.named-query-element=204c641a-3494-48c8-979a-86856f5fd32a
+AAI.model-invariant-id.named-query-element=3c504d40-b847-424c-9d25-4fb7e0a3e994
+#network-policy widget details
+AAI.model-invariant-id.network-policy=6aa05779-94d7-4d8b-9bee-59ef2ab0c246
+AAI.model-version-id.network-policy=a0ccd9dc-7062-4940-9bcc-e91dd28af510
+#network-profile widget details
+AAI.model-version-id.network-profile=01f45471-4240-498c-a9e1-235dc0b8b4a6
+AAI.model-invariant-id.network-profile=2734b44a-b8a2-40f6-957d-6256589e5d00
+#newvce widget details
+AAI.model-version-id.newvce=7c79e11f-a408-4593-aa86-ba948a1236af
+AAI.model-invariant-id.newvce=4b05ec9c-c55d-4987-83ff-e08d6ddb694f
+#oam-network widget details
+AAI.model-invariant-id.oam-network=2851cf01-9c40-4064-87d4-6184a6fcff35
+AAI.model-version-id.oam-network=f4fb34f3-fd6e-4a8f-a3fb-4ab61a343b79
+#physical-link widget details
+AAI.model-invariant-id.physical-link=c822d81f-822f-4304-9623-1025b53da568
+AAI.model-version-id.physical-link=9c523936-95b4-4d7f-9f53-6bdfe0cf2c05
+#p-interface widget details
+AAI.model-invariant-id.p-interface=94043c37-4e73-439c-a790-0fdd697924cd
+AAI.model-version-id.p-interface=d2cdb2d0-fc1f-4a57-a89e-591b1c4e3754
+#pnf widget details
+AAI.model-version-id.pnf=e9f1fa7d-c839-418a-9601-03dc0d2ad687
+AAI.model-invariant-id.pnf=862b25a1-262a-4961-bdaa-cdc55d69785a
+#port-group widget details
+AAI.model-version-id.port-group=03e8bb6b-b48a-46ae-b5d4-e5af577e6844
+AAI.model-invariant-id.port-group=8ce940fb-55d7-4230-9e7f-a56cc2741f77
+#property-constraint widget details
+AAI.model-version-id.property-constraint=81706bbd-981e-4362-ae20-995cbcb2d995
+AAI.model-invariant-id.property-constraint=f4a863c3-6886-470a-a6ae-05723837ea45
+#pserver widget details
+AAI.model-invariant-id.pserver=6d932c8f-463b-4e76-83fb-87acfbaa2e2d
+AAI.model-version-id.pserver=72f0d495-bc27-4653-9e1a-eef76bd34bc9
+#related-lookup widget details
+AAI.model-invariant-id.related-lookup=468f6f5b-2996-41bb-b2a3-7cf9613ebb9b
+AAI.model-version-id.related-lookup=0988bab5-bf4f-4938-a419-ab249867d12a
+#reserved-prop-names widget details
+AAI.model-invariant-id.reserved-prop-names=0c3e0ba3-618c-498d-9127-c8d42b00170f
+AAI.model-version-id.reserved-prop-names=ac49d26d-9163-430e-934a-13b738a04f5c
+#result-data widget details
+AAI.model-version-id.result-data=4e9b50aa-5227-4f6f-b489-62e6bbc03c79
+AAI.model-invariant-id.result-data=ff656f23-6185-406f-9006-4b26834f3e1c
+#route-table-reference widget details
+AAI.model-version-id.route-table-reference=fed7e326-03a7-45ff-a3f2-471470d268c4
+AAI.model-invariant-id.route-table-reference=a8614b63-2636-4c4f-98df-fd448c4241db
+#routing-instance widget details
+AAI.model-invariant-id.routing-instance=1c2ded4f-8b01-4193-829c-966847dfec3e
+AAI.model-version-id.routing-instance=3ccbcbc7-d19e-44d5-a52f-7e18aa8d69fa
+#secondary-filter widget details
+AAI.model-version-id.secondary-filter=1380619d-dd1a-4cec-b755-c6407833e065
+AAI.model-invariant-id.secondary-filter=738ff299-6290-4c00-8998-bd0e96a07b93
+#segmentation-assignment widget details
+AAI.model-invariant-id.segmentation-assignment=6e814aee-46e1-4583-a9d4-0049bfd2b59b
+AAI.model-version-id.segmentation-assignment=c5171ae0-44fb-4c04-b482-d56702241a44
+#service widget details
+AAI.model-version-id.service=ecce2c42-3957-4ae0-9442-54bc6afe27b6
+AAI.model-invariant-id.service=07a3a60b-1b6c-4367-8173-8014386f89e3
+#service-capability widget details
+AAI.model-invariant-id.service-capability=b1a7cc05-d19d-443b-a5d1-733e325c4232
+AAI.model-version-id.service-capability=f9cfec1b-18da-4bba-bd83-4b26cca115cd
+#service-instance widget details
+AAI.model-invariant-id.service-instance=82194af1-3c2c-485a-8f44-420e22a9eaa4
+AAI.model-version-id.service-instance=46b92144-923a-4d20-b85a-3cbd847668a9
+#service-subscription widget details
+AAI.model-invariant-id.service-subscription=2e1a602a-acd8-4f78-94ff-618b802a303b
+AAI.model-version-id.service-subscription=5e68299a-79f2-4bfb-8fbc-2bae877a2459
+#site-pair widget details
+AAI.model-version-id.site-pair=7106bc02-6552-4fc3-8a56-4f3df9034531
+AAI.model-invariant-id.site-pair=db63f3e6-f8d1-484e-8d5e-191600b7914b
+#site-pair-set widget details
+AAI.model-invariant-id.site-pair-set=5d4dae3e-b402-4bfd-909e-ece12ff75d26
+AAI.model-version-id.site-pair-set=a5c6c1bc-dc38-468e-9459-bb08f87247df
+#snapshot widget details
+AAI.model-version-id.snapshot=962a7c8b-687f-4d32-a775-fe098e214bcd
+AAI.model-invariant-id.snapshot=24de00ef-aead-4b52-995b-0adf8d4bd90d
+#sriov-vf widget details
+AAI.model-version-id.sriov-vf=1e8b331f-3d4a-4160-b7aa-f4d5a8916625
+AAI.model-invariant-id.sriov-vf=04b2935f-33c4-40a9-8af0-8b52690042dc
+#start-node-filter widget details
+AAI.model-version-id.start-node-filter=aad96fd3-e75f-42fc-9777-3450c36f1168
+AAI.model-invariant-id.start-node-filter=083093a3-e407-447a-ba5d-7583e4d23e1d
+#subnet widget details
+AAI.model-version-id.subnet=f902a6bc-6be4-4fe5-8458-a6ec0056b374
+AAI.model-invariant-id.subnet=1b2c9ba7-e449-4831-ba15-3073672f5ef2
+#tagged-inventory-item-list widget details
+AAI.model-invariant-id.tagged-inventory-item-list=e78a7eaa-f65d-4919-9c2b-5b258c8c4d7e
+AAI.model-version-id.tagged-inventory-item-list=c246f6e2-e3a1-4697-94c0-5672a7fbbf04
+#tenant widget details
+AAI.model-invariant-id.tenant=97c26c99-6870-44c1-8a07-1d900d3f4ce6
+AAI.model-version-id.tenant=abcc54bc-bb74-49dc-9043-7f7171707545
+#tunnel-xconnect widget details
+AAI.model-invariant-id.tunnel-xconnect=50b9e2fa-005c-4bbe-b651-3251dece4cd8
+AAI.model-version-id.tunnel-xconnect=e7cb4ca8-e1a5-4487-a716-4ae0bcd8aef5
+#update-node-key widget details
+AAI.model-version-id.update-node-key=6004cfa6-eb6d-4062-971f-b1fde6b74aa0
+AAI.model-invariant-id.update-node-key=fe81c801-f65d-408a-b2b7-a729a18f8154
+#vce widget details
+AAI.model-version-id.vce=b6cf54b5-ec45-43e1-be64-97b4e1513333
+AAI.model-invariant-id.vce=bab6dceb-e7e6-4301-a5e0-a7399b48d792
+#vf-module widget details
+AAI.model-invariant-id.vf-module=ef86f9c5-2165-44f3-8fc3-96018b609ea5
+AAI.model-version-id.vf-module=c00563ae-812b-4e62-8330-7c4d0f47088a
+#vig-server widget details
+AAI.model-version-id.vig-server=8e8c22f1-fbdf-48ea-844c-8bdeb44e7b16
+AAI.model-invariant-id.vig-server=bed7c3b7-35d0-4cd9-abde-41b20e68b28e
+#virtual-data-center widget details
+AAI.model-invariant-id.virtual-data-center=5150abcf-0c5f-4593-9afe-a19c48fc4824
+AAI.model-version-id.virtual-data-center=6dd43ced-d789-47af-a759-d3abc14e3ac1
+#vlan widget details
+AAI.model-version-id.vlan=257d88a5-a269-4c35-944f-aca04fbdb791
+AAI.model-invariant-id.vlan=d2b1eaf1-ae59-4116-9ee4-aa0179faa4f8
+#vnfc widget details
+AAI.model-invariant-id.vnfc=96129eb9-f0de-4e05-8af2-73146473f766
+AAI.model-version-id.vnfc=5761e0a7-c6df-4d8a-9ebd-b8f445054dec
+#vnf-image widget details
+AAI.model-invariant-id.vnf-image=f9a628ff-7aa0-40e2-a93d-02d91c950982
+AAI.model-version-id.vnf-image=c4d3e747-ba4a-4b17-9896-94c6f18c19d3
+#volume widget details
+AAI.model-version-id.volume=0fbe2e8f-4d91-4415-a772-88387049b38d
+AAI.model-invariant-id.volume=ddd739b4-2b25-46c4-affc-41a32af5cc42
+#volume-group widget details
+AAI.model-invariant-id.volume-group=fcec1b02-b2d0-4834-aef8-d71be04717dd
+AAI.model-version-id.volume-group=99d44c90-1f61-4418-b9a6-56586bf38c79
+#vpe widget details
+AAI.model-invariant-id.vpe=053ec3a7-5b72-492d-b54d-123805a9b967
+AAI.model-version-id.vpe=203817d3-829c-42d4-942d-2a935478e993
+#vpls-pe widget details
+AAI.model-version-id.vpls-pe=b1566228-6785-4ce1-aea2-053736f80341
+AAI.model-invariant-id.vpls-pe=457ba89b-334c-4fbd-acc4-160ac0e0cdc0
+#vpn-binding widget details
+AAI.model-invariant-id.vpn-binding=9e23b675-db2b-488b-b459-57aa9857baa0
+AAI.model-version-id.vpn-binding=21a146e5-9901-448c-9197-723076770119
+#vserver widget details
+AAI.model-invariant-id.vserver=ff69d4e0-a8e8-4108-bdb0-dd63217e63c7
+AAI.model-version-id.vserver=8ecb2c5d-7176-4317-a255-26274edfdd53
+#collection resource widget details
+AAI.model-invariant-id.cr=8bac3599-9a1c-4b7f-80e5-c1838f744c23
+AAI.model-version-id.cr=3f908abc-3a15-40d0-b674-2a639e52884d
diff --git a/kubernetes/aai/components/aai-babel/resources/config/auth/auth_policy.json b/kubernetes/aai/components/aai-babel/resources/config/auth/auth_policy.json
new file mode 100644
index 0000000000..ff33c17eb0
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/config/auth/auth_policy.json
@@ -0,0 +1,47 @@
+{"roles": [
+ {
+ "name": "admin",
+ "functions": [
+ {
+ "name": "generateArtifacts",
+ "methods": [{"name": "POST"}]
+ }
+ ],
+ "users": [
+ {"username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"}
+ ]
+ },
+ {
+ "name": "ops",
+ "functions": [{
+ "name": "actions",
+ "methods": [{"name": "POST"}]
+ }],
+ "users": [
+ {"username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"}
+ ]
+ },
+ {
+ "name": "readonly",
+ "functions": [
+ {
+ "name": "actions",
+ "methods": [{"name": "GET"}]
+ }
+ ],
+ "users": [
+ {"username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"}
+ ]
+ },
+ {
+ "name": "basicauth",
+ "functions": [{
+ "name": "util",
+ "methods": [{"name": "GET"}]
+ }],
+ "users": [{
+ "user": "aai",
+ "pass": "OBF:deadbeef"
+ }]
+ }
+]}
diff --git a/kubernetes/aai/components/aai-babel/resources/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/config/auth/tomcat_keystore
new file mode 100644
index 0000000000..e1d24d9b4d
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/components/aai-babel/resources/config/babel-auth.properties b/kubernetes/aai/components/aai-babel/resources/config/babel-auth.properties
new file mode 100644
index 0000000000..ef85c23a04
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/config/babel-auth.properties
@@ -0,0 +1,16 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+auth.policy.file=/auth/auth_policy.json
+auth.authentication.disable=true
diff --git a/kubernetes/aai/components/aai-babel/resources/config/logback.xml b/kubernetes/aai/components/aai-babel/resources/config/logback.xml
new file mode 100644
index 0000000000..878d8c05d0
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/config/logback.xml
@@ -0,0 +1,194 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+-->
+<!DOCTYPE xml>
+<configuration scan="true" scanPeriod="30 seconds" debug="true">
+ <include resource="org/springframework/boot/logging/logback/base.xml" />
+
+ <property name="componentName" value="AAI-BAS" />
+ <property name="logDirectory" value="/var/log/onap/${componentName}" />
+
+ <!-- default EELF log file names -->
+ <property name="generalLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+
+ <property name="errorLogPattern"
+ value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%.-5level|%logger|%mdc{ClassName}|%msg%n" />
+
+ <property name="auditLogPattern"
+ value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" />
+
+ <property name="metricsLogPattern"
+ value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{BeginTimestamp}|%mdc{EndTimestamp}|%mdc{RequestId}|%mdc{ServiceInstanceId}|%thread|%mdc{ServerFQDN}|%mdc{ServiceName}|%mdc{PartnerName}|%mdc{TargetEntity}|%mdc{TargetServiceName}|%mdc{StatusCode}|%mdc{ResponseCode}|%mdc{ResponseDescription}|%logger|%.-5level|||%mdc{ElapsedTime}|%mdc{RemoteHost}|%mdc{ClientAddress}|%mdc{ClassName}|||%msg%n" />
+
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+
+ <appender name="EELF"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${generalLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip
+ </fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELF" />
+ </appender>
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine related logging events. The audit logger and appender
+ are specializations of the EELF application root logger and appender. This can be used to segregate Policy engine events
+ from other components, or it can be eliminated to record these events as part of the application root log. -->
+
+ <appender name="EELFAudit"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${auditLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip
+ </fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditLogPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+
+ <appender name="EELFMetrics"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${metricsLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip
+ </fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${metricsLogPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFMetrics" />
+ </appender>
+
+ <appender name="EELFDebug"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>
+ ${logDirectory}/${debugLogName}.log
+ </file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip
+ </fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <!-- allow only events with a level below INFO, that is TRACE and DEBUG -->
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
+ <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">
+ <expression>
+ e.level.toInt() &lt; INFO.toInt()
+ </expression>
+ </evaluator>
+ <OnMismatch>DENY</OnMismatch>
+ <OnMatch>NEUTRAL</OnMatch>
+ </filter>
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>false</includeCallerData>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- Default / root appenders -->
+ <!-- This determines the logging level for 3rd party code -->
+ <!-- ============================================================================ -->
+
+ <root level="INFO">
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="asyncEELFDebug" />
+</root>
+
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+
+ <logger name="com.att.eelf" level="INFO" additivity="false">
+ <appender-ref ref="asyncEELF" />
+</logger>
+
+ <!-- The level of this logger determines the contents of the debug log -->
+ <logger name="com.att.eelf.debug" level="INFO" additivity="false">
+ <appender-ref ref="asyncEELFDebug" />
+</logger>
+
+ <logger name="com.att.eelf.audit" level="INFO" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+</logger>
+
+ <logger name="com.att.eelf.metrics" level="INFO" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+</logger>
+
+ <!-- ============================================================================ -->
+ <!-- Non-EELF loggers -->
+ <!-- ============================================================================ -->
+
+ <!-- ATT packages including DMAAP message routing -->
+ <logger name="com.att" level="INFO" />
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN" />
+ <logger name="org.springframework.beans" level="WARN" />
+ <logger name="org.springframework.web" level="WARN" />
+
+ <!-- Other Loggers that may help troubleshoot -->
+ <logger name="org.apache" level="WARN" />
+ <logger name="org.apache.commons" level="WARN" />
+
+ <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. May aid in troubleshooting) -->
+ <logger name="org.apache.camel" level="WARN" />
+ <logger name="org.apache.cxf" level="WARN" />
+ <logger name="org.apache.camel.processor.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.service" level="WARN" />
+ <logger name="org.restlet" level="WARN" />
+ <logger name="org.apache.camel.component.restlet" level="WARN" />
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="WARN" />
+ <logger name="ch.qos.logback.core" level="WARN" />
+
+</configuration>
diff --git a/kubernetes/aai/components/aai-babel/resources/config/tosca-mappings.json b/kubernetes/aai/components/aai-babel/resources/config/tosca-mappings.json
new file mode 100644
index 0000000000..fa3a9c9952
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/config/tosca-mappings.json
@@ -0,0 +1,193 @@
+{
+ "instanceGroupTypes": [
+ "org.openecomp.groups.NetworkCollection",
+ "org.openecomp.groups.VfcInstanceGroup",
+ "org.openecomp.groups.ResourceInstanceGroup"
+ ],
+ "widgetTypes": [
+ {
+ "type": "SERVICE",
+ "name": "service-instance",
+ "deleteFlag": true,
+ "modelVersionId": "46b92144-923a-4d20-b85a-3cbd847668a9",
+ "modelInvariantId": "82194af1-3c2c-485a-8f44-420e22a9eaa4"
+ },
+ {
+ "type": "VF",
+ "name": "generic-vnf",
+ "deleteFlag": true,
+ "modelVersionId": "93a6166f-b3d5-4f06-b4ba-aed48d009ad9",
+ "modelInvariantId": "acc6edd8-a8d4-4b93-afaa-0994068be14c"
+ },
+ {
+ "type": "VFC",
+ "name": "vnfc",
+ "deleteFlag": true,
+ "modelVersionId": "5761e0a7-c6df-4d8a-9ebd-b8f445054dec",
+ "modelInvariantId": "96129eb9-f0de-4e05-8af2-73146473f766"
+ },
+ {
+ "type": "VSERVER",
+ "name": "vserver",
+ "deleteFlag": true,
+ "modelVersionId": "8ecb2c5d-7176-4317-a255-26274edfdd53",
+ "modelInvariantId": "ff69d4e0-a8e8-4108-bdb0-dd63217e63c7"
+ },
+ {
+ "type": "VOLUME",
+ "name": "volume",
+ "deleteFlag": true,
+ "modelVersionId": "0fbe2e8f-4d91-4415-a772-88387049b38d",
+ "modelInvariantId": "ddd739b4-2b25-46c4-affc-41a32af5cc42"
+ },
+ {
+ "type": "FLAVOR",
+ "name": "flavor",
+ "deleteFlag": false,
+ "modelVersionId": "36200fb5-f251-4f5d-a520-7c5ad5c2cd4b",
+ "modelInvariantId": "bace8d1c-a261-4041-9e37-823117415d0f"
+ },
+ {
+ "type": "TENANT",
+ "name": "tenant",
+ "deleteFlag": false,
+ "modelVersionId": "abcc54bc-bb74-49dc-9043-7f7171707545",
+ "modelInvariantId": "97c26c99-6870-44c1-8a07-1d900d3f4ce6"
+ },
+ {
+ "type": "VOLUME_GROUP",
+ "name": "volume-group",
+ "deleteFlag": true,
+ "modelVersionId": "99d44c90-1f61-4418-b9a6-56586bf38c79",
+ "modelInvariantId": "fcec1b02-b2d0-4834-aef8-d71be04717dd"
+ },
+ {
+ "type": "LINT",
+ "name": "l-interface",
+ "deleteFlag": true,
+ "modelVersionId": "a32613fd-18b9-459e-aab8-fffb3912966a",
+ "modelInvariantId": "cea0a982-8d55-4093-921e-418fbccf7060"
+ },
+ {
+ "type": "L3_NET",
+ "name": "l3-network",
+ "deleteFlag": true,
+ "modelVersionId": "9111f20f-e680-4001-b83f-19a2fc23bfc1",
+ "modelInvariantId": "3d560d81-57d0-438b-a2a1-5334dba0651a"
+ },
+ {
+ "type": "VFMODULE",
+ "name": "vf-module",
+ "deleteFlag": true,
+ "modelVersionId": "c00563ae-812b-4e62-8330-7c4d0f47088a",
+ "modelInvariantId": "ef86f9c5-2165-44f3-8fc3-96018b609ea5"
+ },
+ {
+ "type": "IMAGE",
+ "name": "image",
+ "deleteFlag": false,
+ "modelVersionId": "f6a038c2-820c-42ba-8c2b-375e24e8f932",
+ "modelInvariantId": "3f4c7204-739b-4bbb-87a7-8a6856439c90"
+ },
+ {
+ "type": "OAM_NETWORK",
+ "name": "oam-network",
+ "deleteFlag": true,
+ "modelVersionId": "f4fb34f3-fd6e-4a8f-a3fb-4ab61a343b79",
+ "modelInvariantId": "2851cf01-9c40-4064-87d4-6184a6fcff35"
+ },
+ {
+ "type": "ALLOTTED_RESOURCE",
+ "name": "allotted-resource",
+ "deleteFlag": true,
+ "modelVersionId": "7ad0915f-25c0-4a70-b9bc-185a75f87564",
+ "modelInvariantId": "f6d6a23d-a1a9-48ff-8419-b6530da2d381"
+ },
+ {
+ "type": "TUNNEL_XCONNECT",
+ "name": "tunnel-xconnect",
+ "deleteFlag": true,
+ "modelVersionId": "e7cb4ca8-e1a5-4487-a716-4ae0bcd8aef5",
+ "modelInvariantId": "50b9e2fa-005c-4bbe-b651-3251dece4cd8"
+ },
+ {
+ "type": "CONFIGURATION",
+ "name": "configuration",
+ "deleteFlag": true,
+ "modelVersionId": "5a175add-57e4-4a5d-8b02-c36f1d69c52b",
+ "modelInvariantId": "166c050d-f69d-4305-943e-0bc58c3a26cf"
+ },
+ {
+ "type": "CR",
+ "name": "cr",
+ "deleteFlag": true,
+ "modelVersionId": "3f908abc-3a15-40d0-b674-2a639e52884d",
+ "modelInvariantId": "8bac3599-9a1c-4b7f-80e5-c1838f744c23"
+ },
+ {
+ "type": "INSTANCE_GROUP",
+ "name": "instance-group",
+ "deleteFlag": true,
+ "modelVersionId": "8e6ee9dc-9017-444a-83b3-219edb018128",
+ "modelInvariantId": "3bf1e610-45f7-4ad6-b833-ca4c5ee6a3fd"
+ },
+ {
+ "type": "PNF",
+ "name": "pnf",
+ "deleteFlag": true,
+ "modelVersionId": "e9f1fa7d-c839-418a-9601-03dc0d2ad687",
+ "modelInvariantId": "862b25a1-262a-4961-bdaa-cdc55d69785a"
+ }
+ ],
+ "widgetMappings": [
+ {
+ "prefix": "org.openecomp.resource.vfc",
+ "type": "widget",
+ "widget": "VSERVER",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.resource.cp",
+ "type": "widget",
+ "widget": "LINT",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.cp",
+ "type": "widget",
+ "widget": "LINT",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.resource.vl",
+ "widget": "L3_NET",
+ "deleteFlag": false
+ },
+ {
+ "prefix": "org.openecomp.resource.vf",
+ "widget": "VF",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.groups.vfmodule",
+ "widget": "VFMODULE",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.groups.VfModule",
+ "widget": "VFMODULE",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.resource.vfc.nodes.heat.cinder",
+ "type": "widget",
+ "widget": "VOLUME",
+ "deleteFlag": true
+ },
+ {
+ "prefix": "org.openecomp.resource.pnf",
+ "widget": "PNF",
+ "deleteFlag": true
+ }
+ ]
+}
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12
new file mode 100644
index 0000000000..dbf4fcacec
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore
new file mode 100644
index 0000000000..9eec841aa2
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties
new file mode 100644
index 0000000000..f512fb71a6
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties
@@ -0,0 +1,2 @@
+credential.cache.timeout.ms=180000
+transactionid.header.name=X-TransactionId \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml
new file mode 100644
index 0000000000..0637cfb84b
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/AAF-FPS" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="info">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "com.baeldung*" at TRACE level -->
+ <logger name="org.onap.aaf.fproxy" level="info" />
+
+</configuration> \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt
new file mode 100644
index 0000000000..79cf29e73c
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12
new file mode 100644
index 0000000000..dbf4fcacec
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore
new file mode 100644
index 0000000000..99129c145f
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json
new file mode 100644
index 0000000000..acc940987c
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json
@@ -0,0 +1,93 @@
+[
+ {
+ "uri": "\/not\/allowed\/at\/all$",
+ "permissions": [
+ "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
+ ]
+ },
+ {
+ "uri": "\/one\/auth\/required$",
+ "permissions": [
+ "test.auth.access.aSimpleSingleAuth"
+ ]
+ },
+ {
+ "uri": "\/multi\/auth\/required$",
+ "permissions": [
+ "test.auth.access.aMultipleAuth1",
+ "test.auth.access.aMultipleAuth2",
+ "test.auth.access.aMultipleAuth3"
+ ]
+ },
+ {
+ "uri": "\/one\/[^\/]+\/required$",
+ "permissions": [
+ "test.auth.access.aSimpleSingleAuth"
+ ]
+ },
+ {
+ "uri": "\/services\/getAAFRequest$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/admin\/getAAFRequest$",
+ "permissions": [
+ "test.auth.access|admin|GET,PUT,POST"
+ ]
+ },
+ {
+ "uri": "\/service\/aai\/webapp\/index.html$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/services\/aai\/webapp\/index.html$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/$",
+ "permissions": [
+ "\\|services\\|GET",
+ "test\\.auth\\.access\\|services\\|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
+ "permissions": [
+ "test\\.auth\\.access\\|rest\\|read"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
+ "permissions": [
+ "test.auth.access|clouds|read",
+ "test.auth.access|tenants|read"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
+ "permissions": [
+ "test.auth.access|clouds|read",
+ "test.auth.access|tenants|read",
+ "test.auth.access|vservers|read"
+ ]
+ },
+ {
+ "uri": "\/backend$",
+ "permissions": [
+ "test\\.auth\\.access\\|services\\|GET,PUT",
+ "\\|services\\|GET"
+ ]
+ },
+ {
+ "uri": "\/services\/babel-service\/.*",
+ "permissions": [
+ "org\\.access\\|\\*\\|\\*"
+ ]
+ }
+]
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties
new file mode 100644
index 0000000000..a82e38caf6
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties
@@ -0,0 +1,25 @@
+# This is a normal Java Properties File
+# Comments are with Pound Signs at beginning of lines,
+# and multi-line expression of properties can be obtained by backslash at end of line
+
+#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
+#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
+#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
+#to your hosts file on your machine.
+#hostname=test.aic.cip.att.com
+
+cadi_loglevel=DEBUG
+cadi_keyfile=/opt/app/rproxy/config/security/keyfile
+
+cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
+cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+# Configure AAF
+aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}}
+aaf_env=DEV
+
+aaf_id=demo@people.osaaf.org
+aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
+
+# This is a colon separated list of client cert issuers
+cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties
new file mode 100644
index 0000000000..1b58d4235c
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties
@@ -0,0 +1,4 @@
+forward-proxy.protocol = https
+forward-proxy.host = localhost
+forward-proxy.port = 10680
+forward-proxy.cacheurl = /credential-cache \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml
new file mode 100644
index 0000000000..2cd95d4c69
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/reverse-proxy" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="info">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "com.baeldung*" at TRACE level -->
+ <logger name="org.onap.aaf.rproxy" level="info" />
+
+</configuration>
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties
new file mode 100644
index 0000000000..7055bf5303
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties
@@ -0,0 +1,3 @@
+primary-service.protocol = https
+primary-service.host = localhost
+primary-service.port = 9516
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt
new file mode 100644
index 0000000000..79cf29e73c
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties
new file mode 100644
index 0000000000..8d46e1f429
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties
@@ -0,0 +1 @@
+transactionid.header.name=X-TransactionId \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile b/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile
new file mode 100644
index 0000000000..6cd12fcfb4
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile
@@ -0,0 +1,27 @@
+bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM
+1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29
+xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK
+BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm
+6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99
+QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm
+zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6
+x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf
+8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz
+FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz
+UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r
+banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv
+6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG
+yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB
+xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB
+lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq
+ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE
+fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v
+1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5
+liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc
+0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u
+PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm
+8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv
+dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ
+-85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn
+c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J
+uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/templates/configmap.yaml b/kubernetes/aai/components/aai-babel/templates/configmap.yaml
new file mode 100644
index 0000000000..07e684d440
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/templates/configmap.yaml
@@ -0,0 +1,70 @@
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
new file mode 100644
index 0000000000..70ed7bf583
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
@@ -0,0 +1,254 @@
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ {{ if .Values.global.installSidecarSecurity }}
+ hostAliases:
+ - ip: {{ .Values.global.aaf.serverIp }}
+ hostnames:
+ - {{ .Values.global.aaf.serverHostname }}
+
+ initContainers:
+ - name: {{ .Values.global.tproxyConfig.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ privileged: true
+ {{ end }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: CONFIG_HOME
+ value: /opt/app/babel/config
+ - name: KEY_STORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "common.fullname" . }}-pass
+ key: KEY_STORE_PASSWORD
+ - name: KEY_MANAGER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "common.fullname" . }}-pass
+ key: KEY_MANAGER_PASSWORD
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/babel/config/artifact-generator.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: artifact-generator.properties
+ - mountPath: /opt/app/babel/config/tosca-mappings.json
+ name: {{ include "common.fullname" . }}-config
+ subPath: tosca-mappings.json
+ - mountPath: /opt/app/babel/config/babel-auth.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: babel-auth.properties
+ - mountPath: /opt/app/babel/config/auth
+ name: {{ include "common.fullname" . }}-secrets
+ - mountPath: /var/log/onap
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /opt/app/babel/config/logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: logback.xml
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+
+ # side car containers
+ - name: filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ name: filebeat-conf
+ - mountPath: /var/log/onap
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /usr/share/filebeat/data
+ name: aai-filebeat
+
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ .Values.global.rproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/rproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.config.keyStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.rproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/forward-proxy.properties
+ subPath: forward-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/primary-service.properties
+ subPath: primary-service.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/reverse-proxy.properties
+ subPath: reverse-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/cadi.properties
+ subPath: cadi.properties
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ mountPath: /opt/app/rproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+ mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
+ subPath: uri-authorization.json
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
+ subPath: aaf_truststore.jks
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ mountPath: /opt/app/rproxy/config/security/keyfile
+ subPath: keyfile
+
+ ports:
+ - containerPort: {{ .Values.global.rproxy.port }}
+
+ - name: {{ .Values.global.fproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/fproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.config.keyStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.fproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ mountPath: /opt/app/fproxy/config/fproxy.properties
+ subPath: fproxy.properties
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ mountPath: /opt/app/fproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ ports:
+ - containerPort: {{ .Values.global.fproxy.port }}
+ {{ end }}
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ items:
+ - key: artifact-generator.properties
+ path: artifact-generator.properties
+ - key: tosca-mappings.json
+ path: tosca-mappings.json
+ - key: babel-auth.properties
+ path: babel-auth.properties
+ - key: logback.xml
+ path: logback.xml
+ - name: {{ include "common.fullname" . }}-secrets
+ secret:
+ secretName: {{ include "common.fullname" . }}-babel-secrets
+ - name: filebeat-conf
+ configMap:
+ name: aai-filebeat
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: aai-filebeat
+ emptyDir: {}
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-rproxy-security-config
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-fproxy-auth-config
+ {{ end }}
+
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-babel/templates/ingress.yaml b/kubernetes/aai/components/aai-babel/templates/ingress.yaml
new file mode 100644
index 0000000000..8f87c68f1e
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/templates/ingress.yaml
@@ -0,0 +1 @@
+{{ include "common.ingress" . }}
diff --git a/kubernetes/aai/components/aai-babel/templates/secrets.yaml b/kubernetes/aai/components/aai-babel/templates/secrets.yaml
new file mode 100644
index 0000000000..adc2220da1
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/templates/secrets.yaml
@@ -0,0 +1,88 @@
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-babel-secrets
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-pass
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+ KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }}
+ KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-auth-config
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-auth-config
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-security-config
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-babel/templates/service.yaml b/kubernetes/aai/components/aai-babel/templates/service.yaml
new file mode 100644
index 0000000000..69892ac32a
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/templates/service.yaml
@@ -0,0 +1,52 @@
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{ if .Values.global.installSidecarSecurity }}
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.global.rproxy.port }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.global.rproxy.port }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ {{ else }}
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ {{ end }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml
new file mode 100644
index 0000000000..24b22b55fb
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/values.yaml
@@ -0,0 +1,87 @@
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+# application image
+image: onap/babel:1.7.1
+
+flavor: small
+flavorOverride: small
+
+# application configuration
+config:
+ keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+ keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: false
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ portName: babel
+ externalPort: 9516
+ internalPort: 9516
+ nodePort: 79
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "aaibabel"
+ name: "aai-babel"
+ port: 9516
+ config:
+ ssl: "redirect"
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 0.5
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
diff --git a/kubernetes/aai/components/aai-data-router/.helmignore b/kubernetes/aai/components/aai-data-router/.helmignore
new file mode 100644
index 0000000000..daebc7da77
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/aai/components/aai-data-router/Chart.yaml b/kubernetes/aai/components/aai-data-router/Chart.yaml
new file mode 100644
index 0000000000..70f75f6dd5
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP AAI Data-Router
+name: aai-data-router
+version: 7.0.0
diff --git a/kubernetes/aai/components/aai-data-router/resources/config/auth/client-cert-onap.p12 b/kubernetes/aai/components/aai-data-router/resources/config/auth/client-cert-onap.p12
new file mode 100644
index 0000000000..dbf4fcacec
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/resources/config/auth/client-cert-onap.p12
Binary files differ
diff --git a/kubernetes/aai/components/aai-data-router/resources/config/auth/data-router_policy.json b/kubernetes/aai/components/aai-data-router/resources/config/auth/data-router_policy.json
new file mode 100644
index 0000000000..c03870e288
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/resources/config/auth/data-router_policy.json
@@ -0,0 +1,18 @@
+{
+ "roles": [
+ {
+ "name": "admin",
+ "functions": [
+ {
+ "name": "search", "methods": [ { "name": "GET" },{ "name": "DELETE" }, { "name": "PUT" }, { "name": "POST" } ]
+ }
+ ],
+
+ "users": [
+ {
+ "username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"
+ }
+ ]
+ }
+ ]
+}
diff --git a/kubernetes/aai/components/aai-data-router/resources/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-data-router/resources/config/auth/tomcat_keystore
new file mode 100644
index 0000000000..7a7738602d
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/resources/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/components/aai-data-router/resources/config/data-router.properties b/kubernetes/aai/components/aai-data-router/resources/config/data-router.properties
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/resources/config/data-router.properties
diff --git a/kubernetes/aai/components/aai-data-router/resources/config/log/logback.xml b/kubernetes/aai/components/aai-data-router/resources/config/log/logback.xml
new file mode 100644
index 0000000000..d7ff0143a1
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/resources/config/log/logback.xml
@@ -0,0 +1,193 @@
+<!--
+ ============LICENSE_START=======================================================
+ org.onap.aai
+ ================================================================================
+ Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+ Copyright © 2018 Amdocs
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+-->
+<configuration scan="true" scanPeriod="3 seconds" debug="false">
+ <!--<jmxConfigurator /> -->
+ <!-- directory path for all other type logs -->
+
+ <property name="logDir" value="/var/log/onap" />
+
+ <!-- specify the component name -->
+ <property name="componentName" value="AAI-DR" />
+
+ <!-- default eelf log file names -->
+ <property name="generalLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+
+ <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|data-router|%mdc{PartnerName}|%logger||%.-5level|%msg%n" />
+ <property name="auditMetricPattern" value="%m%n" />
+
+ <property name="logDirectory" value="${logDir}/${componentName}" />
+
+ <!-- Example evaluator filter applied against console appender -->
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+
+ <!-- The EELFAppender is used to record events to the general application
+ log -->
+
+ <appender name="EELF"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${generalLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip
+ </fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELF" />
+ </appender>
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+
+ <appender name="EELFAudit"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${auditLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip
+ </fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditMetricPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+
+ <appender name="EELFMetrics"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${metricsLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip
+ </fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
+ %msg%n"</pattern> -->
+ <pattern>${auditMetricPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFMetrics"/>
+ </appender>
+
+ <appender name="EELFDebug"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${debugLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip
+ </fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>false</includeCallerData>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+ <logger name="com.att.eelf" level="info" additivity="false">
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="asyncEELFDebug" />
+ </logger>
+
+ <logger name="com.att.eelf.audit" level="info" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+ <logger name="com.att.eelf.metrics" level="info" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN" />
+ <logger name="org.springframework.beans" level="WARN" />
+ <logger name="org.springframework.web" level="WARN" />
+ <logger name="com.blog.spring.jms" level="WARN" />
+
+ <!-- Data Router service loggers -->
+ <logger name="org.onap.aai.data-router" level="INFO" />
+
+ <!-- Other Loggers that may help troubleshoot -->
+ <logger name="net.sf" level="WARN" />
+ <logger name="org.apache" level="WARN" />
+ <logger name="org.apache.commons.httpclient" level="WARN" />
+ <logger name="org.apache.commons" level="WARN" />
+ <logger name="org.apache.coyote" level="WARN" />
+ <logger name="org.apache.jasper" level="WARN" />
+
+ <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+ May aid in troubleshooting) -->
+ <logger name="org.apache.camel" level="WARN" />
+ <logger name="org.apache.cxf" level="WARN" />
+ <logger name="org.apache.camel.processor.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.service" level="WARN" />
+ <logger name="org.restlet" level="WARN" />
+ <logger name="org.apache.camel.component.restlet" level="WARN" />
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="WARN" />
+ <logger name="ch.qos.logback.core" level="WARN" />
+
+ <root>
+ <appender-ref ref="asyncEELF" />
+ <!-- <appender-ref ref="asyncEELFDebug" /> -->
+ </root>
+
+</configuration>
diff --git a/kubernetes/aai/components/aai-data-router/resources/config/schemaIngest.properties b/kubernetes/aai/components/aai-data-router/resources/config/schemaIngest.properties
new file mode 100644
index 0000000000..b94ce51e81
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/resources/config/schemaIngest.properties
@@ -0,0 +1,65 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
+# Copyright © 2017-2018 Amdocs
+# Modifications Copyright © 2018 Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+
+
+# Properties for the SchemaLocationsBean
+# Files named aai_oxm_v*.xml are unpacked here:
+nodeDir=/opt/app/data-router/onap/oxm
+# Dummy folder/directory:
+edgeDir=
+
+# Properties required by the aai-common - aai-schema-ingest lib as of 1.3.0
+schema.configuration.location=N/A
+schema.nodes.location=/opt/app/data-router/onap/oxm/
+schema.edges.location=
+# These versions need to exist if they are included in the list
+schema.version.list={{ .Values.config.schemaVersionList }}
+# Decalares the oxm version to load
+schema.version.api.default={{ .Values.config.schemaApiDefault }}
+
+# Don't use these properties in our application, need to be set to prevent an exception on startup (see SchemaVersions bean)
+schema.version.depth.start={{.Values.global.config.schema.version.depth}}
+schema.version.related.link.start={{.Values.global.config.schema.version.related.link}}
+schema.version.app.root.start={{.Values.global.config.schema.version.app.root}}
+schema.version.namespace.change.start={{.Values.global.config.schema.version.namespace.change}}
+schema.version.edge.label.start={{.Values.global.config.schema.version.edge.label}}
+
+#This property is used to enable or disable schema service, possible values are: schema-service or config
+schema.translator.list={{.Values.config.schemaTranslatorList}}
+
+#These properties are needed when schema service is enabled
+schema.service.base.url=https://aai-schema-service:8452/aai/schema-service/v1/
+schema.service.nodes.endpoint=nodes?version=
+schema.service.edges.endpoint=edgerules?version=
+schema.service.versions.endpoint=versions
+schema.local=true
+schema.filename=mockrequests
+#Default rest client is the two-way-ssl
+#schema.service.client=two-way-ssl
+#Replace the below with the A&AI client key store
+schema.service.ssl.key-store=${CONFIG_HOME}/auth/{{.Values.global.config.keystore.filename}}
+#Replace the below with the A&AI tomcat trust store
+schema.service.ssl.trust-store=${CONFIG_HOME}/auth/{{.Values.global.config.truststore.filename}}
+schema.service.ssl.key-store-password={{.Values.global.config.keystore.passwd}}
+schema.service.ssl.trust-store-password={{.Values.global.config.truststore.passwd}}
+
+spring.application.name=datarouter
diff --git a/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/data-router-oxm.xml b/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/data-router-oxm.xml
new file mode 100644
index 0000000000..2e3361d164
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/data-router-oxm.xml
@@ -0,0 +1,17 @@
+<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:task="http://www.springframework.org/schema/task"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context.xsd
+ http://www.springframework.org/schema/task https://www.springframework.org/schema/task/spring-task.xsd">
+
+ <context:property-placeholder
+ location="file:${CONFIG_HOME}/schemaIngest.properties"
+ ignore-unresolvable="true" />
+
+ <bean id="nodeIngestor" class="org.onap.aai.nodes.NodeIngestor" autowire="byName"/>
+ <bean id="oxmModelLoader" class="org.onap.aai.schema.OxmModelLoader" >
+ <constructor-arg ref="nodeIngestor"/>
+ </bean>
+
+</beans>
diff --git a/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/entity-event-policy.xml b/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/entity-event-policy.xml
new file mode 100644
index 0000000000..b5e4129595
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/entity-event-policy.xml
@@ -0,0 +1,56 @@
+<!--
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+-->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+ <bean id="eepConfig" class="org.onap.aai.datarouter.policy.EntityEventPolicyConfig" >
+ <property name="sourceDomain" value="dev" />
+ <property name="searchBaseUrl" value="https://{{.Values.global.searchData.serviceName}}.{{.Release.Namespace}}:9509" />
+ <property name="searchEndpoint" value="services/search-data-service/v1/search/indexes/" />
+ <property name="searchEndpointDocuments" value = "documents" />
+ <property name="searchEntitySearchIndex" value="entity-search-index" />
+ <property name="searchTopographySearchIndex" value="topography-search-index" />
+ <property name="searchEntityAutoSuggestIndex" value="entityautosuggestindex" />
+ <property name="searchAggregationVnfIndex" value="aggregate_generic-vnf_index" />
+ <property name="searchCertName" value="client-cert-onap.p12" />
+ <property name="searchKeystorePwd" value="OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10" />
+ <property name="searchKeystore" value="tomcat_keystore" />
+ <property name="schemaVersions" ref="schemaVersions" />
+ <property name="schemaLocationsBean" ref="schemaLocationsBean" />
+ </bean>
+
+ <bean id="consumerBeanEntityEvent" class="org.onap.aai.event.client.DMaaPEventConsumer" >
+ <constructor-arg name="host" value="message-router.{{.Release.Namespace}}:{{.Values.event.port.dmaap}}" />
+ <constructor-arg name="topic" value="{{.Values.event.consumer.topic}}" />
+ <constructor-arg name="username" value="" />
+ <constructor-arg name="password" value="" />
+ <constructor-arg name="consumerGroup" value="datarouter" />
+ <constructor-arg name="consumerId" value="datarouter" />
+ <constructor-arg name="timeoutMs" value="1000" />
+ <constructor-arg name="messageLimit" value="100" />
+ <constructor-arg name="transportType" value="HTTPAUTH" />
+ <constructor-arg name="protocol" value="{{.Values.event.protocol}}" />
+ <constructor-arg name="filter"><null /></constructor-arg>
+ </bean>
+
+ <bean id="entityEventPolicy" class="org.onap.aai.datarouter.policy.EntityEventPolicy" init-method="startup" >
+ <constructor-arg ref="eepConfig"/>
+ </bean>
+</beans>
diff --git a/kubernetes/aai/components/aai-data-router/resources/dynamic/routes/entity-event.route b/kubernetes/aai/components/aai-data-router/resources/dynamic/routes/entity-event.route
new file mode 100644
index 0000000000..14db6d6596
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/resources/dynamic/routes/entity-event.route
@@ -0,0 +1,4 @@
+<route xmlns="http://camel.apache.org/schema/spring" trace="true">
+ <from uri="event-bus:mybus/?eventTopic=AAI-EVENT&amp;consumer=#consumerBeanEntityEvent" />
+ <to uri="bean:entityEventPolicy?method=process"/>
+</route> \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-data-router/templates/configmap.yaml b/kubernetes/aai/components/aai-data-router/templates/configmap.yaml
new file mode 100644
index 0000000000..93b498ac00
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/templates/configmap.yaml
@@ -0,0 +1,68 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-prop
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-dynamic
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/dynamic/routes/entity-event.route").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/dynamic/conf/data-router-oxm.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/dynamic/conf/entity-event-policy.xml").AsConfig . | indent 2 }}
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-filebeat-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-data-router/templates/deployment.yaml b/kubernetes/aai/components/aai-data-router/templates/deployment.yaml
new file mode 100644
index 0000000000..01efcd0558
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/templates/deployment.yaml
@@ -0,0 +1,188 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ mkdir -p /logroot/data-router/logs
+ chmod -R 777 /logroot/data-router/logs
+ chown -R root:root /logroot
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ securityContext:
+ privileged: true
+ image: {{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /logroot/
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: SERVICE_BEANS
+ value: /opt/app/data-router/dynamic/conf
+ - name: CONFIG_HOME
+ value: /opt/app/data-router/config/
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.config.keyStorePassword }}
+ - name: DYNAMIC_ROUTES
+ value: /opt/app/data-router/dynamic/routes
+ - name: KEY_MANAGER_PASSWORD
+ value: {{ .Values.config.keyManagerPassword }}
+ - name: PATH
+ value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ - name: JAVA_HOME
+ value: usr/lib/jvm/java-8-openjdk-amd64
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/data-router/config/auth
+ name: {{ include "common.fullname" . }}-auth
+ - mountPath: /opt/app/data-router/config/data-router.properties
+ subPath: data-router.properties
+ name: {{ include "common.fullname" . }}-properties
+ - mountPath: /opt/app/data-router/config/schemaIngest.properties
+ subPath: schemaIngest.properties
+ name: {{ include "common.fullname" . }}-properties
+ - mountPath: /opt/app/data-router/dynamic/routes/entity-event.route
+ subPath: entity-event.route
+ name: {{ include "common.fullname" . }}-dynamic-route
+ - mountPath: /opt/app/data-router/dynamic/conf/entity-event-policy.xml
+ subPath: entity-event-policy.xml
+ name: {{ include "common.fullname" . }}-dynamic-policy
+ - mountPath: /opt/app/data-router/dynamic/conf/data-router-oxm.xml
+ subPath: data-router-oxm.xml
+ name: {{ include "common.fullname" . }}-dynamic-oxm
+ - mountPath: /opt/app/data-router/bundleconfig/etc/logback.xml
+ name: {{ include "common.fullname" . }}-logback-config
+ subPath: logback.xml
+ - mountPath: /var/log/onap
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /logs
+ name: {{ include "common.fullname" . }}-logs
+
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources:
+{{ include "common.resources" . }}
+
+ # side car containers
+ - name: filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ name: filebeat-conf
+ - mountPath: /var/log/onap
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /logs
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /usr/share/filebeat/data
+ name: aai-filebeat
+ resources:
+{{ include "common.resources" . }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: filebeat-conf
+ configMap:
+ name: aai-filebeat
+ - name: aai-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-auth
+ secret:
+ secretName: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-properties
+ configMap:
+ name: {{ include "common.fullname" . }}-prop
+ items:
+ - key: data-router.properties
+ path: data-router.properties
+ - key: schemaIngest.properties
+ path: schemaIngest.properties
+ - name: {{ include "common.fullname" . }}-dynamic-route
+ configMap:
+ name: {{ include "common.fullname" . }}-dynamic
+ - name: {{ include "common.fullname" . }}-dynamic-policy
+ configMap:
+ name: {{ include "common.fullname" . }}-dynamic
+ - name: {{ include "common.fullname" . }}-dynamic-oxm
+ configMap:
+ name: {{ include "common.fullname" . }}-dynamic
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logback-config
+ configMap:
+ name: {{ include "common.fullname" . }}-log-configmap
+ items:
+ - key: logback.xml
+ path: logback.xml
+ restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-data-router/templates/secret.yaml b/kubernetes/aai/components/aai-data-router/templates/secret.yaml
new file mode 100644
index 0000000000..292e03571a
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/templates/secret.yaml
@@ -0,0 +1,27 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-data-router/values.yaml b/kubernetes/aai/components/aai-data-router/values.yaml
new file mode 100644
index 0000000000..354559b303
--- /dev/null
+++ b/kubernetes/aai/components/aai-data-router/values.yaml
@@ -0,0 +1,112 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for data-router.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+ nodePortPrefix: 302
+ loggingImage: beats/filebeat:5.5.0
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/data-router:1.7.0
+pullPolicy: Always
+restartPolicy: Always
+flavor: small
+flavorOverride: small
+dockerhubRepository: registry.hub.docker.com
+ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+
+# application configuration
+config:
+ keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+ keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+ schemaTranslatorList: config
+ schemaVersionList: "v11,v12,v13,v14,v15,v16,v17,v18,v19"
+ schemaApiDefault: "v19"
+
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 300
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+
+service:
+ name: aai-data-router
+ internalPort: 9502
+
+ingress:
+ enabled: false
+
+persistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+
+ ## database data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ ## storageClass: "-"
+ accessMode: ReadWriteMany
+ size: 2Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: aai/data-router/logs
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 0.25
+ memory: 750Mi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 0.5
+ memory: 1536Mi
+ unlimited: {}
+
+# Entity Event route configuration
+event:
+ port:
+ dmaap: 3905
+ protocol: https
+ consumer:
+ topic: AAI-EVENT
diff --git a/kubernetes/aai/components/aai-elasticsearch/.helmignore b/kubernetes/aai/components/aai-elasticsearch/.helmignore
new file mode 100644
index 0000000000..daebc7da77
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/aai/components/aai-elasticsearch/Chart.yaml b/kubernetes/aai/components/aai-elasticsearch/Chart.yaml
new file mode 100644
index 0000000000..93c6b255a7
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP AAI elasticsearch
+name: aai-elasticsearch
+version: 7.0.0
diff --git a/kubernetes/aai/components/aai-elasticsearch/resources/config/elasticsearch.yml b/kubernetes/aai/components/aai-elasticsearch/resources/config/elasticsearch.yml
new file mode 100644
index 0000000000..ae12344635
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/resources/config/elasticsearch.yml
@@ -0,0 +1,372 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+##################### Elasticsearch Configuration Example #####################
+
+# This file contains an overview of various configuration settings,
+# targeted at operations staff. Application developers should
+# consult the guide at <http://elasticsearch.org/guide>.
