aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--archive/cli/.helmignore (renamed from kubernetes/cli/.helmignore)0
-rw-r--r--archive/cli/Chart.yaml (renamed from kubernetes/cli/Chart.yaml)0
-rw-r--r--archive/cli/resources/configuration/lighttpd.conf (renamed from kubernetes/cli/resources/configuration/lighttpd.conf)0
-rw-r--r--archive/cli/templates/configmap.yaml (renamed from kubernetes/cli/templates/configmap.yaml)0
-rw-r--r--archive/cli/templates/deployment.yaml (renamed from kubernetes/cli/templates/deployment.yaml)0
-rw-r--r--archive/cli/templates/ingress.yaml (renamed from kubernetes/cli/templates/ingress.yaml)0
-rw-r--r--archive/cli/templates/service.yaml (renamed from kubernetes/cli/templates/service.yaml)0
-rw-r--r--archive/cli/values.yaml (renamed from kubernetes/cli/values.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-datafile-collector/Chart.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-datafile-collector/Chart.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-datafile-collector/templates/authorizationpolicy.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/authorizationpolicy.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-datafile-collector/templates/certificates.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/certificates.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-datafile-collector/templates/configmap.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/configmap.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-datafile-collector/templates/deployment.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/deployment.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-datafile-collector/templates/ingress.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/ingress.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-datafile-collector/templates/service.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/service.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-datafile-collector/values.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-heartbeat/Chart.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-heartbeat/Chart.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-heartbeat/templates/authorizationpolicy.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/authorizationpolicy.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-heartbeat/templates/configmap.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/configmap.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-heartbeat/templates/deployment.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/deployment.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-heartbeat/templates/secret.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/secret.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-heartbeat/templates/service.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/service.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-heartbeat/values.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-kpi-ms/Chart.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-kpi-ms/Chart.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-kpi-ms/templates/authorizationpolicy.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/authorizationpolicy.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-kpi-ms/templates/configmap.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/configmap.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-kpi-ms/templates/deployment.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/deployment.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-kpi-ms/templates/secret.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/secret.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-kpi-ms/templates/service.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/service.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-kpi-ms/values.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-pm-mapper/Chart.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-pm-mapper/Chart.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-pm-mapper/templates/authorizationpolicy.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/authorizationpolicy.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-pm-mapper/templates/configmap.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/configmap.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-pm-mapper/templates/deployment.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/deployment.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-pm-mapper/templates/secret.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/secret.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-pm-mapper/templates/service.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/service.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-pm-mapper/values.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-pmsh/Chart.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-pmsh/templates/authorizationpolicy.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-pmsh/templates/authorizationpolicy.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-pmsh/templates/configmap.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-pmsh/templates/configmap.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-pmsh/templates/deployment.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-pmsh/templates/deployment.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-pmsh/templates/secret.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-pmsh/templates/secret.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-pmsh/templates/service.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-pmsh/templates/service.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-pmsh/values.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-restconf-collector/Chart.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-restconf-collector/Chart.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-restconf-collector/templates/authorizationpolicy.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/authorizationpolicy.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-restconf-collector/templates/configmap.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/configmap.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-restconf-collector/templates/deployment.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/deployment.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-restconf-collector/templates/ingress.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/ingress.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-restconf-collector/templates/secret.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/secret.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-restconf-collector/templates/service.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/service.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-restconf-collector/values.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-slice-analysis-ms/Chart.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/Chart.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-slice-analysis-ms/templates/authorizationpolicy.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/authorizationpolicy.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-slice-analysis-ms/templates/configmap.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/configmap.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-slice-analysis-ms/templates/deployment.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/deployment.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-slice-analysis-ms/templates/secret.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/secret.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-slice-analysis-ms/templates/service.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/service.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-snmptrap-collector/Chart.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/Chart.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-snmptrap-collector/templates/authorizationpolicy.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/authorizationpolicy.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-snmptrap-collector/templates/configmap.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/configmap.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-snmptrap-collector/templates/deployment.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/deployment.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-snmptrap-collector/templates/secret.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/secret.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-snmptrap-collector/templates/service.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/service.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-son-handler/Chart.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-son-handler/Chart.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-son-handler/templates/authorizationpolicy.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-son-handler/templates/authorizationpolicy.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-son-handler/templates/configmap.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-son-handler/templates/configmap.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-son-handler/templates/deployment.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-son-handler/templates/deployment.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-son-handler/templates/secret.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-son-handler/templates/secret.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-son-handler/templates/service.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-son-handler/templates/service.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-son-handler/values.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-tcagen2/Chart.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-tcagen2/Chart.yaml)2
-rw-r--r--archive/dcaegen2-services/components/dcae-tcagen2/templates/authorizationpolicy.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/authorizationpolicy.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-tcagen2/templates/configmap.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/configmap.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-tcagen2/templates/deployment.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/deployment.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-tcagen2/templates/secret.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/secret.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-tcagen2/templates/service.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/service.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-tcagen2/values.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-ves-mapper/Chart.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-ves-mapper/Chart.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-ves-mapper/templates/authorizationpolicy.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/authorizationpolicy.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-ves-mapper/templates/configmap.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/configmap.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-ves-mapper/templates/deployment.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/deployment.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-ves-mapper/templates/secret.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/secret.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-ves-mapper/templates/service.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/service.yaml)0
-rw-r--r--archive/dcaegen2-services/components/dcae-ves-mapper/values.yaml (renamed from kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml)0
-rw-r--r--archive/dmaap/.helmignore (renamed from kubernetes/dmaap/.helmignore)0
-rw-r--r--archive/dmaap/Chart.yaml (renamed from kubernetes/dmaap/Chart.yaml)0
-rw-r--r--archive/dmaap/Makefile (renamed from kubernetes/dmaap/Makefile)0
-rw-r--r--archive/dmaap/README.md (renamed from kubernetes/dmaap/README.md)0
-rw-r--r--archive/dmaap/components/Makefile (renamed from kubernetes/dmaap/components/Makefile)0
-rw-r--r--archive/dmaap/components/dmaap-dr-node/.helmignore (renamed from kubernetes/dmaap/components/dmaap-dr-node/.helmignore)0
-rw-r--r--archive/dmaap/components/dmaap-dr-node/Chart.yaml (renamed from kubernetes/dmaap/components/dmaap-dr-node/Chart.yaml)0
-rw-r--r--archive/dmaap/components/dmaap-dr-node/resources/config/logback.xml (renamed from kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml)0
-rw-r--r--archive/dmaap/components/dmaap-dr-node/resources/config/node.properties (renamed from kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties)0
-rw-r--r--archive/dmaap/components/dmaap-dr-node/templates/configmap.yaml (renamed from kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml)0
-rw-r--r--archive/dmaap/components/dmaap-dr-node/templates/ingress.yaml (renamed from kubernetes/dmaap/components/dmaap-dr-node/templates/ingress.yaml)0
-rw-r--r--archive/dmaap/components/dmaap-dr-node/templates/pv-event.yaml (renamed from kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml)0
-rw-r--r--archive/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml (renamed from kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml)0
-rw-r--r--archive/dmaap/components/dmaap-dr-node/templates/service.yaml (renamed from kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml)0
-rw-r--r--archive/dmaap/components/dmaap-dr-node/templates/statefulset.yaml (renamed from kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml)6
-rw-r--r--archive/dmaap/components/dmaap-dr-node/values.yaml (renamed from kubernetes/dmaap/components/dmaap-dr-node/values.yaml)0
-rw-r--r--archive/dmaap/components/dmaap-dr-prov/.helmignore (renamed from kubernetes/dmaap/components/dmaap-dr-prov/.helmignore)0
-rw-r--r--archive/dmaap/components/dmaap-dr-prov/Chart.yaml (renamed from kubernetes/dmaap/components/dmaap-dr-prov/Chart.yaml)0
-rw-r--r--archive/dmaap/components/dmaap-dr-prov/resources/config/logback.xml (renamed from kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml)0
-rw-r--r--archive/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties (renamed from kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties)0
-rw-r--r--archive/dmaap/components/dmaap-dr-prov/templates/configmap.yaml (renamed from kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml)0
-rw-r--r--archive/dmaap/components/dmaap-dr-prov/templates/deployment.yaml (renamed from kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml)0
-rw-r--r--archive/dmaap/components/dmaap-dr-prov/templates/ingress.yaml (renamed from kubernetes/dmaap/components/dmaap-dr-prov/templates/ingress.yaml)0
-rw-r--r--archive/dmaap/components/dmaap-dr-prov/templates/secret.yaml (renamed from kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml)0
-rw-r--r--archive/dmaap/components/dmaap-dr-prov/templates/service.yaml (renamed from kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml)0
-rw-r--r--archive/dmaap/components/dmaap-dr-prov/values.yaml (renamed from kubernetes/dmaap/components/dmaap-dr-prov/values.yaml)0
-rw-r--r--archive/dmaap/components/message-router/.helmignore (renamed from kubernetes/dmaap/components/message-router/.helmignore)0
-rw-r--r--archive/dmaap/components/message-router/Chart.yaml (renamed from kubernetes/dmaap/components/message-router/Chart.yaml)0
-rw-r--r--archive/dmaap/components/message-router/Makefile (renamed from kubernetes/dmaap/components/message-router/Makefile)0
-rwxr-xr-xarchive/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties (renamed from kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties)0
-rw-r--r--archive/dmaap/components/message-router/resources/config/dmaap/logback.xml (renamed from kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml)0
-rw-r--r--archive/dmaap/components/message-router/templates/configmap.yaml (renamed from kubernetes/dmaap/components/message-router/templates/configmap.yaml)0
-rw-r--r--archive/dmaap/components/message-router/templates/ingress.yaml (renamed from kubernetes/dmaap/components/message-router/templates/ingress.yaml)0
-rw-r--r--archive/dmaap/components/message-router/templates/service.yaml (renamed from kubernetes/dmaap/components/message-router/templates/service.yaml)0
-rw-r--r--archive/dmaap/components/message-router/templates/statefulset.yaml (renamed from kubernetes/dmaap/components/message-router/templates/statefulset.yaml)0
-rw-r--r--archive/dmaap/components/message-router/values.yaml (renamed from kubernetes/dmaap/components/message-router/values.yaml)0
-rw-r--r--archive/dmaap/values.yaml (renamed from kubernetes/dmaap/values.yaml)0
-rw-r--r--archive/holmes/.helmignore (renamed from kubernetes/holmes/.helmignore)0
-rw-r--r--archive/holmes/Chart.yaml (renamed from kubernetes/holmes/Chart.yaml)0
-rw-r--r--archive/holmes/Makefile (renamed from kubernetes/holmes/Makefile)0
-rw-r--r--archive/holmes/components/Makefile (renamed from kubernetes/holmes/components/Makefile)0
-rw-r--r--archive/holmes/components/holmes-engine-mgmt/.helmignore (renamed from kubernetes/holmes/components/holmes-engine-mgmt/.helmignore)0
-rw-r--r--archive/holmes/components/holmes-engine-mgmt/Chart.yaml (renamed from kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml)0
-rw-r--r--archive/holmes/components/holmes-engine-mgmt/resources/config/application.yaml (renamed from kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml)0
-rw-r--r--archive/holmes/components/holmes-engine-mgmt/resources/config/cfy.json (renamed from kubernetes/holmes/components/holmes-engine-mgmt/resources/config/cfy.json)0
-rw-r--r--archive/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml (renamed from kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml)0
-rw-r--r--archive/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql (renamed from kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql)0
-rw-r--r--archive/holmes/components/holmes-engine-mgmt/templates/configmap.yaml (renamed from kubernetes/holmes/components/holmes-engine-mgmt/templates/configmap.yaml)0
-rw-r--r--archive/holmes/components/holmes-engine-mgmt/templates/deployment.yaml (renamed from kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml)0
-rw-r--r--archive/holmes/components/holmes-engine-mgmt/templates/secret.yaml (renamed from kubernetes/holmes/components/holmes-engine-mgmt/templates/secret.yaml)0
-rw-r--r--archive/holmes/components/holmes-engine-mgmt/templates/service.yaml (renamed from kubernetes/holmes/components/holmes-engine-mgmt/templates/service.yaml)0
-rw-r--r--archive/holmes/components/holmes-engine-mgmt/values.yaml (renamed from kubernetes/holmes/components/holmes-engine-mgmt/values.yaml)0
-rw-r--r--archive/holmes/components/holmes-rule-mgmt/.helmignore (renamed from kubernetes/holmes/components/holmes-rule-mgmt/.helmignore)0
-rw-r--r--archive/holmes/components/holmes-rule-mgmt/Chart.yaml (renamed from kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml)0
-rw-r--r--archive/holmes/components/holmes-rule-mgmt/resources/config/application.yaml (renamed from kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml)0
-rw-r--r--archive/holmes/components/holmes-rule-mgmt/resources/config/onap-holmes_rulemgt-createobj.sql (renamed from kubernetes/holmes/components/holmes-rule-mgmt/resources/config/onap-holmes_rulemgt-createobj.sql)0
-rw-r--r--archive/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml (renamed from kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml)0
-rw-r--r--archive/holmes/components/holmes-rule-mgmt/resources/rules/ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl (renamed from kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl)0
-rw-r--r--archive/holmes/components/holmes-rule-mgmt/resources/rules/index.json (renamed from kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/index.json)0
-rw-r--r--archive/holmes/components/holmes-rule-mgmt/templates/configmap.yaml (renamed from kubernetes/holmes/components/holmes-rule-mgmt/templates/configmap.yaml)0
-rw-r--r--archive/holmes/components/holmes-rule-mgmt/templates/deployment.yaml (renamed from kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml)0
-rw-r--r--archive/holmes/components/holmes-rule-mgmt/templates/ingress.yaml (renamed from kubernetes/holmes/components/holmes-rule-mgmt/templates/ingress.yaml)0
-rw-r--r--archive/holmes/components/holmes-rule-mgmt/templates/secret.yaml (renamed from kubernetes/holmes/components/holmes-rule-mgmt/templates/secret.yaml)0
-rw-r--r--archive/holmes/components/holmes-rule-mgmt/templates/service.yaml (renamed from kubernetes/holmes/components/holmes-rule-mgmt/templates/service.yaml)0
-rw-r--r--archive/holmes/components/holmes-rule-mgmt/values.yaml (renamed from kubernetes/holmes/components/holmes-rule-mgmt/values.yaml)0
-rw-r--r--archive/holmes/templates/secrets.yaml (renamed from kubernetes/holmes/templates/secrets.yaml)0
-rw-r--r--archive/holmes/values.yaml (renamed from kubernetes/holmes/values.yaml)0
-rw-r--r--archive/modeling/.helmignore (renamed from kubernetes/modeling/.helmignore)0
-rw-r--r--archive/modeling/Chart.yaml (renamed from kubernetes/modeling/Chart.yaml)0
-rw-r--r--archive/modeling/Makefile (renamed from kubernetes/modeling/Makefile)0
-rw-r--r--archive/modeling/components/Makefile (renamed from kubernetes/modeling/components/Makefile)0
-rw-r--r--archive/modeling/components/modeling-etsicatalog/.helmignore (renamed from kubernetes/modeling/components/modeling-etsicatalog/.helmignore)0