+#
+# The installation procedure is covered at
+# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/setup.html>.
+#
+# Elasticsearch comes with reasonable defaults for most settings,
+# so you can try it out without bothering with configuration.
+#
+# Most of the time, these defaults are just fine for running a production
+# cluster. If you're fine-tuning your cluster, or wondering about the
+# effect of certain configuration option, please _do ask_ on the
+# mailing list or IRC channel [http://elasticsearch.org/community].
+
+# Any element in the configuration can be replaced with environment variables
+# by placing them in ${...} notation. For example:
+#
+# node.rack: ${RACK_ENV_VAR}
+
+# For information on supported formats and syntax for the config file, see
+# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/setup-configuration.html>
+################################### Cluster ###################################
+
+# Cluster name identifies your cluster for auto-discovery. If you're running
+# multiple clusters on the same network, make sure you're using unique names.
+#
+# cluster.name: elasticsearch
+
+cluster.name: ES_AAI
+
+#################################### Node #####################################
+
+node.name: ES_ONAP
+node.master: true
+node.data: true
+
+
+# Use the Cluster Health API [http://localhost:9200/_cluster/health], the
+# Node Info API [http://localhost:9200/_nodes] or GUI tools
+# such as <http://www.elasticsearch.org/overview/marvel/>,
+# <http://github.com/karmi/elasticsearch-paramedic>,
+# <http://github.com/lukas-vlcek/bigdesk> and
+# <http://mobz.github.com/elasticsearch-head> to inspect the cluster state.
+
+# By default, multiple nodes are allowed to start from the same installation location
+# to disable it, set the following:
+
+node.max_local_storage_nodes: 1
+
+
+#################################### Index ####################################
+# You can set a number of options (such as shard/replica options, mapping
+# or analyzer definitions, translog settings, ...) for indices globally,
+# in this file.
+#
+# Note, that it makes more sense to configure index settings specifically for
+# a certain index, either when creating it or by using the index templates API.
+#
+# See <http://elasticsearch.org/guide/en/elasticsearch/reference/current/index-modules.html> and
+# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/indices-create-index.html>
+# for more information.
+
+# Set the number of shards (splits) of an index (5 by default):
+
+#index.number_of_shards: 5
+
+# Set the number of replicas (additional copies) of an index (1 by default):
+
+#index.number_of_replicas: 1
+
+# These settings directly affect the performance of index and search operations
+# in your cluster. Assuming you have enough machines to hold shards and
+# replicas, the rule of thumb is:
+#
+# 1. Having more *shards* enhances the _indexing_ performance and allows to
+# _distribute_ a big index across machines.
+# 2. Having more *replicas* enhances the _search_ performance and improves the
+# cluster _availability_.
+#
+# The "number_of_shards" is a one-time setting for an index.
+#
+# The "number_of_replicas" can be increased or decreased anytime,
+# by using the Index Update Settings API.
+#
+# Elasticsearch takes care about load balancing, relocating, gathering the
+# results from nodes, etc. Experiment with different settings to fine-tune
+# your setup.
+
+# Use the Index Status API (<http://localhost:9200/A/_status>) to inspect
+# the index status.
+
+
+#################################### Paths ####################################
+
+# Path to directory containing configuration (this file and logging.yml):
+#path.conf: /opt/app/elasticsearch/config
+
+# Path to directory where to store index data allocated for this node.
+# Use swm auto link to redirect the data directory if necessary.
+
+path.data: /usr/share/elasticsearch/data
+
+# path.data: /path/to/data1,/path/to/data2
+
+# path.work: /path/to/work
+
+path.logs: /usr/share/elasticsearch/logs
+
+#path.plugins: /opt/app/elasticsearch/plugins
+
+
+#################################### Plugin ###################################
+
+# If a plugin listed here is not installed for current node, the node will not start.
+#
+# plugin.mandatory: mapper-attachments,lang-groovy
+
+
+################################### Memory ####################################
+
+# Elasticsearch performs poorly when JVM starts swapping: you should ensure that
+# it _never_ swaps.
+#
+# Set this property to true to lock the memory: default is true
+
+#bootstrap.memory_lock: true
+
+# Make sure that the ES_MIN_MEM and ES_MAX_MEM environment variables are set
+# to the same value, and that the machine has enough memory to allocate
+# for Elasticsearch, leaving enough memory for the operating system itself.
+#
+# You should also make sure that the Elasticsearch process is allowed to lock
+# the memory, eg. by using `ulimit -l unlimited`.
+
+### Kernel Settings
+
+# Elasticsearch installs system call filters of various flavors depending on the
+# operating system (e.g., seccomp on Linux). These system call filters are
+# installed to prevent the ability to execute system calls related to forking
+# as a defense mechanism against arbitrary code execution attacks on
+# Elasticsearch The system call filter check ensures that if system call
+# filters are enabled, then they were successfully installed. To pass the system
+# call filter check you must either fix any configuration errors on your system
+# that prevented system call filters from installing (check your logs), or at
+# your own risk disable system call filters by setting
+# bootstrap.system_call_filter to false.
+# See: https://www.elastic.co/guide/en/elasticsearch/reference/current/system-call-filter-check.html
+#
+# seccomp is found in Linux kernels: 2.6.37–2.6.39, 3.0–3.19, 4.0–4.9,
+# 4.10-rc+HEAD
+#
+# The default setting is to disable the filters assuming an older kernel
+# version where seccomp is not available.
+# See: https://discuss.elastic.co/t/elasticsearch-warn-unable-to-install-syscall-filter/42819
+
+bootstrap.system_call_filter: false
+
+############################## Network And HTTP ###############################
+# Elasticsearch, by default, binds itself to the 0.0.0.0 address, and listens
+# on port [9200-9300] for HTTP traffic and on port [9300-9400] for node-to-node
+# communication. (the range means that if the port is busy, it will automatically
+# try the next port).
+
+# Set the bind address specifically (IPv4 or IPv6):
+network.bind_host: 0.0.0.0
+
+# Set the address other nodes will use to communicate with this node. If not
+# set, it is automatically derived. It must point to an actual IP address.
+
+# network.publish_host: 0.0.0.0
+
+# Set both 'bind_host' and 'publish_host':
+# network.host: 192.168.0.1
+
+
+# Set a custom port for the node to node communication (9300 by default):
+transport.tcp.port: {{ .Values.service.internalPort2 }}
+
+# Enable compression for all communication between nodes (disabled by default):
+transport.tcp.compress: false
+
+# Set a custom port to listen for HTTP traffic:
+# http.port: 9200
+http.port: {{ .Values.service.internalPort }}
+
+# Set a custom allowed content length:
+# http.max_content_length: 100mb
+http.max_content_length: 100mb
+
+# Disable HTTP completely:
+# http.enabled: false
+http.enabled: true
+
+# This is specifically useful for permitting which front end Kibana Url's are permitted to access elastic search.
+http.cors.enabled: false
+http.cors.allow-origin: "/.*/"
+http.cors.allow-headers: X-Requested-With, Content-Type, Content-Length
+http.cors.allow-credentials: false
+################################### Gateway ###################################
+
+# The gateway allows for persisting the cluster state between full cluster
+# restarts. Every change to the state (such as adding an index) will be stored
+# in the gateway, and when the cluster starts up for the first time,
+# it will read its state from the gateway.
+# There are several types of gateway implementations. For more information, see
+# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-gateway.html>.
+
+# The default gateway type is the "local" gateway (recommended):
+#
+#gateway.type: local
+#gateway.type: local
+
+# Settings below control how and when to start the initial recovery process on
+# a full cluster restart (to reuse as much local data as possible when using shared
+# gateway).
+
+# Allow recovery process after N nodes in a cluster are up:
+#
+# gateway.recover_after_nodes: 1
+gateway.recover_after_nodes: 1
+
+# Set the timeout to initiate the recovery process, once the N nodes
+# from previous setting are up (accepts time value):
+#
+#gateway.recover_after_time: 5m
+gateway.recover_after_time: 5m
+
+# Set how many nodes are expected in this cluster. Once these N nodes
+# are up (and recover_after_nodes is met), begin recovery process immediately
+# (without waiting for recover_after_time to expire):
+#
+# gateway.expected_nodes: 2
+gateway.expected_nodes: 2
+
+############################# Recovery Throttling #############################
+
+# These settings allow to control the process of shards allocation between
+# nodes during initial recovery, replica allocation, rebalancing,
+# or when adding and removing nodes.
+
+# Set the number of concurrent recoveries happening on a node:
+#
+# 1. During the initial recovery
+#
+# cluster.routing.allocation.node_initial_primaries_recoveries: 4
+#
+# 2. During adding/removing nodes, rebalancing, etc
+#
+# cluster.routing.allocation.node_concurrent_recoveries: 2
+
+# Set to throttle throughput when recovering (eg. 100mb, by default 20mb):
+# indices.recovery.max_bytes_per_sec: 20mb
+indices.recovery.max_bytes_per_sec: 20mb
+
+# Set to limit the number of open concurrent streams when
+# recovering a shard from a peer:
+#
+# indices.recovery.concurrent_streams: 5
+#indices.recovery.concurrent_streams: 5
+
+################################## Discovery ##################################
+
+# Discovery infrastructure ensures nodes can be found within a cluster
+# and master node is elected. Multicast discovery is the default.
+
+# Set to ensure a node sees N other master eligible nodes to be considered
+# operational within the cluster. Its recommended to set it to a higher value
+# than 1 when running more than 2 nodes in the cluster.
+#
+discovery.zen.minimum_master_nodes: 1
+
+# Set the time to wait for ping responses from other nodes when discovering.
+# Set this option to a higher value on a slow or congested network
+# to minimize discovery failures:
+#
+# discovery.zen.ping_timeout: 3s
+discovery.zen.ping_timeout: 3s
+
+# For more information, see
+# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-discovery-zen.html>
+
+# Unicast discovery allows to explicitly control which nodes will be used
+# to discover the cluster. It can be used when multicast is not present,
+# or to restrict the cluster communication-wise.
+#
+# 1. Disable multicast discovery (enabled by default):
+# discovery.zen.ping.multicast.enabled: false
+#discovery.zen.ping.multicast.enabled: false
+
+
+# 2. Configure an initial list of master nodes in the cluster
+# to perform discovery when new nodes (master or data) are started:
+#
+# discovery.zen.ping.unicast.hosts: ["host1", "host2:port"]
+discovery.zen.ping.unicast.hosts: ["0.0.0.0"]
+
+# EC2 discovery allows to use AWS EC2 API in order to perform discovery.
+#
+# You have to install the cloud-aws plugin for enabling the EC2 discovery.
+#
+# For more information, see
+# <http://elasticsearch.org/guide/en/elasticsearch/reference/current/modules-discovery-ec2.html>
+#
+#
+# See <http://elasticsearch.org/tutorials/elasticsearch-on-ec2/>
+# for a step-by-step tutorial.
+
+# GCE discovery allows to use Google Compute Engine API in order to perform discovery.
+#
+# You have to install the cloud-gce plugin for enabling the GCE discovery.
+#
+# For more information, see <https://github.com/elasticsearch/elasticsearch-cloud-gce>.
+
+# Azure discovery allows to use Azure API in order to perform discovery.
+#
+# You have to install the cloud-azure plugin for enabling the Azure discovery.
+#
+# For more information, see <https://github.com/elasticsearch/elasticsearch-cloud-azure>.
+
+################################## Slow Log ##################################
+
+# Shard level query and fetch threshold logging.
+
+#index.search.slowlog.threshold.query.warn: 10s
+#index.search.slowlog.threshold.query.info: 5s
+#index.search.slowlog.threshold.query.debug: 2s
+#index.search.slowlog.threshold.query.trace: 500ms
+
+#index.search.slowlog.threshold.fetch.warn: 1s
+#index.search.slowlog.threshold.fetch.info: 800ms
+#index.search.slowlog.threshold.fetch.debug: 500ms
+#index.search.slowlog.threshold.fetch.trace: 200ms
+
+#index.indexing.slowlog.threshold.index.warn: 10s
+#index.indexing.slowlog.threshold.index.info: 5s
+#index.indexing.slowlog.threshold.index.debug: 2s
+#index.indexing.slowlog.threshold.index.trace: 500ms
+
+################################## GC Logging ################################
+
+#monitor.jvm.gc.young.warn: 1000ms
+#monitor.jvm.gc.young.info: 700ms
+#monitor.jvm.gc.young.debug: 400ms
+
+#monitor.jvm.gc.old.warn: 10s
+#monitor.jvm.gc.old.info: 5s
+#monitor.jvm.gc.old.debug: 2s
+
+
+# x-pack security conflicts with searchguard
+xpack.security.enabled: false
+xpack.ml.enabled: false
+xpack.monitoring.enabled: false
+xpack.watcher.enabled: false
diff --git a/kubernetes/aai/components/aai-elasticsearch/resources/config/jvm.options b/kubernetes/aai/components/aai-elasticsearch/resources/config/jvm.options
new file mode 100644
index 0000000000..e69d7983c0
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/resources/config/jvm.options
@@ -0,0 +1,117 @@
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+## JVM configuration
+
+################################################################
+## IMPORTANT: JVM heap size
+################################################################
+##
+## You should always set the min and max JVM heap
+## size to the same value. For example, to set
+## the heap to 4 GB, set:
+##
+## -Xms4g
+## -Xmx4g
+##
+## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html
+## for more information
+##
+################################################################
+
+# Xms represents the initial size of total heap space
+# Xmx represents the maximum size of total heap space
+
+-Xms1g
+-Xmx1g
+
+################################################################
+## Expert settings
+################################################################
+##
+## All settings below this section are considered
+## expert settings. Don't tamper with them unless
+## you understand what you are doing
+##
+################################################################
+
+## GC configuration
+-XX:+UseConcMarkSweepGC
+-XX:CMSInitiatingOccupancyFraction=75
+-XX:+UseCMSInitiatingOccupancyOnly
+
+## optimizations
+
+# pre-touch memory pages used by the JVM during initialization
+-XX:+AlwaysPreTouch
+
+## basic
+
+# force the server VM
+-server
+
+# explicitly set the stack size
+-Xss1m
+
+# set to headless, just in case
+-Djava.awt.headless=true
+
+# ensure UTF-8 encoding by default (e.g. filenames)
+-Dfile.encoding=UTF-8
+
+# use our provided JNA always versus the system one
+-Djna.nosys=true
+
+# turn off a JDK optimization that throws away stack traces for common
+# exceptions because stack traces are important for debugging
+-XX:-OmitStackTraceInFastThrow
+
+# flags to configure Netty
+-Dio.netty.noUnsafe=true
+-Dio.netty.noKeySetOptimization=true
+-Dio.netty.recycler.maxCapacityPerThread=0
+
+# log4j 2
+-Dlog4j.shutdownHookEnabled=false
+-Dlog4j2.disable.jmx=true
+
+## heap dumps
+
+# generate a heap dump when an allocation from the Java heap fails
+# heap dumps are created in the working directory of the JVM
+-XX:+HeapDumpOnOutOfMemoryError
+
+# specify an alternative path for heap dumps
+# ensure the directory exists and has sufficient space
+#-XX:HeapDumpPath=/heap/dump/path
+
+## GC logging
+
+#-XX:+PrintGCDetails
+#-XX:+PrintGCTimeStamps
+#-XX:+PrintGCDateStamps
+#-XX:+PrintClassHistogram
+#-XX:+PrintTenuringDistribution
+#-XX:+PrintGCApplicationStoppedTime
+
+# log GC status to a file with time stamps
+# ensure the directory exists
+#-Xloggc:${loggc}
+
+# By default, the GC log file will not rotate.
+# By uncommenting the lines below, the GC log file
+# will be rotated every 128MB at most 32 times.
+#-XX:+UseGCLogFileRotation
+#-XX:NumberOfGCLogFiles=32
+#-XX:GCLogFileSize=128M
diff --git a/kubernetes/aai/components/aai-elasticsearch/resources/config/log4j2.properties b/kubernetes/aai/components/aai-elasticsearch/resources/config/log4j2.properties
new file mode 100644
index 0000000000..e674865221
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/resources/config/log4j2.properties
@@ -0,0 +1,88 @@
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+status = error
+
+# log action execution errors for easier debugging
+logger.action.name = org.elasticsearch.action
+logger.action.level = INFO
+
+appender.console.type = Console
+appender.console.name = console
+appender.console.layout.type = PatternLayout
+appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n
+
+appender.rolling.type = RollingFile
+appender.rolling.name = rolling
+appender.rolling.fileName = ${sys:es.logs.base_path}.log
+appender.rolling.layout.type = PatternLayout
+appender.rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.10000m%n
+appender.rolling.filePattern = ${sys:es.logs.base_path}-%d{yyyy-MM-dd}.log
+appender.rolling.policies.type = Policies
+appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
+appender.rolling.policies.time.interval = 1
+appender.rolling.policies.time.modulate = true
+
+rootLogger.level = info
+rootLogger.appenderRef.console.ref = console
+rootLogger.appenderRef.rolling.ref = rolling
+
+# appender.deprecation_rolling.type = RollingFile
+# appender.deprecation_rolling.name = deprecation_rolling
+# appender.deprecation_rolling.fileName = ${sys:es.logs.base_path}_deprecation.log
+# appender.deprecation_rolling.layout.type = PatternLayout
+# appender.deprecation_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.10000m%n
+# appender.deprecation_rolling.filePattern = ${sys:es.logs.base_path}_deprecation-%i.log.gz
+# appender.deprecation_rolling.policies.type = Policies
+# appender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicy
+# appender.deprecation_rolling.policies.size.size = 1GB
+# appender.deprecation_rolling.strategy.type = DefaultRolloverStrategy
+# appender.deprecation_rolling.strategy.max = 4
+
+# logger.deprecation.name = org.elasticsearch.deprecation
+# logger.deprecation.level = warn
+# logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling
+# logger.deprecation.additivity = false
+
+appender.index_search_slowlog_rolling.type = RollingFile
+appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling
+appender.index_search_slowlog_rolling.fileName = ${sys:es.logs.base_path}_index_search_slowlog.log
+appender.index_search_slowlog_rolling.layout.type = PatternLayout
+appender.index_search_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.10000m%n
+appender.index_search_slowlog_rolling.filePattern = ${sys:es.logs.base_path}_index_search_slowlog-%d{yyyy-MM-dd}.log
+appender.index_search_slowlog_rolling.policies.type = Policies
+appender.index_search_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy
+appender.index_search_slowlog_rolling.policies.time.interval = 1
+appender.index_search_slowlog_rolling.policies.time.modulate = true
+
+logger.index_search_slowlog_rolling.name = index.search.slowlog
+logger.index_search_slowlog_rolling.level = trace
+logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling
+logger.index_search_slowlog_rolling.additivity = false
+
+appender.index_indexing_slowlog_rolling.type = RollingFile
+appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling
+appender.index_indexing_slowlog_rolling.fileName = ${sys:es.logs.base_path}_index_indexing_slowlog.log
+appender.index_indexing_slowlog_rolling.layout.type = PatternLayout
+appender.index_indexing_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.10000m%n
+appender.index_indexing_slowlog_rolling.filePattern = ${sys:es.logs.base_path}_index_indexing_slowlog-%d{yyyy-MM-dd}.log
+appender.index_indexing_slowlog_rolling.policies.type = Policies
+appender.index_indexing_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy
+appender.index_indexing_slowlog_rolling.policies.time.interval = 1
+appender.index_indexing_slowlog_rolling.policies.time.modulate = true
+
+logger.index_indexing_slowlog.name = index.indexing.slowlog.index
+logger.index_indexing_slowlog.level = trace
+logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling
+logger.index_indexing_slowlog.additivity = false
diff --git a/kubernetes/aai/components/aai-elasticsearch/templates/configmap.yaml b/kubernetes/aai/components/aai-elasticsearch/templates/configmap.yaml
new file mode 100644
index 0000000000..b3af5da60b
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/templates/configmap.yaml
@@ -0,0 +1,26 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-es-config
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-elasticsearch/templates/deployment.yaml b/kubernetes/aai/components/aai-elasticsearch/templates/deployment.yaml
new file mode 100644
index 0000000000..8fa165a5fc
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/templates/deployment.yaml
@@ -0,0 +1,120 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ hostname: {{ include "common.name" . }}
+ initContainers:
+ - command:
+ - /bin/sh
+ - -c
+ - |
+ sysctl -w vm.max_map_count=262144
+ mkdir -p /logroot/elasticsearch/logs
+ mkdir -p /logroot/elasticsearch/data
+ chmod -R 777 /logroot/elasticsearch
+ chown -R 1000:1000 /logroot
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ securityContext:
+ privileged: true
+ image: {{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ name: init-sysctl
+ volumeMounts:
+ - name: elasticsearch-data
+ mountPath: /logroot/
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - name: localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: elasticsearch-config
+ subPath: elasticsearch.yml
+ mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
+ - name: elasticsearch-config
+ subPath: jvm.options
+ mountPath: /usr/share/elasticsearch/config/jvm.options
+ - name: elasticsearch-config
+ subPath: log4j2.properties
+ mountPath: /usr/share/elasticsearch/config/log4j2.properties
+ - name: elasticsearch-data
+ mountPath: /usr/share/elasticsearch/data
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: elasticsearch-config
+ configMap:
+ name: {{ include "common.fullname" . }}-es-config
+ - name: elasticsearch-data
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-data
+ restartPolicy: {{ .Values.restartPolicy }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-elasticsearch/templates/pv.yaml b/kubernetes/aai/components/aai-elasticsearch/templates/pv.yaml
new file mode 100644
index 0000000000..0838e3367b
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/templates/pv.yaml
@@ -0,0 +1,42 @@
+{{/*
+# Copyright â–’ 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if eq "True" (include "common.needPV" .) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ include "common.release" . }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
+ annotations:
+ "helm.sh/hook": pre-upgrade,pre-install
+ "helm.sh/hook-weight": "0"
+ "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ storageClassName: "{{ include "common.fullname" . }}-data"
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-elasticsearch/templates/pvc.yaml b/kubernetes/aai/components/aai-elasticsearch/templates/pvc.yaml
new file mode 100644
index 0000000000..513a7e80f6
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/templates/pvc.yaml
@@ -0,0 +1,36 @@
+{{/*
+# Copyright â–’ 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-data
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ include "common.release" . }}"
+ heritage: "{{ .Release.Service }}"
+{{- if .Values.persistence.annotations }}
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+ storageClassName: {{ include "common.storageClass" . }}
diff --git a/kubernetes/aai/components/aai-elasticsearch/templates/service.yaml b/kubernetes/aai/components/aai-elasticsearch/templates/service.yaml
new file mode 100644
index 0000000000..68d767b380
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/templates/service.yaml
@@ -0,0 +1,44 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName2 }}
+ {{- else -}}
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ clusterIP: None
diff --git a/kubernetes/aai/components/aai-elasticsearch/values.yaml b/kubernetes/aai/components/aai-elasticsearch/values.yaml
new file mode 100644
index 0000000000..49b4c36378
--- /dev/null
+++ b/kubernetes/aai/components/aai-elasticsearch/values.yaml
@@ -0,0 +1,108 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for elasticsearch.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+ nodePortPrefix: 302
+ persistence:
+ mountPath: /dockerdata-nfs
+
+# application image
+image: elasticsearch/elasticsearch:6.1.2
+pullPolicy: Always
+restartPolicy: Always
+
+flavor: small
+flavorOverride: small
+
+# application configuration
+config:
+ tcpPort: 8443
+ nodeKeyStore: esaai-keystore.jks
+ nodeKeyStorePassword: b87b46d3da7d3d4aadfe
+ adminKeyStore: sgadmin-keystore.p12
+ adminKeyStorePassword: 341274302a70ad691e12
+ trustStore: truststore.jks
+ trustStorePassword: b200926e9da205487f63
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: aai-elasticsearch
+ portName: aai-elasticsearch
+ internalPort: 9200
+ portName2: aai-elasticsearch-tcp
+ internalPort2: 8443
+
+ingress:
+ enabled: false
+
+persistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+
+ ## database data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ ## storageClass: "-"
+ accessMode: ReadWriteOnce
+ size: 2Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: aai/elasticsearch/data
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 0.5
+ memory: 2Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 1
+ memory: 4Gi
+ unlimited: {}
diff --git a/kubernetes/common/music/charts/music-cassandra-job/.helmignore b/kubernetes/aai/components/aai-graphadmin/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/common/music/charts/music-cassandra-job/.helmignore
+++ b/kubernetes/aai/components/aai-graphadmin/.helmignore
diff --git a/kubernetes/aai/components/aai-graphadmin/Chart.yaml b/kubernetes/aai/components/aai-graphadmin/Chart.yaml
new file mode 100644
index 0000000000..2388e622a0
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/Chart.yaml
@@ -0,0 +1,23 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP AAI GraphAdmin
+name: aai-graphadmin
+version: 7.0.0
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties
new file mode 100644
index 0000000000..e9ec6850e4
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties
@@ -0,0 +1,126 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+aai.config.checktime=1000
+
+# this could come from siteconfig.pl?
+aai.config.nodename=AutomaticallyOverwritten
+
+aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
+aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+
+{{ if .Values.global.config.basic.auth.enabled }}
+aai.tools.enableBasicAuth=true
+aai.tools.username={{ .Values.global.config.basic.auth.username }}
+aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
+{{ end }}
+
+aai.truststore.filename={{ .Values.global.config.truststore.filename }}
+aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }}
+aai.keystore.filename={{ .Values.global.config.keystore.filename }}
+aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }}
+
+aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
+aai.notificationEvent.default.status=UNPROCESSED
+aai.notificationEvent.default.eventType={{ .Values.global.config.notification.eventType }}
+aai.notificationEvent.default.domain={{ .Values.global.config.notification.domain }}
+aai.notificationEvent.default.sourceName=aai
+aai.notificationEvent.default.sequenceNumber=0
+aai.notificationEvent.default.severity=NORMAL
+aai.notificationEvent.default.version={{ .Values.global.config.schema.version.api.default }}
+# This one lets us enable/disable resource-version checking on updates/deletes
+aai.resourceversion.enableflag=true
+aai.logging.maxStackTraceEntries=10
+aai.default.api.version={{ .Values.global.config.schema.version.api.default }}
+
+# Used by Data Grooming
+aai.grooming.default.max.fix={{ .Values.config.maxFix.dataGrooming | int }}
+aai.grooming.default.sleep.minutes={{ .Values.config.sleepMinutes.dataGrooming | int }}
+
+# Used by DupeTool
+aai.dupeTool.default.max.fix={{ .Values.config.maxFix.dupeTool | int }}
+aai.dupeTool.default.sleep.minutes={{ .Values.config.sleepMinutes.dupeTool | int }}
+
+
+aai.model.proc.max.levels=50
+aai.edgeTag.proc.max.levels=50
+
+# Used by the ForceDelete tool
+aai.forceDel.protected.nt.list=cloud-region
+aai.forceDel.protected.edge.count=10
+aai.forceDel.protected.descendant.count=10
+
+#used by the dataGrooming and dataSnapshot cleanup tasks
+aai.cron.enable.datagroomingcleanup={{ .Values.config.cron.dataCleanup.dataGrooming.enabled }}
+aai.cron.enable.datasnapshotcleanup={{ .Values.config.cron.dataCleanup.dataSnapshot.enabled }}
+aai.datagrooming.agezip={{ .Values.config.cron.dataCleanup.dataGrooming.ageZip | int }}
+aai.datagrooming.agedelete={{ .Values.config.cron.dataCleanup.dataGrooming.ageDelete | int }}
+
+aai.datasnapshot.agezip={{ .Values.config.cron.dataCleanup.dataSnapshot.ageZip | int }}
+aai.datasnapshot.agedelete={{ .Values.config.cron.dataCleanup.dataSnapshot.ageDelete | int }}
+
+#used by the dataSnapshot and dataGrooming tasks
+aai.cron.enable.dataSnapshot={{ .Values.config.cron.dataSnapshot.enabled }}
+
+aai.cron.enable.dataGrooming={{ .Values.config.cron.dataGrooming.enabled }}
+
+#used by the dataGrooming tasks
+aai.datagrooming.enableautofix=true
+aai.datagrooming.enabledupefixon=true
+aai.datagrooming.enabledontfixorphans=true
+aai.datagrooming.enabletimewindowminutes=true
+aai.datagrooming.enableskiphostcheck=false
+aai.datagrooming.enablesleepminutes=false
+aai.datagrooming.enableedgesonly=false
+aai.datagrooming.enableskipedgechecks=false
+aai.datagrooming.enablemaxfix=false
+aai.datagrooming.enablesinglecommits=false
+aai.datagrooming.enabledupecheckoff=false
+aai.datagrooming.enableghost2checkoff=false
+aai.datagrooming.enableghost2fixon=false
+aai.datagrooming.enablef=false
+
+# used by the dataGrooming to set values
+aai.datagrooming.timewindowminutesvalue=10500
+aai.datagrooming.sleepminutesvalue=100
+aai.datagrooming.maxfixvalue=10
+aai.datagrooming.fvalue=10
+
+#timeout for traversal enabled flag
+aai.graphadmin.timeoutenabled={{ .Values.config.timeout.enabled }}
+#default timeout limit added for graphadmin if not overridden (in ms)
+aai.graphadmin.timeoutlimit={{ .Values.config.timeout.limit }}
+
+#timeout app specific -1 to bypass for that app id, a whole number to override the timeout with that value (in ms)
+aai.graphadmin.timeout.appspecific={{ .Values.global.config.realtime.clients }}
+
+# Disable the process check which are oriented towards linux OS
+# These props should only be true for local on windows
+aai.disable.check.snapshot.running=false
+aai.disable.check.grooming.running=false
+
+# Specify the params listed right here that you would have send to the dataSnapshot shell script
+# JUST_TAKE_SNAPSHOT
+# THREADED_SNAPSHOT 2 DEBUG
+# THREADED_SNAPSHOT 2
+aai.datasnapshot.params={{ .Values.config.cron.dataSnapshot.params }}
+
+# Concurrency lock control flag
+aai.lock.uri.enabled={{ .Values.config.aai.lock.uri.enabled }}
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
new file mode 100644
index 0000000000..7cc354ac53
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
@@ -0,0 +1,111 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# The following info parameters are being referenced by ajsc6
+info.build.artifact=aai-graphadmin
+info.build.name=resources
+info.build.description=Resources Microservice
+info.build.version=1.2.0
+
+spring.application.name=aai-graphadmin
+spring.jersey.type=filter
+
+spring.main.allow-bean-definition-overriding=true
+server.servlet.context-path=/
+
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+
+spring.profiles.active={{ .Values.config.profiles.active }}
+spring.jersey.application-path=${schema.uri.base.path}
+#The max number of active threads in this pool
+server.tomcat.max-threads=200
+#The minimum number of threads always kept alive
+server.tomcat.min-Spare-Threads=25
+#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads
+server.tomcat.max-idle-time=60000
+
+# If you get an application startup failure that the port is already taken
+# If thats not it, please check if the key-store file path makes sense
+server.local.startpath=aai-graphadmin/src/main/resources/
+server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
+
+server.port=8449
+server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
+server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
+server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
+server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
+server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+server.ssl.client-auth=want
+server.ssl.key-store-type=JKS
+
+# JMS bind address host port
+jms.bind.address=tcp://localhost:61649
+dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905
+dmaap.ribbon.transportType=https
+
+# Schema related attributes for the oxm and edges
+# Any additional schema related attributes should start with prefix schema
+schema.configuration.location=N/A
+schema.source.name={{ .Values.global.config.schema.source.name }}
+schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/
+schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/
+
+schema.ingest.file=${server.local.startpath}/application.properties
+
+# Schema Version Related Attributes
+
+schema.uri.base.path={{ .Values.global.config.schema.uri.base.path }}
+# Lists all of the versions in the schema
+schema.version.list={{ .Values.global.config.schema.version.list }}
+# Specifies from which version should the depth parameter to default to zero
+schema.version.depth.start={{ .Values.global.config.schema.version.depth }}
+# Specifies from which version should the related link be displayed in response payload
+schema.version.related.link.start={{ .Values.global.config.schema.version.related.link }}
+
+# Specifies from which version should the client see only the uri excluding host info
+# Before this version server base will also be included
+schema.version.app.root.start={{ .Values.global.config.schema.version.app.root }}
+# Specifies from which version should the namespace be changed
+schema.version.namespace.change.start={{ .Values.global.config.schema.version.namespace.change }}
+# Specifies from which version should the client start seeing the edge label in payload
+schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.label }}
+# Specifies the version that the application should default to
+schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
+
+schema.translator.list={{ .Values.global.config.schema.translator.list }}
+schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.nodes.endpoint=nodes?version=
+schema.service.edges.endpoint=edgerules?version=
+schema.service.versions.endpoint=versions
+schema.service.client={{ .Values.global.config.schema.service.client }}
+
+schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
+schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
+schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
+schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+
+aperture.rdbmsname=aai_relational
+
+aperture.service.client={{ .Values.global.config.schema.service.client }}
+aperture.service.base.url=http://localhost:8457/aai/aperture
+aperture.service.ssl.key-store=${server.local.startpath}etc/auth/{{ .Values.global.config.keystore.filename }}
+aperture.service.ssl.trust-store=${server.local.startpath}etc/auth/{{ .Values.global.config.truststore.filename }}
+aperture.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
+aperture.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+aperture.service.timeout-in-milliseconds=300000
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-cached.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-cached.properties
new file mode 100644
index 0000000000..232262e8c2
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-cached.properties
@@ -0,0 +1,97 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+query.fast-property=true
+query.smart-limit=false
+
+{{ if .Values.global.config.cluster.cassandra.dynamic }}
+
+storage.backend=cql
+storage.hostname={{.Values.global.cassandra.serviceName}}
+storage.cql.keyspace=aaigraph
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+
+{{ else }}
+
+{{ if .Values.global.config.storage }}
+
+storage.backend={{ .Values.global.config.storage.backend }}
+
+{{ if eq .Values.global.config.storage.backend "cassandra" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cassandra.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }}
+storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }}
+storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }}
+storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }}
+storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "cql" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cql.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }}
+
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "hbase" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.hbase.table={{ .Values.global.config.storage.name }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ end }}
+
+{{ end }}
+
+{{ end }}
+
+storage.lock.wait-time=300
+#caching on
+cache.db-cache = true
+cache.db-cache-clean-wait = 20
+cache.db-cache-time = 180000
+cache.db-cache-size = 0.3
+
+#load graphson file on startup
+load.snapshot.file=false
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-realtime.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-realtime.properties
new file mode 100644
index 0000000000..923611d2ea
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-realtime.properties
@@ -0,0 +1,91 @@
+#
+# ============LICENSE_START=======================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+query.fast-property=true
+query.smart-limit=false
+
+{{ if .Values.global.config.cluster.cassandra.dynamic }}
+
+storage.backend=cql
+storage.hostname={{.Values.global.cassandra.serviceName}}
+storage.cql.keyspace=aaigraph
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+
+{{ else }}
+
+{{ if .Values.global.config.storage }}
+
+storage.backend={{ .Values.global.config.storage.backend }}
+
+{{ if eq .Values.global.config.storage.backend "cassandra" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cassandra.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }}
+storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }}
+storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }}
+storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }}
+storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "cql" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cql.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }}
+
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "hbase" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.hbase.table={{ .Values.global.config.storage.name }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ end }}
+
+{{ end }}
+
+{{ end }}
+
+storage.lock.wait-time=300
+# Setting db-cache to false ensure the fastest propagation of changes across servers
+cache.db-cache = false
+#load graphson file on startup
+load.snapshot.file=false
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-graphadmin/resources/config/localhost-access-logback.xml
new file mode 100644
index 0000000000..95d41235b2
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/localhost-access-logback.xml
@@ -0,0 +1,60 @@
+<!--
+
+ ============LICENSE_START=======================================================
+ org.onap.aai
+ ================================================================================
+ Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+
+-->
+<configuration>
+ <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
+ <appender name="ACCESS"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
+ <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>
+ </encoder>
+ </appender>
+ <appender-ref ref="ACCESS" />
+</configuration>
+
+<!--
+%a - Remote IP address
+%A - Local IP address
+%b - Bytes sent, excluding HTTP headers, or '-' if no bytes were sent
+%B - Bytes sent, excluding HTTP headers
+%h - Remote host name
+%H - Request protocol
+%l - Remote logical username from identd (always returns '-')
+%m - Request method
+%p - Local port
+%q - Query string (prepended with a '?' if it exists, otherwise an empty string
+%r - First line of the request
+%s - HTTP status code of the response
+%S - User session ID
+%t - Date and time, in Common Log Format format
+%u - Remote user that was authenticated
+%U - Requested URL path
+%v - Local server name
+%I - current request thread name (can compare later with stacktraces)
+
+%z - Custom pattern that parses the cert for the subject
+%y - Custom pattern determines rest or dme2
+ --> \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml b/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml
new file mode 100644
index 0000000000..553de3f134
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml
@@ -0,0 +1,958 @@
+<?xml version="1.0"?>
+<!--
+
+ ============LICENSE_START=======================================================
+ org.onap.aai
+ ================================================================================
+ Copyright 2019 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+
+-->
+<configuration scan="true" scanPeriod="60 seconds" debug="false">
+ <statusListener class="ch.qos.logback.core.status.NopStatusListener"/>
+ <property resource="application.properties"/>
+ <property name="namespace" value="graph-admin"/>
+ <property name="AJSC_HOME" value="${AJSC_HOME:-.}"/>
+ <property name="logDirectory" value="${AJSC_HOME}/logs"/>
+ <!-- Old patterns
+ <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%X{serviceName}|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfTransLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%X{serviceName}|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{partnerName}:%m%n"/>
+ -->
+ <property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}"/>
+ <property name="p_lvl" value="%level"/>
+ <property name="p_log" value="%logger"/>
+ <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
+ <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_thr" value="%thread"/>
+ <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
+ <!-- Patterns from onap demo -->
+ <property name="errorPattern" value="%X{LogTimestamp}|%X{RequestID}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n"/>
+ <property name="debugPattern" value="%X{LogTimestamp}|%X{RequestID}|%msg\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t|^%n"/>
+ <property name="auditPattern" value="%X{EntryTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}||||${p_mak}|${p_mdc}|||%msg%n"/>
+ <property name="metricPattern" value="%X{InvokeTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|${p_mak}|${p_mdc}|||%msg%n"/>
+ <property name="transLogPattern" value="%X{LogTimestamp}|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{RequestID}|%X{ServiceInstanceID}|%-10t|%X{ServerFQDN}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%replace(%replace(%X{ResponseDesc}){'\\|', '!'}){'\r|\n', '^'}|%X{InstanceUUID}|%level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{clientIpAddress}||%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{PartnerName}:%m%n"/>
+ <conversionRule conversionWord="clr" converterClass="org.springframework.boot.logging.logback.ColorConverter"/>
+ <conversionRule conversionWord="wex" converterClass="org.springframework.boot.logging.logback.WhitespaceThrowableProxyConverter"/>
+ <conversionRule conversionWord="wEx" converterClass="org.springframework.boot.logging.logback.ExtendedWhitespaceThrowableProxyConverter"/>
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>
+ %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}
+ </pattern>
+ </encoder>
+ </appender>
+ <appender name="SANE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/rest/sane.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/sane.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+ </pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncSANE" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="SANE"/>
+ </appender>
+ <appender name="METRIC" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/rest/metrics.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${metricPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncMETRIC" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="METRIC"/>
+ </appender>
+ <appender name="DEBUG" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <file>${logDirectory}/rest/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncDEBUG" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <appender-ref ref="DEBUG"/>
+ <includeCallerData>true</includeCallerData>
+ </appender>
+ <appender name="ERROR" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/rest/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncERROR" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <appender-ref ref="ERROR"/>
+ </appender>
+ <appender name="AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/rest/audit.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/audit.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncAUDIT" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="AUDIT"/>
+ </appender>
+ <appender name="translog" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <file>${logDirectory}/rest/translog.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/translog.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${transLogPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asynctranslog" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="translog"/>
+ </appender>
+ <appender name="dmaapAAIEventConsumer" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <File>${logDirectory}/dmaapAAIEventConsumer/error.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${"errorPattern"}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dmaapAAIEventConsumerInfo" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dmaapAAIEventConsumerDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dmaapAAIEventConsumer/debug.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dmaapAAIEventConsumerMetric" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dmaapAAIEventConsumer/metrics.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${metricPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="external" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <file>${logDirectory}/external/external.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/external/external.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <!-- DataGrooming logs started -->
+ <appender name="dataGrooming" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <File>${logDirectory}/dataGrooming/error.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dataGrooming/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dataGroomingdebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dataGrooming/debug.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dataGrooming/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dataGroomingaudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dataGrooming/audit.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dataGrooming/audit.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditPattern}</pattern>
+ </encoder>
+ </appender>
+ <!-- DataGrooming logs ended -->
+ <!-- DataSnapshot logs started -->
+ <appender name="dataSnapshot" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <File>${logDirectory}/dataSnapshot/error.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dataSnapshot/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dataSnapshotdebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dataSnapshot/debug.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dataSnapshot/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dataSnapshotaudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dataSnapshot/audit.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dataSnapshot/audit.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditPattern}</pattern>
+ </encoder>
+ </appender>
+ <!-- DataSnapshot logs ended -->
+ <!-- HistoryTruncate logs started -->
+ <appender name="historyTruncate" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <File>${logDirectory}/historyTruncate/error.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/historyTruncate/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="historyTruncatedebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/historyTruncate/debug.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/historyTruncate/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="historyTruncateaudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/historyTruncate/audit.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/historyTruncate/audit.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditPattern}</pattern>
+ </encoder>
+ </appender>
+ <!-- historyTruncate logs ended -->
+ <!-- CreateDBSchema logs started -->
+ <appender name="createDBSchema" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <File>${logDirectory}/createDBSchema/error.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/createDBSchema/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${"errorPattern"}</pattern>
+ </encoder>
+ </appender>
+ <appender name="createDBSchemadebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/createDBSchema/debug.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/createDBSchema/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="createDBSchemametric" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/createDBSchema/metrics.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/createDBSchema/metrics.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${metricPattern}</pattern>
+ </encoder>
+ </appender>
+ <!-- CreateDBSchema logs ended -->
+ <!-- DataCleanupTasks logs started -->
+ <appender name="dataCleanuperror" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <File>${logDirectory}/misc/error.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/misc/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${"errorPattern"}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dataCleanupdebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/misc/debug.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/misc/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dataCleanupaudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/misc/audit.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/misc/audit.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditPattern}</pattern>
+ </encoder>
+ </appender>
+ <!-- DataCleanupTasks logs ended -->
+ <!-- dupeTool logs started -->
+ <appender name="dupeTooldebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dupetool/debug.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dupetool/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dupeToolerror" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>WARN</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dupeTool/error.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dupeTool/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+ <!-- dupeTool logs ended -->
+ <!-- dynamicPayloadGenerator log starts here -->
+ <appender name="dynamicPayloadGeneratorError" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <File>${logDirectory}/dynamicPayloadGenerator/error.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dynamicPayloadGenerator/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dynamicPayloadGeneratorDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dynamicPayloadGenerator/debug.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dynamicPayloadGenerator/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dynamicPayloadGeneratorAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dataExport/audit.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dynamicPayloadGenerator/audit.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditPattern}</pattern>
+ </encoder>
+ </appender>
+ <!-- dynamicPayloadGenerator log ends here -->
+ <!-- forceDelete logs started -->
+ <appender name="forceDeletedebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/forceDelete/debug.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/forceDelete/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="forceDeleteerror" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>WARN</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/forceDelete/error.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/forceDelete/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+ <!-- forceDelete logs ended -->
+ <!-- migration logs started -->
+ <appender name="migrationdebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/migration/debug.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/migration/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="migrationerror" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>WARN</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/migration/error.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/migration/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+ <!-- migration logs ended -->
+ <!-- DataGrooming logs started -->
+ <appender name="dataExportError" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <File>${logDirectory}/dataExport/error.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dataExport/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dataExportDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dataExport/debug.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dataExport/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dataExportAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dataExport/audit.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dataExport/audit.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditPattern}</pattern>