-rw-r--r--archive/modeling/components/modeling-etsicatalog/Chart.yaml (renamed from kubernetes/modeling/components/modeling-etsicatalog/Chart.yaml)0
-rw-r--r--archive/modeling/components/modeling-etsicatalog/resources/config/log/filebeat/filebeat.yml (renamed from kubernetes/modeling/components/modeling-etsicatalog/resources/config/log/filebeat/filebeat.yml)0
-rw-r--r--archive/modeling/components/modeling-etsicatalog/resources/config/log/server/log.yml (renamed from kubernetes/modeling/components/modeling-etsicatalog/resources/config/log/server/log.yml)0
-rw-r--r--archive/modeling/components/modeling-etsicatalog/templates/configmap.yaml (renamed from kubernetes/modeling/components/modeling-etsicatalog/templates/configmap.yaml)0
-rw-r--r--archive/modeling/components/modeling-etsicatalog/templates/deployment.yaml (renamed from kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml)0
-rw-r--r--archive/modeling/components/modeling-etsicatalog/templates/pv.yaml (renamed from kubernetes/modeling/components/modeling-etsicatalog/templates/pv.yaml)0
-rw-r--r--archive/modeling/components/modeling-etsicatalog/templates/pvc.yaml (renamed from kubernetes/modeling/components/modeling-etsicatalog/templates/pvc.yaml)0
-rw-r--r--archive/modeling/components/modeling-etsicatalog/templates/secrets.yaml (renamed from kubernetes/modeling/components/modeling-etsicatalog/templates/secrets.yaml)0
-rw-r--r--archive/modeling/components/modeling-etsicatalog/templates/service.yaml (renamed from kubernetes/modeling/components/modeling-etsicatalog/templates/service.yaml)0
-rw-r--r--archive/modeling/components/modeling-etsicatalog/values.yaml (renamed from kubernetes/modeling/components/modeling-etsicatalog/values.yaml)0
-rw-r--r--archive/modeling/values.yaml (renamed from kubernetes/modeling/values.yaml)0
-rw-r--r--archive/msb/.helmignore (renamed from kubernetes/msb/.helmignore)0
-rw-r--r--archive/msb/Chart.yaml (renamed from kubernetes/msb/Chart.yaml)0
-rw-r--r--archive/msb/Makefile (renamed from kubernetes/msb/Makefile)0
-rw-r--r--archive/msb/components/Makefile (renamed from kubernetes/msb/components/Makefile)0
-rw-r--r--archive/msb/components/kube2msb/.helmignore (renamed from kubernetes/msb/components/kube2msb/.helmignore)0
-rw-r--r--archive/msb/components/kube2msb/Chart.yaml (renamed from kubernetes/msb/components/kube2msb/Chart.yaml)0
-rw-r--r--archive/msb/components/kube2msb/templates/deployment.yaml (renamed from kubernetes/msb/components/kube2msb/templates/deployment.yaml)0
-rw-r--r--archive/msb/components/kube2msb/values.yaml (renamed from kubernetes/msb/components/kube2msb/values.yaml)0
-rw-r--r--archive/msb/components/msb-consul/.helmignore (renamed from kubernetes/msb/components/msb-consul/.helmignore)0
-rw-r--r--archive/msb/components/msb-consul/Chart.yaml (renamed from kubernetes/msb/components/msb-consul/Chart.yaml)0
-rwxr-xr-xarchive/msb/components/msb-consul/resources/docker-entrypoint.sh (renamed from kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh)0
-rw-r--r--archive/msb/components/msb-consul/templates/NOTES.txt (renamed from kubernetes/msb/components/msb-consul/templates/NOTES.txt)0
-rw-r--r--archive/msb/components/msb-consul/templates/configmap.yaml (renamed from kubernetes/msb/components/msb-consul/templates/configmap.yaml)0
-rw-r--r--archive/msb/components/msb-consul/templates/deployment.yaml (renamed from kubernetes/msb/components/msb-consul/templates/deployment.yaml)0
-rw-r--r--archive/msb/components/msb-consul/templates/ingress.yaml (renamed from kubernetes/msb/components/msb-consul/templates/ingress.yaml)0
-rw-r--r--archive/msb/components/msb-consul/templates/service.yaml (renamed from kubernetes/msb/components/msb-consul/templates/service.yaml)0
-rw-r--r--archive/msb/components/msb-consul/values.yaml (renamed from kubernetes/msb/components/msb-consul/values.yaml)0
-rw-r--r--archive/msb/components/msb-discovery/.helmignore (renamed from kubernetes/msb/components/msb-discovery/.helmignore)0
-rw-r--r--archive/msb/components/msb-discovery/Chart.yaml (renamed from kubernetes/msb/components/msb-discovery/Chart.yaml)0
-rw-r--r--archive/msb/components/msb-discovery/resources/config/logback.xml (renamed from kubernetes/msb/components/msb-discovery/resources/config/logback.xml)0
-rw-r--r--archive/msb/components/msb-discovery/templates/NOTES.txt (renamed from kubernetes/msb/components/msb-discovery/templates/NOTES.txt)0
-rw-r--r--archive/msb/components/msb-discovery/templates/configmap.yaml (renamed from kubernetes/msb/components/msb-discovery/templates/configmap.yaml)0
-rw-r--r--archive/msb/components/msb-discovery/templates/deployment.yaml (renamed from kubernetes/msb/components/msb-discovery/templates/deployment.yaml)0
-rw-r--r--archive/msb/components/msb-discovery/templates/ingress.yaml (renamed from kubernetes/msb/components/msb-discovery/templates/ingress.yaml)0
-rw-r--r--archive/msb/components/msb-discovery/templates/service.yaml (renamed from kubernetes/msb/components/msb-discovery/templates/service.yaml)0
-rw-r--r--archive/msb/components/msb-discovery/values.yaml (renamed from kubernetes/msb/components/msb-discovery/values.yaml)0
-rw-r--r--archive/msb/components/msb-eag/.helmignore (renamed from kubernetes/msb/components/msb-eag/.helmignore)0
-rw-r--r--archive/msb/components/msb-eag/Chart.yaml (renamed from kubernetes/msb/components/msb-eag/Chart.yaml)0
-rw-r--r--archive/msb/components/msb-eag/resources/config/logback.xml (renamed from kubernetes/msb/components/msb-eag/resources/config/logback.xml)0
-rw-r--r--archive/msb/components/msb-eag/templates/NOTES.txt (renamed from kubernetes/msb/components/msb-eag/templates/NOTES.txt)0
-rw-r--r--archive/msb/components/msb-eag/templates/configmap.yaml (renamed from kubernetes/msb/components/msb-eag/templates/configmap.yaml)0
-rw-r--r--archive/msb/components/msb-eag/templates/deployment.yaml (renamed from kubernetes/msb/components/msb-eag/templates/deployment.yaml)0
-rw-r--r--archive/msb/components/msb-eag/templates/ingress.yaml (renamed from kubernetes/msb/components/msb-eag/templates/ingress.yaml)0
-rw-r--r--archive/msb/components/msb-eag/templates/service.yaml (renamed from kubernetes/msb/components/msb-eag/templates/service.yaml)0
-rw-r--r--archive/msb/components/msb-eag/values.yaml (renamed from kubernetes/msb/components/msb-eag/values.yaml)0
-rw-r--r--archive/msb/components/msb-iag/.helmignore (renamed from kubernetes/msb/components/msb-iag/.helmignore)0
-rw-r--r--archive/msb/components/msb-iag/Chart.yaml (renamed from kubernetes/msb/components/msb-iag/Chart.yaml)0
-rw-r--r--archive/msb/components/msb-iag/resources/config/logback.xml (renamed from kubernetes/msb/components/msb-iag/resources/config/logback.xml)0
-rw-r--r--archive/msb/components/msb-iag/templates/NOTES.txt (renamed from kubernetes/msb/components/msb-iag/templates/NOTES.txt)0
-rw-r--r--archive/msb/components/msb-iag/templates/configmap.yaml (renamed from kubernetes/msb/components/msb-iag/templates/configmap.yaml)0
-rw-r--r--archive/msb/components/msb-iag/templates/deployment.yaml (renamed from kubernetes/msb/components/msb-iag/templates/deployment.yaml)0
-rw-r--r--archive/msb/components/msb-iag/templates/ingress.yaml (renamed from kubernetes/msb/components/msb-iag/templates/ingress.yaml)0
-rw-r--r--archive/msb/components/msb-iag/templates/service.yaml (renamed from kubernetes/msb/components/msb-iag/templates/service.yaml)0
-rw-r--r--archive/msb/components/msb-iag/values.yaml (renamed from kubernetes/msb/components/msb-iag/values.yaml)0
-rw-r--r--archive/msb/resources/config/log/discovery/logback.xml (renamed from kubernetes/msb/resources/config/log/discovery/logback.xml)0
-rw-r--r--archive/msb/resources/config/log/eag/logback.xml (renamed from kubernetes/msb/resources/config/log/eag/logback.xml)0
-rw-r--r--archive/msb/resources/config/log/filebeat/filebeat.yml (renamed from kubernetes/msb/resources/config/log/filebeat/filebeat.yml)0
-rw-r--r--archive/msb/resources/config/log/iag/logback.xml (renamed from kubernetes/msb/resources/config/log/iag/logback.xml)0
-rw-r--r--archive/msb/templates/configmap.yaml (renamed from kubernetes/msb/templates/configmap.yaml)0
-rw-r--r--archive/msb/templates/serviceaccount.yaml (renamed from kubernetes/msb/templates/serviceaccount.yaml)0
-rw-r--r--archive/msb/values.yaml (renamed from kubernetes/msb/values.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-pike/.helmignore (renamed from kubernetes/multicloud/components/multicloud-pike/.helmignore)0
-rw-r--r--archive/multicloud/components/multicloud-pike/Chart.yaml (renamed from kubernetes/multicloud/components/multicloud-pike/Chart.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-pike/resources/config/log/log.yml (renamed from kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml)0
-rw-r--r--archive/multicloud/components/multicloud-pike/templates/NOTES.txt (renamed from kubernetes/multicloud/components/multicloud-pike/templates/NOTES.txt)0
-rw-r--r--archive/multicloud/components/multicloud-pike/templates/configmap.yaml (renamed from kubernetes/multicloud/components/multicloud-pike/templates/configmap.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-pike/templates/deployment.yaml (renamed from kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-pike/templates/ingress.yaml (renamed from kubernetes/multicloud/components/multicloud-pike/templates/ingress.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-pike/templates/service.yaml (renamed from kubernetes/multicloud/components/multicloud-pike/templates/service.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-pike/values.yaml (renamed from kubernetes/multicloud/components/multicloud-pike/values.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/Chart.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/Chart.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/Chart.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/Chart.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/resources/config/alertmanager.yml (renamed from kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/resources/config/alertmanager.yml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/configmap.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/configmap.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/deployment.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/deployment.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/pv.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/pv.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/pvc.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/pvc.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/service.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/service.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/values.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/values.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/Chart.