+ </encoder>
+ </appender>
+ <!-- schemaMod log starts -->
+ <appender name="schemaModdebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/schemaMod/debug.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/schemaMod/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="schemaModerror" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>WARN</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/schemaMod/error.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/schemaMod/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+ <!-- schemaMod log ends -->
+ <!-- uniquePropertyCheck log starts here -->
+ <appender name="uniquePropertyCheckdebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/uniquePropertyCheck/debug.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/uniquePropertyCheck/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="uniquePropertyCheckmetric" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/uniquePropertyCheck/metrics.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/uniquePropertyCheck/metrics.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${metricPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="uniquePropertyCheckerror" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>WARN</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/uniquePropertyCheck/error.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/uniquePropertyCheck/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+ <!-- uniquePropertyCheck log ends here -->
+ <!-- dynamicPayloadGenerator log starts here -->
+ <appender name="dynamicPayloadGeneratorError" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <File>${logDirectory}/dynamicPayloadGenerator/error.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dynamicPayloadGenerator/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dynamicPayloadGeneratorDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dynamicPayloadGenerator/debug.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dynamicPayloadGenerator/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dynamicPayloadGeneratorAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dataExport/audit.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dynamicPayloadGenerator/audit.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditPattern}</pattern>
+ </encoder>
+ </appender>
+ <!-- dynamicPayloadGenerator log ends here -->
+ <logger name="org.onap.aai" level="DEBUG" additivity="false">
+ <appender-ref ref="asyncDEBUG"/>
+ <appender-ref ref="asyncSANE"/>
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN"/>
+ <logger name="org.springframework.beans" level="WARN"/>
+ <logger name="org.springframework.web" level="WARN"/>
+ <logger name="com.blog.spring.jms" level="WARN"/>
+ <logger name="com.jayway.jsonpath" level="WARN"/>
+ <!-- AJSC Services (bootstrap services) -->
+ <logger name="ajsc" level="WARN"/>
+ <logger name="ajsc.RouteMgmtService" level="WARN"/>
+ <logger name="ajsc.ComputeService" level="WARN"/>
+ <logger name="ajsc.VandelayService" level="WARN"/>
+ <logger name="ajsc.FilePersistenceService" level="WARN"/>
+ <logger name="ajsc.UserDefinedJarService" level="WARN"/>
+ <logger name="ajsc.UserDefinedBeansDefService" level="WARN"/>
+ <logger name="ajsc.LoggingConfigurationService" level="WARN"/>
+ <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet
+ logging) -->
+ <logger name="org.codehaus.groovy" level="WARN"/>
+ <logger name="com.att.scamper" level="WARN"/>
+ <logger name="ajsc.utils" level="WARN"/>
+ <logger name="ajsc.utils.DME2Helper" level="WARN"/>
+ <logger name="ajsc.filters" level="WARN"/>
+ <logger name="ajsc.beans.interceptors" level="WARN"/>
+ <logger name="ajsc.restlet" level="WARN"/>
+ <logger name="ajsc.servlet" level="WARN"/>
+ <logger name="com.att.ajsc" level="WARN"/>
+ <logger name="com.att.ajsc.csi.logging" level="WARN"/>
+ <logger name="com.att.ajsc.filemonitor" level="WARN"/>
+ <logger name="com.netflix.loadbalancer" level="WARN"/>
+ <logger name="org.apache.zookeeper" level="WARN"/>
+ <!-- Other Loggers that may help troubleshoot -->
+ <logger name="net.sf" level="WARN"/>
+ <logger name="org.apache.commons.httpclient" level="WARN"/>
+ <logger name="org.apache.commons" level="WARN"/>
+ <logger name="org.apache.coyote" level="WARN"/>
+ <logger name="org.apache.jasper" level="WARN"/>
+ <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+ May aid in troubleshooting) -->
+ <logger name="org.apache.camel" level="WARN"/>
+ <logger name="org.apache.cxf" level="WARN"/>
+ <logger name="org.apache.camel.processor.interceptor" level="WARN"/>
+ <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN"/>
+ <logger name="org.apache.cxf.service" level="WARN"/>
+ <logger name="org.restlet" level="WARN"/>
+ <logger name="org.apache.camel.component.restlet" level="WARN"/>
+ <logger name="org.hibernate.validator" level="WARN"/>
+ <logger name="org.hibernate" level="WARN"/>
+ <logger name="org.hibernate.ejb" level="OFF"/>
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="WARN"/>
+ <logger name="ch.qos.logback.core" level="WARN"/>
+ <logger name="org.eclipse.jetty" level="WARN"/>
+ <!-- logback jms appenders & loggers definition starts here -->
+ <appender name="auditLogs" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter"/>
+ <file>${logDirectory}/perf-audit/Audit-${lrmRVer}-${lrmRO}-${Pid}.log
+ </file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/perf-audit/Audit-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>auditPattern</pattern>
+ </encoder>
+ </appender>
+ <appender name="perfLogs" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter"/>
+ <file>${logDirectory}/perf-audit/Perform-${lrmRVer}-${lrmRO}-${Pid}.log
+ </file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/perf-audit/Perform-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+ <appender name="auth" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>DEBUG</level>
+ </filter>
+ <file>${logDirectory}/auth/auth.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/auth/auth.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncAUTH" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="auth"/>
+ </appender>
+ <logger name="AuditRecord" level="INFO" additivity="false">
+ <appender-ref ref="auditLogs"/>
+ </logger>
+ <logger name="AuditRecord_DirectCall" level="INFO" additivity="false">
+ <appender-ref ref="auditLogs"/>
+ </logger>
+ <logger name="PerfTrackerRecord" level="INFO" additivity="false">
+ <appender-ref ref="perfLogs"/>
+ </logger>
+ <!-- logback jms appenders & loggers definition ends here -->
+ <logger name="org.onap.aai.aaf" level="DEBUG" additivity="false">
+ <appender-ref ref="asyncAUTH"/>
+ </logger>
+ <logger name="org.onap.aai.aailog.filter.RestClientLoggingInterceptor" level="INFO">
+ <appender-ref ref="asyncMETRIC"/>
+ </logger>
+ <logger name="org.onap.logging.filter.base.AbstractMetricLogFilter" level="INFO">
+ <appender-ref ref="asyncMETRIC"/>
+ </logger>
+ <logger name="org.onap.aai.aailog.logs.AaiScheduledTaskAuditLog" level="INFO">
+ <appender-ref ref="asyncAUDIT"/>
+ </logger>
+ <logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level="INFO">
+ <appender-ref ref="asyncAUDIT"/>
+ </logger>
+ <logger name="org.onap.aai.aailog.logs.AaiDBMetricLog" level="INFO">
+ <appender-ref ref="asyncMETRIC"/>
+ </logger>
+ <logger name="org.onap.aai.logging.ErrorLogHelper" level="WARN">
+ <appender-ref ref="asyncERROR"/>
+ </logger>
+ <logger name="org.onap.aai.interceptors.post" level="DEBUG" additivity="false">
+ <appender-ref ref="asynctranslog"/>
+ </logger>
+ <logger name="org.onap.aai.dmaap" level="DEBUG" additivity="false">
+ <appender-ref ref="dmaapAAIEventConsumer"/>
+ <appender-ref ref="dmaapAAIEventConsumerDebug"/>
+ <appender-ref ref="dmaapAAIEventConsumerMetric"/>
+ </logger>
+ <logger name="org.onap.aai.datasnapshot" level="DEBUG" additivity="false">
+ <appender-ref ref="dataSnapshot"/>
+ <appender-ref ref="dataSnapshotdebug"/>
+ <appender-ref ref="dataSnapshotaudit"/>
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.historytruncate" level="DEBUG" additivity="false">
+ <appender-ref ref="historyTruncate"/>
+ <appender-ref ref="historyTruncatedebug"/>
+ <appender-ref ref="historyTruncateaudit"/>
+ </logger>
+ <logger name="org.onap.aai.datagrooming" level="DEBUG" additivity="false">
+ <appender-ref ref="dataGrooming"/>
+ <appender-ref ref="dataGroomingdebug"/>
+ <appender-ref ref="dataGroomingaudit"/>
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.schema" level="DEBUG" additivity="false">
+ <appender-ref ref="createDBSchema"/>
+ <appender-ref ref="createDBSchemadebug"/>
+ <appender-ref ref="createDBSchemametric"/>
+ </logger>
+ <logger name="org.onap.aai.dbgen.DupeTool" level="DEBUG" additivity="false">
+ <appender-ref ref="dupeTooldebug"/>
+ <appender-ref ref="dupeToolerror"/>
+ </logger>
+ <logger name="org.onap.aai.dbgen.DynamicPayloadGenerator" level="DEBUG" additivity="false">
+ <appender-ref ref="dynamicPayloadGeneratorAudit"/>
+ <appender-ref ref="dynamicPayloadGeneratorError"/>
+ <appender-ref ref="dynamicPayloadGeneratorDebug"/>
+ </logger>
+ <logger name="org.onap.aai.dbgen" level="DEBUG" additivity="false">
+ <appender-ref ref="createDBSchema"/>
+ <appender-ref ref="createDBSchemadebug"/>
+ <appender-ref ref="createDBSchemametric"/>
+ </logger>
+ <logger name="org.onap.aai.datacleanup" level="DEBUG" additivity="false">
+ <appender-ref ref="dataCleanuperror"/>
+ <appender-ref ref="dataCleanupdebug"/>
+ <appender-ref ref="dataCleanupaudit"/>
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.onap.aai.migration" level="DEBUG" additivity="false">
+ <appender-ref ref="migrationdebug"/>
+ <appender-ref ref="migrationerror"/>
+ </logger>
+ <logger name="org.onap.aai.util.SendMigrationNotifications" level="DEBUG" additivity="false">
+ <appender-ref ref="migrationdebug"/>
+ <appender-ref ref="migrationerror"/>
+ </logger>
+ <logger name="org.onap.aai.util.SendDeleteMigrationNotifications" level="DEBUG" additivity="false">
+ <appender-ref ref="migrationdebug"/>
+ <appender-ref ref="migrationerror"/>
+ </logger>
+ <logger name="org.onap.aai.dataexport" level="DEBUG" additivity="false">
+ <appender-ref ref="dataExportError"/>
+ <appender-ref ref="dataExportDebug"/>
+ <appender-ref ref="dataExportAudit"/>
+ <appender-ref ref="STDOUT"/>
+ </logger>
+ <logger name="org.apache" level="WARN"/>
+ <logger name="org.zookeeper" level="WARN"/>
+ <logger name="com.netflix" level="WARN"/>
+ <logger name="org.janusgraph" level="WARN"/>
+ <logger name="com.att.aft.dme2" level="WARN"/>
+ <!-- ============================================================================ -->
+ <!-- General EELF logger -->
+ <!-- ============================================================================ -->
+ <logger name="com.att.eelf" level="WARN" additivity="false">
+ <appender-ref ref="asyncDEBUG"/>
+ <appender-ref ref="asyncERROR"/>
+ <appender-ref ref="asyncMETRIC"/>
+ </logger>
+ <root level="DEBUG">
+ <appender-ref ref="external"/>
+ <appender-ref ref="STDOUT"/>
+ </root>
+</configuration>
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-cached.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-cached.properties
new file mode 100644
index 0000000000..b8f9a7fd38
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-cached.properties
@@ -0,0 +1,70 @@
+#
+# ============LICENSE_START=======================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+query.fast-property=true
+query.smart-limit=false
+
+{{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
+
+storage.backend=cql
+storage.hostname={{ .Values.global.cassandra.existingInstServiceName | default .Values.global.cassandra.serviceName }}
+storage.cql.keyspace=aaigraph
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+{{- else }}
+{{- if .Values.global.jobs.migration.remoteCassandra.storage }}
+storage.backend={{ .Values.global.jobs.migration.remoteCassandra.storage.backend }}
+storage.hostname={{ .Values.global.jobs.migration.remoteCassandra.storage.hostname }}
+{{- if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cassandra" }}
+storage.cassandra.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }}
+storage.cassandra.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.readConsistency }}
+storage.cassandra.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.writeConsistency }}
+storage.cassandra.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.replicationFactor | int }}
+storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy
+
+{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cql" }}
+storage.cql.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }}
+storage.cql.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.replicationFactor | int }}
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localDataCenter }}
+
+{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "hbase" }}
+storage.hbase.table={{ .Values.global.jobs.migration.remoteCassandra.storage.name }}
+{{- end }}
+storage.connection-timeout={{ .Values.global.jobs.migration.remoteCassandra.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.jobs.migration.remoteCassandra.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.jobs.migration.remoteCassandra.storage.keyConsistent }}
+{{- end }}
+{{- end }}
+storage.lock.wait-time=300
+
+#caching on
+cache.db-cache = true
+cache.db-cache-clean-wait = 20
+cache.db-cache-time = 180000
+cache.db-cache-size = 0.3
+
+#load graphson file on startup
+load.snapshot.file=false
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-real.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-real.properties
new file mode 100644
index 0000000000..4b7261e937
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-real.properties
@@ -0,0 +1,65 @@
+#
+# ============LICENSE_START=======================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+query.fast-property=true
+query.smart-limit=false
+
+{{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
+
+storage.backend=cql
+storage.hostname={{ .Values.global.cassandra.existingInstServiceName | default .Values.global.cassandra.serviceName }}
+storage.cql.keyspace=aaigraph
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+{{- else }}
+{{- if .Values.global.jobs.migration.remoteCassandra.storage }}
+storage.backend={{ .Values.global.jobs.migration.remoteCassandra.storage.backend }}
+storage.hostname={{ .Values.global.jobs.migration.remoteCassandra.storage.hostname }}
+{{- if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cassandra" }}
+storage.cassandra.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }}
+storage.cassandra.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.readConsistency }}
+storage.cassandra.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.writeConsistency }}
+storage.cassandra.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.replicationFactor | int }}
+storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy
+
+{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cql" }}
+storage.cql.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }}
+storage.cql.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.replicationFactor | int }}
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localDataCenter }}
+
+{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "hbase" }}
+storage.hbase.table={{ .Values.global.jobs.migration.remoteCassandra.storage.name }}
+{{- end }}
+storage.connection-timeout={{ .Values.global.jobs.migration.remoteCassandra.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.jobs.migration.remoteCassandra.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.jobs.migration.remoteCassandra.storage.keyConsistent }}
+{{- end }}
+{{- end }}
+storage.lock.wait-time=300
+# Setting db-cache to false ensure the fastest propagation of changes across servers
+cache.db-cache = false
+#load graphson file on startup
+load.snapshot.file=false
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/realm.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/realm.properties
new file mode 100644
index 0000000000..97627eac16
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/realm.properties
@@ -0,0 +1,42 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+# format : username: password[,rolename ...]
+# default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader...
+AAI:OBF:1gfr1ev31gg7,admin
+MSO:OBF:1jzx1lz31k01,admin
+SDNC:OBF:1itr1i0l1i151isv,admin
+DCAE:OBF:1g8u1f9d1f991g8w,admin
+POLICY:OBF:1mk61i171ima1im41i0j1mko,admin
+ASDC:OBF:1f991j0u1j001f9d,admin
+VID:OBF:1jm91i0v1jl9,admin
+APPC:OBF:1f991ksf1ksf1f9d,admin
+ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin
+AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin
+OOF:OBF:1img1ke71ily,admin
+aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml b/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml
new file mode 100644
index 0000000000..e70474362d
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml
@@ -0,0 +1,63 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ {{- if .Values.global.jobs.migration.enabled }}
+ annotations:
+ "helm.sh/hook": pre-upgrade,pre-install
+ "helm.sh/hook-weight": "0"
+ "helm.sh/hook-delete-policy": before-hook-creation
+ {{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }}
+
+{{- if .Values.global.jobs.migration.enabled }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-migration-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ "helm.sh/hook": pre-upgrade,pre-install
+ "helm.sh/hook-weight": "0"
+ "helm.sh/hook-delete-policy": before-hook-creation
+data:
+{{ tpl (.Files.Glob "resources/config/migration/*").AsConfig . | indent 2 }}
+{{- end }}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
new file mode 100644
index 0000000000..a43e984afe
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
@@ -0,0 +1,187 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ spec:
+ hostname: aai-graphadmin
+ {{ if .Values.global.initContainers.enabled }}
+ initContainers:
+ - command:
+ {{ if .Values.global.jobs.migration.enabled }}
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-aai-graphadmin-migration
+ {{ else if .Values.global.jobs.createSchema.enabled }}
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-aai-graphadmin-create-db-schema
+ {{ else }}
+ - /app/ready.py
+ args:
+ - --container-name
+ {{- if .Values.global.cassandra.localCluster }}
+ - aai-cassandra
+ {{- else }}
+ - cassandra
+ {{- end }}
+ - --container-name
+ - aai-schema-service
+ {{ end }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ {{ end }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: LOCAL_USER_ID
+ value: {{ .Values.global.config.userId | quote }}
+ - name: LOCAL_GROUP_ID
+ value: {{ .Values.global.config.groupId | quote }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: janusgraph-realtime.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: janusgraph-cached.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-RES
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: localhost-access-logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/realm.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: realm.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ {{ $global := . }}
+ {{ range $job := .Values.global.config.auth.files }}
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }}
+ name: {{ include "common.fullname" $global }}-auth-truststore-sec
+ subPath: {{ . }}
+ {{ end }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+
+ # side car containers
+ - name: filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ name: filebeat-conf
+ - mountPath: /var/log/onap
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /usr/share/filebeat/data
+ name: {{ include "common.fullname" . }}-filebeat
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: filebeat-conf
+ configMap:
+ name: aai-filebeat
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-auth-truststore-sec
+ secret:
+ secretName: aai-common-truststore
+ items:
+ {{ range $job := .Values.global.config.auth.files }}
+ - key: {{ . }}
+ path: {{ . }}
+ {{ end }}
+ restartPolicy: {{ .Values.restartPolicy }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
new file mode 100644
index 0000000000..3111d0cf15
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
@@ -0,0 +1,141 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# In ONAP, the following job will always be run on each installation
+# The following job will go through the latest oxm and
+# create properties based on the data type defined in the oxm
+# and create the required indexes for the appropriate properties
+# This can be run multiple times as the code if the index or property already exists
+# then the index or property won't be created again
+# NOTE - During the execution of the createSchema job, there should
+# be no other janusgraph connection to the graph as its the reason
+# that resources traversal and graphadmin wait until this job is done
+# If you are using an existing cassandra cluster not coming from oom
+# then it is your job to ensure that there are no connections to the database
+
+{{- if .Values.global.jobs.migration.enabled }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-db-backup
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-job
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ annotations:
+ "helm.sh/hook": pre-upgrade,pre-install
+ "helm.sh/hook-weight": "2"
+ "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-job
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ {{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
+ initContainers:
+ - command:
+ - /bin/bash
+ - -c
+ - /app/ready.py --container-name aai-cassandra --timeout 1 || /app/ready.py --container-name cassandra
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-db-backup-readiness
+ {{- end }}
+ containers:
+ - name: {{ include "common.name" . }}-db-backup-job
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/bash
+ - docker-entrypoint.sh
+ - dataSnapshot.sh
+ env:
+ - name: LOCAL_USER_ID
+ value: {{ .Values.global.config.userId | quote }}
+ - name: LOCAL_GROUP_ID
+ value: {{ .Values.global.config.groupId | quote }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots
+ name: {{ include "common.fullname" . }}-snapshots
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+ name: {{ include "common.fullname" . }}-migration
+ subPath: janusgraph-migration-real.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
+ name: {{ include "common.fullname" . }}-migration
+ subPath: janusgraph-migration-cached.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-RES/
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: localhost-access-logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ resources:
+{{ include "common.resources" . | indent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-migration
+ configMap:
+ name: {{ include "common.fullname" . }}-migration-configmap
+ - name: {{ include "common.fullname" . }}-snapshots
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-migration
+ restartPolicy: Never
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ end }}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
new file mode 100644
index 0000000000..fe3e6e81be
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
@@ -0,0 +1,150 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# In ONAP, the following job will always be run on each installation
+# The following job will go through the latest oxm and
+# create properties based on the data type defined in the oxm
+# and create the required indexes for the appropriate properties
+# This can be run multiple times as the code if the index or property already exists
+# then the index or property won't be created again
+# NOTE - During the execution of the createSchema job, there should
+# be no other janusgraph connection to the graph as its the reason
+# that resources traversal and graphadmin wait until this job is done
+# If you are using an existing cassandra cluster not coming from oom
+# then it is your job to ensure that there are no connections to the database
+
+{{- if and ( not .Values.global.jobs.migration.enabled ) ( .Values.global.jobs.createSchema.enabled ) }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-create-db-schema
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-job
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-job
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ {{- if .Values.global.cassandra.localCluster }}
+ - aai-cassandra
+ {{- else }}
+ - cassandra
+ {{- end }}
+ - --container-name
+ - aai-schema-service
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}-job
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/bash
+ - docker-entrypoint.sh
+ - createDBSchema.sh
+ env:
+ - name: LOCAL_USER_ID
+ value: {{ .Values.global.config.userId | quote }}
+ - name: LOCAL_GROUP_ID
+ value: {{ .Values.global.config.groupId | quote }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: janusgraph-realtime.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: janusgraph-cached.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-GA
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: localhost-access-logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ {{ $global := . }}
+ {{ range $job := .Values.global.config.auth.files }}
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }}
+ name: {{ include "common.fullname" $global }}-auth-truststore-sec
+ subPath: {{ . }}
+ {{ end }}
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: filebeat-conf
+ configMap:
+ name: aai-filebeat
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-auth-truststore-sec
+ secret:
+ secretName: aai-common-truststore
+ items:
+ {{ range $job := .Values.global.config.auth.files }}
+ - key: {{ . }}
+ path: {{ . }}
+ {{ end }}
+ restartPolicy: Never
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ end }}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
new file mode 100644
index 0000000000..f95557d4f0
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
@@ -0,0 +1,309 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# In ONAP, the following job will always be run on each installation
+# The following job will go through the latest oxm and
+# create properties based on the data type defined in the oxm
+# and create the required indexes for the appropriate properties
+# This can be run multiple times as the code if the index or property already exists
+# then the index or property won't be created again
+# NOTE - During the execution of the createSchema job, there should
+# be no other janusgraph connection to the graph as its the reason
+# that resources traversal and graphadmin wait until this job is done
+# If you are using an existing cassandra cluster not coming from oom
+# then it is your job to ensure that there are no connections to the database
+
+{{- if .Values.global.jobs.migration.enabled }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-migration
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-job
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ "helm.sh/hook": post-upgrade,post-rollback,post-install
+ "helm.sh/hook-weight": "1"
+ "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-job
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ {{- if .Values.global.cassandra.localCluster }}
+ - aai-cassandra
+ {{- else }}
+ - cassandra
+ {{- end }}
+ - --container-name
+ - aai-schema-service
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ - command:
+ - /bin/bash
+ - -c
+ - bash docker-entrypoint.sh dataRestoreFromSnapshot.sh `ls -t /opt/app/aai-graphadmin/logs/data/dataSnapshots|head -1|awk -F".P" '{ print $1 }'`
+ env:
+ - name: LOCAL_USER_ID
+ value: {{ .Values.global.config.userId | quote }}
+ - name: LOCAL_GROUP_ID
+ value: {{ .Values.global.config.groupId | quote }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: janusgraph-realtime.properties
+ - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots
+ name: {{ include "common.fullname" . }}-snapshots
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: janusgraph-cached.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-GA
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: localhost-access-logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ {{ $global := . }}
+ {{ range $job := .Values.global.config.auth.files }}
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }}
+ name: {{ include "common.fullname" $global }}-auth-truststore-sec
+ subPath: {{ . }}
+ {{ end }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-restore-backup
+ containers:
+ - image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-perform-migration
+ command:
+ - /bin/bash
+ - -c
+ - bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges
+ env:
+ - name: LOCAL_USER_ID
+ value: {{ .Values.global.config.userId | quote }}
+ - name: LOCAL_GROUP_ID
+ value: {{ .Values.global.config.groupId | quote }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: janusgraph-realtime.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: janusgraph-cached.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-GA
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: localhost-access-logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ {{ $global := . }}
+ {{ range $job := .Values.global.config.auth.files }}
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }}
+ name: {{ include "common.fullname" $global }}-auth-truststore-sec
+ subPath: {{ . }}
+ {{ end }}
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: filebeat-conf
+ configMap:
+ name: aai-filebeat
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-snapshots
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-migration
+ - name: {{ include "common.fullname" . }}-auth-truststore-sec
+ secret:
+ secretName: aai-common-truststore
+ items:
+ {{ range $job := .Values.global.config.auth.files }}
+ - key: {{ . }}
+ path: {{ . }}
+ {{ end }}
+ restartPolicy: Never
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-db-backup-job
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-db-backup-job
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ annotations:
+ "helm.sh/hook": pre-upgrade,pre-install
+ "helm.sh/hook-weight": "2"
+ "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-db-backup-job
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ {{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
+ initContainers:
+ - command:
+ - /bin/bash
+ - -c
+ - /app/ready.py --container-name aai-cassandra --timeout 1 || /app/ready.py --container-name cassandra
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-db-backup-readiness
+ {{- end }}
+ containers:
+ - name: {{ include "common.name" . }}-db-backup-job
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/bash
+ - docker-entrypoint.sh
+ - dataSnapshot.sh
+ env:
+ - name: LOCAL_USER_ID
+ value: {{ .Values.global.config.userId | quote }}
+ - name: LOCAL_GROUP_ID
+ value: {{ .Values.global.config.groupId | quote }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots
+ name: {{ include "common.fullname" . }}-snapshots
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
+ name: {{ include "common.fullname" . }}-migration
+ subPath: janusgraph-migration-real.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
+ name: {{ include "common.fullname" . }}-migration
+ subPath: janusgraph-migration-cached.properties
+ - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-RES/
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: localhost-access-logback.xml
+ - mountPath: /opt/app/aai-graphadmin/resources/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ resources:
+{{ include "common.resources" . | indent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-migration
+ configMap:
+ name: {{ include "common.fullname" . }}-migration-configmap
+ - name: {{ include "common.fullname" . }}-snapshots
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-migration
+ restartPolicy: Never
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ end }}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/pv.yaml b/kubernetes/aai/components/aai-graphadmin/templates/pv.yaml
new file mode 100644
index 0000000000..563b920c04
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/templates/pv.yaml
@@ -0,0 +1,44 @@
+{{/*
+# Copyright â–’ 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.jobs.migration.enabled -}}
+{{- if eq "True" (include "common.needPV" .) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ include "common.release" . }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
+ annotations:
+ "helm.sh/hook": pre-upgrade,pre-install
+ "helm.sh/hook-weight": "0"
+ "helm.sh/hook-delete-policy": before-hook-creation
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size}}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ storageClassName: "{{ include "common.fullname" . }}-data"
+ hostPath:
+ path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath1 }}
+{{- end -}}
+{{- end -}}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/pvc.yaml b/kubernetes/aai/components/aai-graphadmin/templates/pvc.yaml
new file mode 100644
index 0000000000..bf8900686d
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/templates/pvc.yaml
@@ -0,0 +1,42 @@
+{{/*
+# Copyright â–’ 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.jobs.migration.enabled -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-migration
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ include "common.release" . }}"
+ heritage: "{{ .Release.Service }}"
+ annotations:
+ "helm.sh/hook": pre-upgrade,pre-install
+ "helm.sh/hook-weight": "-1"
+ "helm.sh/hook-delete-policy": before-hook-creation
+{{- if .Values.persistence.annotations }}
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
+ storageClassName: {{ include "common.storageClass" . }}
+{{- end -}}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
new file mode 100644
index 0000000000..ab6c67709d
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
@@ -0,0 +1,49 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName2 }}
+ {{- else -}}
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ clusterIP: None
diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml
new file mode 100644
index 0000000000..ee0a20b367
--- /dev/null
+++ b/kubernetes/aai/components/aai-graphadmin/values.yaml
@@ -0,0 +1,158 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+# Default values for resources.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+ nodePortPrefix: 302
+ readinessImage: onap/oom/readiness:3.0.1
+
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/aai-graphadmin:1.7.1
+pullPolicy: Always
+restartPolicy: Always
+flavor: small
+flavorOverride: small
+# default number of instances
+replicaCount: 1
+
+# Configuration for the graphadmin deployment
+config:
+
+ # Specify the profiles for the graphadmin microservice
+ profiles:
+ active: "dmaap,one-way-ssl"
+
+ # Specifies the timeout limit for the REST API requests
+ timeout:
+ enabled: true
+ limit: 180000
+
+ # Default maximum records to fix for the data grooming and dupeTool
+ maxFix:
+ dataGrooming: 150
+ dupeTool: 25
+
+ # Default number of sleep minutes for dataGrooming and dupeTool
+ sleepMinutes:
+ dataGrooming: 7
+ dupeTool: 7
+
+ # Cron specific attributes to be triggered for the graphadmin spring cron tasks
+ cron:
+ # Specifies that the data grooming tool which runs duplicates should be enabled
+ dataGrooming:
+ enabled: true
+ # Specifies that the data snapshot which takes a graphson snapshot should be enabled
+ dataSnapshot:
+ enabled: true
+ params: JUST_TAKE_SNAPSHOT
+
+ # Data cleanup which zips snapshots older than x days and deletes older than y days
+ dataCleanup:
+
+ dataGrooming:
+ enabled: true
+ # Zips up the dataGrooming files older than 5 days
+ ageZip: 5
+ # Deletes the dataGrooming files older than 30 days
+ ageDelete: 30
+
+ dataSnapshot:
+ enabled: true
+ # Zips up the dataSnapshot graphson files older than 5 days
+ ageZip: 5
+ # Deletes the dataSnapshot graphson files older than 30 days
+ ageDelete: 30
+ # Concurrency lock control flag
+ aai:
+ lock:
+ uri:
+ enabled: false
+
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 60
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: false
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ # REST API port for the graphadmin microservice
+ portName: aai-graphadmin-8449
+ internalPort: 8449
+ portName2: aai-graphadmin-5005
+ internalPort2: 5005
+
+ingress:
+ enabled: false
+
+persistence:
+ enabled: true
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+ ## database data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ accessMode: ReadWriteMany
+ size: 2Gi
+
+ mountPath: /dockerdata-nfs
+ mountSubPath: aai/aai-graphadmin
+ mountSubPath1: aai/migration
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 0.5
+ memory: 1536Mi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
diff --git a/kubernetes/aai/components/aai-modelloader/.helmignore b/kubernetes/aai/components/aai-modelloader/.helmignore
new file mode 100644
index 0000000000..daebc7da77
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/aai/components/aai-modelloader/Chart.yaml b/kubernetes/aai/components/aai-modelloader/Chart.yaml
new file mode 100644
index 0000000000..98c842d564
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP AAI modelloader
+name: aai-modelloader
+version: 7.0.0
diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/auth/aai-os-cert.p12 b/kubernetes/aai/components/aai-modelloader/resources/config/auth/aai-os-cert.p12
new file mode 100644
index 0000000000..ee57120fa0
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/resources/config/auth/aai-os-cert.p12
Binary files differ
diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/auth/babel-client-cert.p12 b/kubernetes/aai/components/aai-modelloader/resources/config/auth/babel-client-cert.p12
new file mode 100644
index 0000000000..e64895e911
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/resources/config/auth/babel-client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-modelloader/resources/config/auth/tomcat_keystore
new file mode 100644
index 0000000000..e1d24d9b4d
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/resources/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml b/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml
new file mode 100644
index 0000000000..72b5dab65a
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml
@@ -0,0 +1,168 @@
+<!--
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+-->
+
+<configuration scan="true" scanPeriod="3 seconds" debug="false">
+ <include resource="org/springframework/boot/logging/logback/base.xml" />
+ <property name="logDir" value="/var/log/onap" />
+ <property name="componentName" value="AAI-ML"></property>
+
+ <!-- default eelf log file names -->
+ <property name="generalLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+
+ <property name="errorLogPattern"
+ value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|ModelLoader|%mdc{PartnerName}|%logger||%.-5level|%msg%n" />
+ <property name="auditMetricPattern" value="%m%n" />
+
+ <property name="logDirectory" value="${logDir}/${componentName}" />
+
+ <!-- Example evaluator filter applied against console appender -->
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${defaultPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+
+ <!-- The EELFAppender is used to record events to the general application
+ log -->
+
+ <appender name="EELF"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${generalLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELF" />
+ </appender>
+
+ <appender name="EELFAudit"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${auditLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditMetricPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+
+ <appender name="EELFMetrics"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${metricsLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditMetricPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFMetrics" />
+ </appender>
+
+ <appender name="EELFDebug"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${debugLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>true</includeCallerData>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+ <logger name="com.att.eelf" level="info" additivity="false">
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="asyncEELFDebug" />
+ </logger>
+ <logger name="com.att.eelf.audit" level="info" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+ <logger name="com.att.eelf.metrics" level="info" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN" />
+ <logger name="org.springframework.beans" level="WARN" />
+ <logger name="org.springframework.web" level="WARN" />
+ <logger name="com.blog.spring.jms" level="WARN" />
+
+ <logger name="com.att" level="INFO" />
+
+ <!-- Model Loader loggers -->
+ <logger name="org.openecomp.modelloader" level="INFO" />
+
+ <!-- Other Loggers that may help troubleshoot -->
+ <logger name="net.sf" level="WARN" />
+ <logger name="org.apache.commons.httpclient" level="WARN" />
+ <logger name="org.apache.commons" level="WARN" />
+ <logger name="org.apache.coyote" level="WARN" />
+ <logger name="org.apache.jasper" level="WARN" />
+
+ <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+ May aid in troubleshooting) -->
+ <logger name="org.apache.camel" level="WARN" />
+ <logger name="org.apache.cxf" level="WARN" />
+ <logger name="org.apache.camel.processor.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.service" level="WARN" />
+ <logger name="org.restlet" level="WARN" />
+ <logger name="org.apache.camel.component.restlet" level="WARN" />
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="WARN" />
+ <logger name="ch.qos.logback.core" level="WARN" />
+
+ <root>
+ <appender-ref ref="asyncEELF" />
+ <!-- <appender-ref ref="asyncEELFDebug" /> -->
+</root>
+
+</configuration>
diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties b/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties
new file mode 100644
index 0000000000..246e52895a
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties
@@ -0,0 +1,46 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Model Loader Distribution Client Configuration
+ml.distribution.ACTIVE_SERVER_TLS_AUTH=false
+ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8443
+ml.distribution.CONSUMER_GROUP=aai-ml-group
+ml.distribution.CONSUMER_ID=aai-ml
+ml.distribution.ENVIRONMENT_NAME=AUTO
+ml.distribution.KEYSTORE_PASSWORD=
+ml.distribution.KEYSTORE_FILE=asdc-client.jks
+ml.distribution.PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp
+ml.distribution.POLLING_INTERVAL=30
+ml.distribution.POLLING_TIMEOUT=20
+ml.distribution.USER=aai
+ml.distribution.ARTIFACT_TYPES=MODEL_QUERY_SPEC,TOSCA_CSAR
+ml.distribution.MSG_BUS_ADDRESSES=message-router.{{.Release.Namespace}}
+
+# Model Loader AAI REST Client Configuration
+ml.aai.BASE_URL=https://aai.{{.Release.Namespace}}:8443
+ml.aai.MODEL_URL=/aai/v*/service-design-and-creation/models/model/
+ml.aai.NAMED_QUERY_URL=/aai/v*/service-design-and-creation/named-queries/named-query/
+ml.aai.VNF_IMAGE_URL=/aai/v*/service-design-and-creation/vnf-images
+ml.aai.KEYSTORE_FILE=aai-os-cert.p12
+ml.aai.KEYSTORE_PASSWORD=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
+ml.aai.AUTH_USER=ModelLoader
+ml.aai.AUTH_PASSWORD=OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw
+
+# Model Loader Babel REST Client Configuration\r
+ml.babel.BASE_URL=https://aai-babel.{{.Release.Namespace}}:9516
+ml.babel.GENERATE_ARTIFACTS_URL=/services/babel-service/v1/app/generateArtifacts
+ml.babel.KEYSTORE_FILE=babel-client-cert.p12
+ml.babel.KEYSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+ml.babel.TRUSTSTORE_FILE=tomcat_keystore
+ml.babel.TRUSTSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
diff --git a/kubernetes/aai/components/aai-modelloader/templates/configmap.yaml b/kubernetes/aai/components/aai-modelloader/templates/configmap.yaml
new file mode 100644
index 0000000000..d1b14e4e16
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/templates/configmap.yaml
@@ -0,0 +1,39 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-prop
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/model-loader.properties").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
new file mode 100644
index 0000000000..8cfad2015f
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
@@ -0,0 +1,109 @@
+# Copyright © 2018 Amdocs, AT&T
+# Modifications Copyright © 2018 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: /opt/app/model-loader/config/
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/model-loader/config/model-loader.properties
+ subPath: model-loader.properties
+ name: {{ include "common.fullname" . }}-prop-config
+ - mountPath: /opt/app/model-loader/config/auth/
+ name: {{ include "common.fullname" . }}-auth-config
+ - mountPath: /var/log/onap
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /opt/app/model-loader/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ resources:
+{{ include "common.resources" . }}
+
+ # side car containers
+ - name: filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ name: filebeat-conf
+ - mountPath: /var/log/onap
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /usr/share/filebeat/data
+ name: aai-filebeat
+ resources:
+{{ include "common.resources" . }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-prop-config
+ configMap:
+ name: {{ include "common.fullname" . }}-prop
+ - name: {{ include "common.fullname" . }}-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}
+ - name: filebeat-conf
+ configMap:
+ name: aai-filebeat
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: aai-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-modelloader/templates/ingress.yaml b/kubernetes/aai/components/aai-modelloader/templates/ingress.yaml
new file mode 100644
index 0000000000..8f87c68f1e
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/templates/ingress.yaml
@@ -0,0 +1 @@
+{{ include "common.ingress" . }}
diff --git a/kubernetes/aai/components/aai-modelloader/templates/secret.yaml b/kubernetes/aai/components/aai-modelloader/templates/secret.yaml
new file mode 100644
index 0000000000..292e03571a
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/templates/secret.yaml
@@ -0,0 +1,27 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-modelloader/templates/service.yaml b/kubernetes/aai/components/aai-modelloader/templates/service.yaml
new file mode 100644
index 0000000000..37ed1dee7a
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/templates/service.yaml
@@ -0,0 +1,43 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName2 }}
+ {{- else -}}
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml
new file mode 100644
index 0000000000..e2b9fa1f34
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/values.yaml
@@ -0,0 +1,86 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for modelloader.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+ nodePortPrefix: 302
+
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/model-loader:1.7.0
+pullPolicy: Always
+restartPolicy: Always
+flavor: small
+flavorOverride: small
+# application configuration
+config: {}
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ portName: aai-modelloader
+ externalPort: 8080
+ internalPort: 8080
+ nodePort: 10
+ portName2: aai-modelloader-ssl
+ externalPort2: 8443
+ internalPort2: 8443
+ nodePort2: 29
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "aaimodelloader"
+ name: "aai-modelloader"
+ port: 8443
+ config:
+ ssl: "redirect"
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 0.5
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 1
+ memory: 1536Mi
+ unlimited: {}
diff --git a/kubernetes/aai/components/aai-resources/.helmignore b/kubernetes/aai/components/aai-resources/.helmignore
new file mode 100644
index 0000000000..daebc7da77
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/common/music/charts/music-cassandra-job/Chart.yaml b/kubernetes/aai/components/aai-resources/Chart.yaml
index b4feb7114b..7ee15fbd16 100644
--- a/kubernetes/common/music/charts/music-cassandra-job/Chart.yaml
+++ b/kubernetes/aai/components/aai-resources/Chart.yaml
@@ -1,4 +1,4 @@
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,8 +12,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+
apiVersion: v1
-description: Cassandra Job - Run CQL Scripts after Cassandra Starts.
-name: music-cassandra-job
+description: ONAP AAI resources
+name: aai-resources
version: 7.0.0
-
diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/bath_config.csv b/kubernetes/aai/components/aai-resources/resources/config/aaf/bath_config.csv
new file mode 100644
index 0000000000..60a8fb5f0b
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/bath_config.csv
@@ -0,0 +1,33 @@
+# AAI -> aai@aai.onap.org
+Basic QUFJOkFBSQ==,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# ModelLoader -> aai@aai.onap.org
+Basic TW9kZWxMb2FkZXI6TW9kZWxMb2FkZXI=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# AaiUI -> aai@aai.onap.org,
+Basic QWFpVUk6QWFpVUk=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# MSO -> so@so.onap.org
+Basic TVNPOk1TTw==,Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1NiE=,2050-03-03
+
+# SDNC -> sdnc@sdnc.onap.org
+Basic U0ROQzpTRE5D,Basic c2RuY0BzZG5jLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
+
+# DCAE -> dcae@dcae.onap.org
+Basic RENBRTpEQ0FF,Basic ZGNhZUBkY2FlLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
+
+# POLICY -> policy@policy.onap.org
+Basic UE9MSUNZOlBPTElDWQ==,Basic cG9saWN5QHBvbGljeS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# ASDC -> sdc@sdc.onap.org
+Basic QVNEQzpBU0RD,Basic c2RjQHNkYy5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# VID -> vid@vid.onap.org
+Basic VklEOlZJRA==,Basic dmlkQHZpZC5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# APPC -> appc@appc.onap.org
+Basic QVBQQzpBUFBD,Basic YXBwY0BhcHBjLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
+
+# OOF -> oof@oof.onap.org
+Basic T09GOk9PRg==,Basic b29mQG9vZi5vbmFwLm9yZzpkZW1vMTIzNDQ2IQ==,2050-03-03
+
diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/cadi.properties b/kubernetes/aai/components/aai-resources/resources/config/aaf/cadi.properties
new file mode 100644
index 0000000000..ec5fd55e06
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/cadi.properties
@@ -0,0 +1,8 @@
+
+cadi_loglevel=INFO
+cadi_prop_files=/opt/app/aai-resources/resources/aaf/org.osaaf.location.props:/opt/app/aai-resources/resources/aaf/org.onap.aai.props
+
+# OAuth2
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
+
diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.keyfile b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.keyfile
new file mode 100644
index 0000000000..4c14bc37f1
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.keyfile
@@ -0,0 +1,27 @@
+VoVoSXQrAveX2NBnoAGs7p5q5Zn5vWkVXC81HQrzers30k7OzSy5rfCRSUVO13wuo-wzJQ4GGn4e
+ZSOZrtTCenFwunUX6mirkIlip8W2TLNVH6O3VN-F7JS6t_6EFF5z1y7amr9MCWQ8p72Ig9uHMUWC
+uPLjD6GUWAEw0BIGtCbXgJDs6v2EOCv0TV8Mq1uYSaiAOZgMlehwt1tWcE3iSRfZscjIp4Kjpe4e
+QsZ9Bc5ATTnY3Tc5Mtmubc-1cwGDQQWFIo5k_cWfxhtpMAsNSidwp-zBjCKEWC465BKSSiUHwp4M
+YW_6xrmN1FobnFqLCNoUEoXH3Mcgeze74dXmaN8_JyQ6T5pT1EtETsitnktrfFh-XsLKGf8vE1m8
+pfAtq4hPeq1jMdG0D8SRVGFxJlHa9VsmYpbUj_4I3GGsaBt_EBl9ZUtL0b3Vnx5fnqS1OZ1amL0z
+94rQfQMf2UAnbI1j2j5oV6Hy2eBmSiLft2aNxs1VPmmZLQsm5dXDKF1eJ6twNmaZvzmQaSHTpN4b
+YqPonSwlYK1ZARaKzx1SivpRWzRP-nqqFazfAnPlLdvCBpCK0g_SjwLvlifozVmH2j0Vd6E9F9XE
+NzJSfUY6NsX6_7t10yDYtBKbFKID3jIKmSj7yn5PKNbEWBwmgvkBh4PIKTRij11udR8S8PnYsfTT
+PyC52LH37LL5Me3Y443zOUXtYWwN6wfCi9H4pDQGmg7mcnpKV0Z-Iw59AuLKypTriG3-9DxYgMSa
+_GCDiCIXhcWSEYieRV45qHoeVdgrPGN8iy9leO_JmikGsjcIKl0-mGrojsV0zHrqeP-fyvgpFD1x
+NXLKeqErqSw_KMFOxCa0-cUQHgrVvrs5wDYeetZ4TRafKEYkojZhq6mbM5V2zScQTxU_VEHK0PIs
+BJ6xHzcw9DLUjPTVtHXXbag9ly9ReoHXRLD5O9RZUvLH9pGRIkn_tMrVD1scMiS4ln9QplyGRF1_
+AAXysVgCna3-xuOIYo8zG74d29eNcuEpejPR8CiSWKiKNqp0zMYB5Jpv2dlf0XMucMne-6WV1-gg
+EETogBbymFC6rcc31TjPwqnqyLY0XP7Gy1trJ47aI9zBXS3IZLmGaKW1d12ELDRsWctujcjHyt1_
+Vp3hrny5w7BNWD8SIueUzke3-OuEhOmu0o84TGvfHc6fmKCggRBn_oXee4OeCnt2HzNSlLvOV9AZ
+g5e1UKuzl2dODQCZHNNdj-7f25LIVSV44m0SVNsDwboQ4s7T5HOTn3NM2KpklwBnB6w5ze2FFBzb
+5XNzyXOpDgHEnszN1U90WrpoFvJ0LFJ5XeX8mH0q9lpcKZXbOqP383_dBXyEd237m2OF6WVG4VVm
+4dqB98pBLiGpCR1K6ocdcZE6mAMQn-OdDaLIJLcXt77i1j2MNlODeax-MJnxMW8EjPAzNJzrdq5e
+21spFMZJT9vthdl0qqiiduuTazaXGrmvnB85uvRCXVqJOesVG3HebubWrQuuuePxVTSL18R_PhId
+0hmqho-MOZUHHTxGzqFDR0iOO8Y4hZfiAipHAd49IkkmYJUrEAb258in8W4__vJ5UcIdq2Rd8L9l
+vtIzf7AKcFCyx7Woi95GpEJ2Kr_f6aG1_04hbFY_LHP3EHPcOxsDHjz-8FYreze_LUdsYx-fBMft
+mcFmbFAblk8Jz7GYQ7c4XwULt2BbMr9rsuGuZHL3Ap6lX1eI0-6d8ZZ3DIXIWubTTqHG_mRNd5XW
+b0x5nlEbnvw4t4DdjGsEONpQfllnnmkr25tPQBncPjlsA3oso6h5QM4psvkkKi8yd0N6t-yyLwra
+w1B3p9YQFzK2hGA24Seo83baLRgIK6YvEsNnXdI7fmVEOetIslQue__6S6GupdqgUFx9xrtDLN-d
+TbdxpezKWfkjCxEBxXyAhOttb3qqP0-jtZV7OEsZmmz0T9DG4hYnNfs-clD7rrD3Va7znzDru2sq
+PtgpapahbNjM9pbx9_fU7M35aEYnGtEwG9BVGVxsWmIBMTc05ncru4qE0fLkjsDSnCMQ54e0 \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.p12 b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.p12
new file mode 100644
index 0000000000..b2449c6a54
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.p12
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props
new file mode 100644
index 0000000000..d5a64750f4
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props
@@ -0,0 +1,15 @@
+############################################################
+# Properties Generated by AT&T Certificate Manager
+# @copyright 2016, AT&T
+############################################################
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
+cadi_keyfile=/opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
+cadi_keystore=/opt/app/aai-resources/resources/aaf/org.onap.aai.p12
+cadi_keystore_password=enc:dgVjUeXy3cuR7nJ3TFVrXFfAu19gn6rie-RsS96-0fmeZwMsXlNIgK_rHd2eRY_p
+
+#cadi_key_password=enc:9xs_lJ9QQRDoMcHqLbGg40-gefGrw-sLMjWL40ejbyqdC7Jt_pQfY6ajBLGcbLuL
+cadi_alias=aai@aai.onap.org
+cadi_truststore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks
+cadi_truststore_password=enc:nF3CZ7w_swzgWJX8CtEOsKWA50x-Da_HbiYlXPWrQym
+cadi_loglevel=INFO
+cadi_bath_convert=/opt/app/aai-resources/resources/aaf/bath_config.csv
diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.osaaf.location.props b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.osaaf.location.props
new file mode 100644
index 0000000000..8ae66aaf79
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.osaaf.location.props
@@ -0,0 +1,24 @@
+##
+## org.osaaf.location.props
+##
+## Localized Machine Information
+##
+# Almeda California ?
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
+
+# Locate URL (which AAF Env)
+aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
+
+
+# AAF URL
+aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
+
+# AAF Environment Designation
+aaf_env=DEV
+
+# OAuth2 Endpoints
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
+
+
diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/permissions.properties b/kubernetes/aai/components/aai-resources/resources/config/aaf/permissions.properties
new file mode 100644
index 0000000000..4234121a2d
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/permissions.properties
@@ -0,0 +1,2 @@
+permission.type=org.onap.aai.resources
+permission.instance=* \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties
new file mode 100644
index 0000000000..f2e7caaa29
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties
@@ -0,0 +1,88 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+
+####################################################################
+# REMEMBER TO THINK ABOUT ENVIRONMENTAL DIFFERENCES AND CHANGE THE
+# TEMPLATE AND *ALL* DATAFILES
+####################################################################
+
+####################################################################
+# REMEMBER TO THINK ABOUT ENVIRONMENTAL DIFFERENCES AND CHANGE THE
+# TEMPLATE AND *ALL* DATAFILES
+####################################################################
+
+aai.config.checktime=1000
+
+# this could come from siteconfig.pl?
+aai.config.nodename=AutomaticallyOverwritten
+
+aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
+aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+
+{{ if .Values.global.config.basic.auth.enabled }}
+aai.tools.enableBasicAuth=true
+aai.tools.username={{ .Values.global.config.basic.auth.username }}
+aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
+{{ end }}
+
+aai.truststore.filename={{ .Values.global.config.truststore.filename }}
+aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }}
+aai.keystore.filename={{ .Values.global.config.keystore.filename }}
+aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }}
+
+aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
+aai.notificationEvent.default.status=UNPROCESSED
+aai.notificationEvent.default.eventType={{ .Values.global.config.notification.eventType }}
+aai.notificationEvent.default.domain={{ .Values.global.config.notification.domain }}
+aai.notificationEvent.default.sourceName=aai
+aai.notificationEvent.default.sequenceNumber=0
+aai.notificationEvent.default.severity=NORMAL
+aai.notificationEvent.default.version={{ .Values.global.config.schema.version.api.default }}
+# This one lets us enable/disable resource-version checking on updates/deletes
+aai.resourceversion.enableflag=true
+aai.logging.maxStackTraceEntries=10
+aai.default.api.version={{ .Values.global.config.schema.version.api.default }}
+
+aai.logging.trace.enabled=true
+aai.logging.trace.logrequest=false
+aai.logging.trace.logresponse=false
+
+aai.transaction.logging=true
+aai.transaction.logging.get=false
+aai.transaction.logging.post=true
+
+aai.realtime.clients={{ .Values.global.config.realtime.clients }}
+
+# Timeout for crud enabled flag
+aai.crud.timeoutenabled={{ .Values.config.crud.timeout.enabled }}
+
+# Timeout app specific -1 to bypass for that app id, a whole number to override the timeout with that value (in ms)
+aai.crud.timeout.appspecific={{ .Values.config.crud.timeout.appspecific }}
+
+#default timeout limit added for crud if not overridden (in ms)
+aai.crud.timeoutlimit={{ .Values.config.crud.timeout.limit }}
+#limit set for bulk consumer APIS
+aai.bulkconsumer.payloadlimit={{ .Values.config.bulk.limit }}
+
+#uncomment and use header X-OverrideLimit with the value to override the bulk api limit
+aai.bulkconsumer.payloadoverride={{ .Values.config.bulk.override }}
diff --git a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties
new file mode 100644
index 0000000000..0aee21778c
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties
@@ -0,0 +1,14 @@
+
+spring.autoconfigure.exclude=\
+ org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\
+ org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+
+
+keycloak.auth-server-url=http://{{ .Values.config.keycloak.host }}:{{ .Values.config.keycloak.port }}/auth
+keycloak.realm=aai-resources
+keycloak.resource=aai-resources-app
+keycloak.public-client=true
+keycloak.principal-attribute=preferred_username
+
+keycloak.ssl-required=external
+keycloak.bearer-only=true \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/config/application.properties b/kubernetes/aai/components/aai-resources/resources/config/application.properties
new file mode 100644
index 0000000000..d0a9c14345
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/application.properties
@@ -0,0 +1,96 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# The following info parameters are being referenced by ajsc6
+info.build.artifact=aai-resources
+info.build.name=resources
+info.build.description=Resources Microservice
+info.build.version=1.3.0
+
+spring.application.name=aai-resources
+spring.jersey.type=filter
+
+spring.main.allow-bean-definition-overriding=true
+server.servlet.context-path=/
+
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
+
+spring.profiles.active={{ .Values.global.config.profiles.active }}
+spring.jersey.application-path=${schema.uri.base.path}
+#The max number of active threads in this pool
+server.tomcat.max-threads=200
+#The minimum number of threads always kept alive
+server.tomcat.min-Spare-Threads=25
+#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads
+server.tomcat.max-idle-time=60000
+
+# If you get an application startup failure that the port is already taken
+# If thats not it, please check if the key-store file path makes sense
+server.local.startpath=aai-resources/src/main/resources/
+server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
+
+server.port=8447
+server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
+server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
+server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
+server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
+server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+server.ssl.client-auth=want
+server.ssl.key-store-type=JKS
+
+# JMS bind address host port
+jms.bind.address=tcp://localhost:61647
+dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905
+dmaap.ribbon.transportType=https
+
+# Schema related attributes for the oxm and edges
+# Any additional schema related attributes should start with prefix schema
+schema.configuration.location=N/A
+schema.source.name={{ .Values.global.config.schema.source.name }}
+schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/
+schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/
+
+schema.ingest.file=${server.local.startpath}/application.properties
+
+# Schema Version Related Attributes
+
+schema.uri.base.path={{ .Values.global.config.schema.uri.base.path }}
+# Lists all of the versions in the schema
+schema.version.list={{ .Values.global.config.schema.version.list }}
+# Specifies from which version should the depth parameter to default to zero
+schema.version.depth.start={{ .Values.global.config.schema.version.depth }}
+# Specifies from which version should the related link be displayed in response payload
+schema.version.related.link.start={{ .Values.global.config.schema.version.related.link }}
+
+# Specifies from which version should the client see only the uri excluding host info
+# Before this version server base will also be included
+schema.version.app.root.start={{ .Values.global.config.schema.version.app.root }}
+# Specifies from which version should the namespace be changed
+schema.version.namespace.change.start={{ .Values.global.config.schema.version.namespace.change }}
+# Specifies from which version should the client start seeing the edge label in payload
+schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.label }}
+# Specifies the version that the application should default to
+schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
+
+schema.translator.list={{ .Values.global.config.schema.translator.list }}
+schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.nodes.endpoint=nodes?version=
+schema.service.edges.endpoint=edgerules?version=
+schema.service.versions.endpoint=versions
+schema.service.client={{ .Values.global.config.schema.service.client }}
+
+schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
+schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
+schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
+schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
diff --git a/kubernetes/aai/components/aai-resources/resources/config/auth/aai_policy.json b/kubernetes/aai/components/aai-resources/resources/config/auth/aai_policy.json
new file mode 100644
index 0000000000..65f13eff5f
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/auth/aai_policy.json
@@ -0,0 +1,298 @@
+{
+ "roles": [
+ {
+ "name": "admin",
+ "functions": [
+ {
+ "name": "actions",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "servers",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "cloudinfra",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "cloud-infrastructure",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "sdandc",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "service-design-and-creation",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "business",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "network",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "search",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "POST"
+ }
+ ]
+ },
+ {
+ "name": "util",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "license-management",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "examples",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "resources",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "generateurl",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "bulkadd",
+ "methods": [
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "nodes",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "query",
+ "methods": [
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "dbquery",
+ "methods": [
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "bulk",
+ "methods": [
+ {
+ "name": "POST"
+ }
+ ]
+ },
+ {
+ "name": "bulkprocess",
+ "methods": [
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "recents",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ },
+ {
+ "name": "dsl",
+ "methods": [
+ {
+ "name": "PUT"
+ }
+ ]
+ },
+ {
+ "name": "common",
+ "methods": [
+ {
+ "name": "GET"
+ },
+ {
+ "name": "DELETE"
+ },
+ {
+ "name": "PUT"
+ }
+ ]
+ }
+ ],
+ "users": [
+ {
+ "username": "CN=aai, OU=OSAAF, OU=aai@aai.onap.org, O=ONAP, C=US"
+ }
+ ]
+ },
+ {
+ "name": "basicauth",
+ "functions": [
+ {
+ "name": "util",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ }
+ ],
+ "users": [
+ {
+ "user": "aai",
+ "pass": "OBF:1u2a1t2v1vgb1s3g1s3m1vgj1t3b1u30"
+ }
+ ]
+ },
+ {
+ "name": "HAProxy",
+ "functions": [
+ {
+ "name": "util",
+ "methods": [
+ {
+ "name": "GET"
+ }
+ ]
+ }
+ ],
+ "users": [
+ {
+ "username": "CN=haproxyuser, OU=OSAAF, OU=aai@aai.onap.org, O=ONAP, C=US"
+ }
+ ]
+ }
+ ]
+}
diff --git a/kubernetes/aai/components/aai-resources/resources/config/janusgraph-cached.properties b/kubernetes/aai/components/aai-resources/resources/config/janusgraph-cached.properties
new file mode 100644
index 0000000000..1db2774d52
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/janusgraph-cached.properties
@@ -0,0 +1,100 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+
+query.fast-property=true
+query.smart-limit=false
+
+{{ if .Values.global.config.cluster.cassandra.dynamic }}
+
+storage.backend=cql
+storage.hostname={{.Values.global.cassandra.serviceName}}
+storage.cql.keyspace=aaigraph
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+
+{{ else }}
+
+{{ if .Values.global.config.storage }}
+
+storage.backend={{ .Values.global.config.storage.backend }}
+
+{{ if eq .Values.global.config.storage.backend "cassandra" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cassandra.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }}
+storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }}
+storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }}
+storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }}
+storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "cql" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cql.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }}
+
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "hbase" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.hbase.table={{ .Values.global.config.storage.name }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ end }}
+
+{{ end }}
+
+{{ end }}
+
+storage.lock.wait-time=300
+#caching on
+cache.db-cache = true
+cache.db-cache-clean-wait = 20
+cache.db-cache-time = 180000
+cache.db-cache-size = 0.3
+
+#load graphson file on startup
+load.snapshot.file=false
diff --git a/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties b/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties
new file mode 100644
index 0000000000..36cbc4201d
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties
@@ -0,0 +1,94 @@
+#
+# ============LICENSE_START=======================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+
+query.fast-property=true
+query.smart-limit=false
+
+{{ if .Values.global.config.cluster.cassandra.dynamic }}
+
+storage.backend=cql
+storage.hostname={{.Values.global.cassandra.serviceName}}
+storage.cql.keyspace=aaigraph
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+
+{{ else }}
+
+{{ if .Values.global.config.storage }}
+
+storage.backend={{ .Values.global.config.storage.backend }}
+
+{{ if eq .Values.global.config.storage.backend "cassandra" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cassandra.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }}
+storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }}
+storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }}
+storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }}
+storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "cql" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cql.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }}
+
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "hbase" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.hbase.table={{ .Values.global.config.storage.name }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ end }}
+
+{{ end }}
+
+{{ end }}
+
+storage.lock.wait-time=300
+# Setting db-cache to false ensure the fastest propagation of changes across servers
+cache.db-cache = false
+#load graphson file on startup
+load.snapshot.file=false
diff --git a/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml
new file mode 100644
index 0000000000..4cf6c74333
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml
@@ -0,0 +1,63 @@
+<!--
+
+ ============LICENSE_START=======================================================
+ org.onap.aai
+ ================================================================================
+ Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ Modifications Copyright © 2018 Amdocs, Bell Canada
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+
+-->
+<configuration>
+ <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
+ <appender name="ACCESS"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
+ <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>
+ </encoder>
+ </appender>
+ <appender-ref ref="ACCESS" />
+</configuration>
+
+<!--
+%a - Remote IP address
+%A - Local IP address
+%b - Bytes sent, excluding HTTP headers, or '-' if no bytes were sent
+%B - Bytes sent, excluding HTTP headers
+%h - Remote host name
+%H - Request protocol
+%l - Remote logical username from identd (always returns '-')
+%m - Request method
+%p - Local port
+%q - Query string (prepended with a '?' if it exists, otherwise an empty string
+%r - First line of the request
+%s - HTTP status code of the response
+%S - User session ID
+%t - Date and time, in Common Log Format format
+%u - Remote user that was authenticated
+%U - Requested URL path
+%v - Local server name
+%I - current request thread name (can compare later with stacktraces)
+
+%z - Custom pattern that parses the cert for the subject
+%y - Custom pattern determines rest or dme2
+ -->
diff --git a/kubernetes/aai/components/aai-resources/resources/config/logback.xml b/kubernetes/aai/components/aai-resources/resources/config/logback.xml
new file mode 100644
index 0000000000..f24e86d8d0
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/logback.xml
@@ -0,0 +1,344 @@
+<!--
+
+ ============LICENSE_START=======================================================
+ org.onap.aai
+ ================================================================================
+ Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ Modifications Copyright © 2018 Amdocs, Bell Canada
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+
+-->
+<configuration scan="true" scanPeriod="60 seconds" debug="false">
+ <statusListener class="ch.qos.logback.core.status.NopStatusListener" />
+
+ <property resource="application.properties" />
+
+ <property name="namespace" value="aai-resources"/>
+
+ <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
+ <jmxConfigurator />
+ <property name="logDirectory" value="${AJSC_HOME}/logs" />
+ <!-- Old patterns
+ <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfTransLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{partnerName}:%m%n"/>
+ -->
+ <property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}"/>
+ <property name="p_lvl" value="%level"/>
+ <property name="p_log" value="%logger"/>
+ <property name="p_mdc" value="%replace(%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}){'\\|', '!'}"/>
+ <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_thr" value="%thread"/>
+ <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
+ <!-- Patterns from onap demo -->
+ <property name="errorPattern" value="%X{LogTimestamp}|%X{RequestID}|%thread|%replace(%X{ServiceName}){'\\|', '!'}|%X{PartnerName}|%X{TargetEntity}|%replace(%X{TargetServiceName}){'\\|', '!'}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n" />
+ <property name="debugPattern" value="%X{LogTimestamp}|%X{RequestID}|%msg\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t|^%n" />
+ <property name="auditPattern" value="%X{EntryTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%thread||%replace(%X{ServiceName}){'\\|', '!'}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}||||${p_mak}|${p_mdc}|||%msg%n" />
+ <property name="metricPattern" value="%X{InvokeTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%thread||%replace(%X{ServiceName}){'\\|', '!'}|%X{PartnerName}|%X{TargetEntity}|%replace(%X{TargetServiceName}){'\\|', '!'}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|${p_mak}|${p_mdc}|||%msg%n" />
+ <property name="transLogPattern" value="%X{LogTimestamp}|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{RequestID}|%X{ServiceInstanceID}|%-10t|%X{ServerFQDN}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%replace(%replace(%X{ResponseDesc}){'\\|', '!'}){'\r|\n', '^'}|%X{InstanceUUID}|%level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{clientIpAddress}||%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{PartnerName}:%m%n"/>
+ <conversionRule conversionWord="clr" converterClass="org.springframework.boot.logging.logback.ColorConverter" />
+ <conversionRule conversionWord="wex" converterClass="org.springframework.boot.logging.logback.WhitespaceThrowableProxyConverter" />
+ <conversionRule conversionWord="wEx" converterClass="org.springframework.boot.logging.logback.ExtendedWhitespaceThrowableProxyConverter" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>
+ %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="SANE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/rest/sane.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/sane.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncSANE" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="SANE" />
+ </appender>
+ <appender name="METRIC" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/rest/metrics.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${metricPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncMETRIC" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="METRIC"/>
+ </appender>
+
+ <appender name="DEBUG"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <file>${logDirectory}/rest/debug.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncDEBUG" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <appender-ref ref="DEBUG" />
+ <includeCallerData>true</includeCallerData>
+ </appender>
+ <appender name="ERROR"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/rest/error.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncERROR" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <appender-ref ref="ERROR"/>
+ </appender>
+
+ <appender name="AUDIT"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/rest/audit.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/audit.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncAUDIT" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="AUDIT" />
+ </appender>
+
+ <appender name="translog"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <file>${logDirectory}/rest/translog.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/translog.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${transLogPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asynctranslog" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="translog" />
+ </appender>
+
+ <appender name="dmaapAAIEventConsumer"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <File>${logDirectory}/dmaapAAIEventConsumer/error.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+
+ </appender>
+
+ <appender name="dmaapAAIEventConsumerDebug"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dmaapAAIEventConsumer/debug.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dmaapAAIEventConsumerInfo"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dmaapAAIEventConsumerMetric"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dmaapAAIEventConsumer/metrics.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${metricPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="external"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <file>${logDirectory}/external/external.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/external/external.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="auth"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>DEBUG</level>
+ </filter>
+ <file>${logDirectory}/auth/auth.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/auth/auth.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncAUTH" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="auth" />
+ </appender>
+ <!-- logback internals logging -->
+
+ <logger name="ch.qos.logback.classic" level="WARN" />
+ <logger name="ch.qos.logback.core" level="WARN" />
+
+ <logger name="com.att.aft.dme2" level="WARN" />
+ <logger name="com.jayway.jsonpath" level="WARN" />
+
+ <logger name="org.apache" level="OFF" />
+ <logger name="org.apache.commons" level="WARN" />
+ <logger name="org.apache.zookeeper" level="OFF" />
+ <logger name="org.codehaus.groovy" level="WARN" />
+ <logger name="org.eclipse.jetty" level="WARN" />
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN" />
+ <logger name="org.springframework.beans" level="WARN" />
+ <logger name="org.springframework.web" level="WARN" />
+ <logger name="org.janusgraph" level="WARN" />
+ <logger name="org.zookeeper" level="OFF" />
+
+
+ <logger name="org.onap.aai" level="DEBUG" additivity="false">
+ <appender-ref ref="asyncDEBUG" />
+ <appender-ref ref="asyncSANE" />
+ <appender-ref ref="STDOUT" />
+ </logger>
+ <logger name="org.onap.aai.aaf.auth" level="DEBUG" additivity="false">
+ <appender-ref ref="asyncAUTH" />
+ <appender-ref ref="STDOUT" />
+ </logger>
+ <logger name="org.onap.aai.aailog.logs.AaiScheduledTaskAuditLog" level="INFO">
+ <appender-ref ref="asyncAUDIT"/>
+ </logger>
+ <logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level="INFO">
+ <appender-ref ref="asyncAUDIT"/>
+ </logger>
+ <logger name="org.onap.aai.aailog.logs.AaiDBMetricLog" level="INFO">
+ <appender-ref ref="asyncMETRIC"/>
+ </logger>
+ <logger name="org.onap.aai.aailog.logs.AaiDmaapMetricLog" level="INFO">
+ <appender-ref ref="dmaapAAIEventConsumerMetric"/>
+ </logger>
+ <logger name="org.onap.aai.logging.ErrorLogHelper" level="WARN">
+ <appender-ref ref="asyncERROR"/>
+ </logger>
+ <logger name="org.onap.aai.interceptors.post" level="DEBUG" additivity="false">
+ <appender-ref ref="asynctranslog" />
+ <appender-ref ref="STDOUT" />
+ </logger>
+
+ <logger name="org.onap.aai.dmaap" level="DEBUG" additivity="false">
+ <appender-ref ref="dmaapAAIEventConsumer" />
+ <appender-ref ref="dmaapAAIEventConsumerDebug" />
+ </logger>
+
+ <logger name="com.att.nsa.mr" level="INFO" >
+ <appender-ref ref="dmaapAAIEventConsumerInfo" />
+ </logger>
+
+ <root level="DEBUG">
+ <appender-ref ref="external" />
+ <appender-ref ref="STDOUT" />
+ </root>
+</configuration>
diff --git a/kubernetes/aai/components/aai-resources/resources/config/realm.properties b/kubernetes/aai/components/aai-resources/resources/config/realm.properties
new file mode 100644
index 0000000000..0499b34f1c
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/config/realm.properties
@@ -0,0 +1,37 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# format : username: password[,rolename ...]
+# default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader...
+AAI:OBF:1gfr1ev31gg7,admin
+MSO:OBF:1jzx1lz31k01,admin
+SDNC:OBF:1itr1i0l1i151isv,admin
+DCAE:OBF:1g8u1f9d1f991g8w,admin
+POLICY:OBF:1mk61i171ima1im41i0j1mko,admin
+ASDC:OBF:1f991j0u1j001f9d,admin
+VID:OBF:1jm91i0v1jl9,admin
+APPC:OBF:1f991ksf1ksf1f9d,admin
+ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin
+AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin
+OOF:OBF:1img1ke71ily,admin
+aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12
new file mode 100644
index 0000000000..d9fe86e4ec
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore
new file mode 100644
index 0000000000..f6ebc75ed8
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore
new file mode 100644
index 0000000000..9eec841aa2
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties
new file mode 100644
index 0000000000..f512fb71a6
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties
@@ -0,0 +1,2 @@
+credential.cache.timeout.ms=180000
+transactionid.header.name=X-TransactionId \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml
new file mode 100644
index 0000000000..9a08348b0d
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/AAF-FPS" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="info">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "com.baeldung*" at TRACE level -->
+ <logger name="org.onap.aaf.fproxy" level="info" />
+
+</configuration> \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt
new file mode 100644
index 0000000000..79cf29e73c
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12
new file mode 100644
index 0000000000..071d407de5
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12
new file mode 100644
index 0000000000..023e2eaac6
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore
new file mode 100644
index 0000000000..6ad5f51ad3
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json
new file mode 100644
index 0000000000..e23c03d833
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json
@@ -0,0 +1,99 @@
+[
+ {
+ "uri": "\/not\/allowed\/at\/all$",
+ "permissions": [
+ "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt"
+ ]
+ },
+ {
+ "uri": "\/one\/auth\/required$",
+ "permissions": [
+ "test.auth.access.aSimpleSingleAuth"
+ ]
+ },
+ {
+ "uri": "\/multi\/auth\/required$",
+ "permissions": [
+ "test.auth.access.aMultipleAuth1",
+ "test.auth.access.aMultipleAuth2",
+ "test.auth.access.aMultipleAuth3"
+ ]
+ },
+ {
+ "uri": "\/one\/[^\/]+\/required$",
+ "permissions": [
+ "test.auth.access.aSimpleSingleAuth"
+ ]
+ },
+ {
+ "uri": "\/services\/getAAFRequest$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/admin\/getAAFRequest$",
+ "permissions": [
+ "test.auth.access|admin|GET,PUT,POST"
+ ]
+ },
+ {
+ "uri": "\/service\/aai\/webapp\/index.html$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/services\/aai\/webapp\/index.html$",
+ "permissions": [
+ "test.auth.access|services|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/$",
+ "permissions": [
+ "\\|services\\|GET",
+ "test\\.auth\\.access\\|services\\|GET,PUT"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$",
+ "permissions": [
+ "test\\.auth\\.access\\|rest\\|read"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
+ "permissions": [
+ "test.auth.access|clouds|read",
+ "test.auth.access|tenants|read"
+ ]
+ },
+ {
+ "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$",
+ "permissions": [
+ "test.auth.access|clouds|read",
+ "test.auth.access|tenants|read",
+ "test.auth.access|vservers|read"
+ ]
+ },
+ {
+ "uri": "\/backend$",
+ "permissions": [
+ "test\\.auth\\.access\\|services\\|GET,PUT",
+ "\\|services\\|GET"
+ ]
+ },
+ {
+ "uri": "\/aai\/.*",
+ "permissions": [
+ "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
+ ]
+ },
+ {
+ "uri": "\/aai\/util\/echo",
+ "permissions": [
+ "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
+ ]
+ }
+]
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties
new file mode 100644
index 0000000000..4980071db6
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties
@@ -0,0 +1,39 @@
+# This is a normal Java Properties File
+# Comments are with Pound Signs at beginning of lines,
+# and multi-line expression of properties can be obtained by backslash at end of line
+
+#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
+#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
+#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
+#to your hosts file on your machine.
+#hostname=test.aic.cip.att.com
+
+cadi_loglevel=DEBUG
+
+# OAuth2
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
+
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
+
+# Locate URL (which AAF Env)
+aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
+
+# AAF URL
+aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
+
+cadi_keyfile=/opt/app/rproxy/config/security/keyfile
+cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12
+cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV
+cadi_alias=aai@aai.onap.org
+cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
+cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+aaf_env=DEV
+
+aaf_id=demo@people.osaaf.org
+aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
+
+# This is a colon separated list of client cert issuers
+cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties
new file mode 100644
index 0000000000..1b58d4235c
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties
@@ -0,0 +1,4 @@
+forward-proxy.protocol = https
+forward-proxy.host = localhost
+forward-proxy.port = 10680
+forward-proxy.cacheurl = /credential-cache \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml
new file mode 100644
index 0000000000..799fd8689b
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/reverse-proxy" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="info">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "com.baeldung*" at TRACE level -->
+ <logger name="org.onap.aaf.rproxy" level="info" />
+
+</configuration>
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties
new file mode 100644
index 0000000000..2c89d28180
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties
@@ -0,0 +1,3 @@
+primary-service.protocol = https
+primary-service.host = localhost
+primary-service.port = 8447
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt
new file mode 100644
index 0000000000..79cf29e73c
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties
new file mode 100644
index 0000000000..8d46e1f429
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties
@@ -0,0 +1 @@
+transactionid.header.name=X-TransactionId \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile b/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile
new file mode 100644
index 0000000000..3416d4a737
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile
@@ -0,0 +1,27 @@
+2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf
+jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm
+4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe
+moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf
+GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT
+74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh
+iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb
+p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt
+3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW
+hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7
+RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX
+xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk
+8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q
+ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i
+5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe
+GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE
+_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k
+zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf
+S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU
+LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw
+hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W
+nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP
+bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN
+JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk
+Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y
+J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP
+mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-resources/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/configmap.yaml
new file mode 100644
index 0000000000..1a1192abfc
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/templates/configmap.yaml
@@ -0,0 +1,159 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application-keycloak.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-aaf-props
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/aaf/org.osaaf.location.props").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-aaf-keys
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-aai-policy-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/auth/aai_policy.json").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-auth-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-auth-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-security-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }}
+{{ end }}
diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
new file mode 100644
index 0000000000..ae328f5911
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -0,0 +1,1484 @@
+# Copyright (c) 2017 Amdocs, Bell Canada
+# Modifications Copyright (c) 2018 AT&T
+# Modifications Copyright (c) 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "_aai-cloudInfrastructure",
+ "version": "v11",
+ "url": "/aai/v11/cloud-infrastructure",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v11/cloud-infrastructure"
+ },
+ {
+ "serviceName": "_aai-cloudInfrastructure",
+ "version": "v12",
+ "url": "/aai/v12/cloud-infrastructure",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v12/cloud-infrastructure"
+ },
+ {
+ "serviceName": "_aai-cloudInfrastructure",
+ "version": "v13",
+ "url": "/aai/v13/cloud-infrastructure",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v13/cloud-infrastructure"
+ },
+ {
+ "serviceName": "_aai-cloudInfrastructure",
+ "version": "v14",
+ "url": "/aai/v14/cloud-infrastructure",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v14/cloud-infrastructure"
+ },
+ {
+ "serviceName": "_aai-cloudInfrastructure",
+ "version": "v15",
+ "url": "/aai/v15/cloud-infrastructure",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v15/cloud-infrastructure"
+ },
+ {
+ "serviceName": "_aai-cloudInfrastructure",
+ "version": "v16",
+ "url": "/aai/v16/cloud-infrastructure",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v16/cloud-infrastructure"
+ },
+ {
+ "serviceName": "_aai-cloudInfrastructure",
+ "version": "v17",
+ "url": "/aai/v17/cloud-infrastructure",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v17/cloud-infrastructure"
+ },
+ {
+ "serviceName": "_aai-cloudInfrastructure",
+ "version": "v18",
+ "url": "/aai/v18/cloud-infrastructure",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v18/cloud-infrastructure"
+ },
+ {
+ "serviceName": "_aai-cloudInfrastructure",
+ "version": "v19",
+ "url": "/aai/v19/cloud-infrastructure",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v19/cloud-infrastructure"
+ },
+ {
+ "serviceName": "_aai-business",
+ "version": "v11",
+ "url": "/aai/v11/business",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v11/business"
+ },
+ {
+ "serviceName": "_aai-business",
+ "version": "v12",
+ "url": "/aai/v12/business",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v12/business"
+ },
+ {
+ "serviceName": "_aai-business",
+ "version": "v13",
+ "url": "/aai/v13/business",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v13/business"
+ },
+ {
+ "serviceName": "_aai-business",
+ "version": "v14",
+ "url": "/aai/v14/business",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v14/business"
+ },
+ {
+ "serviceName": "_aai-business",
+ "version": "v15",
+ "url": "/aai/v15/business",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v15/business"
+ },
+ {
+ "serviceName": "_aai-business",
+ "version": "v16",
+ "url": "/aai/v16/business",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v16/business"
+ },
+ {
+ "serviceName": "_aai-business",
+ "version": "v17",
+ "url": "/aai/v17/business",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v17/business"
+ },
+ {
+ "serviceName": "_aai-business",
+ "version": "v18",
+ "url": "/aai/v18/business",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v18/business"
+ },
+ {
+ "serviceName": "_aai-business",
+ "version": "v19",
+ "url": "/aai/v19/business",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v19/business"
+ },
+ {
+ "serviceName": "_aai-actions",
+ "version": "v11",
+ "url": "/aai/v11/actions",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v11/actions"
+ },
+ {
+ "serviceName": "_aai-actions",
+ "version": "v12",
+ "url": "/aai/v12/actions",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v12/actions"
+ },
+ {
+ "serviceName": "_aai-actions",
+ "version": "v13",
+ "url": "/aai/v13/actions",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v13/actions"
+ },
+ {
+ "serviceName": "_aai-actions",
+ "version": "v14",
+ "url": "/aai/v14/actions",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v14/actions"
+ },
+ {
+ "serviceName": "_aai-actions",
+ "version": "v15",
+ "url": "/aai/v15/actions",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v15/actions"
+ },
+ {
+ "serviceName": "_aai-actions",
+ "version": "v16",
+ "url": "/aai/v16/actions",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v16/actions"
+ },
+ {
+ "serviceName": "_aai-actions",
+ "version": "v17",
+ "url": "/aai/v17/actions",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v17/actions"
+ },
+ {
+ "serviceName": "_aai-actions",
+ "version": "v18",
+ "url": "/aai/v18/actions",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v18/actions"
+ },
+ {
+ "serviceName": "_aai-actions",
+ "version": "v19",
+ "url": "/aai/v19/actions",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v19/actions"
+ },
+ {
+ "serviceName": "_aai-service-design-and-creation",
+ "version": "v11",
+ "url": "/aai/v11/service-design-and-creation",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v11/service-design-and-creation"
+ },
+ {
+ "serviceName": "_aai-service-design-and-creation",
+ "version": "v12",
+ "url": "/aai/v12/service-design-and-creation",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v12/service-design-and-creation"
+ },
+ {
+ "serviceName": "_aai-service-design-and-creation",
+ "version": "v13",
+ "url": "/aai/v13/service-design-and-creation",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v13/service-design-and-creation"
+ },
+ {
+ "serviceName": "_aai-service-design-and-creation",
+ "version": "v14",
+ "url": "/aai/v14/service-design-and-creation",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v14/service-design-and-creation"
+ },
+ {
+ "serviceName": "_aai-service-design-and-creation",
+ "version": "v15",
+ "url": "/aai/v15/service-design-and-creation",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v15/service-design-and-creation"
+ },
+ {
+ "serviceName": "_aai-service-design-and-creation",
+ "version": "v16",
+ "url": "/aai/v16/service-design-and-creation",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v16/service-design-and-creation"
+ },
+ {
+ "serviceName": "_aai-service-design-and-creation",
+ "version": "v17",
+ "url": "/aai/v17/service-design-and-creation",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v17/service-design-and-creation"
+ },
+ {
+ "serviceName": "_aai-service-design-and-creation",
+ "version": "v18",
+ "url": "/aai/v18/service-design-and-creation",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v18/service-design-and-creation"
+ },
+ {
+ "serviceName": "_aai-service-design-and-creation",
+ "version": "v19",
+ "url": "/aai/v19/service-design-and-creation",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v19/service-design-and-creation"
+ },
+ {
+ "serviceName": "_aai-network",
+ "version": "v11",
+ "url": "/aai/v11/network",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v11/network"
+ },
+ {
+ "serviceName": "_aai-network",
+ "version": "v12",
+ "url": "/aai/v12/network",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v12/network"
+ },
+ {
+ "serviceName": "_aai-network",
+ "version": "v13",
+ "url": "/aai/v13/network",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v13/network"
+ },
+ {
+ "serviceName": "_aai-network",
+ "version": "v14",
+ "url": "/aai/v14/network",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v14/network"
+ },
+ {
+ "serviceName": "_aai-network",
+ "version": "v15",
+ "url": "/aai/v15/network",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v15/network"
+ },
+ {
+ "serviceName": "_aai-network",
+ "version": "v16",
+ "url": "/aai/v16/network",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v16/network"
+ },
+ {
+ "serviceName": "_aai-network",
+ "version": "v17",
+ "url": "/aai/v17/network",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v17/network"
+ },
+ {
+ "serviceName": "_aai-network",
+ "version": "v18",
+ "url": "/aai/v18/network",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v18/network"
+ },
+ {
+ "serviceName": "_aai-network",
+ "version": "v19",
+ "url": "/aai/v19/network",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v19/network"
+ },
+ {
+ "serviceName": "_aai-externalSystem",
+ "version": "v11",
+ "url": "/aai/v11/external-system",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v11/external-system"
+ },
+ {
+ "serviceName": "_aai-externalSystem",
+ "version": "v12",
+ "url": "/aai/v12/external-system",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v12/external-system"
+ },
+ {
+ "serviceName": "_aai-externalSystem",
+ "version": "v13",
+ "url": "/aai/v13/external-system",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v13/external-system"
+ },
+ {
+ "serviceName": "_aai-externalSystem",
+ "version": "v14",
+ "url": "/aai/v14/external-system",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v14/external-system"
+ },
+ {
+ "serviceName": "_aai-externalSystem",
+ "version": "v15",
+ "url": "/aai/v15/external-system",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v15/external-system"
+ },
+ {
+ "serviceName": "_aai-externalSystem",
+ "version": "v16",
+ "url": "/aai/v16/external-system",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v16/external-system"
+ },
+ {
+ "serviceName": "_aai-externalSystem",
+ "version": "v17",
+ "url": "/aai/v17/external-system",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v17/external-system"
+ },
+ {
+ "serviceName": "_aai-externalSystem",
+ "version": "v18",
+ "url": "/aai/v18/external-system",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v18/external-system"
+ },
+ {
+ "serviceName": "_aai-externalSystem",
+ "version": "v19",
+ "url": "/aai/v19/external-system",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v19/external-system"
+ },
+ {
+ "serviceName": "aai-cloudInfrastructure",
+ "version": "v11",
+ "url": "/aai/v11/cloud-infrastructure",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-cloudInfrastructure",
+ "version": "v12",
+ "url": "/aai/v12/cloud-infrastructure",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-cloudInfrastructure",
+ "version": "v13",
+ "url": "/aai/v13/cloud-infrastructure",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-cloudInfrastructure",
+ "version": "v14",
+ "url": "/aai/v14/cloud-infrastructure",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-cloudInfrastructure",
+ "version": "v15",
+ "url": "/aai/v15/cloud-infrastructure",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-cloudInfrastructure",
+ "version": "v16",
+ "url": "/aai/v16/cloud-infrastructure",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-cloudInfrastructure",
+ "version": "v17",
+ "url": "/aai/v17/cloud-infrastructure",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-cloudInfrastructure",
+ "version": "v18",
+ "url": "/aai/v18/cloud-infrastructure",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-cloudInfrastructure",
+ "version": "v19",
+ "url": "/aai/v19/cloud-infrastructure",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-business",
+ "version": "v11",
+ "url": "/aai/v11/business",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-business",
+ "version": "v12",
+ "url": "/aai/v12/business",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-business",
+ "version": "v13",
+ "url": "/aai/v13/business",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-business",
+ "version": "v14",
+ "url": "/aai/v14/business",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-business",
+ "version": "v15",
+ "url": "/aai/v15/business",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-business",
+ "version": "v16",
+ "url": "/aai/v16/business",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-business",
+ "version": "v17",
+ "url": "/aai/v17/business",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-business",
+ "version": "v18",
+ "url": "/aai/v18/business",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-business",
+ "version": "v19",
+ "url": "/aai/v19/business",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-actions",
+ "version": "v11",
+ "url": "/aai/v11/actions",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-actions",
+ "version": "v12",
+ "url": "/aai/v12/actions",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-actions",
+ "version": "v13",
+ "url": "/aai/v13/actions",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-actions",
+ "version": "v14",
+ "url": "/aai/v14/actions",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-actions",
+ "version": "v15",
+ "url": "/aai/v15/actions",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-actions",
+ "version": "v16",
+ "url": "/aai/v16/actions",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-actions",
+ "version": "v17",
+ "url": "/aai/v17/actions",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-actions",
+ "version": "v18",
+ "url": "/aai/v18/actions",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-actions",
+ "version": "v19",
+ "url": "/aai/v19/actions",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-service-design-and-creation",
+ "version": "v11",
+ "url": "/aai/v11/service-design-and-creation",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-service-design-and-creation",
+ "version": "v12",
+ "url": "/aai/v12/service-design-and-creation",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-service-design-and-creation",
+ "version": "v13",
+ "url": "/aai/v13/service-design-and-creation",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-service-design-and-creation",
+ "version": "v14",
+ "url": "/aai/v14/service-design-and-creation",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-service-design-and-creation",
+ "version": "v15",
+ "url": "/aai/v15/service-design-and-creation",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-service-design-and-creation",
+ "version": "v16",
+ "url": "/aai/v16/service-design-and-creation",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-service-design-and-creation",
+ "version": "v17",
+ "url": "/aai/v17/service-design-and-creation",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-service-design-and-creation",
+ "version": "v18",
+ "url": "/aai/v18/service-design-and-creation",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-service-design-and-creation",
+ "version": "v19",
+ "url": "/aai/v19/service-design-and-creation",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-network",
+ "version": "v11",
+ "url": "/aai/v11/network",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-network",
+ "version": "v12",
+ "url": "/aai/v12/network",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-network",
+ "version": "v13",
+ "url": "/aai/v13/network",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-network",
+ "version": "v14",
+ "url": "/aai/v14/network",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-network",
+ "version": "v15",
+ "url": "/aai/v15/network",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-network",
+ "version": "v16",
+ "url": "/aai/v16/network",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-network",
+ "version": "v17",
+ "url": "/aai/v17/network",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-network",
+ "version": "v18",
+ "url": "/aai/v18/network",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-network",
+ "version": "v19",
+ "url": "/aai/v19/network",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-externalSystem",
+ "version": "v11",
+ "url": "/aai/v11/external-system",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-externalSystem",
+ "version": "v12",
+ "url": "/aai/v12/external-system",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-externalSystem",
+ "version": "v13",
+ "url": "/aai/v13/external-system",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-externalSystem",
+ "version": "v14",
+ "url": "/aai/v14/external-system",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-externalSystem",
+ "version": "v15",
+ "url": "/aai/v15/external-system",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-externalSystem",
+ "version": "v16",
+ "url": "/aai/v16/external-system",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-externalSystem",
+ "version": "v17",
+ "url": "/aai/v17/external-system",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-externalSystem",
+ "version": "v18",
+ "url": "/aai/v18/external-system",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-externalSystem",
+ "version": "v19",
+ "url": "/aai/v19/external-system",
+ "protocol": "REST",
+ "port": "8447",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ }
+ ]'
+ spec:
+ hostname: aai-resources
+ {{ if .Values.global.initContainers.enabled }}
+ {{ if .Values.global.installSidecarSecurity }}
+ hostAliases:
+ - ip: {{ .Values.global.aaf.serverIp }}
+ hostnames:
+ - {{ .Values.global.aaf.serverHostname }}
+ {{ end }}
+ initContainers:
+ - command:
+ {{ if .Values.global.jobs.migration.enabled }}
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-aai-graphadmin-migration
+ {{ else if .Values.global.jobs.createSchema.enabled }}
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-aai-graphadmin-create-db-schema
+ {{ else }}
+ - /app/ready.py
+ args:
+ - --container-name
+ {{- if .Values.global.cassandra.localCluster }}
+ - aai-cassandra
+ {{- else }}
+ - cassandra
+ {{- end }}
+ - --container-name
+ - aai-schema-service
+ {{ end }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ .Values.global.tproxyConfig.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ privileged: true
+ {{ end }}
+ {{ end }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: LOCAL_USER_ID
+ value: {{ .Values.global.config.userId | quote }}
+ - name: LOCAL_GROUP_ID
+ value: {{ .Values.global.config.groupId | quote }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: janusgraph-realtime.properties
+ - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-cached.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: janusgraph-cached.properties
+ - mountPath: /opt/app/aai-resources/resources/etc/appprops/aaiconfig.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-RES
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /opt/app/aai-resources/resources/logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: localhost-access-logback.xml
+ - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: realm.properties
+ {{ if .Values.global.installSidecarSecurity }}
+ - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json
+ name: {{ include "common.fullname" . }}-aai-policy
+ subPath: aai_policy.json
+ {{ end }}
+ - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile
+ name: {{ include "common.fullname" . }}-aaf-certs
+ subPath: org.onap.aai.keyfile
+ - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv
+ name: {{ include "common.fullname" . }}-aaf-certs
+ subPath: bath_config.csv
+ - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props
+ name: {{ include "common.fullname" . }}-aaf-properties
+ subPath: org.onap.aai.props
+ - mountPath: /opt/app/aai-resources/resources/aaf/org.osaaf.location.props
+ name: {{ include "common.fullname" . }}-aaf-properties
+ subPath: org.osaaf.location.props
+ - mountPath: /opt/app/aai-resources/resources/aaf/permissions.properties
+ name: {{ include "common.fullname" . }}-aaf-properties
+ subPath: permissions.properties
+ - mountPath: /opt/app/aai-resources/resources/cadi.properties
+ name: {{ include "common.fullname" . }}-aaf-properties
+ subPath: cadi.properties
+ - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.p12
+ name: {{ include "common.fullname" . }}-aaf-certs
+ subPath: org.onap.aai.p12
+ - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks
+ name: aai-common-aai-auth-mount
+ subPath: truststoreONAPall.jks
+ - mountPath: /opt/app/aai-resources/resources/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ - mountPath: /opt/app/aai-resources/resources/application-keycloak.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application-keycloak.properties
+ {{ $global := . }}
+ {{ range $job := .Values.global.config.auth.files }}
+ - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }}
+ name: {{ include "common.fullname" $global }}-auth-truststore-sec
+ subPath: {{ . }}
+ {{ end }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+
+ # side car containers
+ - name: filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ name: filebeat-conf
+ - mountPath: /var/log/onap
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /usr/share/filebeat/data
+ name: {{ include "common.fullname" . }}-filebeat
+ resources:
+{{ include "common.resources" . }}
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ .Values.global.rproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/rproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.sidecar.keyStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.rproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/forward-proxy.properties
+ subPath: forward-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/primary-service.properties
+ subPath: primary-service.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/reverse-proxy.properties
+ subPath: reverse-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/cadi.properties
+ subPath: cadi.properties
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ mountPath: /opt/app/rproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+ mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
+ subPath: uri-authorization.json
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks
+ subPath: aaf_truststore.jks
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ mountPath: /opt/app/rproxy/config/security/keyfile
+ subPath: keyfile
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
+ subPath: org.onap.aai.p12
+ ports:
+ - containerPort: {{ .Values.global.rproxy.port }}
+
+ - name: {{ .Values.global.fproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/fproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.sidecar.keyStorePassword }}
+ - name: TRUST_STORE_PASSWORD
+ value: {{ .Values.sidecar.trustStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.fproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ mountPath: /opt/app/fproxy/config/fproxy.properties
+ subPath: fproxy.properties
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ mountPath: /opt/app/fproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
+ subPath: fproxy_truststore
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ mountPath: /opt/app/fproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ ports:
+ - containerPort: {{ .Values.global.fproxy.port }}
+ {{ end }}
+
+ volumes:
+ - name: aai-common-aai-auth-mount
+ secret:
+ secretName: aai-common-aai-auth
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: filebeat-conf
+ configMap:
+ name: aai-filebeat
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-aaf-properties
+ configMap:
+ name: {{ include "common.fullname" . }}-aaf-props
+ - name: {{ include "common.fullname" . }}-aaf-certs
+ secret:
+ secretName: {{ include "common.fullname" . }}-aaf-keys
+ - name: {{ include "common.fullname" . }}-auth-truststore-sec
+ secret:
+ secretName: aai-common-truststore
+ items:
+ {{ range $job := .Values.global.config.auth.files }}
+ - key: {{ . }}
+ path: {{ . }}
+ {{ end }}
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ include "common.fullname" . }}-aai-policy
+ configMap:
+ name: {{ include "common.fullname" . }}-aai-policy-configmap
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-rproxy-security-config
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ - name: {{ include "common.fullname" . }}-fproxy-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-fproxy-auth-config
+ {{ end }}
+ restartPolicy: {{ .Values.restartPolicy }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml
new file mode 100644