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/Chart.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/resources/config/grafana.ini (renamed from kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/resources/config/grafana.ini)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/configmap.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/configmap.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/deployment.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/deployment.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/pv.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/pv.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/pvc.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/pvc.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/service.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/service.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/values.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/values.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/resources/config/prometheus.yml (renamed from kubernetes/multicloud/components/multicloud-prometheus/resources/config/prometheus.yml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/templates/configmap.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/templates/configmap.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/templates/deployment.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/templates/pv.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/templates/pv.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/templates/pvc.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/templates/pvc.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/templates/service.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/templates/service.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-prometheus/values.yaml (renamed from kubernetes/multicloud/components/multicloud-prometheus/values.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-starlingx/.helmignore (renamed from kubernetes/multicloud/components/multicloud-starlingx/.helmignore)0
-rw-r--r--archive/multicloud/components/multicloud-starlingx/Chart.yaml (renamed from kubernetes/multicloud/components/multicloud-starlingx/Chart.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-starlingx/resources/config/log/config.json (renamed from kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/config.json)0
-rw-r--r--archive/multicloud/components/multicloud-starlingx/resources/config/log/log.yml (renamed from kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml)0
-rw-r--r--archive/multicloud/components/multicloud-starlingx/templates/NOTES.txt (renamed from kubernetes/multicloud/components/multicloud-starlingx/templates/NOTES.txt)0
-rw-r--r--archive/multicloud/components/multicloud-starlingx/templates/configmap.yaml (renamed from kubernetes/multicloud/components/multicloud-starlingx/templates/configmap.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-starlingx/templates/deployment.yaml (renamed from kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-starlingx/templates/ingress.yaml (renamed from kubernetes/multicloud/components/multicloud-starlingx/templates/ingress.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-starlingx/templates/service.yaml (renamed from kubernetes/multicloud/components/multicloud-starlingx/templates/service.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-starlingx/values.yaml (renamed from kubernetes/multicloud/components/multicloud-starlingx/values.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-vio/.helmignore (renamed from kubernetes/multicloud/components/multicloud-vio/.helmignore)0
-rw-r--r--archive/multicloud/components/multicloud-vio/Chart.yaml (renamed from kubernetes/multicloud/components/multicloud-vio/Chart.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-vio/resources/config/log/log.yml (renamed from kubernetes/multicloud/components/multicloud-vio/resources/config/log/log.yml)0
-rw-r--r--archive/multicloud/components/multicloud-vio/templates/NOTES.txt (renamed from kubernetes/multicloud/components/multicloud-vio/templates/NOTES.txt)0
-rw-r--r--archive/multicloud/components/multicloud-vio/templates/configmap.yaml (renamed from kubernetes/multicloud/components/multicloud-vio/templates/configmap.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-vio/templates/deployment.yaml (renamed from kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-vio/templates/ingress.yaml (renamed from kubernetes/multicloud/components/multicloud-vio/templates/ingress.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-vio/templates/service.yaml (renamed from kubernetes/multicloud/components/multicloud-vio/templates/service.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-vio/values.yaml (renamed from kubernetes/multicloud/components/multicloud-vio/values.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-windriver/.helmignore (renamed from kubernetes/multicloud/components/multicloud-windriver/.helmignore)0
-rw-r--r--archive/multicloud/components/multicloud-windriver/Chart.yaml (renamed from kubernetes/multicloud/components/multicloud-windriver/Chart.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-windriver/resources/config/log/config.json (renamed from kubernetes/multicloud/components/multicloud-windriver/resources/config/log/config.json)0
-rw-r--r--archive/multicloud/components/multicloud-windriver/resources/config/log/log.yml (renamed from kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml)0
-rw-r--r--archive/multicloud/components/multicloud-windriver/resources/config/log/test.txt (renamed from kubernetes/multicloud/components/multicloud-windriver/resources/config/log/test.txt)0
-rw-r--r--archive/multicloud/components/multicloud-windriver/templates/NOTES.txt (renamed from kubernetes/multicloud/components/multicloud-windriver/templates/NOTES.txt)0
-rw-r--r--archive/multicloud/components/multicloud-windriver/templates/configmap.yaml (renamed from kubernetes/multicloud/components/multicloud-windriver/templates/configmap.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-windriver/templates/deployment.yaml (renamed from kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-windriver/templates/ingress.yaml (renamed from kubernetes/multicloud/components/multicloud-windriver/templates/ingress.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-windriver/templates/pv.yaml (renamed from kubernetes/multicloud/components/multicloud-windriver/templates/pv.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-windriver/templates/pvc.yaml (renamed from kubernetes/multicloud/components/multicloud-windriver/templates/pvc.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-windriver/templates/service.yaml (renamed from kubernetes/multicloud/components/multicloud-windriver/templates/service.yaml)0
-rw-r--r--archive/multicloud/components/multicloud-windriver/values.yaml (renamed from kubernetes/multicloud/components/multicloud-windriver/values.yaml)0
-rw-r--r--archive/nbi/.helmignore (renamed from kubernetes/nbi/.helmignore)0
-rw-r--r--archive/nbi/Chart.yaml (renamed from kubernetes/nbi/Chart.yaml)2
-rw-r--r--archive/nbi/README.md (renamed from kubernetes/nbi/README.md)0
-rw-r--r--archive/nbi/templates/deployment.yaml (renamed from kubernetes/nbi/templates/deployment.yaml)0
-rw-r--r--archive/nbi/templates/ingress.yaml (renamed from kubernetes/nbi/templates/ingress.yaml)0
-rw-r--r--archive/nbi/templates/secret.yaml (renamed from kubernetes/nbi/templates/secret.yaml)0
-rw-r--r--archive/nbi/templates/service.yaml (renamed from kubernetes/nbi/templates/service.yaml)0
-rw-r--r--archive/nbi/tests/deployment_test.yaml (renamed from kubernetes/nbi/tests/deployment_test.yaml)0
-rw-r--r--archive/nbi/values.yaml (renamed from kubernetes/nbi/values.yaml)0
-rw-r--r--archive/oof/.helmignore (renamed from kubernetes/oof/.helmignore)0
-rwxr-xr-xarchive/oof/Chart.yaml (renamed from kubernetes/oof/Chart.yaml)0
-rw-r--r--archive/oof/Makefile (renamed from kubernetes/oof/Makefile)0
-rwxr-xr-xarchive/oof/components/Makefile (renamed from kubernetes/oof/components/Makefile)0
-rw-r--r--archive/oof/components/oof-has/.helmignore (renamed from kubernetes/oof/components/oof-has/.helmignore)0
-rwxr-xr-xarchive/oof/components/oof-has/Chart.yaml (renamed from kubernetes/oof/components/oof-has/Chart.yaml)0
-rw-r--r--archive/oof/components/oof-has/Makefile (renamed from kubernetes/oof/components/oof-has/Makefile)0
-rwxr-xr-xarchive/oof/components/oof-has/components/Makefile (renamed from kubernetes/oof/components/oof-has/components/Makefile)0
-rwxr-xr-xarchive/oof/components/oof-has/components/oof-has-api/Chart.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml)0
-rwxr-xr-xarchive/oof/components/oof-has/components/oof-has-api/templates/NOTES.txt (renamed from kubernetes/oof/components/oof-has/components/oof-has-api/templates/NOTES.txt)0
-rwxr-xr-xarchive/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml)0
-rw-r--r--archive/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml)0
-rw-r--r--archive/oof/components/oof-has/components/oof-has-api/templates/secret.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml)0
-rwxr-xr-xarchive/oof/components/oof-has/components/oof-has-api/templates/service.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml)0
-rwxr-xr-xarchive/oof/components/oof-has/components/oof-has-api/values.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml)0
-rwxr-xr-xarchive/oof/components/oof-has/components/oof-has-controller/Chart.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml)0
-rwxr-xr-xarchive/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml)0
-rw-r--r--archive/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml)0
-rwxr-xr-xarchive/oof/components/oof-has/components/oof-has-controller/values.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml)0
-rwxr-xr-xarchive/oof/components/oof-has/components/oof-has-data/Chart.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml)0
-rwxr-xr-xarchive/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml)0
-rw-r--r--archive/oof/components/oof-has/components/oof-has-data/templates/secret.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml)0
-rwxr-xr-xarchive/oof/components/oof-has/components/oof-has-data/values.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml)0
-rwxr-xr-xarchive/oof/components/oof-has/components/oof-has-reservation/Chart.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml)0
-rwxr-xr-xarchive/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml)0
-rw-r--r--archive/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml)0
-rwxr-xr-xarchive/oof/components/oof-has/components/oof-has-reservation/values.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml)0