index 0000000000..68d767b380
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/templates/service.yaml
@@ -0,0 +1,44 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName2 }}
+ {{- else -}}
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ clusterIP: None
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
new file mode 100644
index 0000000000..4b77e31084
--- /dev/null
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -0,0 +1,123 @@
+# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
+# Copyright (c) 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for resources.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+ nodePortPrefix: 302
+ readinessImage: onap/oom/readiness:3.0.1
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/aai-resources:1.7.2
+pullPolicy: Always
+restartPolicy: Always
+flavor: small
+flavorOverride: small
+# default number of instances
+replicaCount: 1
+
+# Configuration for the resources deployment
+config:
+ keycloak:
+ host: localhost
+ port: 8180
+
+ # Specifies crud related operation timeouts and overrides
+ crud:
+ timeout:
+ # Specifies if the timeout for REST GET calls should be enabled
+ enabled: true
+ # Specifies the timeout values for application specific
+ # Its a pipe seperated list where each element before comma represents
+ # the X-FromAppId and the comma after specifies the timeout limit in ms
+ # If the timeout limit is -1 then it means for these apps no timeout
+ appspecific: JUNITTESTAPP1,1|JUNITTESTAPP2,-1|DCAE-CCS,-1|DCAES,-1|AAIRctFeed,-1|NewvceCreator,-1|IANewvceCreator,-1|AAI-CSIOVALS,-1
+ # Specifies what is the maximum timeout limit in milliseconds
+ limit: 100000
+
+ # Specifies configuration for bulk apis
+ bulk:
+ # Specifies for a bulk payload how many transactions in total allowed
+ limit: 30
+ # Specifies if the bulk can be override and if it can the value
+ override: false
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 60
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: false
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+
+# application configuration
+sidecar:
+ keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+ keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+ trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+service:
+ type: ClusterIP
+ portName: aai-resources-8447
+ internalPort: 8447
+ portName2: aai-resources-5005
+ internalPort2: 5005
+
+ingress:
+ enabled: false
+
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+#resources:
+# limits:
+# cpu: 2
+# memory: 4Gi
+# requests:
+# cpu: 2
+# memory: 4Gi
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 3Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
diff --git a/kubernetes/aai/components/aai-schema-service/.helmignore b/kubernetes/aai/components/aai-schema-service/.helmignore
new file mode 100644
index 0000000000..daebc7da77
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/aai/components/aai-schema-service/Chart.yaml b/kubernetes/aai/components/aai-schema-service/Chart.yaml
new file mode 100644
index 0000000000..8894701465
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: v1
+description: ONAP AAI Schema Service
+name: aai-schema-service
+version: 7.0.0
diff --git a/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties b/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties
new file mode 100644
index 0000000000..2172d715de
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties
@@ -0,0 +1,43 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
+aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+
+{{ if .Values.global.config.basic.auth.enabled }}
+aai.tools.enableBasicAuth=true
+aai.tools.username={{ .Values.global.config.basic.auth.username }}
+aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
+{{ end }}
+
+aai.truststore.filename={{ .Values.global.config.truststore.filename }}
+aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }}
+aai.keystore.filename={{ .Values.global.config.keystore.filename }}
+aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }}
+
+aai.default.api.version={{ .Values.global.config.schema.version.api.default }}
+
+aai.logging.trace.enabled=true
+aai.logging.trace.logrequest=false
+aai.logging.trace.logresponse=false
+
+aai.transaction.logging=true
+aai.transaction.logging.get=false
+aai.transaction.logging.post=false
diff --git a/kubernetes/aai/components/aai-schema-service/config/application.properties b/kubernetes/aai/components/aai-schema-service/config/application.properties
new file mode 100644
index 0000000000..a639c41343
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/config/application.properties
@@ -0,0 +1,71 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# The following info parameters are being referenced by ajsc6
+info.build.artifact=aai-schema-service
+info.build.name=schema-service
+info.build.description=Schema Service Microservice
+info.build.version=1.1.0
+
+spring.application.name=aai-schema-service
+spring.jersey.type=filter
+
+spring.main.allow-bean-definition-overriding=true
+server.servlet.context-path=/
+
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+
+spring.jersey.application-path=${schema.uri.base.path}
+server.tomcat.max-threads=200
+server.tomcat.min-Spare-Threads=25
+server.tomcat.max-idle-time=60000
+
+server.local.startpath=aai-schema-service/src/main/resources/
+server.basic.auth.location=${server.local.startpath}/etc/auth/realm.properties
+
+server.port=8452
+server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
+server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
+server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
+server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
+server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+server.ssl.client-auth=want
+server.ssl.key-store-type=JKS
+
+schema.configuration.location=N/A
+schema.source.name={{ .Values.global.config.schema.source.name }}
+schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/
+schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/
+schema.query.location=${server.local.startpath}/schema/${schema.source.name}/query/
+
+schema.ingest.file=${server.local.startpath}/application.properties
+
+# Schema Version Related Attributes
+schema.uri.base.path={{ .Values.global.config.schema.uri.base.path }}/schema-service
+# Lists all of the versions in the schema
+schema.version.list={{ .Values.global.config.schema.version.list }}
+# Specifies from which version should the depth parameter to default to zero
+schema.version.depth.start={{ .Values.global.config.schema.version.depth }}
+# Specifies from which version should the related link be displayed in response payload
+schema.version.related.link.start={{ .Values.global.config.schema.version.related.link }}
+
+# Specifies from which version should the client see only the uri excluding host info
+# Before this version server base will also be included
+schema.version.app.root.start={{ .Values.global.config.schema.version.app.root }}
+# Specifies from which version should the namespace be changed
+schema.version.namespace.change.start={{ .Values.global.config.schema.version.namespace.change }}
+# Specifies from which version should the client start seeing the edge label in payload
+schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.label }}
+# Specifies the version that the application should default to
+schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
diff --git a/kubernetes/aai/components/aai-schema-service/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-schema-service/config/localhost-access-logback.xml
new file mode 100644
index 0000000000..447f2390b1
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/config/localhost-access-logback.xml
@@ -0,0 +1,58 @@
+<!--
+ ============LICENSE_START=======================================================
+ org.onap.aai
+ ================================================================================
+ Copyright © 2019 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+-->
+<configuration>
+ <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
+ <appender name="ACCESS"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
+ <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>
+ </encoder>
+ </appender>
+ <appender-ref ref="ACCESS" />
+</configuration>
+
+<!--
+%a - Remote IP address
+%A - Local IP address
+%b - Bytes sent, excluding HTTP headers, or '-' if no bytes were sent
+%B - Bytes sent, excluding HTTP headers
+%h - Remote host name
+%H - Request protocol
+%l - Remote logical username from identd (always returns '-')
+%m - Request method
+%p - Local port
+%q - Query string (prepended with a '?' if it exists, otherwise an empty string
+%r - First line of the request
+%s - HTTP status code of the response
+%S - User session ID
+%t - Date and time, in Common Log Format format
+%u - Remote user that was authenticated
+%U - Requested URL path
+%v - Local server name
+%I - current request thread name (can compare later with stacktraces)
+
+%z - Custom pattern that parses the cert for the subject
+%y - Custom pattern determines rest or dme2
+ -->
diff --git a/kubernetes/aai/components/aai-schema-service/config/logback.xml b/kubernetes/aai/components/aai-schema-service/config/logback.xml
new file mode 100644
index 0000000000..9cfffe9c37
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/config/logback.xml
@@ -0,0 +1,295 @@
+<!--
+
+ ============LICENSE_START=======================================================
+ org.onap.aai
+ ================================================================================
+ Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+
+-->
+<configuration scan="true" scanPeriod="60 seconds" debug="false">
+ <statusListener class="ch.qos.logback.core.status.NopStatusListener"/>
+
+ <property resource="application.properties"/>
+
+ <property name="namespace" value="aai-schema-service"/>
+
+ <property name="AJSC_HOME" value="${AJSC_HOME:-.}"/>
+ <property name="logDirectory" value="${AJSC_HOME}/logs"/>
+ <!-- Old patterns
+ <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ //<property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfTransLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{partnerName}:%m%n"/>
+ -->
+ <property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}"/>
+ <property name="p_lvl" value="%level"/>
+ <property name="p_log" value="%logger"/>
+ <property name="p_mdc" value="%replace(%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}){'\\|', '!'}"/>
+ <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_thr" value="%thread"/>
+ <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
+ <!-- Patterns from onap demo -->
+ <property name="errorPattern" value="%X{LogTimestamp}|%X{RequestID}|%thread|%replace(%X{ServiceName}){'\\|', '!'}|%X{PartnerName}|%X{TargetEntity}|%replace(%X{TargetServiceName}){'\\|', '!'}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n" />
+ <property name="debugPattern" value="%X{LogTimestamp}|%X{RequestID}|%msg\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t|^%n" />
+
+ <property name="auditPattern" value="%X{EntryTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%thread||%replace(%X{ServiceName}){'\\|', '!'}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}||||${p_mak}|${p_mdc}|||%msg%n" />
+ <property name="metricPattern" value="%X{InvokeTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%thread||%replace(%X{ServiceName}){'\\|', '!'}|%X{PartnerName}|%X{TargetEntity}|%replace(%X{TargetServiceName}){'\\|', '!'}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|${p_mak}|${p_mdc}|||%msg%n" />
+ <property name="transLogPattern" value="%X{LogTimestamp}|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{RequestID}|%X{ServiceInstanceID}|%-10t|%X{ServerFQDN}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%replace(%replace(%X{ResponseDesc}){'\\|', '!'}){'\r|\n', '^'}|%X{InstanceUUID}|%level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{clientIpAddress}||%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{PartnerName}:%m%n"/>
+
+ <conversionRule conversionWord="clr" converterClass="org.springframework.boot.logging.logback.ColorConverter"/>
+ <conversionRule conversionWord="wex" converterClass="org.springframework.boot.logging.logback.WhitespaceThrowableProxyConverter"/>
+ <conversionRule conversionWord="wEx" converterClass="org.springframework.boot.logging.logback.ExtendedWhitespaceThrowableProxyConverter"/>
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>
+ %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="SANE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/rest/sane.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/sane.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncSANE" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="SANE"/>
+ </appender>
+
+ <appender name="METRIC" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/rest/metrics.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${metricPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncMETRIC" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="METRIC"/>
+ </appender>
+
+ <appender name="DEBUG"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <file>${logDirectory}/rest/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/debug.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncDEBUG" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <appender-ref ref="DEBUG"/>
+ <includeCallerData>true</includeCallerData>
+ </appender>
+
+ <appender name="ERROR"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/rest/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/error.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncERROR" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <appender-ref ref="ERROR"/>
+ </appender>
+
+ <appender name="AUDIT"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/rest/audit.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/audit.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncAUDIT" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="AUDIT"/>
+ </appender>
+
+ <appender name="translog"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <file>${logDirectory}/rest/translog.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/translog.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${transLogPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asynctranslog" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="translog"/>
+ </appender>
+
+ <appender name="external"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <file>${logDirectory}/external/external.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/external/external.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="auth"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>DEBUG</level>
+ </filter>
+ <file>${logDirectory}/auth/auth.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/auth/auth.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncAUTH" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="auth" />
+ </appender>
+
+ <logger name="org.onap.aai" level="DEBUG" additivity="false">
+ <appender-ref ref="asyncDEBUG"/>
+ <appender-ref ref="asyncSANE"/>
+ <appender-ref ref="STDOUT"/>
+ </logger>
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN"/>
+ <logger name="org.springframework.beans" level="WARN"/>
+ <logger name="org.springframework.web" level="WARN"/>
+ <logger name="com.blog.spring.jms" level="WARN"/>
+ <logger name="com.jayway.jsonpath" level="WARN"/>
+
+ <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet
+ logging) -->
+ <logger name="org.codehaus.groovy" level="WARN"/>
+ <logger name="com.netflix.loadbalancer" level="WARN"/>
+
+ <logger name="org.apache.zookeeper" level="OFF"/>
+
+ <!-- Other Loggers that may help troubleshoot -->
+ <logger name="net.sf" level="WARN"/>
+ <logger name="org.apache.commons.httpclient" level="WARN"/>
+ <logger name="org.apache.commons" level="WARN"/>
+ <logger name="org.apache.coyote" level="WARN"/>
+ <logger name="org.apache.jasper" level="WARN"/>
+
+ <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+ May aid in troubleshooting) -->
+ <logger name="org.apache.camel" level="WARN"/>
+ <logger name="org.apache.cxf" level="WARN"/>
+ <logger name="org.apache.camel.processor.interceptor" level="WARN"/>
+ <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN"/>
+ <logger name="org.apache.cxf.service" level="WARN"/>
+ <logger name="org.restlet" level="WARN"/>
+ <logger name="org.apache.camel.component.restlet" level="WARN"/>
+
+ <logger name="org.hibernate.validator" level="WARN"/>
+ <logger name="org.hibernate" level="WARN"/>
+ <logger name="org.hibernate.ejb" level="OFF"/>
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="WARN"/>
+ <logger name="ch.qos.logback.core" level="WARN"/>
+
+ <logger name="org.eclipse.jetty" level="WARN"/>
+
+ <logger name="org.onap.aai.aaf.auth" level="DEBUG" additivity="false">
+ <appender-ref ref="asyncAUTH" />
+ </logger>
+ <logger name="org.onap.aai.aailog.logs.AaiScheduledTaskAuditLog" level="INFO">
+ <appender-ref ref="asyncAUDIT"/>
+ </logger>
+
+ <logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level="INFO">
+ <appender-ref ref="asyncAUDIT"/>
+ </logger>
+
+ <logger name="org.onap.aai.logging.ErrorLogHelper" level="WARN">
+ <appender-ref ref="asyncERROR"/>
+ </logger>
+ <logger name="org.onap.aai.schemaservice.interceptors.post" level="DEBUG" additivity="false">
+ <appender-ref ref="asynctranslog" />
+ </logger>
+
+ <logger name="org.apache" level="OFF"/>
+ <logger name="org.zookeeper" level="OFF"/>
+ <logger name="org.janusgraph" level="WARN"/>
+ <logger name="com.att.aft.dme2" level="WARN"/>
+
+
+ <root level="DEBUG">
+ <appender-ref ref="STDOUT" />
+ <appender-ref ref="external"/>
+ </root>
+</configuration>
diff --git a/kubernetes/aai/components/aai-schema-service/config/realm.properties b/kubernetes/aai/components/aai-schema-service/config/realm.properties
new file mode 100644
index 0000000000..988bb2411b
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/config/realm.properties
@@ -0,0 +1,22 @@
+AAI:OBF:1gfr1ev31gg7,admin
+MSO:OBF:1jzx1lz31k01,admin
+SDNC:OBF:1itr1i0l1i151isv,admin
+DCAE:OBF:1g8u1f9d1f991g8w,admin
+POLICY:OBF:1mk61i171ima1im41i0j1mko,admin
+ASDC:OBF:1f991j0u1j001f9d,admin
+VID:OBF:1jm91i0v1jl9,admin
+APPC:OBF:1f991ksf1ksf1f9d,admin
+ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin
+AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin
+OOF:OBF:1img1ke71ily,admin
+aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
diff --git a/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml b/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml
new file mode 100644
index 0000000000..9b7ea73181
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml
@@ -0,0 +1,78 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "config/logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-localhost-access-log-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "config/localhost-access-logback.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-aaiconfig-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "config/aaiconfig.properties").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-springapp-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "config/application.properties").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-realm-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "config/realm.properties").AsConfig . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
new file mode 100644
index 0000000000..c6e8e1bf76
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
@@ -0,0 +1,155 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: LOCAL_USER_ID
+ value: {{ .Values.global.config.userId | quote }}
+ - name: LOCAL_GROUP_ID
+ value: {{ .Values.global.config.groupId | quote }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/aai-schema-service/resources/etc/appprops/aaiconfig.properties
+ name: aaiconfig-conf
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-SS
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /opt/app/aai-schema-service/resources/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-schema-service/resources/localhost-access-logback.xml
+ name: localhost-access-log-conf
+ subPath: localhost-access-logback.xml
+ - mountPath: /opt/app/aai-schema-service/resources/etc/auth/realm.properties
+ name: realm-conf
+ subPath: realm.properties
+ - mountPath: /opt/app/aai-schema-service/resources/application.properties
+ name: springapp-conf
+ subPath: application.properties
+ {{ $global := . }}
+ {{ range $job := .Values.global.config.auth.files }}
+ - mountPath: /opt/app/aai-schema-service/resources/etc/auth/{{ . }}
+ name: auth-truststore-sec
+ subPath: {{ . }}
+ {{ end }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+
+ # side car containers
+ - name: filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ name: filebeat-conf
+ - mountPath: /var/log/onap
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /usr/share/filebeat/data
+ name: {{ include "common.fullname" . }}-filebeat
+ volumes:
+ - name: aai-common-aai-auth-mount
+ secret:
+ secretName: aai-common-aai-auth
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: filebeat-conf
+ configMap:
+ name: aai-filebeat
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: localhost-access-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-localhost-access-log-configmap
+ - name: springapp-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-springapp-configmap
+ - name: aaiconfig-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-aaiconfig-configmap
+ - name: realm-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-realm-configmap
+ - name: auth-truststore-sec
+ secret:
+ secretName: aai-common-truststore
+ items:
+ {{ range $job := .Values.global.config.auth.files }}
+ - key: {{ . }}
+ path: {{ . }}
+ {{ end }}
+ restartPolicy: {{ .Values.restartPolicy }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-schema-service/templates/service.yaml b/kubernetes/aai/components/aai-schema-service/templates/service.yaml
new file mode 100644
index 0000000000..68d767b380
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/templates/service.yaml
@@ -0,0 +1,44 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName2 }}
+ {{- else -}}
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ clusterIP: None
diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml
new file mode 100644
index 0000000000..7c29fd46f4
--- /dev/null
+++ b/kubernetes/aai/components/aai-schema-service/values.yaml
@@ -0,0 +1,88 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for resources.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+ nodePortPrefix: 302
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/aai-schema-service:1.7.13
+pullPolicy: Always
+restartPolicy: Always
+flavorOverride: small
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 60
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: false
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ portName: aai-schema-service-8452
+ internalPort: 8452
+ portName2: aai-schema-service-5005
+ internalPort2: 5005
+
+ingress:
+ enabled: false
+
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+#resources:
+# limits:
+# cpu: 2
+# memory: 4Gi
+# requests:
+# cpu: 2
+# memory: 4Gi
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 3Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
diff --git a/kubernetes/aai/components/aai-search-data/.helmignore b/kubernetes/aai/components/aai-search-data/.helmignore
new file mode 100644
index 0000000000..daebc7da77
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/aai/components/aai-search-data/Chart.yaml b/kubernetes/aai/components/aai-search-data/Chart.yaml
new file mode 100644
index 0000000000..b05b354512
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP AAI search-data
+name: aai-search-data
+version: 7.0.0
diff --git a/kubernetes/aai/components/aai-search-data/resources/config/analysis-config.json b/kubernetes/aai/components/aai-search-data/resources/config/analysis-config.json
new file mode 100644
index 0000000000..5fc135df5a
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/config/analysis-config.json
@@ -0,0 +1,32 @@
+[
+ {
+ "name": "whitespace_analyzer",
+ "description": "A standard whitespace analyzer.",
+ "behaviours": [
+ "Tokenize the text using white space characters as delimeters.",
+ "Convert all characters to lower case.",
+ "Convert all alphanumeric and symbolic Unicode characters above the first 127 ASCII characters into their ASCII equivalents."
+ ],
+ "tokenizer": "whitespace",
+ "filters": [
+ "lowercase",
+ "asciifolding"
+ ]
+ },
+ {
+ "name": "ngram_analyzer",
+ "description": "An analyzer which performs ngram filtering on the data stream.",
+ "behaviours": [
+ "Tokenize the text using white space characters as delimeters.",
+ "Convert all characters to lower case.",
+ "Convert all alphanumeric and symbolic Unicode characters above the first 127 ASCII characters into their ASCII equivalents.",
+ "Apply ngram filtering using the following values for minimum and maximum size in codepoints of a single n-gram: minimum = 1, maximum = 2."
+ ],
+ "tokenizer": "whitespace",
+ "filters": [
+ "lowercase",
+ "asciifolding",
+ "ngram_filter"
+ ]
+ }
+] \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-search-data/resources/config/auth/search_policy.json b/kubernetes/aai/components/aai-search-data/resources/config/auth/search_policy.json
new file mode 100644
index 0000000000..bbbe52f5b5
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/config/auth/search_policy.json
@@ -0,0 +1,18 @@
+{
+ "roles": [
+ {
+ "name": "admin",
+ "functions": [
+ {
+ "name": "search", "methods": [ { "name": "GET" },{ "name": "DELETE" }, { "name": "PUT" }, { "name": "POST" } ]
+ }
+ ],
+
+ "users": [
+ {
+ "username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"
+ }
+ ]
+ }
+ ]
+}
diff --git a/kubernetes/aai/components/aai-search-data/resources/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-search-data/resources/config/auth/tomcat_keystore
new file mode 100644
index 0000000000..e280b3181a
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/config/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/components/aai-search-data/resources/config/dynamic-custom-template.json b/kubernetes/aai/components/aai-search-data/resources/config/dynamic-custom-template.json
new file mode 100644
index 0000000000..2dac8f75c7
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/config/dynamic-custom-template.json
@@ -0,0 +1,12 @@
+"dynamic_templates":[
+ {
+ "strings":{
+ "match_mapping_type":"string",
+ "match": "*",
+ "mapping":{
+ "type":"text",
+ "fielddata":true
+ }
+ }
+ }
+],
diff --git a/kubernetes/aai/components/aai-search-data/resources/config/elastic-search.properties b/kubernetes/aai/components/aai-search-data/resources/config/elastic-search.properties
new file mode 100644
index 0000000000..65de20de7e
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/config/elastic-search.properties
@@ -0,0 +1,25 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# ElasticSearch Configuration
+
+es.cluster-name=ES_AAI
+es.ip-address=aai-elasticsearch.{{.Release.Namespace}}
+es.http-port={{ .Values.config.elasticsearchHttpPort }}
+es.uri-scheme=http
+es.auth-user=admin
+es.auth-password=OBF:1u2a1toa1w8v1tok1u30
+es.trust-store=auth/tomcat_keystore
+es.trust-store-password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
diff --git a/kubernetes/aai/components/aai-search-data/resources/config/es-payload-translation.json b/kubernetes/aai/components/aai-search-data/resources/config/es-payload-translation.json
new file mode 100644
index 0000000000..8a29863bf3
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/config/es-payload-translation.json
@@ -0,0 +1,17 @@
+{
+ "attr-translations": [
+ {
+ "query": "$..[?(@.type=='string' && @.index=='analyzed')]",
+ "update": {"type": "text", "index": true, "fielddata": true}
+ },
+ {
+ "query": "$..[?(@.type=='string' && @.index=='not_analyzed')]",
+ "update": {"type": "keyword", "index": true}
+ },
+ {
+ "query": "$..[?(@.type=='string' && !@.index)]",
+ "update": {"type": "text", "fielddata": true}
+ }
+ ]
+}
+
diff --git a/kubernetes/aai/components/aai-search-data/resources/config/filter-config.json b/kubernetes/aai/components/aai-search-data/resources/config/filter-config.json
new file mode 100644
index 0000000000..a27f75b000
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/config/filter-config.json
@@ -0,0 +1,7 @@
+[
+ {
+ "name": "ngram_filter",
+ "description": "Custom NGram Filter.",
+ "configuration": " \"type\": \"nGram\", \"min_gram\": 1, \"max_gram\": 50, \"token_chars\": [ \"letter\", \"digit\", \"punctuation\", \"symbol\" ]"
+ }
+] \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-search-data/resources/config/log/logback.xml b/kubernetes/aai/components/aai-search-data/resources/config/log/logback.xml
new file mode 100644
index 0000000000..adfed4aa60
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/config/log/logback.xml
@@ -0,0 +1,193 @@
+<!--
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+-->
+
+<configuration scan="true" scanPeriod="3 seconds" debug="false">
+ <!--<jmxConfigurator /> -->
+ <!-- directory path for all other type logs -->
+
+ <property name="logDir" value="/var/log/onap" />
+
+
+ <!-- specify the component name
+ <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" -->
+ <property name="componentName" value="AAI-SDB"></property>
+
+ <!-- default eelf log file names -->
+ <property name="generalLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+
+ <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|SearchDataService|%mdc{PartnerName}|%logger||%.-5level|%msg%n" />
+ <property name="auditMetricPattern" value="%m%n" />
+
+ <property name="logDirectory" value="${logDir}/${componentName}" />
+
+ <!-- Example evaluator filter applied against console appender -->
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+
+ <!-- The EELFAppender is used to record events to the general application
+ log -->
+
+ <appender name="EELF"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${generalLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip
+ </fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELF" />
+ </appender>
+
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+
+ <appender name="EELFAudit"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${auditLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip
+ </fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditMetricPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+
+ <appender name="EELFMetrics"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${metricsLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip
+ </fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
+ %msg%n"</pattern> -->
+ <pattern>${auditMetricPattern}</pattern>
+ </encoder>
+ </appender>
+
+
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFMetrics"/>
+ </appender>
+
+ <appender name="EELFDebug"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${debugLogName}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip
+ </fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>false</includeCallerData>
+ </appender>
+
+
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+ <logger name="com.att.eelf" level="info" additivity="false">
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="asyncEELFDebug" />
+ </logger>
+
+ <logger name="com.att.eelf.audit" level="info" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+ <logger name="com.att.eelf.metrics" level="info" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN" />
+ <logger name="org.springframework.beans" level="WARN" />
+ <logger name="org.springframework.web" level="WARN" />
+ <logger name="com.blog.spring.jms" level="WARN" />
+
+ <!-- SearchDB loggers -->
+ <logger name="org.openecomp.sa" level="INFO" />
+
+ <!-- Other Loggers that may help troubleshoot -->
+ <logger name="net.sf" level="WARN" />
+ <logger name="org.apache.commons.httpclient" level="WARN" />
+ <logger name="org.apache.commons" level="WARN" />
+ <logger name="org.apache.coyote" level="WARN" />
+ <logger name="org.apache.jasper" level="WARN" />
+
+ <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+ May aid in troubleshooting) -->
+ <logger name="org.apache.camel" level="WARN" />
+ <logger name="org.apache.cxf" level="WARN" />
+ <logger name="org.apache.camel.processor.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.service" level="WARN" />
+ <logger name="org.restlet" level="WARN" />
+ <logger name="org.apache.camel.component.restlet" level="WARN" />
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="WARN" />
+ <logger name="ch.qos.logback.core" level="WARN" />
+
+ <root>
+ <appender-ref ref="asyncEELF" />
+ <!-- <appender-ref ref="asyncEELFDebug" /> -->
+ </root>
+
+</configuration>
diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties
new file mode 100644
index 0000000000..f512fb71a6
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties
@@ -0,0 +1,2 @@
+credential.cache.timeout.ms=180000
+transactionid.header.name=X-TransactionId \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml
new file mode 100644
index 0000000000..edac199968
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/AAF-FPS" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="debug">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "com.baeldung*" at TRACE level -->
+ <logger name="org.onap.aaf.fproxy" level="trace" additivity="false">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </logger>
+
+</configuration>
diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt
new file mode 100644
index 0000000000..79cf29e73c
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json
new file mode 100644
index 0000000000..595d484c37
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json
@@ -0,0 +1,11 @@
+[
+ {
+ "uri": "\/services\/search-data-service\/.*",
+ "method": "GET|PUT|POST|DELETE",
+ "permissions": [
+ "org\\.onap\\.aai\\.resources\\|\\*\\|.*"
+ ]
+ }
+
+
+]
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties
new file mode 100644
index 0000000000..4980071db6
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties
@@ -0,0 +1,39 @@
+# This is a normal Java Properties File
+# Comments are with Pound Signs at beginning of lines,
+# and multi-line expression of properties can be obtained by backslash at end of line
+
+#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below
+#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name
+#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com
+#to your hosts file on your machine.
+#hostname=test.aic.cip.att.com
+
+cadi_loglevel=DEBUG
+
+# OAuth2
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
+
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
+
+# Locate URL (which AAF Env)
+aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
+
+# AAF URL
+aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
+
+cadi_keyfile=/opt/app/rproxy/config/security/keyfile
+cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12
+cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV
+cadi_alias=aai@aai.onap.org
+cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore
+cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+aaf_env=DEV
+
+aaf_id=demo@people.osaaf.org
+aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz
+
+# This is a colon separated list of client cert issuers
+cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties
new file mode 100644
index 0000000000..55a9b4816f
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties
@@ -0,0 +1,4 @@
+forward-proxy.protocol = https
+forward-proxy.host = localhost
+forward-proxy.port = 10680
+forward-proxy.cacheurl = /credential-cache
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml
new file mode 100644
index 0000000000..289fe7512c
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/reverse-proxy" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="debug">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "com.baeldung*" at TRACE level -->
+ <logger name="org.onap.aaf.rproxy" level="trace" additivity="false">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </logger>
+
+</configuration>
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties
new file mode 100644
index 0000000000..5fddcb240a
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties
@@ -0,0 +1,3 @@
+primary-service.protocol = https
+primary-service.host = localhost
+primary-service.port = 9509
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt
new file mode 100644
index 0000000000..79cf29e73c
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties
new file mode 100644
index 0000000000..8d46e1f429
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties
@@ -0,0 +1 @@
+transactionid.header.name=X-TransactionId \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-search-data/templates/configmap.yaml b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml
new file mode 100644
index 0000000000..0ef6aa9b10
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml
@@ -0,0 +1,83 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-service-log
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }}
+{{ end }}
+
diff --git a/kubernetes/aai/components/aai-search-data/templates/deployment.yaml b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml
new file mode 100644
index 0000000000..83e8f1fd15
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml
@@ -0,0 +1,259 @@
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ {{ if .Values.global.installSidecarSecurity }}
+ initContainers:
+ - name: {{ .Values.global.tproxyConfig.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ privileged: true
+ {{ end }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: /opt/app/search-data-service/config/
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.config.keyStorePassword }}
+ - name: KEY_MANAGER_PASSWORD
+ value: {{ .Values.config.keyManagerPassword }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/search-data-service/config/filter-config.json
+ subPath: filter-config.json
+ name: {{ include "common.fullname" . }}-service-config
+ - mountPath: /opt/app/search-data-service/config/elastic-search.properties
+ subPath: elastic-search.properties
+ name: {{ include "common.fullname" . }}-service-config
+ - mountPath: /opt/app/search-data-service/config/analysis-config.json
+ subPath: analysis-config.json
+ name: {{ include "common.fullname" . }}-service-config
+ - mountPath: /opt/app/search-data-service/config/es-payload-translation.json
+ subPath: es-payload-translation.json
+ name: {{ include "common.fullname" . }}-service-config
+ - mountPath: /opt/app/search-data-service/config/dynamic-custom-template.json
+ subPath: dynamic-custom-template.json
+ name: {{ include "common.fullname" . }}-service-config
+ - mountPath: /opt/app/search-data-service/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ name: {{ include "common.fullname" . }}-service-auth-config
+ - mountPath: /opt/app/search-data-service/config/auth/search_policy.json
+ subPath: search_policy.json
+ name: {{ include "common.fullname" . }}-search-policy-config
+ - mountPath: /var/log/onap
+ name: {{ include "common.fullname" . }}-service-logs
+ - mountPath: /opt/app/search-data-service/bundleconfig/etc/logback.xml
+ name: {{ include "common.fullname" . }}-service-log-conf
+ subPath: logback.xml
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+
+ # side car containers
+ - name: filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ name: filebeat-conf
+ - mountPath: /var/log/onap
+ name: {{ include "common.fullname" . }}-service-logs
+ - mountPath: /usr/share/filebeat/data
+ name: {{ include "common.fullname" . }}-service-filebeat
+
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ .Values.global.rproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/rproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.config.keyStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.rproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/forward-proxy.properties
+ subPath: forward-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/primary-service.properties
+ subPath: primary-service.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/reverse-proxy.properties
+ subPath: reverse-proxy.properties
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ mountPath: /opt/app/rproxy/config/cadi.properties
+ subPath: cadi.properties
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ mountPath: /opt/app/rproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+ mountPath: /opt/app/rproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+ mountPath: /opt/app/rproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+ mountPath: /opt/app/rproxy/config/auth/uri-authorization.json
+ subPath: uri-authorization.json
+ - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+ mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12
+ subPath: org.onap.aai.p12
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ mountPath: /opt/app/rproxy/config/security/keyfile
+ subPath: keyfile
+
+ ports:
+ - containerPort: {{ .Values.global.rproxy.port }}
+
+ - name: {{ .Values.global.fproxy.name }}
+ image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CONFIG_HOME
+ value: "/opt/app/fproxy/config"
+ - name: KEY_STORE_PASSWORD
+ value: {{ .Values.config.keyStorePassword }}
+ - name: TRUST_STORE_PASSWORD
+ value: {{ .Values.config.trustStorePassword }}
+ - name: spring_profiles_active
+ value: {{ .Values.global.fproxy.activeSpringProfiles }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ mountPath: /opt/app/fproxy/config/fproxy.properties
+ subPath: fproxy.properties
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ mountPath: /opt/app/fproxy/config/logback-spring.xml
+ subPath: logback-spring.xml
+ - name: {{ include "common.fullname" . }}-fproxy-auth-certs
+ mountPath: /opt/app/fproxy/config/auth/fproxy_truststore
+ subPath: fproxy_truststore
+ - name: {{ include "common.fullname" . }}-fproxy-auth-certs
+ mountPath: /opt/app/fproxy/config/auth/tomcat_keystore
+ subPath: tomcat_keystore
+ - name: {{ include "common.fullname" . }}-fproxy-auth-certs
+ mountPath: /opt/app/fproxy/config/auth/client-cert.p12
+ subPath: client-cert.p12
+ ports:
+ - containerPort: {{ .Values.global.fproxy.port }}
+ {{ end }}
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-service-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-service-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-keystone
+ - name: {{ include "common.fullname" . }}-search-policy-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-policy
+ - name: filebeat-conf
+ configMap:
+ name: aai-filebeat
+ - name: {{ include "common.fullname" . }}-service-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-service-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-service-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-service-log
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: {{ include "common.fullname" . }}-rproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-config
+ - name: {{ include "common.fullname" . }}-rproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-log-config
+ - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+ configMap:
+ name: {{ include "common.fullname" . }}-rproxy-uri-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}-rproxy-auth-config
+ - name: {{ include "common.fullname" . }}-rproxy-auth-certs
+ secret:
+ secretName: aai-rproxy-auth-certs
+ - name: {{ include "common.fullname" . }}-rproxy-security-config
+ secret:
+ secretName: aai-rproxy-security-config
+ - name: {{ include "common.fullname" . }}-fproxy-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-config
+ - name: {{ include "common.fullname" . }}-fproxy-log-config
+ configMap:
+ name: {{ include "common.fullname" . }}-fproxy-log-config
+ - name: {{ include "common.fullname" . }}-fproxy-auth-certs
+ secret:
+ secretName: aai-fproxy-auth-certs
+ {{ end }}
+ restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-search-data/templates/secret.yaml b/kubernetes/aai/components/aai-search-data/templates/secret.yaml
new file mode 100644
index 0000000000..1ae4f4d61d
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/templates/secret.yaml
@@ -0,0 +1,53 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-keystone
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/auth/tomcat_keystore").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-policy
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/auth/search_policy.json").AsSecrets . | indent 2 }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-rproxy-auth-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }}
+{{ end }}
+
diff --git a/kubernetes/aai/components/aai-search-data/templates/service.yaml b/kubernetes/aai/components/aai-search-data/templates/service.yaml
new file mode 100644
index 0000000000..889807930a
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/templates/service.yaml
@@ -0,0 +1,53 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{ if .Values.global.installSidecarSecurity }}
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ targetPort: {{ .Values.global.rproxy.port }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.global.rproxy.port }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ {{ else }}
+
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+{{ end }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ clusterIP: None
diff --git a/kubernetes/aai/components/aai-search-data/values.yaml b/kubernetes/aai/components/aai-search-data/values.yaml
new file mode 100644
index 0000000000..a8089d6c16
--- /dev/null
+++ b/kubernetes/aai/components/aai-search-data/values.yaml
@@ -0,0 +1,78 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for search-data.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+ nodePortPrefix: 302
+
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/search-data-service:1.6.2
+pullPolicy: Always
+restartPolicy: Always
+flavor: small
+flavorOverride: small
+# application configuration
+config:
+ elasticsearchHttpPort: 9200
+ keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+ keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+ trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ portName: aai-search-data
+ internalPort: 9509
+
+ingress:
+ enabled: false
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 0.25
+ memory: 750Mi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 0.5
+ memory: 1Gi
+ unlimited: {}
diff --git a/kubernetes/aai/components/aai-sparky-be/.helmignore b/kubernetes/aai/components/aai-sparky-be/.helmignore
new file mode 100644
index 0000000000..daebc7da77
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/aai/components/aai-sparky-be/Chart.yaml b/kubernetes/aai/components/aai-sparky-be/Chart.yaml
new file mode 100644
index 0000000000..a817934444
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP AAI sparky-be
+name: aai-sparky-be
+version: 7.0.0
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties
new file mode 100644
index 0000000000..67a22f71f7
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties
@@ -0,0 +1,16 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+oxm.apiVersion=v14
+oxm.apiVersionList=v8,v9,v10,v11,v12,v13,v14 \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties
new file mode 100644
index 0000000000..5c733e852b
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties
@@ -0,0 +1,16 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+oxm.apiVersionOverride=v14
+oxm.apiVersionList=v8,v9,v10,v11,v12,v13,v14 \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties
new file mode 100644
index 0000000000..c7f6bbc1d3
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties
@@ -0,0 +1,28 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+oxm.schemaNodeDir=/opt/app/sparky/onap/oxm
+#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config
+oxm.schemaServiceTranslatorList=config
+# The end point for onap is https://<hostname>:<port>/onap/schema-service/v1/
+oxm.schemaServiceBaseUrl=https://<schema-service/config>/aai/schema-service/v1/
+oxm.schemaServiceKeystore=file:${CONFIG_HOME}/auth/aai-client-cert.p12
+oxm.schemaServiceTruststore=file:${CONFIG_HOME}/auth/tomcat_keystore
+oxm.schemaServiceKeystorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
+oxm.schemaServiceTruststorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
+
+
+
+# Schema Service need this variable for the time being
+spring.applicationName=sparky
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
new file mode 100644
index 0000000000..cdd3d480b1
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties
@@ -0,0 +1,20 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resources.hostname=aai
+resources.port=8443
+resources.authType=SSL_BASIC
+resources.basicAuthUserName=aai@aai.onap.org
+resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek
+resources.trust-store=tomcat_keystore
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties
new file mode 100644
index 0000000000..50e843249a
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties
@@ -0,0 +1,20 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+server.port=8000
+server.ssl.key-store=file:${CONFIG_HOME}/auth/org.onap.aai.p12
+server.ssl.key-store-password=OBF:1cqc1l4h1qhu1j751p3j1kmy1ncw1o6g1hf418571g7i1d9r1dan1ga8185f1hfy1o461ncu1kjo1p671j7x1qjg1l8t1cne
+server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
+server.ssl.trust-store=file:${CONFIG_HOME}/auth/truststoreONAPall.jks
+server.ssl.trust-store-password=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties
new file mode 100644
index 0000000000..4fb10a21f7
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties
@@ -0,0 +1,6 @@
+aggregationSyncEnabled=true
+historicalEntitySyncEnabled=true
+autoSuggestSyncEnabled=true
+vnfAliasSyncEnabled=true
+geoSyncEnabled=true
+viewInspectSyncEnabled=true \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties
new file mode 100644
index 0000000000..108f9ef7b5
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties
@@ -0,0 +1,35 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# disable the default thyme leaf icon on web-pages
+#
+spring.mvc.favicon.enabled=false
+
+#
+# to switch to http, remove ssl and put http
+# and in the values.yaml change the internalPort to 9517
+#
+
+spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,sync,portal
+
+portal.cadiFileLocation={{.Values.config.cadiFileLocation}}
+portal.cadiFileLocation={{.Values.config.cadiFileLocation}}
+searchservice.hostname={{.Values.global.searchData.serviceName}}
+searchservice.port=9509
+searchservice.client-cert=client-cert-onap.p12
+searchservice.client-cert-password=1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10
+searchservice.truststore=tomcat_keystore
+
+schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12
new file mode 100644
index 0000000000..aa4ae74272
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12
Binary files differ
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/csp-cookie-filter.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/csp-cookie-filter.properties
new file mode 100644
index 0000000000..6edc3d97db
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/csp-cookie-filter.properties
@@ -0,0 +1,26 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global.login.url=aaiportal.onap.org
+
+# MOTS ID of the application
+application.id=12345
+
+# valid domains for open redirect
+redirect-domain=domain.com
+
+# Required by esGateKeeper. Valid values are:
+# DEVL - used during development
+# PROD - used in production
+gatekeeper.environment=TEST
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12 b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12
new file mode 100644
index 0000000000..b2449c6a54
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12
Binary files differ
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/key.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/key.properties
new file mode 100644
index 0000000000..67268e33e2
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/key.properties
@@ -0,0 +1 @@
+cipher.enc.key=AGLDdG4D04BKm2IxIWEr8o==!
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties
new file mode 100644
index 0000000000..e18585d576
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties
@@ -0,0 +1,47 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+################################################################################
+############################## Portal properties ###############################
+################################################################################
+
+# Java class that implements the ECOMP role and user mgt API
+portal.api.impl.class = org.onap.aai.sparky.security.portal.PortalRestAPICentralServiceImpl
+
+# Instance of ECOMP Portal where the app has been on-boarded
+# use insecure http for dev purposes to avoid self-signed certificate
+ecomp_rest_url = https://portal-app:8443/ONAPPORTAL/auxapi
+
+# Standard global logon page
+ecomp_redirect_url = https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm
+
+# Name of cookie to extract on login request
+csp_cookie_name = EPService
+# Alternate values: DEVL, V_DEVL, V_PROD
+csp_gate_keeper_prod_key = PROD
+
+# Toggles use of UEB
+ueb_listeners_enable = false
+# IDs application withing UEB flow
+ueb_app_key=ueb_key_7
+# Use this tag if the app is centralized
+role_access_centralized=remote
+
+# Connection and Read timeout values
+ext_req_connection_timeout=15000
+ext_req_read_timeout=20000
+
+#Add AAF namespace if the app is centralized
+auth_namespace={{.Values.config.aafNamespace}}
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties
new file mode 100644
index 0000000000..1f154b6101
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties
@@ -0,0 +1,45 @@
+# Configure AAF
+aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
+aaf_url=<%=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
+
+#aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0/envContext=TEST/routeOffer=BAU_SE
+# AAF Environment Designation
+
+#if you are running aaf service from a docker image you have to use aaf service IP and port number
+aaf_id={{.Values.config.aafUsername}}
+#Encrypt the password using AAF Jar
+aaf_password={{.Values.config.aafPassword}}
+# Sample CADI Properties, from CADI 1.4.2
+#hostname=org.onap.aai.orr
+csp_domain=PROD
+# Add Absolute path to Keyfile
+cadi_keyfile={{.Values.config.cadiKeyFile}}
+
+# This is required to accept Certificate Authentication from Certman certificates.
+# can be TEST, IST or PROD
+aaf_env=DEV
+
+# DEBUG prints off all the properties. Use to get started.
+cadi_loglevel=DEBUG
+
+# Add Absolute path to truststore2018.jks
+cadi_truststore={{.Values.config.cadiTrustStore}}
+# Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs
+cadi_truststore_password={{.Values.config.cadiTrustStorePassword}}
+
+# how to turn on SSL Logging
+#javax.net.debug=ssl
+
+# Use "maps.bing.com" to get Lat and Long for an Address
+AFT_LATITUDE=32.780140
+AFT_LONGITUDE=-96.800451
+AFT_ENVIRONMENT=AFTUAT
+AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=true
+DME2.DEBUG=true
+AFT_DME2_HTTP_EXCHANGE_TRACE_ON=true
+
+cadi_latitude=32.780140
+cadi_longitude=-96.800451
+
+aaf_root_ns=com.att.aaf
+aaf_api_version=2.0
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/keyFile b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/keyFile
new file mode 100644
index 0000000000..921ce6714a
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/keyFile
@@ -0,0 +1,27 @@
+77E_fh-8gTjeg8egAo-JgNkXYm1FGEBPMo44vKPgKyGCJj9Dn0xJqIBct2Ko35X4_HSU3wPq3I2q
+YHIvJCjmzXTVu2zvu4rIGTlwycTtLGDkgPyhOYFytv4GgazbpSs9331MPUeVVrdpkDCQmjtHSB4m
+DThhfEe2lkbZ35ljX3sVSf3JDy4ngRot0ktQwnnY4vxFdgVUl7LzVinXWgFLoqMyXmKh_bGw9aUH
+VMgqFsF_YmqLZY5ZARAraeywktvrU5kXYh5SnfXoJy7XIk0TBjHKqO-1mW-TcIgS3_v6GIGkZnpq
+e1FyE8cS21gTPFlc1KDoWUZE2yoEsQKJc4RFWfjid_mE6nckxym1TOsEn3G2_TlkZvliN_QMDB_c
+RuFLDB9HCChm4YYHpSn-RBqtJFz29bMTHQX8VNVfZ_Zhh-4dWOlEfpSzJvAqm_boo-8y8YDGIusx
+mvKyPXEKVCuBOljHaKhYg0d43nAXIFsssKpjmtQizA2L_TP1Mo_lDFIlCsPcRlHKTvzkTstEAhRj
+JnepzA--olBMwBkPxjm1Y5XQBGZH72i_o4Hr7_NqHb9sP486I2Nd1-owjHkhacGrLO1oORnuBUxp
+_SnaXYywe9tTz3BcfFupXSoDv4Sj7g9B53yPIWmjGggigidql3SNJsui6qOtwDHOejzEDFm23Lj7
+fXD6sb52U_ul9ahi4CoLTzpvMsPRYOqyRCk8K8FVBauZbG5D42oaFPn0S0rCSHOCU1TXbRdTF-Cs
+I2R0pEHNgb33yx6vtInaTSYIQ5cxa3XDA_50AQearV5SuYSlp8dK0BkpVCKgvSQdTn-2WiaV_hvO
+KzG7D2adT1kYY6TjYMXIaUiJ33y1XSNDG0s6r4NG5dNE6Jj7thdpnV-AAZoi0uZh1_bsHKLVmHRr
+NCXAc6DZm1D4N9y5lOJwUprUlJisZXLFTQThGMRY5dtiY_eK9Xjj4FQygXXhuhFXHz2-e4YApORv
+lXDcT29IZuuI1j26bxdNdhNr1wZsqqievBN6l6OQMiP21eIrxAUu1BEmiVOrfOzaEjxldDN2gFum
+4-zf9gsQT9UT8KEuOje64wVeHr09JpWuddV9HOAMvqc6mKTWmvUv_QiLgtK_b39QccMrOfOA1usM
+biRJ9wuTYIr584Q9CjHEcm5e2YufcbF-IDZ4IDui8gNXyYJuusTYdspeKzrtiLKfgI56ZWA3it9G
+SOkN18YyUmhk7HFkx9qEifb4UEbUQPb0dyXBRotf-91c5CPkct-36uV4sZBA_AR1tX3-aRKKB_SQ
+B0zaG-eaEdEqKv-ZYHqk23ZxiEsCX3ZdY7VSMWztE3_D5n8UgEl4et5LVfnjvU-arVVO93WUbXk0
+zi2QrOwytOZ0StAvFdF1nVwWllPg4EYcn8qLJIaaBRvLMlpHixtwRhltwJeMmJl3ExImOxNhVbhF
+6LxVXW6JK8JfMIwb_TE4EShDBjemq76BojQOwrO4OAyPG7B5iUtefdY-Zu1EtjXPhrUgljI_A1tg
+5_2WNjNTCT7Bvig3saFsIRi3cvgIcMAF2H7kJYw3UDvCFnx4LIom2u6vSeyatPxEOhRfpP0KvgEU
+koM9DFJW7VWQ11mB_DcU2NoYHdFKFy_cM62kIvoRwZTADGryEtkLSWEDT8MLpVrGXP2RjSZ3HHqC
+vVpVqQHC2VIqNKi2uHtYCiTEfj81Z0rCrnH3hYIRoOSe5W6m17xyb0RloG0G44uK0oNCfDYLwK0L
+TJaBdWSIBYI__ISsKx8o8r-3XLtbwQPPhv4-LpGwJYd7sIcqnpTYAyNGSrbEM4ECzHCH9Hwf9Duy
+cAQGWqXIbTV9i8ryw8OhcCZPTf3noPZyhzzdegiv6KNT-BBbxsgtDehtP-jvpd9eAhjlfUV_hoFJ
+rBUVMFrIOEDnnItVqBDmnavRdhn6N9ObVjVMv_4inhkvtpBCEVxtVQT2kFuBmZvPu_uHHbXi7_g8
+SVs3AjJ2ya3pZraK6gH3IOYoGtTAH3rKl7XdTMjqWnUCbhepuJqeEOF-DhpsEW7Oo0Lqzbjg \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/portal-authentication.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/portal-authentication.properties
new file mode 100644
index 0000000000..97b5399f54
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/portal-authentication.properties
@@ -0,0 +1,31 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################################################################################
+############################## Portal Auth Properties ##############################
+#####################################################################################
+
+############################## Auth ##############################
+username={{.Values.config.portalUsername}}
+password={{.Values.config.portalPassword}}
+
+############################## ##############################
+#
+# ONAP Cookie Processing - During initial development, this flag, if true, will
+# prevent the portal interface's login processing from searching for a user
+# specific cookie, and will instead allow passage if a valid session cookie is discovered.