-rwxr-xr-xarchive/oof/components/oof-has/components/oof-has-solver/Chart.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml)0
-rwxr-xr-xarchive/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml)0
-rw-r--r--archive/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml)0
-rwxr-xr-xarchive/oof/components/oof-has/components/oof-has-solver/values.yaml (renamed from kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml)0
-rwxr-xr-xarchive/oof/components/oof-has/resources/config/conductor.conf (renamed from kubernetes/oof/components/oof-has/resources/config/conductor.conf)0
-rwxr-xr-xarchive/oof/components/oof-has/resources/config/healthy.sh (renamed from kubernetes/oof/components/oof-has/resources/config/healthy.sh)0
-rwxr-xr-xarchive/oof/components/oof-has/resources/config/log.conf (renamed from kubernetes/oof/components/oof-has/resources/config/log.conf)0
-rwxr-xr-xarchive/oof/components/oof-has/resources/config/log/filebeat.yml (renamed from kubernetes/oof/components/oof-has/resources/config/log/filebeat.yml)0
-rw-r--r--archive/oof/components/oof-has/resources/config/nginx.conf (renamed from kubernetes/oof/components/oof-has/resources/config/nginx.conf)0
-rwxr-xr-xarchive/oof/components/oof-has/templates/configmap.yaml (renamed from kubernetes/oof/components/oof-has/templates/configmap.yaml)0
-rw-r--r--archive/oof/components/oof-has/templates/secret.yaml (renamed from kubernetes/oof/components/oof-has/templates/secret.yaml)0
-rwxr-xr-xarchive/oof/components/oof-has/values.yaml (renamed from kubernetes/oof/components/oof-has/values.yaml)0
-rwxr-xr-xarchive/oof/components/oof-templates/Chart.yaml (renamed from kubernetes/oof/components/oof-templates/Chart.yaml)0
-rw-r--r--archive/oof/components/oof-templates/templates/_secret.tpl (renamed from kubernetes/oof/components/oof-templates/templates/_secret.tpl)0
-rw-r--r--archive/oof/components/oof-templates/values.yaml (renamed from kubernetes/oof/components/oof-templates/values.yaml)0
-rw-r--r--archive/oof/resources/config/conf/common_config.yaml (renamed from kubernetes/oof/resources/config/conf/common_config.yaml)0
-rw-r--r--archive/oof/resources/config/conf/log.yml (renamed from kubernetes/oof/resources/config/conf/log.yml)0
-rwxr-xr-xarchive/oof/resources/config/conf/osdf_config.yaml (renamed from kubernetes/oof/resources/config/conf/osdf_config.yaml)0
-rw-r--r--archive/oof/resources/config/conf/slicing_config.yaml (renamed from kubernetes/oof/resources/config/conf/slicing_config.yaml)0
-rw-r--r--archive/oof/templates/NOTES.txt (renamed from kubernetes/oof/templates/NOTES.txt)0
-rw-r--r--archive/oof/templates/configmap.yaml (renamed from kubernetes/oof/templates/configmap.yaml)0
-rw-r--r--archive/oof/templates/deployment.yaml (renamed from kubernetes/oof/templates/deployment.yaml)0
-rw-r--r--archive/oof/templates/ingress.yaml (renamed from kubernetes/oof/templates/ingress.yaml)0
-rw-r--r--archive/oof/templates/secret.yaml (renamed from kubernetes/oof/templates/secret.yaml)0
-rw-r--r--archive/oof/templates/service.yaml (renamed from kubernetes/oof/templates/service.yaml)0
-rw-r--r--archive/oof/values.yaml (renamed from kubernetes/oof/values.yaml)0
-rw-r--r--archive/policy/components/policy-gui/Chart.yaml (renamed from kubernetes/policy/components/policy-gui/Chart.yaml)0
-rw-r--r--archive/policy/components/policy-gui/resources/config/application.yml (renamed from kubernetes/policy/components/policy-gui/resources/config/application.yml)0
-rw-r--r--archive/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml (renamed from kubernetes/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml)0
-rw-r--r--archive/policy/components/policy-gui/resources/config/logback.xml (renamed from kubernetes/policy/components/policy-gui/resources/config/logback.xml)0
-rw-r--r--archive/policy/components/policy-gui/templates/NOTES.txt (renamed from kubernetes/policy/components/policy-gui/templates/NOTES.txt)0
-rw-r--r--archive/policy/components/policy-gui/templates/authorizationpolicy.yaml (renamed from kubernetes/policy/components/policy-gui/templates/authorizationpolicy.yaml)0
-rw-r--r--archive/policy/components/policy-gui/templates/configmap.yaml (renamed from kubernetes/policy/components/policy-gui/templates/configmap.yaml)0
-rw-r--r--archive/policy/components/policy-gui/templates/deployment.yaml (renamed from kubernetes/policy/components/policy-gui/templates/deployment.yaml)0
-rw-r--r--archive/policy/components/policy-gui/templates/ingress.yaml (renamed from kubernetes/policy/components/policy-gui/templates/ingress.yaml)0
-rw-r--r--archive/policy/components/policy-gui/templates/secrets.yaml (renamed from kubernetes/policy/components/policy-gui/templates/secrets.yaml)0
-rw-r--r--archive/policy/components/policy-gui/templates/service.yaml (renamed from kubernetes/policy/components/policy-gui/templates/service.yaml)0
-rw-r--r--archive/policy/components/policy-gui/values.yaml (renamed from kubernetes/policy/components/policy-gui/values.yaml)2
-rw-r--r--archive/sdnc/components/dmaap-listener/Chart.yaml (renamed from kubernetes/sdnc/components/dmaap-listener/Chart.yaml)2
-rw-r--r--archive/sdnc/components/dmaap-listener/resources/config/aai.properties (renamed from kubernetes/sdnc/components/dmaap-listener/resources/config/aai.properties)0
-rw-r--r--archive/sdnc/components/dmaap-listener/resources/config/dblib.properties (renamed from kubernetes/sdnc/components/dmaap-listener/resources/config/dblib.properties)0
-rw-r--r--archive/sdnc/components/dmaap-listener/resources/config/dhcpalert.properties (renamed from kubernetes/sdnc/components/dmaap-listener/resources/config/dhcpalert.properties)0
-rw-r--r--archive/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties (renamed from kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties)0
-rw-r--r--archive/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties (renamed from kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties)0
-rw-r--r--archive/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties (renamed from kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties)0
-rw-r--r--archive/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties (renamed from kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties)0
-rw-r--r--archive/sdnc/components/dmaap-listener/resources/config/lcm.properties (renamed from kubernetes/sdnc/components/dmaap-listener/resources/config/lcm.properties)0
-rw-r--r--archive/sdnc/components/dmaap-listener/templates/authorizationpolicy.yaml (renamed from kubernetes/sdnc/components/dmaap-listener/templates/authorizationpolicy.yaml)0
-rw-r--r--archive/sdnc/components/dmaap-listener/templates/configmap.yaml (renamed from kubernetes/sdnc/components/dmaap-listener/templates/configmap.yaml)0
-rw-r--r--archive/sdnc/components/dmaap-listener/templates/deployment.yaml (renamed from kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml)0
-rw-r--r--archive/sdnc/components/dmaap-listener/templates/secret.yaml (renamed from kubernetes/sdnc/components/dmaap-listener/templates/secret.yaml)0
-rw-r--r--archive/sdnc/components/dmaap-listener/templates/service.yaml (renamed from kubernetes/sdnc/components/dmaap-listener/templates/service.yaml)0
-rw-r--r--archive/sdnc/components/dmaap-listener/values.yaml (renamed from kubernetes/sdnc/components/dmaap-listener/values.yaml)2
-rw-r--r--archive/vfc/.helmignore (renamed from kubernetes/vfc/.helmignore)0
-rw-r--r--archive/vfc/Chart.yaml (renamed from kubernetes/vfc/Chart.yaml)0
-rw-r--r--archive/vfc/Makefile (renamed from kubernetes/vfc/Makefile)0
-rw-r--r--[-rwxr-xr-x]archive/vfc/components/Makefile (renamed from kubernetes/platform/components/oauth2-proxy/components/Makefile)0
-rw-r--r--archive/vfc/components/vfc-generic-vnfm-driver/.helmignore (renamed from kubernetes/vfc/components/vfc-generic-vnfm-driver/.helmignore)0
-rw-r--r--archive/vfc/components/vfc-generic-vnfm-driver/Chart.yaml (renamed from kubernetes/vfc/components/vfc-generic-vnfm-driver/Chart.yaml)0
-rw-r--r--archive/vfc/components/vfc-generic-vnfm-driver/resources/config/logging/log.yml (renamed from kubernetes/vfc/components/vfc-generic-vnfm-driver/resources/config/logging/log.yml)0
-rw-r--r--archive/vfc/components/vfc-generic-vnfm-driver/templates/configmap.yaml (renamed from kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/configmap.yaml)0
-rw-r--r--archive/vfc/components/vfc-generic-vnfm-driver/templates/deployment.yaml (renamed from kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/deployment.yaml)0
-rw-r--r--archive/vfc/components/vfc-generic-vnfm-driver/templates/service.yaml (renamed from kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/service.yaml)0
-rw-r--r--archive/vfc/components/vfc-generic-vnfm-driver/values.yaml (renamed from kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml)0
-rw-r--r--archive/vfc/components/vfc-huawei-vnfm-driver/.helmignore (renamed from kubernetes/vfc/components/vfc-huawei-vnfm-driver/.helmignore)0
-rw-r--r--archive/vfc/components/vfc-huawei-vnfm-driver/Chart.yaml (renamed from kubernetes/vfc/components/vfc-huawei-vnfm-driver/Chart.yaml)0
-rw-r--r--archive/vfc/components/vfc-huawei-vnfm-driver/resources/config/logging/log4j.properties (renamed from kubernetes/vfc/components/vfc-huawei-vnfm-driver/resources/config/logging/log4j.properties)0
-rw-r--r--archive/vfc/components/vfc-huawei-vnfm-driver/templates/configmap.yaml (renamed from kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/configmap.yaml)0
-rw-r--r--archive/vfc/components/vfc-huawei-vnfm-driver/templates/deployment.yaml (renamed from kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/deployment.yaml)0
-rw-r--r--archive/vfc/components/vfc-huawei-vnfm-driver/templates/service.yaml (renamed from kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/service.yaml)0
-rw-r--r--archive/vfc/components/vfc-huawei-vnfm-driver/values.yaml (renamed from kubernetes/vfc/components/vfc-huawei-vnfm-driver/values.yaml)0
-rw-r--r--archive/vfc/components/vfc-nslcm/.helmignore (renamed from kubernetes/vfc/components/vfc-nslcm/.helmignore)0
-rw-r--r--archive/vfc/components/vfc-nslcm/Chart.yaml (renamed from kubernetes/vfc/components/vfc-nslcm/Chart.yaml)0
-rw-r--r--archive/vfc/components/vfc-nslcm/resources/config/logging/log.yml (renamed from kubernetes/vfc/components/vfc-nslcm/resources/config/logging/log.yml)0
-rw-r--r--archive/vfc/components/vfc-nslcm/templates/configmap.yaml (renamed from kubernetes/vfc/components/vfc-nslcm/templates/configmap.yaml)0
-rw-r--r--archive/vfc/components/vfc-nslcm/templates/deployment.yaml (renamed from kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml)0
-rw-r--r--archive/vfc/components/vfc-nslcm/templates/secrets.yaml (renamed from kubernetes/vfc/components/vfc-nslcm/templates/secrets.yaml)0
-rw-r--r--archive/vfc/components/vfc-nslcm/templates/service.yaml (renamed from kubernetes/vfc/components/vfc-nslcm/templates/service.yaml)0