+onap_enabled={{.Values.config.portalOnapEnabled}}
+onap.user_id_cookie_name={{.Values.config.portalCookieName}}
+cookie_decryptor_classname={{.Values.config.cookieDecryptorClass}}
+app_roles={{.Values.config.portalAppRoles}}
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config b/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config
new file mode 100644
index 0000000000..ee131d8414
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config
@@ -0,0 +1,20 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+[
+ {
+ "id":1,
+ "name":"View"
+ }
+]
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/users.config b/kubernetes/aai/components/aai-sparky-be/resources/config/users.config
new file mode 100644
index 0000000000..ce69e88918
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/users.config
@@ -0,0 +1,20 @@
+[{
+ "orgId": null,
+ "managerId": null,
+ "firstName": "Demo",
+ "middleInitial": null,
+ "lastName": "User",
+ "phone": null,
+ "email": "demo@email.com",
+ "hrid": null,
+ "orgUserId": "demo",
+ "orgCode": null,
+ "orgManagerUserId": null,
+ "jobTitle": null,
+ "loginId": "demo",
+ "active": false,
+ "roles": [{
+ "id": 1,
+ "name": "View"
+ }]
+}] \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
new file mode 100644
index 0000000000..9e0a5726bd
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml
@@ -0,0 +1,72 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-prop
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application-resources.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application-ssl.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application-oxm-default.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application-oxm-override.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application-oxm-schema-prod.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/roles.config").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/users.config").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-portal
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/portal/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-portal-props
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/portal/BOOT-INF/classes/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
new file mode 100644
index 0000000000..a4fe4e2195
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
@@ -0,0 +1,206 @@
+# Copyright (c) 2017 Amdocs, Bell Canada
+# Modifications Copyright (c) 2018 AT&T
+# Modifications Copyright (c) 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - aai-elasticsearch
+ - --container-name
+ - aai-search-data
+ - --container-name
+ - aai
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12
+ name: {{ include "common.fullname" . }}-auth-config
+ subPath: client-cert-onap.p12
+
+ - mountPath: /opt/app/sparky/config/auth/csp-cookie-filter.properties
+ name: {{ include "common.fullname" . }}-auth-config
+ subPath: csp-cookie-filter.properties
+
+ - mountPath: /opt/app/sparky/config/auth/org.onap.aai.p12
+ name: {{ include "common.fullname" . }}-auth-config
+ subPath: org.onap.aai.p12
+
+ - mountPath: /opt/app/sparky/config/auth/truststoreONAPall.jks
+ name: aai-common-aai-auth-mount
+ subPath: truststoreONAPall.jks
+
+ - mountPath: /opt/app/sparky/config/portal/
+ name: {{ include "common.fullname" . }}-portal-config
+
+ - mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/
+ name: {{ include "common.fullname" . }}-portal-config-props
+
+ - mountPath: /var/log/onap
+ name: {{ include "common.fullname" . }}-logs
+
+ - mountPath: /opt/app/sparky/config/application.properties
+ name: {{ include "common.fullname" . }}-properties
+ subPath: application.properties
+
+ - mountPath: /opt/app/sparky/config/application-resources.properties
+ name: {{ include "common.fullname" . }}-properties
+ subPath: application-resources.properties
+
+ - mountPath: /opt/app/sparky/config/application-ssl.properties
+ name: {{ include "common.fullname" . }}-properties
+ subPath: application-ssl.properties
+
+ - mountPath: /opt/app/sparky/config/application-oxm-default.properties
+ name: {{ include "common.fullname" . }}-properties
+ subPath: application-oxm-default.properties
+
+ - mountPath: /opt/app/sparky/config/application-oxm-override.properties
+ name: {{ include "common.fullname" . }}-properties
+ subPath: application-oxm-override.properties
+
+ - mountPath: /opt/app/sparky/config/application-oxm-schema-prod.properties
+ name: {{ include "common.fullname" . }}-properties
+ subPath: application-oxm-schema-prod.properties
+
+ - mountPath: /opt/app/sparky/config/roles.config
+ name: {{ include "common.fullname" . }}-properties
+ subPath: roles.config
+
+ - mountPath: /opt/app/sparky/config/users.config
+ name: {{ include "common.fullname" . }}-properties
+ subPath: users.config
+
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+
+ # side car containers
+ - name: filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ name: filebeat-conf
+ - mountPath: /var/log/onap
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /usr/share/filebeat/data
+ name: aai-sparky-filebeat
+ resources:
+{{ include "common.resources" . }}
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+
+ - name: {{ include "common.fullname" . }}-properties
+ configMap:
+ name: {{ include "common.fullname" . }}-prop
+
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+
+ - name: {{ include "common.fullname" . }}-portal-config
+ configMap:
+ name: {{ include "common.fullname" . }}-portal
+
+ - name: {{ include "common.fullname" . }}-portal-config-props
+ configMap:
+ name: {{ include "common.fullname" . }}-portal-props
+
+ - name: {{ include "common.fullname" . }}-auth-config
+ secret:
+ secretName: {{ include "common.fullname" . }}
+
+ - name: aai-common-aai-auth-mount
+ secret:
+ secretName: aai-common-aai-auth
+
+ - name: filebeat-conf
+ configMap:
+ name: aai-filebeat
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: aai-sparky-filebeat
+ emptyDir: {}
+ - name: modeldir
+ emptyDir: {}
+ restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/ingress.yaml b/kubernetes/aai/components/aai-sparky-be/templates/ingress.yaml
new file mode 100644
index 0000000000..8f87c68f1e
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/templates/ingress.yaml
@@ -0,0 +1 @@
+{{ include "common.ingress" . }}
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/secret.yaml b/kubernetes/aai/components/aai-sparky-be/templates/secret.yaml
new file mode 100644
index 0000000000..292e03571a
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/templates/secret.yaml
@@ -0,0 +1,27 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/service.yaml b/kubernetes/aai/components/aai-sparky-be/templates/service.yaml
new file mode 100644
index 0000000000..5c939ae48e
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/templates/service.yaml
@@ -0,0 +1,38 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
new file mode 100644
index 0000000000..10448b7520
--- /dev/null
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -0,0 +1,120 @@
+# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for sparky-be.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+ nodePortPrefix: 302
+ aai:
+ serviceName: aai
+ aaiElasticsearch:
+ serviceName: aai-elasticsearch
+ gizmo:
+ serviceName: aai-gizmo
+ searchData:
+ serviceName: aai-search-data
+ readinessImage: onap/oom/readiness:3.0.1
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/sparky-be:1.6.2
+pullPolicy: Always
+restartPolicy: Always
+flavor: small
+flavorOverride: small
+dockerhubRepository: registry.hub.docker.com
+ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+# application configuration
+config:
+ elasticsearchHttpPort: 9200
+ gerritBranch: 3.0.0-ONAP
+ gerritProject: http://gerrit.onap.org/r/aai/test-config
+ portalUsername: aaiui
+ portalPassword: OBF:1t2v1vfv1unz1vgz1t3b
+ portalCookieName: UserId
+ portalAppRoles: ui_view
+ aafUsername: aai@aai.onap.org
+ aafNamespace: org.onap.aai
+ aafPassword: enc:xxYw1FqXU5UpianbPeH5Rezg0YfjzuwQrSiLcCmJGfz
+ cadiKeyFile: /opt/app/sparky/config/portal/keyFile
+ cadiTrustStore: /opt/app/sparky/config/auth/truststoreONAPall.jks
+ cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties
+ cadiTrustStorePassword: changeit
+ cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor
+
+# ONAP Cookie Processing - During initial development, the following flag, if true, will
+# prevent the portal interface's login processing from searching for a user
+# specific cookie, and will instead allow passage if a valid session cookie is discovered.
+ portalOnapEnabled: true
+#
+
+# override chart name (sparky-be) to share a common namespace
+# suffix with parent chart (aai)
+nsSuffix: aai
+
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ portName: aai-sparky-be
+ internalPort: 8000
+ nodePort: 20
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "aaisparkybe"
+ name: "aai-sparky-be"
+ port: 8000
+ config:
+ ssl: "redirect"
+
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 0.25
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 0.5
+ memory: 2Gi
+ unlimited: {}
diff --git a/kubernetes/aai/components/aai-traversal/.helmignore b/kubernetes/aai/components/aai-traversal/.helmignore
new file mode 100644
index 0000000000..daebc7da77
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/aai/components/aai-traversal/Chart.yaml b/kubernetes/aai/components/aai-traversal/Chart.yaml
new file mode 100644
index 0000000000..80ff28ef54
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP AAI traversal
+name: aai-traversal
+version: 7.0.0
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/bath_config.csv b/kubernetes/aai/components/aai-traversal/resources/config/aaf/bath_config.csv
new file mode 100644
index 0000000000..60a8fb5f0b
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/bath_config.csv
@@ -0,0 +1,33 @@
+# AAI -> aai@aai.onap.org
+Basic QUFJOkFBSQ==,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# ModelLoader -> aai@aai.onap.org
+Basic TW9kZWxMb2FkZXI6TW9kZWxMb2FkZXI=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# AaiUI -> aai@aai.onap.org,
+Basic QWFpVUk6QWFpVUk=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# MSO -> so@so.onap.org
+Basic TVNPOk1TTw==,Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1NiE=,2050-03-03
+
+# SDNC -> sdnc@sdnc.onap.org
+Basic U0ROQzpTRE5D,Basic c2RuY0BzZG5jLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
+
+# DCAE -> dcae@dcae.onap.org
+Basic RENBRTpEQ0FF,Basic ZGNhZUBkY2FlLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
+
+# POLICY -> policy@policy.onap.org
+Basic UE9MSUNZOlBPTElDWQ==,Basic cG9saWN5QHBvbGljeS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# ASDC -> sdc@sdc.onap.org
+Basic QVNEQzpBU0RD,Basic c2RjQHNkYy5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# VID -> vid@vid.onap.org
+Basic VklEOlZJRA==,Basic dmlkQHZpZC5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+
+# APPC -> appc@appc.onap.org
+Basic QVBQQzpBUFBD,Basic YXBwY0BhcHBjLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
+
+# OOF -> oof@oof.onap.org
+Basic T09GOk9PRg==,Basic b29mQG9vZi5vbmFwLm9yZzpkZW1vMTIzNDQ2IQ==,2050-03-03
+
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/cadi.properties b/kubernetes/aai/components/aai-traversal/resources/config/aaf/cadi.properties
new file mode 100644
index 0000000000..2b19da9f6f
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/cadi.properties
@@ -0,0 +1,8 @@
+
+cadi_loglevel=INFO
+cadi_prop_files=/opt/app/aai-traversal/resources/aaf/org.osaaf.location.props:/opt/app/aai-traversal/resources/aaf/org.onap.aai.props
+
+# OAuth2
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
+
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.keyfile b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.keyfile
new file mode 100644
index 0000000000..4c14bc37f1
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.keyfile
@@ -0,0 +1,27 @@
+VoVoSXQrAveX2NBnoAGs7p5q5Zn5vWkVXC81HQrzers30k7OzSy5rfCRSUVO13wuo-wzJQ4GGn4e
+ZSOZrtTCenFwunUX6mirkIlip8W2TLNVH6O3VN-F7JS6t_6EFF5z1y7amr9MCWQ8p72Ig9uHMUWC
+uPLjD6GUWAEw0BIGtCbXgJDs6v2EOCv0TV8Mq1uYSaiAOZgMlehwt1tWcE3iSRfZscjIp4Kjpe4e
+QsZ9Bc5ATTnY3Tc5Mtmubc-1cwGDQQWFIo5k_cWfxhtpMAsNSidwp-zBjCKEWC465BKSSiUHwp4M
+YW_6xrmN1FobnFqLCNoUEoXH3Mcgeze74dXmaN8_JyQ6T5pT1EtETsitnktrfFh-XsLKGf8vE1m8
+pfAtq4hPeq1jMdG0D8SRVGFxJlHa9VsmYpbUj_4I3GGsaBt_EBl9ZUtL0b3Vnx5fnqS1OZ1amL0z
+94rQfQMf2UAnbI1j2j5oV6Hy2eBmSiLft2aNxs1VPmmZLQsm5dXDKF1eJ6twNmaZvzmQaSHTpN4b
+YqPonSwlYK1ZARaKzx1SivpRWzRP-nqqFazfAnPlLdvCBpCK0g_SjwLvlifozVmH2j0Vd6E9F9XE
+NzJSfUY6NsX6_7t10yDYtBKbFKID3jIKmSj7yn5PKNbEWBwmgvkBh4PIKTRij11udR8S8PnYsfTT
+PyC52LH37LL5Me3Y443zOUXtYWwN6wfCi9H4pDQGmg7mcnpKV0Z-Iw59AuLKypTriG3-9DxYgMSa
+_GCDiCIXhcWSEYieRV45qHoeVdgrPGN8iy9leO_JmikGsjcIKl0-mGrojsV0zHrqeP-fyvgpFD1x
+NXLKeqErqSw_KMFOxCa0-cUQHgrVvrs5wDYeetZ4TRafKEYkojZhq6mbM5V2zScQTxU_VEHK0PIs
+BJ6xHzcw9DLUjPTVtHXXbag9ly9ReoHXRLD5O9RZUvLH9pGRIkn_tMrVD1scMiS4ln9QplyGRF1_
+AAXysVgCna3-xuOIYo8zG74d29eNcuEpejPR8CiSWKiKNqp0zMYB5Jpv2dlf0XMucMne-6WV1-gg
+EETogBbymFC6rcc31TjPwqnqyLY0XP7Gy1trJ47aI9zBXS3IZLmGaKW1d12ELDRsWctujcjHyt1_
+Vp3hrny5w7BNWD8SIueUzke3-OuEhOmu0o84TGvfHc6fmKCggRBn_oXee4OeCnt2HzNSlLvOV9AZ
+g5e1UKuzl2dODQCZHNNdj-7f25LIVSV44m0SVNsDwboQ4s7T5HOTn3NM2KpklwBnB6w5ze2FFBzb
+5XNzyXOpDgHEnszN1U90WrpoFvJ0LFJ5XeX8mH0q9lpcKZXbOqP383_dBXyEd237m2OF6WVG4VVm
+4dqB98pBLiGpCR1K6ocdcZE6mAMQn-OdDaLIJLcXt77i1j2MNlODeax-MJnxMW8EjPAzNJzrdq5e
+21spFMZJT9vthdl0qqiiduuTazaXGrmvnB85uvRCXVqJOesVG3HebubWrQuuuePxVTSL18R_PhId
+0hmqho-MOZUHHTxGzqFDR0iOO8Y4hZfiAipHAd49IkkmYJUrEAb258in8W4__vJ5UcIdq2Rd8L9l
+vtIzf7AKcFCyx7Woi95GpEJ2Kr_f6aG1_04hbFY_LHP3EHPcOxsDHjz-8FYreze_LUdsYx-fBMft
+mcFmbFAblk8Jz7GYQ7c4XwULt2BbMr9rsuGuZHL3Ap6lX1eI0-6d8ZZ3DIXIWubTTqHG_mRNd5XW
+b0x5nlEbnvw4t4DdjGsEONpQfllnnmkr25tPQBncPjlsA3oso6h5QM4psvkkKi8yd0N6t-yyLwra
+w1B3p9YQFzK2hGA24Seo83baLRgIK6YvEsNnXdI7fmVEOetIslQue__6S6GupdqgUFx9xrtDLN-d
+TbdxpezKWfkjCxEBxXyAhOttb3qqP0-jtZV7OEsZmmz0T9DG4hYnNfs-clD7rrD3Va7znzDru2sq
+PtgpapahbNjM9pbx9_fU7M35aEYnGtEwG9BVGVxsWmIBMTc05ncru4qE0fLkjsDSnCMQ54e0 \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.p12 b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.p12
new file mode 100644
index 0000000000..b2449c6a54
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.p12
Binary files differ
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.props b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.props
new file mode 100644
index 0000000000..ef78622641
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.props
@@ -0,0 +1,15 @@
+############################################################
+# Properties Generated by AT&T Certificate Manager
+# @copyright 2016, AT&T
+############################################################
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
+cadi_keyfile=/opt/app/aai-traversal/resources/aaf/org.onap.aai.keyfile
+cadi_keystore=/opt/app/aai-traversal/resources/aaf/org.onap.aai.p12
+cadi_keystore_password=enc:dgVjUeXy3cuR7nJ3TFVrXFfAu19gn6rie-RsS96-0fmeZwMsXlNIgK_rHd2eRY_p
+
+#cadi_key_password=enc:9xs_lJ9QQRDoMcHqLbGg40-gefGrw-sLMjWL40ejbyqdC7Jt_pQfY6ajBLGcbLuL
+cadi_alias=aai@aai.onap.org
+cadi_truststore=/opt/app/aai-traversal/resources/aaf/truststoreONAPall.jks
+cadi_truststore_password=enc:nF3CZ7w_swzgWJX8CtEOsKWA50x-Da_HbiYlXPWrQym
+cadi_loglevel=INFO
+cadi_bath_convert=/opt/app/aai-traversal/resources/aaf/bath_config.csv
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.osaaf.location.props b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.osaaf.location.props
new file mode 100644
index 0000000000..b9ec6b4641
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.osaaf.location.props
@@ -0,0 +1,23 @@
+##
+## org.osaaf.location.props
+##
+## Localized Machine Information
+##
+# Almeda California ?
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
+
+# Locate URL (which AAF Env)
+aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
+
+# AAF URL
+aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
+
+# AAF Environment Designation
+aaf_env=DEV
+
+# OAuth2 Endpoints
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
+
+
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/permissions.properties b/kubernetes/aai/components/aai-traversal/resources/config/aaf/permissions.properties
new file mode 100644
index 0000000000..d4956f577c
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/permissions.properties
@@ -0,0 +1,2 @@
+permission.type=org.onap.aai.traversal
+permission.instance=* \ No newline at end of file
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties
new file mode 100644
index 0000000000..0f23eda515
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties
@@ -0,0 +1,94 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+
+aai.config.checktime=1000
+
+# this could come from siteconfig.pl?
+aai.config.nodename=AutomaticallyOverwritten
+
+aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
+aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
+aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
+
+{{ if .Values.global.config.basic.auth.enabled }}
+aai.tools.enableBasicAuth=true
+aai.tools.username={{ .Values.global.config.basic.auth.username }}
+aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
+{{ end }}
+
+aai.truststore.filename={{ .Values.global.config.truststore.filename }}
+aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }}
+aai.keystore.filename={{ .Values.global.config.keystore.filename }}
+aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }}
+
+aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
+aai.notificationEvent.default.status=UNPROCESSED
+aai.notificationEvent.default.eventType={{ .Values.global.config.notification.eventType }}
+aai.notificationEvent.default.domain={{ .Values.global.config.notification.domain }}
+aai.notificationEvent.default.sourceName=aai
+aai.notificationEvent.default.sequenceNumber=0
+aai.notificationEvent.default.severity=NORMAL
+aai.notificationEvent.default.version={{ .Values.global.config.schema.version.api.default }}
+# This one lets us enable/disable resource-version checking on updates/deletes
+aai.resourceversion.enableflag=true
+aai.logging.maxStackTraceEntries=10
+aai.default.api.version={{ .Values.global.config.schema.version.api.default }}
+
+# Used by Model-processing code
+aai.model.delete.sleep.per.vtx.msec=500
+aai.model.query.resultset.maxcount=50
+aai.model.query.timeout.sec=90
+
+aai.model.proc.max.levels=50
+aai.edgeTag.proc.max.levels=50
+
+aai.logging.trace.enabled=true
+aai.logging.trace.logrequest=false
+aai.logging.trace.logresponse=false
+
+aai.transaction.logging=true
+aai.transaction.logging.get=false
+aai.transaction.logging.post=false
+
+aai.realtime.clients={{ .Values.global.config.realtime.clients }}
+
+#timeout for traversal enabled flag
+aai.traversal.timeoutenabled={{ .Values.config.timeout.enabled }}
+
+#timeout app specific
+aai.traversal.timeout.appspecific={{ .Values.config.timeout.appspecific }}
+
+#default timeout limit added for traversal if not overridden (in ms)
+aai.traversal.timeoutlimit={{ .Values.config.timeout.limit | int }}
+
+#timeout for traversal dsl enabled flag
+aai.traversal.dsl.timeoutenabled={{ .Values.config.dsl.timeout.enabled }}
+
+#timeout app specific -1 to bypass for that app id, a whole number to override the timeout with that value (in ms)
+aai.traversal.dsl.timeout.appspecific={{ .Values.config.dsl.timeout.appspecific | join "|" }}
+
+#default timeout limit added for traversal dsl if not overridden (in ms)
+aai.traversal.dsl.timeoutlimit={{ .Values.config.dsl.timeout.limit | int }}
+
+# Threshold for margin of error (in ms) for resources_with_sot format to derive the most recent http method performed
+aai.resource.formatter.threshold=10
+aai.dsl.override={{ .Values.config.dslOverride }}
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties
new file mode 100644
index 0000000000..4a025bacd2
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties
@@ -0,0 +1,99 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# The following info parameters are being referenced by ajsc6
+info.build.artifact=aai-traversal
+info.build.name=traversal
+info.build.description=Traversal Microservice
+info.build.version=1.3.0
+
+spring.application.name=aai-traversal
+spring.jersey.type=filter
+
+spring.main.allow-bean-definition-overriding=true
+server.servlet.context-path=/
+
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+
+spring.profiles.active={{ .Values.global.config.profiles.active }}
+spring.jersey.application-path=${schema.uri.base.path}
+#The max number of active threads in this pool
+server.tomcat.max-threads=200
+#The minimum number of threads always kept alive
+server.tomcat.min-Spare-Threads=25
+#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads
+server.tomcat.max-idle-time=60000
+
+# If you get an application startup failure that the port is already taken
+# If thats not it, please check if the key-store file path makes sense
+server.local.startpath=aai-traversal/src/main/resources/
+server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
+
+server.port=8446
+server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
+server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
+server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
+server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
+server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
+server.ssl.client-auth=want
+server.ssl.key-store-type=JKS
+
+# JMS bind address host port
+jms.bind.address=tcp://localhost:61647
+dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:3905
+dmaap.ribbon.transportType=https
+
+# Schema related attributes for the oxm and edges
+# Any additional schema related attributes should start with prefix schema
+schema.configuration.location=N/A
+schema.source.name={{ .Values.global.config.schema.source.name }}
+schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/
+schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/
+# Location of where the stored queries are
+schema.queries.location=${server.local.startpath}/schema/${schema.source.name}/query/
+
+schema.ingest.file=${server.local.startpath}/application.properties
+
+# Schema Version Related Attributes
+
+schema.uri.base.path={{ .Values.global.config.schema.uri.base.path }}
+# Lists all of the versions in the schema
+schema.version.list={{ .Values.global.config.schema.version.list }}
+# Specifies from which version should the depth parameter to default to zero
+schema.version.depth.start={{ .Values.global.config.schema.version.depth }}
+# Specifies from which version should the related link be displayed in response payload
+schema.version.related.link.start={{ .Values.global.config.schema.version.related.link }}
+
+# Specifies from which version should the client see only the uri excluding host info
+# Before this version server base will also be included
+schema.version.app.root.start={{ .Values.global.config.schema.version.app.root }}
+# Specifies from which version should the namespace be changed
+schema.version.namespace.change.start={{ .Values.global.config.schema.version.namespace.change }}
+# Specifies from which version should the client start seeing the edge label in payload
+schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.label }}
+# Specifies the version that the application should default to
+schema.version.api.default={{ .Values.global.config.schema.version.api.default }}
+
+schema.translator.list={{ .Values.global.config.schema.translator.list }}
+schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/
+schema.service.nodes.endpoint=nodes?version=
+schema.service.edges.endpoint=edgerules?version=
+schema.service.versions.endpoint=versions
+schema.service.custom.queries.endpoint=stored-queries
+schema.service.client={{ .Values.global.config.schema.service.client }}
+
+schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }}
+schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }}
+schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }})
+schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }})
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-cached.properties b/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-cached.properties
new file mode 100644
index 0000000000..1db2774d52
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-cached.properties
@@ -0,0 +1,100 @@
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+
+query.fast-property=true
+query.smart-limit=false
+
+{{ if .Values.global.config.cluster.cassandra.dynamic }}
+
+storage.backend=cql
+storage.hostname={{.Values.global.cassandra.serviceName}}
+storage.cql.keyspace=aaigraph
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+
+{{ else }}
+
+{{ if .Values.global.config.storage }}
+
+storage.backend={{ .Values.global.config.storage.backend }}
+
+{{ if eq .Values.global.config.storage.backend "cassandra" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cassandra.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }}
+storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }}
+storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }}
+storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }}
+storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "cql" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cql.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }}
+
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "hbase" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.hbase.table={{ .Values.global.config.storage.name }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ end }}
+
+{{ end }}
+
+{{ end }}
+
+storage.lock.wait-time=300
+#caching on
+cache.db-cache = true
+cache.db-cache-clean-wait = 20
+cache.db-cache-time = 180000
+cache.db-cache-size = 0.3
+
+#load graphson file on startup
+load.snapshot.file=false
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties b/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties
new file mode 100644
index 0000000000..36cbc4201d
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties
@@ -0,0 +1,94 @@
+#
+# ============LICENSE_START=======================================================
+# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+
+query.fast-property=true
+query.smart-limit=false
+
+{{ if .Values.global.config.cluster.cassandra.dynamic }}
+
+storage.backend=cql
+storage.hostname={{.Values.global.cassandra.serviceName}}
+storage.cql.keyspace=aaigraph
+storage.username={{.Values.global.cassandra.username}}
+storage.password={{.Values.global.cassandra.password}}
+
+storage.cql.read-consistency-level=LOCAL_QUORUM
+storage.cql.write-consistency-level=LOCAL_QUORUM
+storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
+storage.cql.only-use-local-consistency-for-system-operations=true
+
+{{ else }}
+
+{{ if .Values.global.config.storage }}
+
+storage.backend={{ .Values.global.config.storage.backend }}
+
+{{ if eq .Values.global.config.storage.backend "cassandra" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cassandra.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }}
+storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }}
+storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }}
+storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }}
+storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "cql" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.cql.keyspace={{ .Values.global.config.storage.name }}
+
+storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
+storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }}
+
+storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }}
+storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }}
+storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ else if eq .Values.global.config.storage.backend "hbase" }}
+
+storage.hostname={{ .Values.global.config.storage.hostname }}
+storage.hbase.table={{ .Values.global.config.storage.name }}
+
+storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
+cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
+log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+
+{{ end }}
+
+{{ end }}
+
+{{ end }}
+
+storage.lock.wait-time=300
+# Setting db-cache to false ensure the fastest propagation of changes across servers
+cache.db-cache = false
+#load graphson file on startup
+load.snapshot.file=false
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml
new file mode 100644
index 0000000000..4cf6c74333
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml
@@ -0,0 +1,63 @@
+<!--
+
+ ============LICENSE_START=======================================================
+ org.onap.aai
+ ================================================================================
+ Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ Modifications Copyright © 2018 Amdocs, Bell Canada
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+
+-->
+<configuration>
+ <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
+ <appender name="ACCESS"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
+ <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>
+ </encoder>
+ </appender>
+ <appender-ref ref="ACCESS" />
+</configuration>
+
+<!--
+%a - Remote IP address
+%A - Local IP address
+%b - Bytes sent, excluding HTTP headers, or '-' if no bytes were sent
+%B - Bytes sent, excluding HTTP headers
+%h - Remote host name
+%H - Request protocol
+%l - Remote logical username from identd (always returns '-')
+%m - Request method
+%p - Local port
+%q - Query string (prepended with a '?' if it exists, otherwise an empty string
+%r - First line of the request
+%s - HTTP status code of the response
+%S - User session ID
+%t - Date and time, in Common Log Format format
+%u - Remote user that was authenticated
+%U - Requested URL path
+%v - Local server name
+%I - current request thread name (can compare later with stacktraces)
+
+%z - Custom pattern that parses the cert for the subject
+%y - Custom pattern determines rest or dme2
+ -->
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/logback.xml b/kubernetes/aai/components/aai-traversal/resources/config/logback.xml
new file mode 100644
index 0000000000..f24e86d8d0
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/logback.xml
@@ -0,0 +1,344 @@
+<!--
+
+ ============LICENSE_START=======================================================
+ org.onap.aai
+ ================================================================================
+ Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ Modifications Copyright © 2018 Amdocs, Bell Canada
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+
+-->
+<configuration scan="true" scanPeriod="60 seconds" debug="false">
+ <statusListener class="ch.qos.logback.core.status.NopStatusListener" />
+
+ <property resource="application.properties" />
+
+ <property name="namespace" value="aai-resources"/>
+
+ <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
+ <jmxConfigurator />
+ <property name="logDirectory" value="${AJSC_HOME}/logs" />
+ <!-- Old patterns
+ <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/>
+ <property name="eelfTransLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{partnerName}:%m%n"/>
+ -->
+ <property name="p_tim" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}"/>
+ <property name="p_lvl" value="%level"/>
+ <property name="p_log" value="%logger"/>
+ <property name="p_mdc" value="%replace(%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}){'\\|', '!'}"/>
+ <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_thr" value="%thread"/>
+ <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
+ <!-- Patterns from onap demo -->
+ <property name="errorPattern" value="%X{LogTimestamp}|%X{RequestID}|%thread|%replace(%X{ServiceName}){'\\|', '!'}|%X{PartnerName}|%X{TargetEntity}|%replace(%X{TargetServiceName}){'\\|', '!'}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n" />
+ <property name="debugPattern" value="%X{LogTimestamp}|%X{RequestID}|%msg\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t|^%n" />
+ <property name="auditPattern" value="%X{EntryTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%thread||%replace(%X{ServiceName}){'\\|', '!'}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}||||${p_mak}|${p_mdc}|||%msg%n" />
+ <property name="metricPattern" value="%X{InvokeTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%thread||%replace(%X{ServiceName}){'\\|', '!'}|%X{PartnerName}|%X{TargetEntity}|%replace(%X{TargetServiceName}){'\\|', '!'}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|${p_mak}|${p_mdc}|||%msg%n" />
+ <property name="transLogPattern" value="%X{LogTimestamp}|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{RequestID}|%X{ServiceInstanceID}|%-10t|%X{ServerFQDN}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%replace(%replace(%X{ResponseDesc}){'\\|', '!'}){'\r|\n', '^'}|%X{InstanceUUID}|%level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{clientIpAddress}||%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{PartnerName}:%m%n"/>
+ <conversionRule conversionWord="clr" converterClass="org.springframework.boot.logging.logback.ColorConverter" />
+ <conversionRule conversionWord="wex" converterClass="org.springframework.boot.logging.logback.WhitespaceThrowableProxyConverter" />
+ <conversionRule conversionWord="wEx" converterClass="org.springframework.boot.logging.logback.ExtendedWhitespaceThrowableProxyConverter" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>
+ %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="SANE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/rest/sane.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/sane.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncSANE" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="SANE" />
+ </appender>
+ <appender name="METRIC" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/rest/metrics.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${metricPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncMETRIC" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="METRIC"/>
+ </appender>
+
+ <appender name="DEBUG"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <file>${logDirectory}/rest/debug.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/debug.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncDEBUG" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <appender-ref ref="DEBUG" />
+ <includeCallerData>true</includeCallerData>
+ </appender>
+ <appender name="ERROR"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/rest/error.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/error.log.%d{yyyy-MM-dd}</fileNamePattern>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncERROR" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <appender-ref ref="ERROR"/>
+ </appender>
+
+ <appender name="AUDIT"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/rest/audit.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/audit.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncAUDIT" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="AUDIT" />
+ </appender>
+
+ <appender name="translog"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <file>${logDirectory}/rest/translog.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/rest/translog.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${transLogPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asynctranslog" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="translog" />
+ </appender>
+
+ <appender name="dmaapAAIEventConsumer"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <File>${logDirectory}/dmaapAAIEventConsumer/error.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+
+ </appender>
+
+ <appender name="dmaapAAIEventConsumerDebug"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>DEBUG</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dmaapAAIEventConsumer/debug.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dmaapAAIEventConsumerInfo"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="dmaapAAIEventConsumerMetric"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <File>${logDirectory}/dmaapAAIEventConsumer/metrics.log</File>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${metricPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="external"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <file>${logDirectory}/external/external.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/external/external.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="auth"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>DEBUG</level>
+ </filter>
+ <file>${logDirectory}/auth/auth.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/auth/auth.log.%d{yyyy-MM-dd}
+ </fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncAUTH" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="auth" />
+ </appender>
+ <!-- logback internals logging -->
+
+ <logger name="ch.qos.logback.classic" level="WARN" />
+ <logger name="ch.qos.logback.core" level="WARN" />
+
+ <logger name="com.att.aft.dme2" level="WARN" />
+ <logger name="com.jayway.jsonpath" level="WARN" />
+
+ <logger name="org.apache" level="OFF" />
+ <logger name="org.apache.commons" level="WARN" />
+ <logger name="org.apache.zookeeper" level="OFF" />
+ <logger name="org.codehaus.groovy" level="WARN" />
+ <logger name="org.eclipse.jetty" level="WARN" />
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN" />
+ <logger name="org.springframework.beans" level="WARN" />
+ <logger name="org.springframework.web" level="WARN" />
+ <logger name="org.janusgraph" level="WARN" />
+ <logger name="org.zookeeper" level="OFF" />
+
+
+ <logger name="org.onap.aai" level="DEBUG" additivity="false">
+ <appender-ref ref="asyncDEBUG" />
+ <appender-ref ref="asyncSANE" />
+ <appender-ref ref="STDOUT" />
+ </logger>
+ <logger name="org.onap.aai.aaf.auth" level="DEBUG" additivity="false">
+ <appender-ref ref="asyncAUTH" />
+ <appender-ref ref="STDOUT" />
+ </logger>
+ <logger name="org.onap.aai.aailog.logs.AaiScheduledTaskAuditLog" level="INFO">
+ <appender-ref ref="asyncAUDIT"/>
+ </logger>
+ <logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level="INFO">
+ <appender-ref ref="asyncAUDIT"/>
+ </logger>
+ <logger name="org.onap.aai.aailog.logs.AaiDBMetricLog" level="INFO">
+ <appender-ref ref="asyncMETRIC"/>
+ </logger>
+ <logger name="org.onap.aai.aailog.logs.AaiDmaapMetricLog" level="INFO">
+ <appender-ref ref="dmaapAAIEventConsumerMetric"/>
+ </logger>
+ <logger name="org.onap.aai.logging.ErrorLogHelper" level="WARN">
+ <appender-ref ref="asyncERROR"/>
+ </logger>
+ <logger name="org.onap.aai.interceptors.post" level="DEBUG" additivity="false">
+ <appender-ref ref="asynctranslog" />
+ <appender-ref ref="STDOUT" />
+ </logger>
+
+ <logger name="org.onap.aai.dmaap" level="DEBUG" additivity="false">
+ <appender-ref ref="dmaapAAIEventConsumer" />
+ <appender-ref ref="dmaapAAIEventConsumerDebug" />
+ </logger>
+
+ <logger name="com.att.nsa.mr" level="INFO" >
+ <appender-ref ref="dmaapAAIEventConsumerInfo" />
+ </logger>
+
+ <root level="DEBUG">
+ <appender-ref ref="external" />
+ <appender-ref ref="STDOUT" />
+ </root>
+</configuration>
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/realm.properties b/kubernetes/aai/components/aai-traversal/resources/config/realm.properties
new file mode 100644
index 0000000000..0499b34f1c
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/resources/config/realm.properties
@@ -0,0 +1,37 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# format : username: password[,rolename ...]
+# default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader...