-rw-r--r--archive/vfc/components/vfc-nslcm/values.yaml (renamed from kubernetes/vfc/components/vfc-nslcm/values.yaml)0
-rw-r--r--archive/vfc/components/vfc-redis/.helmignore (renamed from kubernetes/vfc/components/vfc-redis/.helmignore)0
-rw-r--r--archive/vfc/components/vfc-redis/Chart.yaml (renamed from kubernetes/vfc/components/vfc-redis/Chart.yaml)0
-rw-r--r--archive/vfc/components/vfc-redis/templates/deployment.yaml (renamed from kubernetes/vfc/components/vfc-redis/templates/deployment.yaml)0
-rw-r--r--archive/vfc/components/vfc-redis/templates/service.yaml (renamed from kubernetes/vfc/components/vfc-redis/templates/service.yaml)0
-rw-r--r--archive/vfc/components/vfc-redis/values.yaml (renamed from kubernetes/vfc/components/vfc-redis/values.yaml)0
-rw-r--r--archive/vfc/components/vfc-vnflcm/.helmignore (renamed from kubernetes/vfc/components/vfc-vnflcm/.helmignore)0
-rw-r--r--archive/vfc/components/vfc-vnflcm/Chart.yaml (renamed from kubernetes/vfc/components/vfc-vnflcm/Chart.yaml)0
-rw-r--r--archive/vfc/components/vfc-vnflcm/resources/config/logging/log.yml (renamed from kubernetes/vfc/components/vfc-vnflcm/resources/config/logging/log.yml)0
-rw-r--r--archive/vfc/components/vfc-vnflcm/templates/configmap.yaml (renamed from kubernetes/vfc/components/vfc-vnflcm/templates/configmap.yaml)0
-rw-r--r--archive/vfc/components/vfc-vnflcm/templates/deployment.yaml (renamed from kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml)0
-rw-r--r--archive/vfc/components/vfc-vnflcm/templates/secrets.yaml (renamed from kubernetes/vfc/components/vfc-vnflcm/templates/secrets.yaml)0
-rw-r--r--archive/vfc/components/vfc-vnflcm/templates/service.yaml (renamed from kubernetes/vfc/components/vfc-vnflcm/templates/service.yaml)0
-rw-r--r--archive/vfc/components/vfc-vnflcm/values.yaml (renamed from kubernetes/vfc/components/vfc-vnflcm/values.yaml)0
-rw-r--r--archive/vfc/components/vfc-vnfmgr/.helmignore (renamed from kubernetes/vfc/components/vfc-vnfmgr/.helmignore)0
-rw-r--r--archive/vfc/components/vfc-vnfmgr/Chart.yaml (renamed from kubernetes/vfc/components/vfc-vnfmgr/Chart.yaml)0
-rw-r--r--archive/vfc/components/vfc-vnfmgr/resources/config/logging/log.yml (renamed from kubernetes/vfc/components/vfc-vnfmgr/resources/config/logging/log.yml)0
-rw-r--r--archive/vfc/components/vfc-vnfmgr/templates/configmap.yaml (renamed from kubernetes/vfc/components/vfc-vnfmgr/templates/configmap.yaml)0
-rw-r--r--archive/vfc/components/vfc-vnfmgr/templates/deployment.yaml (renamed from kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml)0
-rw-r--r--archive/vfc/components/vfc-vnfmgr/templates/secrets.yaml (renamed from kubernetes/vfc/components/vfc-vnfmgr/templates/secrets.yaml)0
-rw-r--r--archive/vfc/components/vfc-vnfmgr/templates/service.yaml (renamed from kubernetes/vfc/components/vfc-vnfmgr/templates/service.yaml)0
-rw-r--r--archive/vfc/components/vfc-vnfmgr/values.yaml (renamed from kubernetes/vfc/components/vfc-vnfmgr/values.yaml)0
-rw-r--r--archive/vfc/components/vfc-vnfres/.helmignore (renamed from kubernetes/vfc/components/vfc-vnfres/.helmignore)0
-rw-r--r--archive/vfc/components/vfc-vnfres/Chart.yaml (renamed from kubernetes/vfc/components/vfc-vnfres/Chart.yaml)0
-rw-r--r--archive/vfc/components/vfc-vnfres/resources/config/logging/log.yml (renamed from kubernetes/vfc/components/vfc-vnfres/resources/config/logging/log.yml)0
-rw-r--r--archive/vfc/components/vfc-vnfres/templates/configmap.yaml (renamed from kubernetes/vfc/components/vfc-vnfres/templates/configmap.yaml)0
-rw-r--r--archive/vfc/components/vfc-vnfres/templates/deployment.yaml (renamed from kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml)0
-rw-r--r--archive/vfc/components/vfc-vnfres/templates/secrets.yaml (renamed from kubernetes/vfc/components/vfc-vnfres/templates/secrets.yaml)0
-rw-r--r--archive/vfc/components/vfc-vnfres/templates/service.yaml (renamed from kubernetes/vfc/components/vfc-vnfres/templates/service.yaml)0
-rw-r--r--archive/vfc/components/vfc-vnfres/values.yaml (renamed from kubernetes/vfc/components/vfc-vnfres/values.yaml)0
-rw-r--r--archive/vfc/components/vfc-zte-vnfm-driver/.helmignore (renamed from kubernetes/vfc/components/vfc-zte-vnfm-driver/.helmignore)0
-rw-r--r--archive/vfc/components/vfc-zte-vnfm-driver/Chart.yaml (renamed from kubernetes/vfc/components/vfc-zte-vnfm-driver/Chart.yaml)0
-rw-r--r--archive/vfc/components/vfc-zte-vnfm-driver/resources/config/logging/log.yml (renamed from kubernetes/vfc/components/vfc-zte-vnfm-driver/resources/config/logging/log.yml)0
-rw-r--r--archive/vfc/components/vfc-zte-vnfm-driver/templates/configmap.yaml (renamed from kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/configmap.yaml)0
-rw-r--r--archive/vfc/components/vfc-zte-vnfm-driver/templates/deployment.yaml (renamed from kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/deployment.yaml)0
-rw-r--r--archive/vfc/components/vfc-zte-vnfm-driver/templates/service.yaml (renamed from kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/service.yaml)0
-rw-r--r--archive/vfc/components/vfc-zte-vnfm-driver/values.yaml (renamed from kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml)0
-rw-r--r--archive/vfc/resources/config/log/filebeat/filebeat.yml (renamed from kubernetes/vfc/resources/config/log/filebeat/filebeat.yml)0
-rw-r--r--archive/vfc/templates/configmap.yaml (renamed from kubernetes/vfc/templates/configmap.yaml)0
-rw-r--r--archive/vfc/templates/secrets.yaml (renamed from kubernetes/vfc/templates/secrets.yaml)0
-rw-r--r--archive/vfc/values.yaml (renamed from kubernetes/vfc/values.yaml)0
-rw-r--r--archive/vnfsdk/Chart.yaml (renamed from kubernetes/vnfsdk/Chart.yaml)0
-rw-r--r--archive/vnfsdk/resources/config/configuration.xml (renamed from kubernetes/vnfsdk/resources/config/configuration.xml)0
-rw-r--r--archive/vnfsdk/resources/config/marketplace_tables_postgres.sql (renamed from kubernetes/vnfsdk/resources/config/marketplace_tables_postgres.sql)0
-rw-r--r--archive/vnfsdk/resources/nginx/nginx.conf (renamed from kubernetes/vnfsdk/resources/nginx/nginx.conf)0
-rw-r--r--archive/vnfsdk/templates/NOTES.txt (renamed from kubernetes/vnfsdk/templates/NOTES.txt)0
-rw-r--r--archive/vnfsdk/templates/configmap.yaml (renamed from kubernetes/vnfsdk/templates/configmap.yaml)0
-rw-r--r--archive/vnfsdk/templates/deployment.yaml (renamed from kubernetes/vnfsdk/templates/deployment.yaml)0
-rw-r--r--archive/vnfsdk/templates/ingress.yaml (renamed from kubernetes/vnfsdk/templates/ingress.yaml)0
-rw-r--r--archive/vnfsdk/templates/job.yaml (renamed from kubernetes/vnfsdk/templates/job.yaml)0
-rw-r--r--archive/vnfsdk/templates/secrets.yaml (renamed from kubernetes/vnfsdk/templates/secrets.yaml)0
-rw-r--r--archive/vnfsdk/templates/service.yaml (renamed from kubernetes/vnfsdk/templates/service.yaml)0
-rw-r--r--archive/vnfsdk/values.yaml (renamed from kubernetes/vnfsdk/values.yaml)0
-rw-r--r--docs/_static/logo_onap_2024.pngbin0 -> 11627 bytes
-rw-r--r--docs/conf.py2
-rw-r--r--docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst26
-rw-r--r--docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst12
-rw-r--r--docs/sections/release_notes/release-notes-montreal.rst131
-rw-r--r--docs/sections/release_notes/release-notes.rst35
-rw-r--r--docs/sections/resources/yaml/istiod-1_21.yaml21
-rw-r--r--docs/sections/resources/yaml/keycloak-server-values.yaml4
-rw-r--r--kubernetes/aai/Chart.yaml16
-rw-r--r--kubernetes/aai/components/aai-babel/Chart.yaml2
-rw-r--r--kubernetes/aai/components/aai-babel/resources/config/application.properties4
-rw-r--r--kubernetes/aai/components/aai-babel/templates/deployment.yaml30
-rw-r--r--kubernetes/aai/components/aai-babel/templates/servicemonitor.yaml3
-rw-r--r--kubernetes/aai/components/aai-babel/values.yaml40
-rw-r--r--kubernetes/aai/components/aai-graphadmin/Chart.yaml5
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/application.properties6
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-cached.properties99
-rw-r--r--kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-realtime.properties51
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/aai-graph-kafka-user.yml3
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml1
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml140
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml7
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml47
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml29
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/service.yaml36
-rw-r--r--kubernetes/aai/components/aai-graphadmin/values.yaml122
-rw-r--r--kubernetes/aai/components/aai-modelloader/Chart.yaml2
-rw-r--r--kubernetes/aai/components/aai-modelloader/templates/deployment.yaml24
-rw-r--r--kubernetes/aai/components/aai-modelloader/templates/podmonitor.yaml34
-rw-r--r--kubernetes/aai/components/aai-modelloader/values.yaml33
-rw-r--r--kubernetes/aai/components/aai-resources/.helmignore42
-rw-r--r--kubernetes/aai/components/aai-resources/Chart.yaml2
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties4
-rw-r--r--kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties32
-rw-r--r--kubernetes/aai/components/aai-resources/templates/aai-kafka-user.yml3
-rw-r--r--kubernetes/aai/components/aai-resources/templates/deployment.yaml45
-rw-r--r--kubernetes/aai/components/aai-resources/templates/service.yaml38
-rw-r--r--kubernetes/aai/components/aai-resources/values.yaml68
-rw-r--r--kubernetes/aai/components/aai-schema-service/.helmignore42
-rw-r--r--kubernetes/aai/components/aai-schema-service/Chart.yaml2
-rw-r--r--kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties2
-rw-r--r--kubernetes/aai/components/aai-schema-service/config/application.properties2
-rw-r--r--kubernetes/aai/components/aai-schema-service/templates/deployment.yaml33
-rw-r--r--kubernetes/aai/components/aai-schema-service/templates/service.yaml24
-rw-r--r--kubernetes/aai/components/aai-schema-service/values.yaml36
-rw-r--r--kubernetes/aai/components/aai-sparky-be/.helmignore42
-rw-r--r--kubernetes/aai/components/aai-sparky-be/Chart.yaml2
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties2
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties3
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties3
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties54
-rw-r--r--kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config40
-rw-r--r--kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml33
-rw-r--r--kubernetes/aai/components/aai-sparky-be/values.yaml32
-rw-r--r--kubernetes/aai/components/aai-traversal/.helmignore42
-rw-r--r--kubernetes/aai/components/aai-traversal/Chart.yaml2
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties2
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/application.properties4
-rw-r--r--kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties32
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml3
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/deployment.yaml52