+AAI:OBF:1gfr1ev31gg7,admin
+MSO:OBF:1jzx1lz31k01,admin
+SDNC:OBF:1itr1i0l1i151isv,admin
+DCAE:OBF:1g8u1f9d1f991g8w,admin
+POLICY:OBF:1mk61i171ima1im41i0j1mko,admin
+ASDC:OBF:1f991j0u1j001f9d,admin
+VID:OBF:1jm91i0v1jl9,admin
+APPC:OBF:1f991ksf1ksf1f9d,admin
+ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin
+AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin
+OOF:OBF:1img1ke71ily,admin
+aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
+vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
diff --git a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml
new file mode 100644
index 0000000000..08bd2b3cbc
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml
@@ -0,0 +1,64 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-aaf-props
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/aaf/org.osaaf.location.props").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-aaf-keys
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
new file mode 100644
index 0000000000..a864ea9de4
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
@@ -0,0 +1,812 @@
+# Copyright (c) 2017 Amdocs, Bell Canada
+# Modifications Copyright (c) 2018 AT&T
+# Modifications Copyright (c) 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "_aai-generic-query",
+ "version": "v11",
+ "url": "/aai/v11/search/generic-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v11/search/generic-query"
+ },
+ {
+ "serviceName": "_aai-generic-query",
+ "version": "v12",
+ "url": "/aai/v12/search/generic-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v12/search/generic-query"
+ },
+ {
+ "serviceName": "_aai-generic-query",
+ "version": "v13",
+ "url": "/aai/v13/search/generic-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v13/search/generic-query"
+ },
+ {
+ "serviceName": "_aai-generic-query",
+ "version": "v14",
+ "url": "/aai/v14/search/generic-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v14/search/generic-query"
+ },
+ {
+ "serviceName": "_aai-generic-query",
+ "version": "v15",
+ "url": "/aai/v15/search/generic-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v15/search/generic-query"
+ },
+ {
+ "serviceName": "_aai-generic-query",
+ "version": "v16",
+ "url": "/aai/v16/search/generic-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v16/search/generic-query"
+ },
+ {
+ "serviceName": "_aai-generic-query",
+ "version": "v17",
+ "url": "/aai/v17/search/generic-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v17/search/generic-query"
+ },
+ {
+ "serviceName": "_aai-generic-query",
+ "version": "v18",
+ "url": "/aai/v18/search/generic-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v18/search/generic-query"
+ },
+ {
+ "serviceName": "_aai-generic-query",
+ "version": "v19",
+ "url": "/aai/v19/search/generic-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v19/search/generic-query"
+ },
+ {
+ "serviceName": "_aai-nodes-query",
+ "version": "v11",
+ "url": "/aai/v11/search/nodes-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v11/search/nodes-query"
+ },
+ {
+ "serviceName": "_aai-nodes-query",
+ "version": "v12",
+ "url": "/aai/v12/search/nodes-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v12/search/nodes-query"
+ },
+ {
+ "serviceName": "_aai-nodes-query",
+ "version": "v13",
+ "url": "/aai/v13/search/nodes-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v13/search/nodes-query"
+ },
+ {
+ "serviceName": "_aai-nodes-query",
+ "version": "v14",
+ "url": "/aai/v14/search/nodes-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v14/search/nodes-query"
+ },
+ {
+ "serviceName": "_aai-nodes-query",
+ "version": "v15",
+ "url": "/aai/v15/search/nodes-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v15/search/nodes-query"
+ },
+ {
+ "serviceName": "_aai-nodes-query",
+ "version": "v16",
+ "url": "/aai/v16/search/nodes-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v16/search/nodes-query"
+ },
+ {
+ "serviceName": "_aai-nodes-query",
+ "version": "v17",
+ "url": "/aai/v17/search/nodes-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v17/search/nodes-query"
+ },
+ {
+ "serviceName": "_aai-nodes-query",
+ "version": "v18",
+ "url": "/aai/v18/search/nodes-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v18/search/nodes-query"
+ },
+ {
+ "serviceName": "_aai-nodes-query",
+ "version": "v19",
+ "url": "/aai/v19/search/nodes-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v19/search/nodes-query"
+ },
+ {
+ "serviceName": "_aai-query",
+ "version": "v11",
+ "url": "/aai/v11/query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v11/query"
+ },
+ {
+ "serviceName": "_aai-query",
+ "version": "v12",
+ "url": "/aai/v12/query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v12/query"
+ },
+ {
+ "serviceName": "_aai-query",
+ "version": "v13",
+ "url": "/aai/v13/query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v13/query"
+ },
+ {
+ "serviceName": "_aai-query",
+ "version": "v14",
+ "url": "/aai/v14/query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v14/query"
+ },
+ {
+ "serviceName": "_aai-query",
+ "version": "v15",
+ "url": "/aai/v15/query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v15/query"
+ },
+ {
+ "serviceName": "_aai-query",
+ "version": "v16",
+ "url": "/aai/v16/query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v16/query"
+ },
+ {
+ "serviceName": "_aai-query",
+ "version": "v17",
+ "url": "/aai/v17/query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v17/query"
+ },
+ {
+ "serviceName": "_aai-query",
+ "version": "v18",
+ "url": "/aai/v18/query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v18/query"
+ },
+ {
+ "serviceName": "_aai-query",
+ "version": "v19",
+ "url": "/aai/v19/query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/v19/query"
+ },
+ {
+ "serviceName": "_aai-named-query",
+ "url": "/aai/search",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1",
+ "path": "/aai/search"
+ },
+ {
+ "serviceName": "aai-generic-query",
+ "version": "v11",
+ "url": "/aai/v11/search/generic-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-generic-query",
+ "version": "v12",
+ "url": "/aai/v12/search/generic-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-generic-query",
+ "version": "v13",
+ "url": "/aai/v13/search/generic-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-generic-query",
+ "version": "v14",
+ "url": "/aai/v14/search/generic-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-generic-query",
+ "version": "v15",
+ "url": "/aai/v15/search/generic-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-generic-query",
+ "version": "v16",
+ "url": "/aai/v16/search/generic-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-generic-query",
+ "version": "v17",
+ "url": "/aai/v17/search/generic-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-generic-query",
+ "version": "v18",
+ "url": "/aai/v18/search/generic-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-generic-query",
+ "version": "v19",
+ "url": "/aai/v19/search/generic-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-nodes-query",
+ "version": "v11",
+ "url": "/aai/v11/search/nodes-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-nodes-query",
+ "version": "v12",
+ "url": "/aai/v12/search/nodes-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-nodes-query",
+ "version": "v13",
+ "url": "/aai/v13/search/nodes-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-nodes-query",
+ "version": "v14",
+ "url": "/aai/v14/search/nodes-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-nodes-query",
+ "version": "v15",
+ "url": "/aai/v15/search/nodes-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-nodes-query",
+ "version": "v16",
+ "url": "/aai/v16/search/nodes-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-nodes-query",
+ "version": "v17",
+ "url": "/aai/v17/search/nodes-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-nodes-query",
+ "version": "v18",
+ "url": "/aai/v18/search/nodes-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-nodes-query",
+ "version": "v19",
+ "url": "/aai/v19/search/nodes-query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-query",
+ "version": "v11",
+ "url": "/aai/v11/query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-query",
+ "version": "v12",
+ "url": "/aai/v12/query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-query",
+ "version": "v13",
+ "url": "/aai/v13/query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-query",
+ "version": "v14",
+ "url": "/aai/v14/query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-query",
+ "version": "v15",
+ "url": "/aai/v15/query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-query",
+ "version": "v16",
+ "url": "/aai/v16/query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-query",
+ "version": "v17",
+ "url": "/aai/v17/query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-query",
+ "version": "v18",
+ "url": "/aai/v18/query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-query",
+ "version": "v19",
+ "url": "/aai/v19/query",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "aai-named-query",
+ "url": "/aai/search",
+ "protocol": "REST",
+ "port": "8446",
+ "enable_ssl": true,
+ "lb_policy":"ip_hash",
+ "visualRange": "1"
+ }
+ ]'
+ spec:
+ hostname: aai-traversal
+ {{ if .Values.global.initContainers.enabled }}
+ initContainers:
+ - command:
+ {{ if .Values.global.jobs.migration.enabled }}
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-aai-graphadmin-migration
+ {{ else if .Values.global.jobs.createSchema.enabled }}
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-aai-graphadmin-create-db-schema
+ {{ else }}
+ - /app/ready.py
+ args:
+ - --container-name
+ {{- if .Values.global.cassandra.localCluster }}
+ - aai-cassandra
+ {{- else }}
+ - cassandra
+ {{- end }}
+ - --container-name
+ - aai-schema-service
+ {{ end }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ {{ end }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: DISABLE_UPDATE_QUERY
+ value: {{ .Values.config.disableUpdateQuery | quote }}
+ - name: LOCAL_USER_ID
+ value: {{ .Values.global.config.userId | quote }}
+ - name: LOCAL_GROUP_ID
+ value: {{ .Values.global.config.groupId | quote }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: janusgraph-realtime.properties
+ - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-cached.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: janusgraph-cached.properties
+ - mountPath: /opt/app/aai-traversal/resources/etc/appprops/aaiconfig.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-GQ
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /opt/aai/logroot/AAI-GQ/misc
+ name: {{ include "common.fullname" . }}-logs-misc
+ - mountPath: /opt/app/aai-traversal/resources/logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-traversal/resources/localhost-access-logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: localhost-access-logback.xml
+ - mountPath: /opt/app/aai-traversal/resources/etc/auth/realm.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: realm.properties
+ - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.keyfile
+ name: {{ include "common.fullname" . }}-aaf-certs
+ subPath: org.onap.aai.keyfile
+ - mountPath: /opt/app/aai-traversal/resources/aaf/bath_config.csv
+ name: {{ include "common.fullname" . }}-aaf-certs
+ subPath: bath_config.csv
+ - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.props
+ name: {{ include "common.fullname" . }}-aaf-properties
+ subPath: org.onap.aai.props
+ - mountPath: /opt/app/aai-traversal/resources/aaf/org.osaaf.location.props
+ name: {{ include "common.fullname" . }}-aaf-properties
+ subPath: org.osaaf.location.props
+ - mountPath: /opt/app/aai-traversal/resources/aaf/permissions.properties
+ name: {{ include "common.fullname" . }}-aaf-properties
+ subPath: permissions.properties
+ - mountPath: /opt/app/aai-traversal/resources/cadi.properties
+ name: {{ include "common.fullname" . }}-aaf-properties
+ subPath: cadi.properties
+ - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.p12
+ name: {{ include "common.fullname" . }}-aaf-certs
+ subPath: org.onap.aai.p12
+ - mountPath: /opt/app/aai-traversal/resources/aaf/truststoreONAPall.jks
+ name: aai-common-aai-auth-mount
+ subPath: truststoreONAPall.jks
+ - mountPath: /opt/app/aai-traversal/resources/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ {{ $global := . }}
+ {{ range $job := .Values.global.config.auth.files }}
+ - mountPath: /opt/app/aai-traversal/resources/etc/auth/{{ . }}
+ name: {{ include "common.fullname" $global }}-auth-truststore-sec
+ subPath: {{ . }}
+ {{ end }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+
+ # side car containers
+ - name: filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ name: filebeat-conf
+ - mountPath: /var/log/onap
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /usr/share/filebeat/data
+ name: {{ include "common.fullname" . }}-filebeat
+ resources:
+{{ include "common.resources" . }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: filebeat-conf
+ configMap:
+ name: aai-filebeat
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs-misc
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-aaf-properties
+ configMap:
+ name: {{ include "common.fullname" . }}-aaf-props
+ - name: {{ include "common.fullname" . }}-aaf-certs
+ secret:
+ secretName: {{ include "common.fullname" . }}-aaf-keys
+ - name: aai-common-aai-auth-mount
+ secret:
+ secretName: aai-common-aai-auth
+ - name: {{ include "common.fullname" . }}-auth-truststore-sec
+ secret:
+ secretName: aai-common-truststore
+ items:
+ {{ range $job := .Values.global.config.auth.files }}
+ - key: {{ . }}
+ path: {{ . }}
+ {{ end }}
+ restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml
new file mode 100644
index 0000000000..4d6b0ddc66
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml
@@ -0,0 +1,142 @@
+# Copyright (c) 2017-2018 AT&T
+# Modifications Copyright (c) 2018 Amdocs, Bell Canada
+# Modifications Copyright (c) 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ if .Values.global.jobs.updateQueryData.enabled }}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-update-query-data
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+{{ if .Values.global.jobs.migration.enabled }}
+ annotations:
+ "helm.sh/hook": post-upgrade,post-rollback,post-install
+ "helm.sh/hook-weight": "2"
+ "helm.sh/hook-delete-policy": before-hook-creation
+{{ end }}
+spec:
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-job
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - aai
+ {{ if eq .Values.global.aafEnabled true }}
+ - --container-name
+ - aaf-locate
+ {{ end }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}-job
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - bash
+ - "-c"
+ - |
+ set -x
+ if [ ! -d /opt/aai/logroot/AAI-GQ/misc ]; then mkdir -p /opt/aai/logroot/AAI-GQ/misc; fi
+ until nc -w10 -z -v aai.{{.Release.Namespace}} 8443; do echo "Retrying to reach aai on port 8443"; done;
+ bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh
+ env:
+ - name: LOCAL_USER_ID
+ value: {{ .Values.global.config.userId | quote }}
+ - name: LOCAL_GROUP_ID
+ value: {{ .Values.global.config.groupId | quote }}
+ resources:
+{{ include "common.resources" . }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: janusgraph-realtime.properties
+ - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-cached.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: janusgraph-cached.properties
+ - mountPath: /opt/app/aai-traversal/resources/etc/appprops/aaiconfig.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: aaiconfig.properties
+ - mountPath: /opt/aai/logroot/AAI-GQ/
+ name: {{ include "common.fullname" . }}-logs
+ - mountPath: /opt/aai/logroot/AAI-GQ/misc
+ name: {{ include "common.fullname" . }}-logs-misc
+ - mountPath: /opt/app/aai-traversal/resources/logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: logback.xml
+ - mountPath: /opt/app/aai-traversal/resources/localhost-access-logback.xml
+ name: {{ include "common.fullname" . }}-config
+ subPath: localhost-access-logback.xml
+ - mountPath: /opt/app/aai-traversal/resources/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ {{ $global := . }}
+ {{ range $job := .Values.global.config.auth.files }}
+ - mountPath: /opt/app/aai-traversal/resources/etc/auth/{{ . }}
+ name: {{ include "common.fullname" $global }}-auth-truststore-sec
+ subPath: {{ . }}
+ {{ end }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: filebeat-conf
+ configMap:
+ name: aai-filebeat
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs-misc
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ - name: {{ include "common.fullname" . }}-auth-truststore-sec
+ secret:
+ secretName: aai-common-truststore
+ items:
+ {{ range $job := .Values.global.config.auth.files }}
+ - key: {{ . }}
+ path: {{ . }}
+ {{ end }}
+ restartPolicy: OnFailure
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{ end }}
diff --git a/kubernetes/aai/components/aai-traversal/templates/service.yaml b/kubernetes/aai/components/aai-traversal/templates/service.yaml
new file mode 100644
index 0000000000..68d767b380
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/templates/service.yaml
@@ -0,0 +1,44 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName2 }}
+ {{- else -}}
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ clusterIP: None
diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
new file mode 100644
index 0000000000..e7ffdb91a8
--- /dev/null
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -0,0 +1,118 @@
+# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for traversal.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+ nodePortPrefix: 302
+ readinessImage: onap/oom/readiness:3.0.1
+
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/aai-traversal:1.7.2
+pullPolicy: Always
+restartPolicy: Always
+flavor: small
+flavorOverride: small
+# application configuration
+config:
+
+ # Specifies timeout information such as application specific and limits
+ timeout:
+ # If set to true application will timeout for queries taking longer than limit
+ enabled: true
+ # Specifies which apps (X-FromAppId) header should get overridden and (-1) no timeout
+ appspecific: JUNITTESTAPP1,1|JUNITTESTAPP2,-1|DCAE-CCS,-1|DCAES,-1|AAI-FILEGEN-GFPIP,-1
+ # Specifies how long should it wait before timing out the REST request
+ limit: 180000
+
+ # Disables the updateQueryData script to run as part of traversal
+ disableUpdateQuery: true
+
+ # Override of the DSL Timeout Limit
+ dslOverride: 'ZV4V7E3N77SKIB6MR9MHQ6M4P6Q99Z7M76RBODA'
+
+ dsl:
+ # Dsl timeout configuration
+ timeout:
+ # Whether or not the dsl is enabled
+ enabled: true
+ # Default time limit of the DSL query
+ limit: 150000
+ # App Specific Timeout Limit for each of the X-FromAppId
+ appspecific:
+ - JUNITTESTAPP1,1
+ - JUNITTESTAPP2,-1
+ - AAI-TOOLS,-1
+ - DCAE-CCS,1200000
+ - DCAES,1200000
+ - VPESAT,-1
+ - AAI-CACHER,-1
+ - VidAaiController,300000
+ - AAI-UI,180000
+
+persistence:
+ mountPath: /dockerdata-nfs
+ mountSubPath: aai/aai-traversal
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 60
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: false
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ portName: aai-traversal-8446
+ internalPort: 8446
+ portName2: aai-traversal-5005
+ internalPort2: 5005
+
+ingress:
+ enabled: false
+
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 3Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
+ unlimited: {}
diff --git a/kubernetes/aai/requirements.yaml b/kubernetes/aai/requirements.yaml
new file mode 100644
index 0000000000..af99382bdc
--- /dev/null
+++ b/kubernetes/aai/requirements.yaml
@@ -0,0 +1,69 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+dependencies:
+ - name: common
+ version: ~7.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: cassandra
+ version: ~7.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ condition: global.cassandra.localCluster
+ - name: aai-babel
+ version: ~7.x-0
+ repository: 'file://components/aai-babel'
+ condition: aai-babel.enabled
+ - name: aai-data-router
+ version: ~7.x-0
+ repository: 'file://components/aai-data-router'
+ condition: aai-data-router.enabled
+ - name: aai-elasticsearch
+ version: ~7.x-0
+ repository: 'file://components/aai-elasticsearch'
+ condition: aai-elasticsearch.enabled
+ - name: aai-graphadmin
+ version: ~7.x-0
+ repository: 'file://components/aai-graphadmin'
+ condition: aai-graphadmin.enabled
+ - name: aai-modelloader
+ version: ~7.x-0
+ repository: 'file://components/aai-modelloader'
+ condition: aai-modelloader.enabled
+ - name: aai-resources
+ version: ~7.x-0
+ repository: 'file://components/aai-resources'
+ condition: aai-resources.enabled
+ - name: aai-schema-service
+ version: ~7.x-0
+ repository: 'file://components/aai-schema-service'
+ condition: aai-schema-service.enabled
+ - name: aai-search-data
+ version: ~7.x-0
+ repository: 'file://components/aai-search-data'
+ condition: aai-search-data.enabled
+ - name: aai-sparky-be
+ version: ~7.x-0
+ repository: 'file://components/aai-sparky-be'
+ condition: aai-sparky-be.enabled
+ - name: aai-traversal
+ version: ~7.x-0
+ repository: 'file://components/aai-traversal'
+ condition: aai-traversal.enabled
diff --git a/kubernetes/aai/resources/config/aai/aai_keystore b/kubernetes/aai/resources/config/aai/aai_keystore
new file mode 100644
index 0000000000..d1ebae8e23
--- /dev/null
+++ b/kubernetes/aai/resources/config/aai/aai_keystore
Binary files differ
diff --git a/kubernetes/common/music/charts/music/resources/keys/truststoreONAPall.jks b/kubernetes/aai/resources/config/auth/truststoreONAPall.jks
index ff844b109d..ff844b109d 100644
--- a/kubernetes/common/music/charts/music/resources/keys/truststoreONAPall.jks
+++ b/kubernetes/aai/resources/config/auth/truststoreONAPall.jks
Binary files differ
diff --git a/kubernetes/aai/resources/config/fproxy/auth/client-cert.p12 b/kubernetes/aai/resources/config/fproxy/auth/client-cert.p12
new file mode 100644
index 0000000000..7a4979a7a3
--- /dev/null
+++ b/kubernetes/aai/resources/config/fproxy/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/resources/config/fproxy/auth/fproxy_truststore b/kubernetes/aai/resources/config/fproxy/auth/fproxy_truststore
new file mode 100644
index 0000000000..f5e41700dc
--- /dev/null
+++ b/kubernetes/aai/resources/config/fproxy/auth/fproxy_truststore
Binary files differ
diff --git a/kubernetes/aai/resources/config/fproxy/auth/tomcat_keystore b/kubernetes/aai/resources/config/fproxy/auth/tomcat_keystore
new file mode 100644
index 0000000000..d68bf73815
--- /dev/null
+++ b/kubernetes/aai/resources/config/fproxy/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/resources/config/haproxy/aai.pem b/kubernetes/aai/resources/config/haproxy/aai.pem
new file mode 100644
index 0000000000..6390db10de
--- /dev/null
+++ b/kubernetes/aai/resources/config/haproxy/aai.pem
@@ -0,0 +1,88 @@
+-----BEGIN CERTIFICATE-----
+MIIFKzCCBBOgAwIBAgIILW/fiLbps3kwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
+BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
+bnRlcm1lZGlhdGVDQV85MB4XDTIwMDMxNzIwMjg1NloXDTIxMDMxNzIwMjg1Nlow
+WTEMMAoGA1UEAwwDYWFpMR0wGwYDVQQLDBRhYWlAYWFpLm9uYXAub3JnOkRFVjEO
+MAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAov4ddmOzRCWAU/sx2Q9kcYZZ0r/x
+agqwDBcmlS2OP0MAou/f/xY2gzE2ugXXGGEXG6PCUx4YEHGeRxyezEQ/+c+kSjFe
+0FTUa8Z1Ojad3VDsJfjfZ1994NpV99KTrrw1Twq9Ei7dpkypUA8kZxEjg7eM11TU
+F4jS6x5NEyVsxih5uJjIF7ErGwimSEKsympcsXezYgG9Z/VPBpZWmYlYl5MWjzT6
+F0FgGfSbajWauMifEPajmvn8ZXn6Lyx0RCI25+BCcOhS6UvYXFX+jE/uOoEbKgwz
+11tIdryEFrXiLVfD01uhacx02YCrzj1u53RWiD6bCPyatKo1hQsf+aDkEQIDAQAB
+o4ICBzCCAgMwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBeAwIAYDVR0lAQH/BBYw
+FAYIKwYBBQUHAwEGCCsGAQUFBwMCMFQGA1UdIwRNMEuAFIH3mVsQuciM3vNSXupO
+aaBDPqzdoTCkLjAsMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkG
+A1UEBhMCVVOCAQcwHQYDVR0OBBYEFP94WTftXhHcz93nBT6jIdMe6h+6MIIBTQYD
+VR0RBIIBRDCCAUCBH21hcmsuZC5tYW5hZ2VyQHBlb3BsZS5vc2FhZi5jb22CA2Fh
+aYIUYWFpLXNlYXJjaC1kYXRhLm9uYXCCEmFhaS1zcGFya3ktYmUub25hcIIbYWFp
+LmFwaS5zaW1wbGVkZW1vLm9uYXAub3JngiVhYWkuZWxhc3RpY3NlYXJjaC5zaW1w
+bGVkZW1vLm9uYXAub3JngiVhYWkuZ3JlbWxpbnNlcnZlci5zaW1wbGVkZW1vLm9u
+YXAub3Jngh1hYWkuaGJhc2Uuc2ltcGxlZGVtby5vbmFwLm9yZ4IIYWFpLm9uYXCC
+JWFhaS5zZWFyY2hzZXJ2aWNlLnNpbXBsZWRlbW8ub25hcC5vcmeCF2FhaS5zaW1w
+bGVkZW1vLm9uYXAub3JnghphYWkudWkuc2ltcGxlZGVtby5vbmFwLm9yZzANBgkq
+hkiG9w0BAQsFAAOCAQEAVigPPsYd8yscW+U6zpffBc5S6Mg2DQD/gikB0uF//lIq
+oa5qTI3yB0wPoRKmxpeEZiJYDkBs3App2sPM2fPb9GGmGncCLkprqTflM2Y4yxX4
+k/a7w8vEwMoCrBgxEdmniAj9TirsISyLqBIXoGT7WtaXBLZarYhJ4P7TplhyWuwe
+sV6jxkZLIRLj31ihf32adFIhPZQKxaHbbFnyEylLTdPuZGy3nvdmjajZuomOFF8h
+HhDIouSJAtgkuWVsMiX6iR1qG9//6ymnZMvUyDGr8bkZURhMqesAejwP4aKxqDZg
+B0uVjapQTJH4ES0M+2PoY9gP8uh0dc3TusOs1QYJiA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
+RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
+MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
+A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
+neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
+o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
+nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
+v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
+15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
+gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
+M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
+BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
+AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
+ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
+u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
+QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
+8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
+kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
+aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
+uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
+tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
+BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
+-----END CERTIFICATE-----
+Bag Attributes
+ friendlyName: aai@aai.onap.org
+ localKeyID: 54 69 6D 65 20 31 35 38 34 34 37 36 39 33 36 35 31 35
+Key Attributes: <No Attributes>
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCi/h12Y7NEJYBT
++zHZD2RxhlnSv/FqCrAMFyaVLY4/QwCi79//FjaDMTa6BdcYYRcbo8JTHhgQcZ5H
+HJ7MRD/5z6RKMV7QVNRrxnU6Np3dUOwl+N9nX33g2lX30pOuvDVPCr0SLt2mTKlQ
+DyRnESODt4zXVNQXiNLrHk0TJWzGKHm4mMgXsSsbCKZIQqzKalyxd7NiAb1n9U8G
+llaZiViXkxaPNPoXQWAZ9JtqNZq4yJ8Q9qOa+fxlefovLHREIjbn4EJw6FLpS9hc
+Vf6MT+46gRsqDDPXW0h2vIQWteItV8PTW6FpzHTZgKvOPW7ndFaIPpsI/Jq0qjWF
+Cx/5oOQRAgMBAAECggEAVYWGSf9IKYKP0gDkh+LmrhZzfPxPnHddJgrjqLSNha4P
+YG8CliK+mZmyAGteECGpcUw8g0YwFDi5dtCSldVdyCLmLjO3bxKDnsUz70aHEIAM
+WGQ8PE5Diz6kivMHoFCKnB2jVS4YCNECqco4LIg2nT8q/DU7T9nv6YQtptUlPNdY
+OmJRXfUfcBSUINqVi/VbEjHtbZqc6dgvaRNEF0CYtqHm7P51BXGa3pH+6drL+U+a
+o3T4yHrEsDKUaQzJZoiJneexwN91x42gcyHzg30UZVgCP+9Zt2GQWXqpENNZjGlI
+bwzouvBj266ViBNbuu3tar58MASOCnCKGA0Jrs3P3QKBgQD0ENenvzaqNzV0A47x
++RI76DM2eorY2dxh+4txAt1pXlkbMZuWXjs1ysBPYaGHZRitiCFcaSwdP2T0oCET
+ojYEU97bJkKlcuw2scAqznSi7U0uSaStwaWzEviGTsQ51MKghRESMfpt3BxZqyi0
+BV+fPeRk3l3xaw1AuZQ/JTn0qwKBgQCq9msPcbRzKvsmfsAVvjKAodzl6EaM+PcF
+YLnJLurjCtdyjj1lRaCBg9bRbaRbt9YPg4VA5oMYm2SuwbJQQHjqaeN+SpnV8GGc
+nPsZgoSlfZrnLovyGgC3muiA3uSPREZWUlp+IE8qlQ8VztSWkNyxNej4nhxk2UTH
+DOE2ZmNyMwKBgFD+yeKkZUrFuZp/l8+bfb6dx2kb77oZSrbFmLfvYHUYV2/b3atg
+KDwoxftSBh39odvs4k1dpcMrB6DbBz8RxOVYxAtsPg/T/KoGASTzkOeE4ukqjVkQ
+e6Ha+NjxiNM8VT6aCllEdrxAoLPtRju/0MTy8Dm9ReXZRfOl4pm2C+6zAoGAY2D6
+uu+NxaSmeaoUXo9BLCTrE3oCCNBwR2ACnz/2qiQTOTQV3FitBJxusy7Y67fhZwM8
+4o0ch6FM1Yki7iOMJjeHVlJnOkWReEiIbjvAf7KT6O7VytXytMgHf2IR2nYFrQgS
+Ml71pfsf2b1xNlTe9OQxmNPQDY9+u3ZxM/4wsKECgYBPvlYMaZNIOLFf7VXzUYGG
+rkXMpbLgLvIHvhF+4nsvspPVSqPeWjh2KMee3tMamy93H4R66G/KfoQw02JuZH+N
+HbGnnpyLa2jGjY0NkXEo08o2wsqv2QFtT/SFRoDLkah8rwZUwpxIg0akgrwwTslO
+rzAazDQvlb0itUxgU4qgqw==
+-----END PRIVATE KEY-----
diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
new file mode 100644
index 0000000000..1c82050db0
--- /dev/null
+++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg
@@ -0,0 +1,138 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global
+ log /dev/log local0
+ stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin
+ stats timeout 30s
+ user root
+ group root
+ daemon
+ #################################
+ # Default SSL material locations#
+ #################################
+ ca-base /etc/ssl/certs
+ crt-base /etc/ssl/private
+
+ # Default ciphers to use on SSL-enabled listening sockets.
+ # For more information, see ciphers(1SSL). This list is from:
+ # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+ # An alternative list with additional directives can be obtained from
+ # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
+ tune.ssl.default-dh-param 2048
+
+defaults
+ log global
+ mode http
+ option httplog
+ option ssl-hello-chk
+ option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==
+ default-server init-addr none
+# option dontlognull
+# errorfile 400 /etc/haproxy/errors/400.http
+# errorfile 403 /etc/haproxy/errors/403.http
+# errorfile 408 /etc/haproxy/errors/408.http
+# errorfile 500 /etc/haproxy/errors/500.http
+# errorfile 502 /etc/haproxy/errors/502.http
+# errorfile 503 /etc/haproxy/errors/503.http
+# errorfile 504 /etc/haproxy/errors/504.http
+
+ option http-server-close
+ option forwardfor except 127.0.0.1
+ retries 6
+ option redispatch
+ maxconn 50000
+ timeout connect 50000
+ timeout client 480000
+ timeout server 480000
+ timeout http-keep-alive 30000
+
+
+frontend IST_8443
+ mode http
+ bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem
+# log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r
+ log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
+ option httplog
+ log global
+ option logasap
+ option forwardfor
+ capture request header Host len 100
+ capture response header Host len 100
+ option log-separate-errors
+ option forwardfor
+ http-request set-header X-Forwarded-Proto https if { ssl_fc }
+ http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used }
+ http-request set-header X-AAI-SSL %[ssl_fc]
+ http-request set-header X-AAI-SSL-Client-Verify %[ssl_c_verify]
+ http-request set-header X-AAI-SSL-Client-DN %{+Q}[ssl_c_s_dn]
+ http-request set-header X-AAI-SSL-Client-CN %{+Q}[ssl_c_s_dn(cn)]
+ http-request set-header X-AAI-SSL-Issuer %{+Q}[ssl_c_i_dn]
+ http-request set-header X-AAI-SSL-Client-NotBefore %{+Q}[ssl_c_notbefore]
+ http-request set-header X-AAI-SSL-Client-NotAfter %{+Q}[ssl_c_notafter]
+ http-request set-header X-AAI-SSL-ClientCert-Base64 %{+Q}[ssl_c_der,base64]
+ http-request set-header X-AAI-SSL-Client-OU %{+Q}[ssl_c_s_dn(OU)]
+ http-request set-header X-AAI-SSL-Client-L %{+Q}[ssl_c_s_dn(L)]
+ http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)]
+ http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)]
+ http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)]
+ reqadd X-Forwarded-Proto:\ https
+ reqadd X-Forwarded-Port:\ 8443
+
+#######################
+#ACLS FOR PORT 8446####
+#######################
+
+ acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$
+ acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$
+ acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$
+ acl is_named-query path_beg -i /aai/search/named-query
+ acl is_search-model path_beg -i /aai/search/model
+ use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model
+
+ default_backend IST_Default_8447
+
+
+#######################
+#DEFAULT BACKEND 847###
+#######################
+
+backend IST_Default_8447
+ balance roundrobin
+ http-request set-header X-Forwarded-Port %[src_port]
+ http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+ server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
+
+
+#######################
+# BACKEND 8446#########
+#######################
+
+backend IST_AAI_8446
+ balance roundrobin
+ http-request set-header X-Forwarded-Port %[src_port]
+ http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+ server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
+
+listen IST_AAI_STATS
+ mode http
+ bind *:8080
+ stats uri /stats
+ stats enable
+ stats refresh 30s
+ stats hide-version
+ stats auth admin:admin
+ stats show-legends
+ stats show-desc IST AAI APPLICATION NODES
+ stats admin if TRUE
diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg
new file mode 100644
index 0000000000..4606a42439
--- /dev/null
+++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg
@@ -0,0 +1,126 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global
+ log /dev/log local0
+ stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin
+ stats timeout 30s
+ daemon
+ #################################
+ # Default SSL material locations#
+ #################################
+ ca-base /etc/ssl/certs
+ crt-base /etc/ssl/private
+
+ # Default ciphers to use on SSL-enabled listening sockets.
+ # For more information, see ciphers(1SSL). This list is from:
+ # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+ # An alternative list with additional directives can be obtained from
+ # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
+ tune.ssl.default-dh-param 2048
+
+defaults
+ log global
+ mode http
+ option httplog
+ option ssl-hello-chk
+ option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ QUFJOkFBSQ==
+ default-server init-addr none
+# option dontlognull
+# errorfile 400 /etc/haproxy/errors/400.http
+# errorfile 403 /etc/haproxy/errors/403.http
+# errorfile 408 /etc/haproxy/errors/408.http
+# errorfile 500 /etc/haproxy/errors/500.http
+# errorfile 502 /etc/haproxy/errors/502.http
+# errorfile 503 /etc/haproxy/errors/503.http
+# errorfile 504 /etc/haproxy/errors/504.http
+
+ option http-server-close
+ option forwardfor except 127.0.0.1
+ retries 6
+ option redispatch
+ maxconn 50000
+ timeout connect 50000
+ timeout client 480000
+ timeout server 480000
+ timeout http-keep-alive 30000
+
+
+frontend IST_8443
+ mode http
+ bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem
+# log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r
+ log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
+ option httplog
+ log global
+ option logasap
+ option forwardfor
+ capture request header Host len 100
+ capture response header Host len 100
+ option log-separate-errors
+ option forwardfor
+ http-request set-header X-Forwarded-Proto https if { ssl_fc }
+ http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used }
+ http-request set-header X-AAI-SSL %[ssl_fc]
+ http-request set-header X-AAI-SSL-Client-Verify %[ssl_c_verify]
+ http-request set-header X-AAI-SSL-Client-DN %{+Q}[ssl_c_s_dn]
+ http-request set-header X-AAI-SSL-Client-CN %{+Q}[ssl_c_s_dn(cn)]
+ http-request set-header X-AAI-SSL-Issuer %{+Q}[ssl_c_i_dn]
+ http-request set-header X-AAI-SSL-Client-NotBefore %{+Q}[ssl_c_notbefore]
+ http-request set-header X-AAI-SSL-Client-NotAfter %{+Q}[ssl_c_notafter]
+ http-request set-header X-AAI-SSL-ClientCert-Base64 %{+Q}[ssl_c_der,base64]
+ http-request set-header X-AAI-SSL-Client-OU %{+Q}[ssl_c_s_dn(OU)]
+ http-request set-header X-AAI-SSL-Client-L %{+Q}[ssl_c_s_dn(L)]
+ http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)]
+ http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)]
+ http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)]
+ reqadd X-Forwarded-Proto:\ https
+ reqadd X-Forwarded-Port:\ 8443
+
+#######################
+#ACLS FOR PORT 8446####
+#######################
+
+ acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$
+ acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$
+ acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$
+ acl is_dsl path_reg -i ^/aai/v[0-9]+/dsl$
+ acl is_named-query path_beg -i /aai/search/named-query
+ acl is_search-model path_beg -i /aai/search/model
+ use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model or is_dsl
+
+ default_backend IST_Default_8447
+
+
+#######################
+#DEFAULT BACKEND 847###
+#######################
+
+backend IST_Default_8447
+ balance roundrobin
+ http-request set-header X-Forwarded-Port %[src_port]
+ http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+ server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
+
+
+#######################
+# BACKEND 8446#########
+#######################
+
+backend IST_AAI_8446
+ balance roundrobin
+ http-request set-header X-Forwarded-Port %[src_port]
+ http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
+ server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
+
diff --git a/kubernetes/aai/resources/config/log/filebeat/filebeat.yml b/kubernetes/aai/resources/config/log/filebeat/filebeat.yml
new file mode 100644
index 0000000000..39cc6db9bf
--- /dev/null
+++ b/kubernetes/aai/resources/config/log/filebeat/filebeat.yml
@@ -0,0 +1,55 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+ #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+ paths:
+ - /var/log/onap/*/*/*/*.log
+ - /var/log/onap/*/*/*.log
+ - /var/log/onap/*/*.log
+ #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+ ignore_older: 48h
+ # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+ clean_inactive: 96h
+
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+
+
+output.logstash:
+ #List of logstash server ip addresses with port number.
+ #But, in our case, this will be the loadbalancer IP address.
+ #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
+ hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"]
+ #If enable will do load balancing among availabe Logstash, automatically.
+ loadbalance: true
+
+ #The list of root certificates for server verifications.
+ #If certificate_authorities is empty or not set, the trusted
+ #certificate authorities of the host system are used.
+ #ssl.certificate_authorities: $ssl.certificate_authorities
+
+ #The path to the certificate for SSL client authentication. If the certificate is not specified,
+ #client authentication is not available.
+ #ssl.certificate: $ssl.certificate
+
+ #The client certificate key used for client authentication.
+ #ssl.key: $ssl.key
+
+ #The passphrase used to decrypt an encrypted key stored in the configured key file
+ #ssl.key_passphrase: $ssl.key_passphrase
diff --git a/kubernetes/aai/resources/config/rproxy/auth/client-cert.p12 b/kubernetes/aai/resources/config/rproxy/auth/client-cert.p12
new file mode 100644
index 0000000000..dbf4fcacec
--- /dev/null
+++ b/kubernetes/aai/resources/config/rproxy/auth/client-cert.p12
Binary files differ
diff --git a/kubernetes/aai/resources/config/rproxy/auth/org.onap.aai.p12 b/kubernetes/aai/resources/config/rproxy/auth/org.onap.aai.p12
new file mode 100644
index 0000000000..023e2eaac6
--- /dev/null
+++ b/kubernetes/aai/resources/config/rproxy/auth/org.onap.aai.p12
Binary files differ
diff --git a/kubernetes/aai/resources/config/rproxy/auth/tomcat_keystore b/kubernetes/aai/resources/config/rproxy/auth/tomcat_keystore
new file mode 100644
index 0000000000..99129c145f
--- /dev/null
+++ b/kubernetes/aai/resources/config/rproxy/auth/tomcat_keystore
Binary files differ
diff --git a/kubernetes/aai/resources/config/rproxy/security/keyfile b/kubernetes/aai/resources/config/rproxy/security/keyfile
new file mode 100644
index 0000000000..3416d4a737
--- /dev/null
+++ b/kubernetes/aai/resources/config/rproxy/security/keyfile
@@ -0,0 +1,27 @@
+2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf
+jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm
+4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe
+moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf
+GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT
+74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh
+iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb
+p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt
+3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW
+hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7
+RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX
+xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk
+8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q
+ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i
+5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe
+GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE
+_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k
+zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf
+S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU
+LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw
+hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W
+nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP
+bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN
+JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk
+Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y
+J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP
+mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF \ No newline at end of file
diff --git a/kubernetes/aai/templates/configmap.yaml b/kubernetes/aai/templates/configmap.yaml
new file mode 100644
index 0000000000..c9cfbefbbe
--- /dev/null
+++ b/kubernetes/aai/templates/configmap.yaml
@@ -0,0 +1,103 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# this is a shared resource for subcharts
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: aai-filebeat
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: aai-deployment-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ if .Values.global.installSidecarSecurity }}
+{{ tpl (.Files.Glob "resources/config/haproxy/haproxy-pluggable-security.cfg").AsConfig . | indent 2 }}
+{{ else }}
+{{ tpl (.Files.Glob "resources/config/haproxy/haproxy.cfg").AsConfig . | indent 2 }}
+{{ end }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-haproxy-secret
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/haproxy/aai.pem").AsSecrets . | indent 2 }}
+# This is a shared key for both resources and traversal
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-auth-truststore-secret
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }}
+
+{{ if .Values.global.installSidecarSecurity }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-fproxy-auth-certs
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/fproxy/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-rproxy-auth-certs
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/rproxy/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-rproxy-security-config
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/rproxy/security/*").AsSecrets . | indent 2 }}
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml
new file mode 100644
index 0000000000..a28d83332a
--- /dev/null
+++ b/kubernetes/aai/templates/deployment.yaml
@@ -0,0 +1,134 @@
+# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright (c) 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.release" . }}
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - aai-resources
+ - --container-name
+ - aai-traversal
+ - --container-name
+ - aai-graphadmin
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /dev/log
+ name: aai-service-log
+ - mountPath: /usr/local/etc/haproxy/haproxy.cfg
+ {{ if .Values.global.installSidecarSecurity }}
+ subPath: haproxy-pluggable-security.cfg
+ {{ else }}
+ subPath: haproxy.cfg
+ {{ end }}
+ name: haproxy-cfg
+ - mountPath: /etc/ssl/private/aai.pem
+ name: aai-pem
+ subPath: aai.pem
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ httpGet:
+ path: /aai/util/echo
+ port: {{ .Values.service.internalPort }}
+ scheme: HTTPS
+ httpHeaders:
+ - name: X-FromAppId
+ value: OOM_ReadinessCheck
+ {{ if .Values.global.installSidecarSecurity }}
+ - name: Authorization
+ value: Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==
+ {{ end }}
+ - name: X-TransactionId
+ value: OOM_ReadinessCheck_TID
+ - name: Accept
+ value: application/json
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: aai-service-log
+ hostPath:
+ path: "/dev/log"
+ - name: haproxy-cfg
+ configMap:
+ name: aai-deployment-configmap
+ - name: aai-pem
+ secret:
+ secretName: aai-haproxy-secret
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/templates/ingress.yaml b/kubernetes/aai/templates/ingress.yaml
new file mode 100644
index 0000000000..8f87c68f1e
--- /dev/null
+++ b/kubernetes/aai/templates/ingress.yaml
@@ -0,0 +1 @@
+{{ include "common.ingress" . }}
diff --git a/kubernetes/aai/templates/secret.yaml b/kubernetes/aai/templates/secret.yaml
new file mode 100644
index 0000000000..dd8be62aad
--- /dev/null
+++ b/kubernetes/aai/templates/secret.yaml
@@ -0,0 +1,36 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-common-aai-auth
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: aai-common-truststore
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }}
diff --git a/kubernetes/aai/templates/service.yaml b/kubernetes/aai/templates/service.yaml
new file mode 100644
index 0000000000..5ee966811c
--- /dev/null
+++ b/kubernetes/aai/templates/service.yaml
@@ -0,0 +1,40 @@
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - name: {{ .Values.service.portName }}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ type: {{ .Values.service.type }}
+ selector:
+ app: {{ include "common.name" . }}
+ clusterIP: {{ .Values.service.aaiServiceClusterIp }}
diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
new file mode 100644
index 0000000000..c0f0999d0c
--- /dev/null
+++ b/kubernetes/aai/values.yaml
@@ -0,0 +1,382 @@
+# Copyright (c) 2017 Amdocs, Bell Canada
+# Modifications Copyright (c) 2018 AT&T
+# Modifications Copyright (c) 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for aai.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global: # global defaults
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+ dockerhubRepository: docker.io
+ busyboxImage: busybox
+
+ readinessImage: onap/oom/readiness:3.0.1
+
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+ restartPolicy: Always
+
+ installSidecarSecurity: false
+ aafEnabled: true
+
+ fproxy:
+ name: forward-proxy
+ activeSpringProfiles: noHostVerification,cadi
+ image: onap/fproxy:2.1.13
+ port: 10680
+
+ rproxy:
+ name: reverse-proxy
+ activeSpringProfiles: noHostVerification,cadi
+ image: onap/rproxy:2.1.13
+ port: 10692
+
+ tproxyConfig:
+ name: init-tproxy-config
+ image: onap/tproxy-config:2.1.13
+
+ # AAF server details. Only needed if the AAF DNS does not resolve from the pod
+ aaf:
+ serverIp: 10.12.6.214
+ serverHostname: aaf.osaaf.org
+ serverPort: 30247
+
+ cassandra:
+ #This will instantiate AAI cassandra cluster, default:shared cassandra.
+ localCluster: false
+
+ #Service Name of the cassandra cluster to connect to.
+ #Override it to aai-cassandra if localCluster is enabled.
+ serviceName: cassandra
+
+ #This should be same as shared cassandra instance or if localCluster is enabled
+ #then it should be same as aai-cassandra replicaCount
+ replicas: 3
+
+ #Cassanara login details
+ username: cassandra
+ password: cassandra
+
+ aai:
+ serviceName: aai
+ babel:
+ serviceName: aai-babel
+ aaiElasticsearch:
+ serviceName: aai-elasticsearch
+ resources:
+ serviceName: aai-resources
+ sparkyBe:
+ serviceName: aai-sparky-be
+ dataRouter:
+ serviceName: aai-data-router
+ gizmo:
+ serviceName: aai-gizmo
+ modelloader:
+ serviceName: aai-modelloader
+ searchData:
+ serviceName: aai-search-data
+ traversal:
+ serviceName: aai-traversal
+ graphadmin:
+ serviceName: aai-graphadmin
+ spike:
+ serviceName: aai-spike
+
+ initContainers:
+ enabled: true
+ # Specifies a list of jobs to be run
+ jobs:
+ # When enabled, it will create the schema based on oxm and edge rules
+ createSchema:
+ enabled: true
+ # When enabled, it will create the widget models via REST API to haproxy
+ updateQueryData:
+ enabled: true
+ #migration using helm hooks
+ migration:
+ enabled: false
+ remoteCassandra:
+ enabled: false
+ storage:
+ backend: cassandra
+ hostname: 10.10.10.10
+ connectionTimeout: 100000
+ cacheSize: 1000000
+ keyConsistent: true
+
+ #If backend is cql or cassandra it should be keyspace name
+ #else backend is hbase it should be hbase table name
+ name: aaigraph
+
+ ## CQL driver specific properties for janusgraph
+ # cql:
+ # #Name of the Cassandra Cluster
+ # cluster: someclustername
+ # readConsistency: QUORUM
+ # writeConsistency: QUORUM
+ # replicationFactor: 3
+ # localConsistencyForSysOps: true
+
+ ## Cassandra driver specific properties for janusgraph
+ cassandra:
+ #Name of the Cassandra Cluster
+ clusterName: aai-cluster
+ localDataCenter: Pod lab
+ readConsistency: LOCAL_QUORUM
+ writeConsistency: LOCAL_QUORUM
+ replicationFactor: 3
+
+ #storage:
+ # backend: cassandra
+ # hostname: somehost1,somehost2,somehost3
+ # connectionTimeout: 100000
+ # cacheSize: 1000000
+ # clusterName: someClusterName
+ # localDataCenter: someDataCenter
+ # keyConsistent: true
+ # #If backend is cql or cassandra it should be keyspace name
+ # #else backend is hbase it should be hbase table name
+ # name: your_hbase_table_or_keyspace_name
+
+ ## CQL driver specific properties for janusgraph
+ # cql:
+ # #Name of the Cassandra Cluster
+ # cluster: someclustername
+ # readConsistency: QUORUM
+ # writeConsistency: QUORUM
+ # replicationFactor: 3
+ # localConsistencyForSysOps: true
+
+ ## Cassandra driver specific properties for janusgraph
+ # cassandra:
+ # #Name of the Cassandra Cluster
+ # cluster: someclustername
+ # readConsistency: LOCAL_QUORUM
+ # writeConsistency: LOCAL_QUORUM
+ # replicationFactor: 3
+
+
+ # Common configuration for resources traversal and graphadmin
+ config:
+ # User information for the admin user in container
+ userId: 1000
+ groupId: 1000
+
+ # Specifies that the cluster connected to a dynamic
+ # cluster being spinned up by kubernetes deployment
+ cluster:
+ cassandra:
+ dynamic: true
+
+ # If cluster.cassandra.dynamic is set to false
+ # Then the following configuration should be uncommented
+ # This is if you are planning to connect to a existing
+ # Cassandra cluster instead of doing the deployment
+ #storage:
+ # backend: cassandra
+ # hostname: somehost1,somehost2,somehost3
+ # connectionTimeout: 100000
+ # cacheSize: 1000000
+ # clusterName: someClusterName
+ # localDataCenter: someDataCenter
+ # keyConsistent: true
+ # # If backend is cql or cassandra it should be keyspace name
+ # # else backend is hbase it should be hbase table name
+ # name: your_hbase_table_or_keyspace_name
+
+ # # CQL driver specific properties for janusgraph
+ # cql:
+ # # Name of the Cassandra Cluster
+ # cluster: someclustername
+ # readConsistency: QUORUM
+ # writeConsistency: QUORUM
+ # replicationFactor: 3
+ # localConsistencyForSysOps: true
+
+ # # Cassandra driver specific properties for janusgraph
+ # cassandra:
+ # # Name of the Cassandra Cluster
+ # cluster: someclustername
+ # readConsistency: LOCAL_QUORUM
+ # writeConsistency: LOCAL_QUORUM
+ # replicationFactor: 3
+
+ # Specifies if the basic authorization is enabled
+ basic:
+ auth:
+ enabled: true
+ username: AAI
+ passwd: AAI
+
+ # Active spring profiles for the resources microservice
+ profiles:
+ active: production,dmaap,aaf-auth
+
+ # Notification event specific properties
+ notification:
+ eventType: AAI-EVENT
+ domain: dev
+
+ # Schema specific properties that include supported versions of api
+ schema:
+ # Specifies if the connection should be one way ssl, two way ssl or no auth
+ service:
+ client: one-way-ssl
+ # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
+ translator:
+ list: schema-service
+ source:
+ # Specifies which folder to take a look at
+ name: onap
+ uri:
+ # Base URI Path of the application
+ base:
+ path: /aai
+ version:
+ # Current version of the REST API
+ api:
+ default: v21
+ # Specifies which version the depth parameter is configurable
+ depth: v11
+ # List of all the supported versions of the API
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21
+ # Specifies from which version related link should appear
+ related:
+ link: v11
+ # Specifies from which version the app root change happened
+ app:
+ root: v11
+ # Specifies from which version the xml namespace changed
+ namespace:
+ change: v12
+ # Specifies from which version the edge label appeared in API
+ edge:
+ label: v12
+
+ # Keystore configuration password and filename
+ keystore:
+ filename: aai_keystore
+ passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
+
+ # Truststore configuration password and filename
+ truststore:
+ filename: aai_keystore
+ passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
+
+ # Specifies a list of files to be included in auth volume
+ auth:
+ files:
+ - aai_keystore
+
+ # Specifies which clients should always default to realtime graph connection
+ realtime:
+ clients: SDNC,MSO,SO,robot-ete
+
+ # Logback debug enabled
+ logback:
+ console:
+ # If enabled, container will print all logback to standard output
+ # This will make debugging much easier but it should only be done
+ # when debugging the issue and changed back as it can affect performance
+ # since when this is enabled, it prints a lot of information to console
+ enabled: false
+
+# application image
+dockerhubRepository: registry.hub.docker.com
+image: aaionap/haproxy:1.4.2
+pullPolicy: Always
+
+flavor: small
+flavorOverride: small
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+#This section is used when localCluster is enabled. AAI will create its own cassandra cluster for its specific use.
+#Below command will instantiate the aai cassandra instances:
+#helm deploy demo local/onap --version=4.0.0 --namespace onap --set aai.enabled=true \
+# --set aai.global.cassandra.localCluster=true \
+# --set aai.global.cassandra.serviceName=aai-cassandra
+cassandra:
+ nameOverride: aai-cassandra
+ replicaCount: 3
+ service:
+ name: aai-cassandra
+ persistence:
+ mountSubPath: aai/cassandra
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ portName: aai-ssl
+ externalPort: 8443
+ internalPort: 8443
+ nodePort: 33
+ # POLICY hotfix - Note this must be temporary
+ # See https://jira.onap.org/browse/POLICY-510
+ aaiServiceClusterIp:
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "aai.api"
+ name: "aai"
+ port: 8443
+ config:
+ ssl: "redirect"
+
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
+
diff --git a/kubernetes/cli/requirements.yaml b/kubernetes/cli/requirements.yaml
index f5931d50ed..1e08aaf3cd 100644
--- a/kubernetes/cli/requirements.yaml
+++ b/kubernetes/cli/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: repositoryGenerator
+ version: ~7.x-0
+ repository: '@local'
diff --git a/kubernetes/cli/templates/deployment.yaml b/kubernetes/cli/templates/deployment.yaml
index 0823daffb6..74b2d2df37 100644
--- a/kubernetes/cli/templates/deployment.yaml
+++ b/kubernetes/cli/templates/deployment.yaml
@@ -37,7 +37,7 @@ spec:
spec:
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml
index bf3ba5b099..6e711c51c0 100644
--- a/kubernetes/cli/values.yaml
+++ b/kubernetes/cli/values.yaml
@@ -17,12 +17,10 @@
#################################################################
global:
nodePortPrefix: 302
- readinessImage: onap/oom/readiness:3.0.1
#################################################################
# Application configuration defaults.
#################################################################
# application image
-repository: nexus3.onap.org:10001
image: onap/cli:6.0.0
pullPolicy: Always
flavor: small
diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml
index f6feee6e06..c22f9731b5 100644
--- a/kubernetes/common/cmpv2Config/values.yaml
+++ b/kubernetes/common/cmpv2Config/values.yaml
@@ -14,7 +14,7 @@
global:
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1
secretName: oom-cert-service-client-tls-secret
envVariables:
# Certificate related
@@ -29,5 +29,5 @@ global:
keystorePassword: "secret"
truststorePassword: "secret"
certPostProcessor:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.1.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.1
diff --git a/kubernetes/common/common/templates/_affinities.tpl b/kubernetes/common/common/templates/_affinities.tpl
new file mode 100644
index 0000000000..f0802be29d
--- /dev/null
+++ b/kubernetes/common/common/templates/_affinities.tpl
@@ -0,0 +1,109 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+# Copyright © 2020 Bitnami, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+Return a soft nodeAffinity definition
+{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
+*/}}
+{{- define "common.affinities.nodes.soft" -}}
+preferredDuringSchedulingIgnoredDuringExecution:
+ - preference:
+ matchExpressions:
+ key: {{ .key }}
+ operator: In
+ values:
+ {{- range .values }}
+ - {{ . }}
+ {{- end }}
+ weight: 1
+{{- end -}}
+
+{{/*
+Return a hard nodeAffinity definition
+{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
+*/}}
+{{- define "common.affinities.nodes.hard" -}}
+requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ key: {{ .key }}
+ operator: In
+ values:
+ {{- range .values }}
+ - {{ . }}
+ {{- end }}
+{{- end -}}
+
+{{/*
+Return a nodeAffinity definition
+{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
+*/}}
+{{- define "common.affinities.nodes" -}}
+ {{- if eq .type "soft" }}
+ {{- include "common.affinities.nodes.soft" . -}}
+ {{- else if eq .type "hard" }}
+ {{- include "common.affinities.nodes.hard" . -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Return a soft podAffinity/podAntiAffinity definition
+{{ include "common.affinities.pods.soft" (dict "component" "FOO" "context" $) -}}
+*/}}
+{{- define "common.affinities.pods.soft" -}}
+{{- $component := default "" .component -}}
+preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchLabels: {{- (include "common.matchLabels" (dict "dot" .context "matchLabels" (dict))) | nindent 10 }}
+ {{- if not (empty $component) }}
+ {{ printf "app.kubernetes.io/component: %s" $component }}
+ {{- end }}
+ namespaces:
+ - {{ include "common.namespace" .context }}
+ topologyKey: kubernetes.io/hostname
+ weight: 1
+{{- end -}}
+
+{{/*
+Return a hard podAffinity/podAntiAffinity definition
+{{ include "common.affinities.pods.hard" (dict "component" "FOO" "context" $) -}}
+*/}}
+{{- define "common.affinities.pods.hard" -}}
+{{- $component := default "" .component -}}
+requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchLabels: {{- (include "common.matchLabels" (dict "dot" .context "matchLabels" (dict))) | nindent 8 }}
+ {{- if not (empty $component) }}
+ {{ printf "app.kubernetes.io/component: %s" $component }}
+ {{- end }}
+ namespaces:
+ - {{ include "common.namespace" .context }}
+ topologyKey: kubernetes.io/hostname
+{{- end -}}
+
+{{/*
+Return a podAffinity/podAntiAffinity definition
+{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
+*/}}
+{{- define "common.affinities.pods" -}}
+ {{- if eq .type "soft" }}
+ {{- include "common.affinities.pods.soft" . -}}
+ {{- else if eq .type "hard" }}
+ {{- include "common.affinities.pods.hard" . -}}
+ {{- end -}}
+{{- end -}} \ No newline at end of file
diff --git a/kubernetes/common/music/Makefile b/kubernetes/common/music/Makefile
new file mode 100644
index 0000000000..4c79718d02
--- /dev/null
+++ b/kubernetes/common/music/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
diff --git a/kubernetes/common/music/charts/music-cassandra-job/values.yaml b/kubernetes/common/music/charts/music-cassandra-job/values.yaml
deleted file mode 100644
index eee1a3a522..0000000000
--- a/kubernetes/common/music/charts/music-cassandra-job/values.yaml
+++ /dev/null
@@ -1,71 +0,0 @@
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Default values for cassandra.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-global:
- pullPolicy: Always
- repository: nexus3.onap.org:10001
-
- # readiness check
- readinessImage: onap/oom/readiness:3.0.1
- # Set default to 4 hrs.