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/job.yaml35
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/service.yaml38
-rw-r--r--kubernetes/aai/components/aai-traversal/values.yaml68
-rw-r--r--kubernetes/aai/values.yaml13
-rw-r--r--kubernetes/authentication/.helmignore (renamed from kubernetes/platform/components/keycloak-init/.helmignore)0
-rw-r--r--kubernetes/authentication/Chart.yaml (renamed from kubernetes/platform/components/keycloak-init/Chart.yaml)13
-rw-r--r--kubernetes/authentication/Makefile (renamed from kubernetes/platform/components/keycloak-init/Makefile)2
-rw-r--r--kubernetes/authentication/README.md305
-rw-r--r--kubernetes/authentication/components/Makefile (renamed from kubernetes/platform/components/keycloak-init/components/Makefile)0
-rw-r--r--kubernetes/authentication/components/keycloak-config-cli/.helmignore (renamed from kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/.helmignore)0
-rw-r--r--kubernetes/authentication/components/keycloak-config-cli/Chart.yaml (renamed from kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/Chart.yaml)4
-rw-r--r--kubernetes/authentication/components/keycloak-config-cli/templates/_helpers.tpl (renamed from kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/_helpers.tpl)0
-rw-r--r--kubernetes/authentication/components/keycloak-config-cli/templates/job.yaml (renamed from kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/job.yaml)0
-rw-r--r--kubernetes/authentication/components/keycloak-config-cli/templates/realms.yaml (renamed from kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/realms.yaml)0
-rw-r--r--kubernetes/authentication/components/keycloak-config-cli/templates/secrets.yaml (renamed from kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/secrets.yaml)0
-rw-r--r--kubernetes/authentication/components/keycloak-config-cli/values.yaml (renamed from kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/values.yaml)4
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/.helmignore (renamed from kubernetes/platform/components/oauth2-proxy/.helmignore)0
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/Chart.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/Chart.yaml)13
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/README.md (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/README.md)41
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/ci/default-values.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/default-values.yaml)0
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/ci/extra-args-as-dict-values.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-args-as-dict-values.yaml)0
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/ci/extra-args-as-list-values.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-args-as-list-values.yaml)0
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/ci/extra-env-tpl-values.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-env-tpl-values.yaml)0
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/ci/ingress-extra-paths-values.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/ingress-extra-paths-values.yaml)0
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/ci/pdb-values.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/pdb-values.yaml)0
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/ci/pod-security-context-values.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/pod-security-context-values.yaml)0
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/ci/redis-standalone-values.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/redis-standalone-values.yaml)3
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/ci/servicemonitor-values.yaml18
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/ci/tpl-values.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/tpl-values.yaml)0
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/scripts/check-redis.sh52
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/NOTES.txt3
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/_capabilities.tpl (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_capabilities.tpl)0
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/_helpers.tpl (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_helpers.tpl)53
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/_ingress.tpl (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_ingress.tpl)0
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml)1
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/configmap-wait-for-redis.yaml13
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/configmap.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap.yaml)1
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/deployment.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/deployment.yaml)91
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/deprecation.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/deprecation.yaml)0
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/extra-manifests.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/extra-manifests.yaml)0
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/google-secret.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/google-secret.yaml)1
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/ingress.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/ingress.yaml)6
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/poddisruptionbudget.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/poddisruptionbudget.yaml)1
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/redis-secret.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/redis-secret.yaml)1
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/secret-alpha.yaml20
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/secret-authenticated-emails-file.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret-authenticated-emails-file.yaml)1
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/secret-htpasswd-file.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret-htpasswd-file.yaml)3
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/secret.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret.yaml)5
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/service.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/service.yaml)1
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/serviceaccount.yaml60
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/templates/servicemonitor.yaml57
-rw-r--r--kubernetes/authentication/components/oauth2-proxy/values.yaml (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/values.yaml)150
-rw-r--r--kubernetes/authentication/resources/oauth2_proxy.cfg38
-rw-r--r--kubernetes/authentication/templates/_utils.tpl811
-rw-r--r--kubernetes/authentication/templates/authorizationpolicy.yaml90
-rw-r--r--kubernetes/authentication/templates/configmap.yaml23
-rw-r--r--kubernetes/authentication/templates/requestauthentication.yaml36
-rw-r--r--kubernetes/authentication/templates/secret.yaml (renamed from kubernetes/platform/components/keycloak-init/templates/secret.yaml)9
-rw-r--r--kubernetes/authentication/values.yaml648
-rw-r--r--kubernetes/common/cassandra/.helmignore32
-rw-r--r--kubernetes/common/cassandra/Chart.yaml4
-rw-r--r--kubernetes/common/cassandra/resources/config/docker-entrypoint.sh1
-rw-r--r--kubernetes/common/cassandra/resources/exec.py2
-rw-r--r--kubernetes/common/cassandra/templates/backup/cronjob.yaml2
-rw-r--r--kubernetes/common/cassandra/templates/cassOp.yaml2
-rw-r--r--kubernetes/common/cassandra/templates/configmap.yaml2
-rw-r--r--kubernetes/common/cassandra/templates/pv.yaml2
-rw-r--r--kubernetes/common/cassandra/templates/secrets.yaml2
-rw-r--r--kubernetes/common/cassandra/templates/service.yaml2
-rw-r--r--kubernetes/common/cassandra/templates/servicemonitor.yaml2
-rw-r--r--kubernetes/common/cassandra/templates/statefulset.yaml2
-rw-r--r--kubernetes/common/cassandra/values.yaml20
-rw-r--r--kubernetes/common/common/.helmignore32
-rw-r--r--kubernetes/common/common/Chart.yaml5
-rw-r--r--kubernetes/common/common/templates/_affinities.tpl2
-rw-r--r--kubernetes/common/common/templates/_cassOp.tpl76
-rw-r--r--kubernetes/common/common/templates/_dmaapProvisioning.tpl2
-rw-r--r--kubernetes/common/common/templates/_log.tpl1
-rw-r--r--kubernetes/common/common/templates/_mariadb.tpl70
-rw-r--r--kubernetes/common/common/templates/_mongodb.tpl165
-rw-r--r--kubernetes/common/common/templates/_pod.tpl44
-rw-r--r--kubernetes/common/common/templates/_serviceMesh.tpl36
-rw-r--r--kubernetes/common/elasticsearch/.helmignore31
-rw-r--r--kubernetes/common/elasticsearch/Chart.yaml8
-rw-r--r--kubernetes/common/elasticsearch/components/curator/Chart.yaml4
-rw-r--r--kubernetes/common/elasticsearch/components/curator/values.yaml1
-rw-r--r--kubernetes/common/elasticsearch/components/data/Chart.yaml4
-rw-r--r--kubernetes/common/elasticsearch/components/master/Chart.yaml4
-rw-r--r--kubernetes/common/elasticsearch/templates/_helpers.tpl2
-rw-r--r--kubernetes/common/etcd/.helmignore11
-rw-r--r--kubernetes/common/etcd/Chart.yaml4
-rw-r--r--kubernetes/common/etcd/templates/service.yaml1
-rw-r--r--kubernetes/common/logConfiguration/.helmignore32
-rw-r--r--kubernetes/common/logConfiguration/Chart.yaml2
-rw-r--r--kubernetes/common/mariadb-galera/.helmignore11
-rw-r--r--kubernetes/common/mariadb-galera/Chart.yaml10
-rw-r--r--kubernetes/common/mariadb-galera/templates/backup/pvc.yaml2
-rw-r--r--kubernetes/common/mariadb-galera/templates/configmap.yaml2
-rw-r--r--kubernetes/common/mariadb-galera/templates/mariadb.yaml2
-rw-r--r--kubernetes/common/mariadb-galera/templates/metrics-svc.yaml2
-rw-r--r--kubernetes/common/mariadb-galera/templates/pdb.yaml2
-rw-r--r--kubernetes/common/mariadb-galera/templates/prometheusrules.yaml1
-rw-r--r--kubernetes/common/mariadb-galera/templates/pv.yaml2
-rw-r--r--kubernetes/common/mariadb-galera/templates/secrets.yaml2
-rw-r--r--kubernetes/common/mariadb-galera/templates/servicemonitor.yaml2
-rw-r--r--kubernetes/common/mariadb-galera/templates/statefulset.yaml18
-rw-r--r--kubernetes/common/mariadb-galera/values.yaml22
-rw-r--r--kubernetes/common/mariadb-init/.helmignore11
-rw-r--r--kubernetes/common/mariadb-init/Chart.yaml9
-rw-r--r--kubernetes/common/mariadb-init/templates/_configmap.tpl4
-rw-r--r--kubernetes/common/mariadb-init/templates/_mariadb.tpl4
-rw-r--r--kubernetes/common/mariadb-init/templates/configmap.yaml4
-rw-r--r--kubernetes/common/mariadb-init/templates/job.yaml6
-rw-r--r--kubernetes/common/mariadb-init/templates/secret.yaml4
-rw-r--r--kubernetes/common/mariadb-init/tests/job_test.yaml52
-rw-r--r--kubernetes/common/mariadb-init/values.yaml32
-rw-r--r--kubernetes/common/mongodb-init/.helmignore32
-rw-r--r--kubernetes/common/mongodb-init/Chart.yaml32
-rw-r--r--kubernetes/common/mongodb-init/README.md16