- # On slow environments dealys this long have been seen.
- readinessTimeout: 240
- # logging agent
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
- replicaCount: 3
-
-job:
- host: music-cassandra
- port: 9042
- busybox:
- image: library/busybox:latest
- cassandra:
- image: onap/music/cassandra_job:3.0.24
- timeout: 30
- delay: 120
-cql:
- keyspace:
- replicationClass: "SimpleStrategy"
- replicationFactor: 3
- adminUser:
- username: nelson24
- password: nelson24
- passwordReplace: A2C4E6G8I0J2L4O6Q8S0U2W4Y6
-
-podManagementPolicy: OrderedReady
-updateStrategy:
- type: OnDelete
-
-ingress:
- enabled: false
-
-tolerations: []
-
-affinity: {}
-
-persistence:
- enabled: true
-
-resources:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 1
- memory: 1Gi
diff --git a/kubernetes/common/music/charts/music/values.yaml b/kubernetes/common/music/charts/music/values.yaml
deleted file mode 100644
index bf3ad2279c..0000000000
--- a/kubernetes/common/music/charts/music/values.yaml
+++ /dev/null
@@ -1,177 +0,0 @@
-# Copyright © 2020 AT&T, Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- repository: nexus3.onap.org:10001
-
- envsubstImage: dibi/envsubst
-
- # readiness check
- readinessImage: onap/oom/readiness:3.0.1
-
- # logging agent
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
- truststore: truststoreONAPall.jks
-
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: music-certs
- name: keystore.jks
- type: generic
- filePaths:
- - resources/keys/org.onap.music.jks
- - uid: music-keystore-pw
- name: keystore-pw
- type: password
- password: '{{ .Values.keystorePassword }}'
- passwordPolicy: required
- - uid: cassa-secret
- type: basicAuth
- login: '{{ .Values.properties.cassandraUser }}'
- password: '{{ .Values.properties.cassandraPassword }}'
- passwordPolicy: required
-
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/music/music_sb:3.2.40
-pullPolicy: Always
-
-job:
- host: cassandra
- port: 9042
- busybox:
- image: library/busybox:latest
-
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 6
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
- port: 8443
-
-
-# Java options that need to be passed to jave on CLI
-#javaOpts: -Xms256m -Xmx2048m
-javaOpts:
-# Options that need to be passed to CLI for Sprngboot, pw is a secret passed in through ENV
-springOpts: --spring.config.location=file:/opt/app/music/etc/music-sb.properties
-# Resource Limit flavor -By Default using small
-flavor: large
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1000m
- memory: 1G
- requests:
- cpu: 300m
- memory: 512Mi
- large:
- limits:
- cpu: 1500m
- memory: 3Gi
- requests:
- cpu: 1000m
- memory: 2Gi
- unlimited: {}
-
-readiness:
- initialDelaySeconds: 350
- periodSeconds: 120
- port: 8443
-
-service:
- useNodePortExt: true
- type: NodePort
- name: music
- ports:
- - name: https-api
- port: 8443
- nodePort: '07'
-
-# Turn on Debugging true/false
-debug: false
-ingress:
- enabled: false
-
-keystorePassword: "ysF9CVS+xvuXr0vf&fRa5lew"
-
-properties:
- lockUsing: "cassandra"
- # Comma dilimited list of hosts
- cassandraHost: "music-cassandra"
- cassandraUser: "nelson24"
- cassandraPassword: "nelson24"
- cassandraConnecttimeoutms: 12000
- cassandraPort: 9042
- # Connection Timeout for Cassandra in ms
- # Read Timeout for Cassandra in ms
- cassandraReadtimeoutms: 12000
- keyspaceActive: true
- # Enable CADI
- cadi: false
- # Special headers that may be passed and if they are required.
- # With the ability to add a Prefix if required.
- transIdRequired: false
- transIdPrefix: X-ATT-
- conversationRequired: false
- conversationPrefix: X-CSI-
- clientIdRequired: false
- clientIdPrefix:
- messageIdRequired: false
- messageIdPrefix:
-
- # sleep time for lock cleanup daemon, negative values turn off daemon
-##### Lock settings
- retryCount: 3
- lockLeasePeriod: 6000
- # sleep time for lock cleanup daemon, negative values turn off daemon
- lockDaemonSleeptimeMs: 30000
- #comma separated list of keyspace names
- keyspaceForLockCleanup:
-
-
-logback:
- errorLogLevel: info
- securityLogLevel: info
- applicationLogLevel: info
- metricsLogLevel: info
- auditLogLevel: info
- # Values must be uppercase: INFO, WARN, CRITICAL,DEBUG etc..
- rootLogLevel: INFO
-
diff --git a/kubernetes/common/music/components/Makefile b/kubernetes/common/music/components/Makefile
new file mode 100644
index 0000000000..bf267b7720
--- /dev/null
+++ b/kubernetes/common/music/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
diff --git a/kubernetes/common/music/charts/music-cassandra/.helmignore b/kubernetes/common/music/components/music-cassandra/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/common/music/charts/music-cassandra/.helmignore
+++ b/kubernetes/common/music/components/music-cassandra/.helmignore
diff --git a/kubernetes/common/music/charts/music-cassandra/Chart.yaml b/kubernetes/common/music/components/music-cassandra/Chart.yaml
index ed2488cc36..ed2488cc36 100644
--- a/kubernetes/common/music/charts/music-cassandra/Chart.yaml
+++ b/kubernetes/common/music/components/music-cassandra/Chart.yaml
diff --git a/kubernetes/common/music/charts/music-cassandra/requirements.yaml b/kubernetes/common/music/components/music-cassandra/requirements.yaml
index 58fe07b90b..3d71e307d6 100644
--- a/kubernetes/common/music/charts/music-cassandra/requirements.yaml
+++ b/kubernetes/common/music/components/music-cassandra/requirements.yaml
@@ -16,3 +16,6 @@ dependencies:
- name: common
version: ~7.x-0
repository: 'file://../../../common'
+ - name: repositoryGenerator
+ version: ~7.x-0
+ repository: 'file://../../../repositoryGenerator'
diff --git a/kubernetes/common/music/charts/music-cassandra-job/resources/LICENSE.txt b/kubernetes/common/music/components/music-cassandra/resources/LICENSE.txt
index 7f60913d26..7f60913d26 100644
--- a/kubernetes/common/music/charts/music-cassandra-job/resources/LICENSE.txt
+++ b/kubernetes/common/music/components/music-cassandra/resources/LICENSE.txt
diff --git a/kubernetes/common/music/charts/music-cassandra-job/resources/cql/admin.cql b/kubernetes/common/music/components/music-cassandra/resources/cql/admin.cql
index a76d774bd3..a76d774bd3 100644
--- a/kubernetes/common/music/charts/music-cassandra-job/resources/cql/admin.cql
+++ b/kubernetes/common/music/components/music-cassandra/resources/cql/admin.cql
diff --git a/kubernetes/common/music/charts/music-cassandra-job/resources/cql/admin_pw.cql b/kubernetes/common/music/components/music-cassandra/resources/cql/admin_pw.cql
index 24f2ad77f7..24f2ad77f7 100644
--- a/kubernetes/common/music/charts/music-cassandra-job/resources/cql/admin_pw.cql
+++ b/kubernetes/common/music/components/music-cassandra/resources/cql/admin_pw.cql
diff --git a/kubernetes/common/music/charts/music-cassandra-job/resources/cql/extra/check.cql b/kubernetes/common/music/components/music-cassandra/resources/cql/extra/check.cql
index a516be857b..a516be857b 100644
--- a/kubernetes/common/music/charts/music-cassandra-job/resources/cql/extra/check.cql
+++ b/kubernetes/common/music/components/music-cassandra/resources/cql/extra/check.cql
diff --git a/kubernetes/common/music/charts/music-cassandra-job/templates/configmap.yaml b/kubernetes/common/music/components/music-cassandra/templates/configmap.yaml
index 011dccda25..011dccda25 100755
--- a/kubernetes/common/music/charts/music-cassandra-job/templates/configmap.yaml
+++ b/kubernetes/common/music/components/music-cassandra/templates/configmap.yaml
diff --git a/kubernetes/common/music/charts/music-cassandra-job/templates/configmap_extra.yaml b/kubernetes/common/music/components/music-cassandra/templates/configmap_extra.yaml
index 72733b3088..72733b3088 100755
--- a/kubernetes/common/music/charts/music-cassandra-job/templates/configmap_extra.yaml
+++ b/kubernetes/common/music/components/music-cassandra/templates/configmap_extra.yaml
diff --git a/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml b/kubernetes/common/music/components/music-cassandra/templates/job.yaml
index 2c6c3379c2..3cf1ae34fd 100644
--- a/kubernetes/common/music/charts/music-cassandra-job/templates/job.yaml
+++ b/kubernetes/common/music/components/music-cassandra/templates/job.yaml
@@ -34,13 +34,13 @@ spec:
restartPolicy: Never
initContainers:
- name: {{ include "common.name" . }}-readiness
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /app/ready.py
args:
- --timeout
- - "{{ .Values.global.readinessTimeout }}"
+ - "{{ .Values.readinessTimeout }}"
- --container-name
- music-cassandra
env:
@@ -51,7 +51,7 @@ spec:
fieldPath: metadata.namespace
containers:
- name: {{ include "common.name" . }}-update-job
- image: "{{ .Values.global.repository }}/{{ .Values.job.cassandra.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.job.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: CASS_HOSTNAME
@@ -64,7 +64,7 @@ spec:
value: "{{ .Values.cql.adminUser.password }}"
- name: TIMEOUT
value: "{{ .Values.job.timeout }}"
- - name: DELAY
+ - name: DELAY
value: "{{ .Values.job.delay }}"
volumeMounts:
# Admin cql Files that setup Admin Keyspace and Change Admin user.
diff --git a/kubernetes/common/music/charts/music-cassandra/templates/pv.yaml b/kubernetes/common/music/components/music-cassandra/templates/pv.yaml
index 8399bff77d..8399bff77d 100644
--- a/kubernetes/common/music/charts/music-cassandra/templates/pv.yaml
+++ b/kubernetes/common/music/components/music-cassandra/templates/pv.yaml
diff --git a/kubernetes/common/music/charts/music-cassandra/templates/service.yaml b/kubernetes/common/music/components/music-cassandra/templates/service.yaml
index 5a26d6701c..5a26d6701c 100644
--- a/kubernetes/common/music/charts/music-cassandra/templates/service.yaml
+++ b/kubernetes/common/music/components/music-cassandra/templates/service.yaml
diff --git a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml b/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml
index 5ae944a568..665cdaad0a 100644
--- a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml
+++ b/kubernetes/common/music/components/music-cassandra/templates/statefulset.yaml
@@ -43,7 +43,7 @@ spec:
spec:
containers:
- name: {{ include "common.name" . }}
- image: "{{ .Values.global.repository }}/{{ .Values.image.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
diff --git a/kubernetes/common/music/charts/music-cassandra/values.yaml b/kubernetes/common/music/components/music-cassandra/values.yaml
index 0402a3207c..317087cf24 100644
--- a/kubernetes/common/music/charts/music-cassandra/values.yaml
+++ b/kubernetes/common/music/components/music-cassandra/values.yaml
@@ -16,16 +16,7 @@
# Declare variables to be passed into your templates.
global:
nodePortPrefix: 302
-
- pullPolicy: Always
- repository: nexus3.onap.org:10001
-
- # readiness check
- readinessImage: onap/oom/readiness:3.0.1
-
- # logging agent
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
+ persistence: {}
replicaCount: 3
@@ -33,9 +24,8 @@ replicaCount: 3
# Docker Hub where the Security has been turned on.
# When logging into DB the default username and password are 'cassandra'
# kubectl exec -it <cassandra-n> -n <namespace> cqlsh -u cassandra -p cassandra
-image:
- image: onap/music/cassandra_3_11:3.0.24
- pullPolicy: Always
+image: onap/music/cassandra_3_11:3.0.24
+pullPolicy: Always
# Cassandra ENV configuration
config:
@@ -48,22 +38,38 @@ config:
rackName: Rack1
autoBootstrap: true
ports:
- cql: 9042
- thrift: 9160
+ cql: &cqlPort 9042
+ thrift: &thriftPort 9160
# If a JVM Agent is in place
# agent: 61621
service:
expose: true
type: ClusterIP
- name: music-cassandra
- internalPort: 9042
+ name: &cassandraService music-cassandra
+ internalPort: *cqlPort
portName: cql
- internalPort2: 9160
+ internalPort2: *thriftPort
portName2: thrift
internalPort3: 61621
portName3: agent
+job:
+ host: *cassandraService
+ port: *cqlPort
+ timeout: 30
+ delay: 120
+ image: onap/music/cassandra_job:3.0.24
+
+cql:
+ keyspace:
+ replicationClass: "SimpleStrategy"
+ replicationFactor: 3
+ adminUser:
+ username: nelson24
+ password: nelson24
+ passwordReplace: A2C4E6G8I0J2L4O6Q8S0U2W4Y6
+
# probe configuration parameters
liveness:
initialDelaySeconds: 120
@@ -72,6 +78,8 @@ liveness:
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+readinessTimeout: 240
+
readiness:
initialDelaySeconds: 10
periodSeconds: 10
diff --git a/kubernetes/common/music/requirements.yaml b/kubernetes/common/music/requirements.yaml
index f16f6df288..a9566c1811 100644
--- a/kubernetes/common/music/requirements.yaml
+++ b/kubernetes/common/music/requirements.yaml
@@ -13,6 +13,12 @@
# limitations under the License.
dependencies:
+ - name: music-cassandra
+ version: ~7.x-0
+ repository: 'file://components/music-cassandra'
- name: common
version: ~7.x-0
repository: 'file://../common'
+ - name: repositoryGenerator
+ version: ~7.x-0
+ repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/music/charts/music/resources/config/logback.xml b/kubernetes/common/music/resources/config/logback.xml
index 51423e547d..51423e547d 100755
--- a/kubernetes/common/music/charts/music/resources/config/logback.xml
+++ b/kubernetes/common/music/resources/config/logback.xml
diff --git a/kubernetes/common/music/charts/music/resources/config/music-sb.properties b/kubernetes/common/music/resources/config/music-sb.properties
index 751a351737..751a351737 100755
--- a/kubernetes/common/music/charts/music/resources/config/music-sb.properties
+++ b/kubernetes/common/music/resources/config/music-sb.properties
diff --git a/kubernetes/common/music/charts/music/resources/config/music.properties b/kubernetes/common/music/resources/config/music.properties
index a7681d0a02..a7681d0a02 100755
--- a/kubernetes/common/music/charts/music/resources/config/music.properties
+++ b/kubernetes/common/music/resources/config/music.properties
diff --git a/kubernetes/common/music/charts/music/resources/config/startup.sh b/kubernetes/common/music/resources/config/startup.sh
index 37bb84de8b..37bb84de8b 100755
--- a/kubernetes/common/music/charts/music/resources/config/startup.sh
+++ b/kubernetes/common/music/resources/config/startup.sh
diff --git a/kubernetes/common/music/charts/music/resources/keys/org.onap.music.jks b/kubernetes/common/music/resources/keys/org.onap.music.jks
index 35d27c3ef7..35d27c3ef7 100644
--- a/kubernetes/common/music/charts/music/resources/keys/org.onap.music.jks
+++ b/kubernetes/common/music/resources/keys/org.onap.music.jks
Binary files differ
diff --git a/kubernetes/common/music/resources/keys/truststoreONAPall.jks b/kubernetes/common/music/resources/keys/truststoreONAPall.jks
new file mode 100644
index 0000000000..ff844b109d
--- /dev/null
+++ b/kubernetes/common/music/resources/keys/truststoreONAPall.jks
Binary files differ
diff --git a/kubernetes/common/music/charts/music/templates/configmap.yaml b/kubernetes/common/music/templates/configmap.yaml
index d42cf2e7e0..d42cf2e7e0 100644
--- a/kubernetes/common/music/charts/music/templates/configmap.yaml
+++ b/kubernetes/common/music/templates/configmap.yaml
diff --git a/kubernetes/common/music/charts/music/templates/deployment.yaml b/kubernetes/common/music/templates/deployment.yaml
index 63b5ab0974..cf0ce8f899 100644
--- a/kubernetes/common/music/charts/music/templates/deployment.yaml
+++ b/kubernetes/common/music/templates/deployment.yaml
@@ -25,13 +25,13 @@ spec:
spec:
initContainers:
- name: {{ include "common.name" . }}-cassandra-readiness
- image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /app/ready.py
args:
- -j
- - "{{ include "common.release" . }}-music-cassandra-job-config"
+ - "{{ include "common.release" . }}-music-cassandra-config"
env:
- name: NAMESPACE
valueFrom:
@@ -55,13 +55,13 @@ spec:
name: properties-music-scrubbed
- mountPath: /config
name: properties-music
- image: "{{ .Values.global.envsubstImage }}"
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
containers:
# MUSIC Container
- name: "{{ include "common.name" . }}-springboot"
- image: "{{ .Values.repository }}/{{ .Values.image }}"
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
diff --git a/kubernetes/common/music/charts/music/templates/secrets.yaml b/kubernetes/common/music/templates/secrets.yaml
index 15791a85d7..15791a85d7 100644
--- a/kubernetes/common/music/charts/music/templates/secrets.yaml
+++ b/kubernetes/common/music/templates/secrets.yaml
diff --git a/kubernetes/common/music/charts/music/templates/service.yaml b/kubernetes/common/music/templates/service.yaml
index 3bd32a9419..3bd32a9419 100644
--- a/kubernetes/common/music/charts/music/templates/service.yaml
+++ b/kubernetes/common/music/templates/service.yaml
diff --git a/kubernetes/common/music/values.yaml b/kubernetes/common/music/values.yaml
index 7e89b02e02..31df352de7 100644
--- a/kubernetes/common/music/values.yaml
+++ b/kubernetes/common/music/values.yaml
@@ -17,17 +17,45 @@
#################################################################
global:
nodePortPrefix: 302
- repository: nexus3.onap.org:10001
+ nodePortPrefixExt: 304
+ truststore: truststoreONAPall.jks
- readinessImage: onap/oom/readiness:3.0.1
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-# flag to enable debugging - application support required
-debugEnabled: false
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: music-certs
+ name: keystore.jks
+ type: generic
+ filePaths:
+ - resources/keys/org.onap.music.jks
+ - uid: music-keystore-pw
+ name: keystore-pw
+ type: password
+ password: '{{ .Values.keystorePassword }}'
+ passwordPolicy: required
+ - uid: cassa-secret
+ type: basicAuth
+ login: '{{ .Values.properties.cassandraUser }}'
+ password: '{{ .Values.properties.cassandraPassword }}'
+ passwordPolicy: required
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/music/music_sb:3.2.40
+pullPolicy: Always
+
+job:
+ host: cassandra
+ port: 9042
+
# default number of instances
-replicaCount: 3
+replicaCount: 1
nodeSelector: {}
@@ -35,15 +63,100 @@ affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
+ initialDelaySeconds: 30
+ periodSeconds: 6
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
- enabled: true
+ enabled: false
+ port: 8443
+
+
+# Java options that need to be passed to jave on CLI
+#javaOpts: -Xms256m -Xmx2048m
+javaOpts:
+# Options that need to be passed to CLI for Sprngboot, pw is a secret passed in through ENV
+springOpts: --spring.config.location=file:/opt/app/music/etc/music-sb.properties
+# Resource Limit flavor -By Default using small
+flavor: large
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1000m
+ memory: 1G
+ requests:
+ cpu: 300m
+ memory: 512Mi
+ large:
+ limits:
+ cpu: 1500m
+ memory: 3Gi
+ requests:
+ cpu: 1000m
+ memory: 2Gi
+ unlimited: {}
readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
+ initialDelaySeconds: 350
+ periodSeconds: 120
+ port: 8443
+
+service:
+ useNodePortExt: true
+ type: NodePort
+ name: music
+ ports:
+ - name: https-api
+ port: 8443
+ nodePort: '07'
+
+# Turn on Debugging true/false
+debug: false
+ingress:
+ enabled: false
+
+keystorePassword: "ysF9CVS+xvuXr0vf&fRa5lew"
+
+properties:
+ lockUsing: "cassandra"
+ # Comma dilimited list of hosts
+ cassandraHost: "music-cassandra"
+ cassandraUser: "nelson24"
+ cassandraPassword: "nelson24"
+ cassandraConnecttimeoutms: 12000
+ cassandraPort: 9042
+ # Connection Timeout for Cassandra in ms
+ # Read Timeout for Cassandra in ms
+ cassandraReadtimeoutms: 12000
+ keyspaceActive: true
+ # Enable CADI
+ cadi: false
+ # Special headers that may be passed and if they are required.
+ # With the ability to add a Prefix if required.
+ transIdRequired: false
+ transIdPrefix: X-ATT-
+ conversationRequired: false
+ conversationPrefix: X-CSI-
+ clientIdRequired: false
+ clientIdPrefix:
+ messageIdRequired: false
+ messageIdPrefix:
+
+ # sleep time for lock cleanup daemon, negative values turn off daemon
+##### Lock settings
+ retryCount: 3
+ lockLeasePeriod: 6000
+ # sleep time for lock cleanup daemon, negative values turn off daemon
+ lockDaemonSleeptimeMs: 30000
+ #comma separated list of keyspace names
+ keyspaceForLockCleanup:
-resources: {}
+logback:
+ errorLogLevel: info
+ securityLogLevel: info
+ applicationLogLevel: info
+ metricsLogLevel: info
+ auditLogLevel: info
+ # Values must be uppercase: INFO, WARN, CRITICAL,DEBUG etc..
+ rootLogLevel: INFO \ No newline at end of file
diff --git a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml
index 19d872fe12..ec51a80d5e 100644
--- a/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml
+++ b/kubernetes/contrib/components/ejbca/resources/entityprofile_Custom_EndEntity-1356531849.xml
@@ -60,19 +60,19 @@
<int>1</int>
</void>
<void method="add">
- <int>0</int>
+ <int>3</int>
</void>
<void method="add">
<int>3</int>
</void>
<void method="add">
- <int>0</int>
+ <int>3</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
- <int>0</int>
+ <int>3</int>
</void>
<void method="add">
<int>0</int>
@@ -354,6 +354,33 @@
<void method="add">
<int>1802</int>
</void>
+ <void method="add">
+ <int>1700</int>
+ </void>
+ <void method="add">
+ <int>1701</int>
+ </void>
+ <void method="add">
+ <int>1702</int>
+ </void>
+ <void method="add">
+ <int>1900</int>
+ </void>
+ <void method="add">
+ <int>1901</int>
+ </void>
+ <void method="add">
+ <int>1902</int>
+ </void>
+ <void method="add">
+ <int>2100</int>
+ </void>
+ <void method="add">
+ <int>2101</int>
+ </void>
+ <void method="add">
+ <int>2102</int>
+ </void>
</object>
</void>
<void method="put">
@@ -570,7 +597,7 @@
</void>
<void method="put">
<int>37</int>
- <string>-1501801709</string>
+ <string>-29939301</string>
</void>
<void method="put">
<int>20037</int>
@@ -932,5 +959,149 @@
<int>30218</int>
<boolean>true</boolean>
</void>
+ <void method="put">
+ <int>17</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20017</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10017</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30017</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>117</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20117</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10117</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30117</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>217</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20217</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10217</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>30217</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>19</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20019</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10019</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30019</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>119</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20119</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10119</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30119</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>219</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20219</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10219</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30219</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>21</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20021</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10021</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30021</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>121</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20121</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10121</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30121</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>221</int>
+ <string></string>
+ </void>
+ <void method="put">
+ <int>20221</int>
+ <boolean>false</boolean>
+ </void>
+ <void method="put">
+ <int>10221</int>
+ <boolean>true</boolean>
+ </void>
+ <void method="put">
+ <int>30221</int>
+ <boolean>true</boolean>
+ </void>
</object>
</java>
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
index 568d6f77c9..5e37856d19 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json
@@ -54,7 +54,7 @@
"keystore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.keystorePassword }}",
"truststore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.truststorePassword }}"
},
- "truststore_merger": {
+ "cert_post_processor": {
"image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}"
}
-} \ No newline at end of file
+}
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml
index 08a3c357ba..0108d9a8ce 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml
@@ -25,6 +25,6 @@ use_tls: true
security_ssl_disable: false
external_cert_ca_name: "RA"
external_cert_common_name: "dcae-hv-ves-collector"
-external_cert_sans: "dcae-hv-ves-collector:hv-ves-collector:hv-ves"
+external_cert_sans: "dcae-hv-ves-collector,hv-ves-collector,hv-ves"
external_cert_cert_type: "JKS"
external_cert_use_external_tls: false
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml
index e09e37dd31..c284612c79 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml
@@ -40,6 +40,6 @@ ves_3gpp_performance_assurance_publish_url: "http://{{ .Values.config.address.me
user_list: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce"
external_cert_ca_name: "RA"
external_cert_common_name: "dcae-ves-collector"
-external_cert_sans: "dcae-ves-collector:ves-collector:ves"
+external_cert_sans: "dcae-ves-collector,ves-collector,ves"
external_cert_cert_type: "JKS"
external_cert_use_external_tls: false
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index 668dcc7e18..a3bff07fb2 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -103,7 +103,7 @@ mongo:
disableNfsProvisioner: true
# application image
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.1.8
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.2.1
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
@@ -115,7 +115,7 @@ componentImages:
ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.9
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.4
- hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.0
+ hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.5.1
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
index fd4e1217c4..c13d3cebe6 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
@@ -49,7 +49,7 @@ config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.deployments.cm-container:3.3.4
+image: onap/org.onap.dcaegen2.deployments.cm-container:3.4.1
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 3c8b1e9d90..5b29afc194 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -164,7 +164,7 @@ global:
cmpv2Enabled: true
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1
secret:
name: oom-cert-service-client-tls-secret
mountPath: /etc/onap/oom/certservice/certs/
diff --git a/kubernetes/oof/components/oof-has/templates/job-onboard.yaml b/kubernetes/oof/components/oof-has/templates/job-onboard.yaml
index a60372f30a..e63aeb369a 100755
--- a/kubernetes/oof/components/oof-has/templates/job-onboard.yaml
+++ b/kubernetes/oof/components/oof-has/templates/job-onboard.yaml
@@ -53,7 +53,7 @@ spec:
- /app/ready.py
args:
- -j
- - "{{ include "common.release" . }}-music-cassandra-job-config"
+ - "{{ include "common.release" . }}-music-cassandra-config"
env:
- name: NAMESPACE
valueFrom:
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/.helmignore b/kubernetes/platform/components/cmpv2-cert-provider/.helmignore
new file mode 100644
index 0000000000..50af031725
--- /dev/null
+++ b/kubernetes/platform/components/cmpv2-cert-provider/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/Chart.yaml b/kubernetes/platform/components/cmpv2-cert-provider/Chart.yaml
new file mode 100644
index 0000000000..38446f1bfa
--- /dev/null
+++ b/kubernetes/platform/components/cmpv2-cert-provider/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP CMPv2 certificate external provider for cert-manager
+name: cmpv2-cert-provider
+version: 7.0.0
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml b/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml
new file mode 100644
index 0000000000..0bc24afe86
--- /dev/null
+++ b/kubernetes/platform/components/cmpv2-cert-provider/crds/cmpv2issuer.yaml
@@ -0,0 +1,138 @@
+# ============LICENSE_START=======================================================
+# Copyright (c) 2020 Nokia
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: cmpv2issuers.certmanager.onap.org
+spec:
+ group: certmanager.onap.org
+ names:
+ kind: CMPv2Issuer
+ listKind: CMPv2IssuerList
+ plural: cmpv2issuers
+ singular: cmpv2issuer
+ scope: Namespaced
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ description: CMPv2Issuer is the Schema for the cmpv2issuers API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/cmpv2api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/cmpv2api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CMPv2IssuerSpec defines the desired state of CMPv2Issuer
+ properties:
+ url:
+ description: URL to CertService API.
+ type: string
+ healthEndpoint:
+ description: Path of health check endpoint.
+ type: string
+ certEndpoint:
+ description: Path of cerfificate signing enpoint.
+ type: string
+ caName:
+ description: Name of the external CA server configured on CertService API side.
+ type: string
+ certSecretRef:
+ description: Reference to K8s secret which contains certificate, private key and CA certificate
+ needed to connect to CertService API (which requires client certificate authentication)
+ properties:
+ name:
+ description: The name of K8s secret to select certificates from. Secret must be in the same
+ namespace as CMPv2Issuer.
+ type: string
+ keyRef:
+ description: The key of the secret to select private key from. Must be a
+ valid secret key.
+ type: string
+ certRef:
+ description: The key of the secret to select cert from. Must be a
+ valid secret key.
+ type: string
+ cacertRef:
+ description: The key of the secret to select cacert from. Must be a
+ valid secret key.
+ type: string
+ required:
+ - name
+ - keyRef
+ - certRef
+ - cacertRef
+ type: object
+ required:
+ - url
+ - healthEndpoint
+ - certEndpoint
+ - caName
+ - certSecretRef
+ type: object
+ status:
+ description: CMPv2IssuerStatus defines the observed state of CMPv2Issuer
+ properties:
+ conditions:
+ items:
+ description: CMPv2IssuerCondition contains condition information for
+ the certservice issuer.
+ properties:
+ lastTransitionTime:
+ description: LastTransitionTime is the timestamp corresponding
+ to the last status change of this condition.
+ format: date-time
+ type: string
+ message:
+ description: Message is a human readable description of the details
+ of the last transition, complementing reason.
+ type: string
+ reason:
+ description: Reason is a brief machine readable explanation for
+ the condition's last transition.
+ type: string
+ status:
+ allOf:
+ - enum:
+ - "True"
+ - "False"
+ - Unknown
+ description: Status of the condition, one of ('True', 'False',
+ 'Unknown').
+ type: string
+ type:
+ description: Type of the condition, currently ('Ready').
+ enum:
+ - Ready
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ type: object
+ type: object
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/requirements.yaml b/kubernetes/platform/components/cmpv2-cert-provider/requirements.yaml
new file mode 100644
index 0000000000..def35866d7
--- /dev/null
+++ b/kubernetes/platform/components/cmpv2-cert-provider/requirements.yaml
@@ -0,0 +1,17 @@
+# Copyright © 2020 Nokia
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ dependencies:
+ - name: common
+ version: ~7.x-0
+ repository: '@local'
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
new file mode 100644
index 0000000000..9ba61a5f57
--- /dev/null
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/configuration.yaml
@@ -0,0 +1,34 @@
+{{ if .Values.global.CMPv2CertManagerIntegration }}
+
+# ============LICENSE_START=======================================================
+# Copyright (c) 2020 Nokia
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: certmanager.onap.org/v1
+kind: CMPv2Issuer
+metadata:
+ name: {{ .Values.cmpv2issuer.name }}
+ namespace: {{ include "common.namespace" . }}
+spec:
+ url: {{ .Values.cmpv2issuer.url }}
+ healthEndpoint: {{ .Values.cmpv2issuer.healthcheckEndpoint }}
+ certEndpoint: {{ .Values.cmpv2issuer.certEndpoint }}
+ caName: {{ .Values.cmpv2issuer.caName }}
+ certSecretRef:
+ name: {{ .Values.cmpv2issuer.certSecretRef.name }}
+ keyRef: {{ .Values.cmpv2issuer.certSecretRef.keyRef }}
+ certRef: {{ .Values.cmpv2issuer.certSecretRef.certRef }}
+ cacertRef: {{ .Values.cmpv2issuer.certSecretRef.cacertRef }}
+{{ end }}
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
new file mode 100644
index 0000000000..3f0027f1be
--- /dev/null
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/deployment.yaml
@@ -0,0 +1,71 @@
+{{ if .Values.global.CMPv2CertManagerIntegration }}
+
+# ============LICENSE_START=======================================================
+# Copyright (c) 2020 Nokia
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ control-plane: controller-manager
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ control-plane: controller-manager
+ template:
+ metadata:
+ labels:
+ control-plane: controller-manager
+ spec:
+ containers:
+ - name: {{ .Values.deploymentProxy.name }}
+ image: {{ .Values.deploymentProxy.image }}
+ imagePullPolicy: {{ .Values.deploymentProxy.pullPolicy }}
+ args:
+ - --secure-listen-address=0.0.0.0:8443
+ - --upstream=http://127.0.0.1:8080/
+ - --logtostderr=true
+ - --v=10
+ ports:
+ - containerPort: 8443
+ name: https
+ resources:
+ limits:
+ cpu: {{ .Values.deploymentProxy.resources.limits.cpu }}
+ memory: {{ .Values.deploymentProxy.resources.limits.memory }}
+ requests:
+ cpu: {{ .Values.deploymentProxy.resources.requests.cpu }}
+ memory: {{ .Values.deploymentProxy.resources.requests.memory }}
+ - name: provider
+ image: {{ .Values.global.repository }}{{if .Values.global.repository }}/{{ end }}{{ .Values.deployment.image }}
+ imagePullPolicy: {{ .Values.deployment.pullPolicy }}
+ command:
+ - /oom-certservice-cmpv2issuer
+ args:
+ - --metrics-addr=127.0.0.1:8080
+ - --log-level={{ .Values.deployment.logLevel }}
+ resources:
+ limits:
+ cpu: {{ .Values.deployment.resources.limits.cpu }}
+ memory: {{ .Values.deployment.resources.limits.memory }}
+ requests:
+ cpu: {{ .Values.deployment.resources.requests.cpu }}
+ memory: {{ .Values.deployment.resources.requests.memory }}
+ terminationGracePeriodSeconds: 10
+{{ end }}
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml
new file mode 100644
index 0000000000..add5622f41
--- /dev/null
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml
@@ -0,0 +1,167 @@
+{{ if .Values.global.CMPv2CertManagerIntegration }}
+
+# ============LICENSE_START=======================================================
+# Copyright (c) 2020 Nokia
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: cmpv2-issuer-leader-election-role
+ namespace: {{ include "common.namespace" . }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps/status
+ verbs:
+ - get
+ - update
+ - patch
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: cmpv2-issuer-manager-role
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - cert-manager.io
+ resources:
+ - certificaterequests
+ verbs:
+ - get
+ - list
+ - update
+ - watch
+ - apiGroups:
+ - cert-manager.io
+ resources:
+ - certificaterequests/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - certmanager.onap.org
+ resources:
+ - cmpv2issuers
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - certmanager.onap.org
+ resources:
+ - cmpv2issuers/status
+ verbs:
+ - get
+ - patch
+ - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: cmpv2-issuer-proxy-role
+rules:
+ - apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+ - apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: cmpv2-issuer-leader-election-rolebinding
+ namespace: {{ include "common.namespace" . }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: cmpv2-issuer-leader-election-role
+subjects:
+ - kind: ServiceAccount
+ name: default
+ namespace: {{ include "common.namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: cmpv2-issuer-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cmpv2-issuer-manager-role
+subjects:
+ - kind: ServiceAccount
+ name: default
+ namespace: {{ include "common.namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: cmpv2-issuer-proxy-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cmpv2-issuer-proxy-role
+subjects:
+ - kind: ServiceAccount
+ name: default
+ namespace: {{ include "common.namespace" . }}
+{{ end }}
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml
new file mode 100644
index 0000000000..152bd68ba6
--- /dev/null
+++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/service.yaml
@@ -0,0 +1,38 @@
+{{ if .Values.global.CMPv2CertManagerIntegration }}
+
+# ============LICENSE_START=======================================================
+# Copyright (c) 2020 Nokia
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+kind: Service
+metadata:
+ annotations:
+ prometheus.io/port: "8443"
+ prometheus.io/scheme: https
+ prometheus.io/scrape: "true"
+ labels:
+ control-plane: controller-manager
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - name: {{ .Values.service.ports.name }}
+ port: {{ .Values.service.ports.port }}
+ targetPort: {{ .Values.service.ports.targetPort }}
+ selector:
+ control-plane: controller-manager
+{{ end }}
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
new file mode 100644
index 0000000000..5ea763a812
--- /dev/null
+++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml
@@ -0,0 +1,79 @@
+# Copyright © 2020, Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Global
+global:
+ nodePortPrefix: 302
+ readinessImage: onap/oom/readiness:3.0.1
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:latest
+ repository: "nexus3.onap.org:10001"
+ CMPv2CertManagerIntegration: false
+
+namespace: onap
+
+# Service configuration
+service:
+ name: oom-certservice-cmpv2issuer-metrics-service
+ type: ClusterIP
+ ports:
+ name: https
+ port: 8443
+ targetPort: https
+
+# Deployment configuration
+deployment:
+ name: oom-certservice-cmpv2issuer
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.3.0
+ proxyImage: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
+ # fol local development use IfNotPresent
+ pullPolicy: Always
+ logLevel: debug
+ resources:
+ limits:
+ cpu: 250m
+ memory: 128Mi
+ requests:
+ cpu: 100m
+ memory: 64Mi
+deploymentProxy:
+ name: kube-rbac-proxy
+ image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
+ pullPolicy: IfNotPresent
+ resources:
+ limits:
+ cpu: 250m
+ memory: 128Mi
+ requests:
+ cpu: 50m
+ memory: 32Mi
+
+# CMPv2Issuer
+cmpv2issuer:
+ name: cmpv2-issuer-onap
+ url: https://oom-cert-service:8443
+ healthcheckEndpoint: actuator/health
+ certEndpoint: v1/certificate
+ caName: RA
+ certSecretRef:
+ name: cmpv2-issuer-secret
+ certRef: certServiceServer-cert.pem
+ keyRef: certServiceServer-key.pem
+ cacertRef: truststore.pem
+
+
+
+
diff --git a/kubernetes/platform/components/oom-cert-service/.gitignore b/kubernetes/platform/components/oom-cert-service/.gitignore
new file mode 100644
index 0000000000..d5e121c17d
--- /dev/null
+++ b/kubernetes/platform/components/oom-cert-service/.gitignore
@@ -0,0 +1,5 @@
+resources/*.jks
+resources/*.pem
+resources/*.p12
+resources/*.crt
+resources/*.csr
diff --git a/kubernetes/platform/components/oom-cert-service/.helmignore b/kubernetes/platform/components/oom-cert-service/.helmignore
index 50af031725..5d9272cd5d 100644
--- a/kubernetes/platform/components/oom-cert-service/.helmignore
+++ b/kubernetes/platform/components/oom-cert-service/.helmignore
@@ -20,3 +20,4 @@
.idea/
*.tmproj
.vscode/
+
diff --git a/kubernetes/platform/components/oom-cert-service/Makefile b/kubernetes/platform/components/oom-cert-service/Makefile
index 736a19fbd4..ea0cb8aae4 100644
--- a/kubernetes/platform/components/oom-cert-service/Makefile
+++ b/kubernetes/platform/components/oom-cert-service/Makefile
@@ -19,6 +19,10 @@ all: start_docker \
server_import_root_certificate \
server_convert_certificate_to_jks \
server_convert_certificate_to_p12 \
+ convert_truststore_to_p12 \
+ convert_truststore_to_pem \
+ server_export_certificate_to_pem \
+ server_export_key_to_pem \
clear_unused_files \
stop_docker
@@ -32,7 +36,7 @@ start_docker:
$(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE))
$(eval USERNAME :=$(shell id -u))
$(eval GROUP :=$(shell id -g))
- docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/app -w /app --entrypoint "sh" -td $(FULL_JAVA_IMAGE)
+ docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs --entrypoint "sh" -td $(FULL_JAVA_IMAGE)
# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted
stop_docker:
@@ -46,7 +50,7 @@ clear_all:
#Clear certificates
clear_existing_certificates:
@echo "Clear certificates"
- ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12
+ ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 truststore.pem certServiceServer-cert.pem certServiceServer-key.pem
@echo "#####done#####"
#Generate root private and public keys
@@ -146,8 +150,34 @@ server_convert_certificate_to_p12:
-destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret
@echo "#####done#####"
+#Convert truststore(.jks) to PCKS12 format(.p12)
+convert_truststore_to_p12:
+ @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)"
+ ${DOCKER_EXEC} keytool -importkeystore -srckeystore truststore.jks -srcstorepass secret \
+ -destkeystore truststore.p12 -deststoretype PKCS12 -deststorepass secret
+ @echo "#####done#####"
+
+#Convert truststore(.p12) to PEM format(.pem)
+convert_truststore_to_pem:
+ @echo "Convert certServiceServer-keystore(.p12) to PEM format(.pem)"
+ ${DOCKER_EXEC} openssl pkcs12 -nodes -in truststore.p12 -out truststore.pem -passin pass:secret
+ @echo "#####done#####"
+
+#Export certificates from certServiceServer-keystore(.p12) to PEM format(.pem)
+server_export_certificate_to_pem:
+ @echo "Export certificates from certServiceClient-keystore(.p12) to PEM format(.pem)"
+ ${DOCKER_EXEC} openssl pkcs12 -in certServiceServer-keystore.p12 -passin 'pass:secret' -nodes -nokeys -out certServiceServer-cert.pem
+ @echo "#####done#####"
+
+#Export keys from certServiceServer-keystore(.p12) to PEM format(.pem)
+server_export_key_to_pem:
+ @echo "Export keys from certServiceClient-keystore(.p12) to PEM format(.pem)"
+ ${DOCKER_EXEC} openssl pkcs12 -in certServiceServer-keystore.p12 -passin 'pass:secret' -nodes -nocerts -out certServiceServer-key.pem
+ @echo "#####done#####"
+
+
#Clear unused certificates
clear_unused_files:
@echo "Clear unused certificates"
- ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr
+ ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr truststore.p12
@echo "#####done#####"
diff --git a/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json b/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json
index 358f2a82c7..c6d76c1f57 100644
--- a/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json
+++ b/kubernetes/platform/components/oom-cert-service/resources/default/cmpServers.json
@@ -1,3 +1,3 @@
{
"cmpv2Servers": []
-} \ No newline at end of file
+}
diff --git a/kubernetes/platform/components/oom-cert-service/templates/secret.yaml b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml
index 280922a014..2d47e6f57c 100644
--- a/kubernetes/platform/components/oom-cert-service/templates/secret.yaml
+++ b/kubernetes/platform/components/oom-cert-service/templates/secret.yaml
@@ -53,4 +53,17 @@ data:
{{ (.Files.Glob "resources/truststore.jks").AsSecrets }}
root.crt:
{{ (.Files.Glob "resources/root.crt").AsSecrets }}
-{{ end -}} \ No newline at end of file
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.tls.provider.secret.name }}
+type: Opaque
+data:
+ certServiceServer-key.pem:
+ {{ (.Files.Glob "resources/certServiceServer-key.pem").AsSecrets }}
+ certServiceServer-cert.pem:
+ {{ (.Files.Glob "resources/certServiceServer-cert.pem").AsSecrets }}
+ truststore.pem:
+ {{ (.Files.Glob "resources/truststore.pem").AsSecrets }}
+{{ end -}}
diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index ee51ec7a7d..bd415c06b1 100644
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -34,11 +34,11 @@ service:
port_protocol: http
# Certificates generation configuration
-certificateGenerationImage: onap/integration-java11:7.1.0
+certificateGenerationImage: onap/integration-java11:7.2.0
# Deployment configuration
repository: "nexus3.onap.org:10001"
-image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.1.0
+image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.3.1
pullPolicy: Always
replicaCount: 1
@@ -88,14 +88,19 @@ tls:
client:
secret:
defaultName: oom-cert-service-client-tls-secret
+ provider:
+ secret:
+ name: cmpv2-issuer-secret
envs:
keystore:
jksName: certServiceServer-keystore.jks
p12Name: certServiceServer-keystore.p12
+ pemName: certServiceServer-keystore.pem
truststore:
jksName: truststore.jks
crtName: root.crt
+ pemName: truststore.pem
httpsPort: 8443
# External secrets with credentials can be provided to override default credentials defined below,
diff --git a/kubernetes/platform/requirements.yaml b/kubernetes/platform/requirements.yaml
index a7ff4de4e1..7ddef473db 100644
--- a/kubernetes/platform/requirements.yaml
+++ b/kubernetes/platform/requirements.yaml
@@ -18,4 +18,7 @@
dependencies:
- name: oom-cert-service
version: ~7.x-0
- repository: 'file://components/oom-cert-service' \ No newline at end of file
+ repository: 'file://components/oom-cert-service'
+ - name: cmpv2-cert-provider
+ version: ~7.x-0
+ repository: 'file://components/cmpv2-cert-provider'
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index edac61b24e..7282f305c5 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -33,7 +33,7 @@ global:
cmpv2Enabled: true
platform:
certServiceClient:
- image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.1
secret:
name: oom-cert-service-client-tls-secret
mountPath: /etc/onap/oom/certservice/certs/
diff --git a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml
index 11128dd68c..b4bd316c03 100755
--- a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml
@@ -303,6 +303,10 @@ sdnc:
dmaap:
host: http://message-router.{{ include "common.namespace" . }}:3904
timeout: 30000
+ publisher:
+ topic: RAN-Slice-Mgmt
+ callback:
+ timeout: PT5M
lcm:
path: '/restconf/operations/LCM:'
actionTimeout: 300000