-rw-r--r--kubernetes/common/mongodb-init/resources/config/setup.sql11
-rw-r--r--kubernetes/common/mongodb-init/templates/configmap.yaml29
-rw-r--r--kubernetes/common/mongodb-init/templates/job.yaml129
-rw-r--r--kubernetes/common/mongodb-init/templates/secrets.yaml15
-rw-r--r--kubernetes/common/mongodb-init/values.yaml108
-rw-r--r--kubernetes/common/mongodb/Chart.yaml2
-rw-r--r--kubernetes/common/mongodb/README.md2
-rw-r--r--kubernetes/common/mongodb/common/templates/_images.tpl1
-rw-r--r--kubernetes/common/mongodb/templates/arbiter/statefulset.yaml6
-rw-r--r--kubernetes/common/mongodb/templates/backup/cronjob.yaml2
-rw-r--r--kubernetes/common/mongodb/templates/hidden/statefulset.yaml2
-rw-r--r--kubernetes/common/mongodb/templates/networkpolicy.yaml2
-rw-r--r--kubernetes/common/mongodb/templates/replicaset/statefulset.yaml2
-rw-r--r--kubernetes/common/mongodb/templates/standalone/dep-sts.yaml2
-rw-r--r--kubernetes/common/mongodb/values.yaml24
-rw-r--r--kubernetes/common/postgres-init/.helmignore11
-rw-r--r--kubernetes/common/postgres-init/Chart.yaml9
-rw-r--r--kubernetes/common/postgres-init/templates/job.yaml3
-rw-r--r--kubernetes/common/postgres-init/values.yaml6
-rw-r--r--kubernetes/common/postgres/.helmignore11
-rw-r--r--kubernetes/common/postgres/Chart.yaml4
-rw-r--r--kubernetes/common/postgres/configs/pg_hba.conf1
-rw-r--r--kubernetes/common/postgres/templates/deployment-primary.yaml2
-rw-r--r--kubernetes/common/postgres/templates/deployment-replica.yaml2
-rw-r--r--kubernetes/common/postgres/templates/metrics-svc-primary.yaml2
-rw-r--r--kubernetes/common/postgres/templates/metrics-svc-replica.yaml2
-rw-r--r--kubernetes/common/postgres/templates/postgres.yaml2
-rw-r--r--kubernetes/common/postgres/templates/pv-primary.yaml2
-rw-r--r--kubernetes/common/postgres/templates/pvc-replica.yaml2
-rw-r--r--kubernetes/common/postgres/templates/service-replica.yaml2
-rw-r--r--kubernetes/common/postgres/templates/servicemonitor.yaml2
-rw-r--r--kubernetes/common/readinessCheck/.helmignore32
-rw-r--r--kubernetes/common/readinessCheck/Chart.yaml6
-rw-r--r--kubernetes/common/readinessCheck/templates/_readinessCheck.tpl7
-rw-r--r--kubernetes/common/repositoryGenerator/.helmignore32
-rw-r--r--kubernetes/common/repositoryGenerator/templates/_repository.tpl5
-rw-r--r--kubernetes/common/repositoryGenerator/values.yaml2
-rw-r--r--kubernetes/common/serviceAccount/.helmignore32
-rw-r--r--kubernetes/common/serviceAccount/Chart.yaml2
-rw-r--r--kubernetes/common/serviceAccount/templates/role.yaml1
-rw-r--r--kubernetes/common/serviceAccount/templates/service-account.yaml2
-rw-r--r--kubernetes/common/timescaledb/.helmignore12
-rw-r--r--kubernetes/common/timescaledb/Chart.yaml4
-rw-r--r--kubernetes/common/timescaledb/templates/statefulset.yaml32
-rw-r--r--kubernetes/common/timescaledb/values.yaml13
-rw-r--r--kubernetes/cps/components/cps-core/resources/config/application-helm.yml19
-rw-r--r--kubernetes/cps/components/cps-core/values.yaml59
-rw-r--r--kubernetes/dcaegen2-services/Chart.yaml48
-rw-r--r--kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl5
-rw-r--r--kubernetes/dcaegen2-services/resources/expected-components.json2
-rw-r--r--kubernetes/dcaegen2-services/values.yaml33
-rwxr-xr-xkubernetes/helm/plugins/deploy/deploy.sh2
-rw-r--r--kubernetes/multicloud/Chart.yaml22
-rw-r--r--kubernetes/multicloud/components/multicloud-k8s/Chart.yaml2
-rw-r--r--kubernetes/multicloud/values.yaml38
-rw-r--r--kubernetes/onap/Chart.yaml52
-rw-r--r--kubernetes/onap/resources/overrides/environment.yaml54
-rw-r--r--kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml31
-rw-r--r--kubernetes/onap/resources/overrides/onap-all-ingress-gatewayapi.yaml64
-rw-r--r--kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml64
-rw-r--r--kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml53
-rw-r--r--kubernetes/onap/resources/overrides/onap-all.yaml58
-rw-r--r--kubernetes/onap/resources/overrides/onap-vfw.yaml14
-rw-r--r--kubernetes/onap/resources/overrides/sm-onap.yaml23
-rwxr-xr-xkubernetes/onap/values.yaml8
-rw-r--r--kubernetes/platform/Chart.yaml9
-rw-r--r--kubernetes/platform/components/chartmuseum/templates/deployment.yaml15
-rw-r--r--kubernetes/platform/components/keycloak-init/resources/realms/onap-realm.json426
-rw-r--r--kubernetes/platform/components/keycloak-init/values.yaml41
-rw-r--r--kubernetes/platform/components/oauth2-proxy/Chart.yaml34
-rw-r--r--kubernetes/platform/components/oauth2-proxy/Makefile60
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/servicemonitor-values.yaml4
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/NOTES.txt3
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap-alpha.yaml32
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/serviceaccount.yaml14
-rw-r--r--kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/servicemonitor.yaml31
-rw-r--r--kubernetes/platform/components/oauth2-proxy/values.yaml74
-rw-r--r--kubernetes/platform/values.yaml6
-rwxr-xr-xkubernetes/policy/Chart.yaml13
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/Chart.yaml4
-rw-r--r--kubernetes/policy/components/policy-apex-pdp/templates/authorizationpolicy.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml9
-rw-r--r--kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml1
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/values.yaml12
-rwxr-xr-xkubernetes/policy/components/policy-api/Chart.yaml4
-rw-r--r--kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml3
-rw-r--r--kubernetes/policy/components/policy-api/templates/authorizationpolicy.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-api/templates/configmap.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-api/templates/deployment.yaml45
-rwxr-xr-xkubernetes/policy/components/policy-api/values.yaml23
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml3
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/authorizationpolicy.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml19
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service.yaml42
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml14
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml4
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml1
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/authorizationpolicy.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml19
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml42
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml14
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml3
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/authorizationpolicy.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/configmap.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml19
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/service.yaml1
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml14
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml3
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml19
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml32
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml76
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml14
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml3
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml1
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/authorizationpolicy.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml19
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml42
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml14
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml8
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml17
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/templates/authorizationpolicy.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml56
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml32
-rwxr-xr-xkubernetes/policy/components/policy-distribution/Chart.yaml3
-rw-r--r--kubernetes/policy/components/policy-distribution/templates/authorizationpolicy.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-distribution/templates/deployment.yaml19
-rwxr-xr-xkubernetes/policy/components/policy-distribution/values.yaml13
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/Chart.yaml3
-rw-r--r--[-rwxr-xr-x]kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf29
-rw-r--r--kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-distributed-locking.properties37
-rw-r--r--kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-lifecycle.properties41
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-messages.conf (renamed from kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf)3
-rw-r--r--kubernetes/policy/components/policy-drools-pdp/templates/authorizationpolicy.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/templates/service.yaml1
-rw-r--r--[-rwxr-xr-x]kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml105
-rw-r--r--[-rwxr-xr-x]kubernetes/policy/components/policy-drools-pdp/values.yaml72
-rwxr-xr-xkubernetes/policy/components/policy-nexus/Chart.yaml3
-rw-r--r--kubernetes/policy/components/policy-nexus/templates/authorizationpolicy.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-nexus/templates/deployment.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-nexus/templates/service.yaml2
-rwxr-xr-xkubernetes/policy/components/policy-nexus/values.yaml10
-rwxr-xr-xkubernetes/policy/components/policy-pap/Chart.yaml5
-rw-r--r--kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml19
-rw-r--r--kubernetes/policy/components/policy-pap/templates/authorizationpolicy.yaml2
-rw-r--r--[-rwxr-xr-x]kubernetes/policy/components/policy-pap/templates/deployment.yaml64
-rwxr-xr-xkubernetes/policy/components/policy-pap/values.yaml20
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/Chart.yaml3
-rw-r--r--[-rwxr-xr-x]kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties32
-rw-r--r--kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml2
-rw-r--r--[-rwxr-xr-x]kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml89
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/templates/service.yaml2
-rw-r--r--[-rwxr-xr-x]kubernetes/policy/components/policy-xacml-pdp/values.yaml29
-rw-r--r--kubernetes/policy/resources/config/db-pg.sh8
-rw-r--r--kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh23
-rw-r--r--kubernetes/policy/resources/config/db_migrator_policy_init.sh25
-rwxr-xr-xkubernetes/policy/templates/job.yaml340
-rw-r--r--kubernetes/policy/templates/policy-kafka-user.yaml13
-rw-r--r--[-rwxr-xr-x]kubernetes/policy/values.yaml27
-rw-r--r--kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml2
-rw-r--r--kubernetes/portal-ng/components/portal-ng-history/Chart.yaml4
-rw-r--r--kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml4
-rw-r--r--kubernetes/portal-ng/components/portal-ng-ui/Chart.yaml2
-rw-r--r--kubernetes/sdc/components/sdc-be/templates/servicemonitor.yaml3
-rw-r--r--kubernetes/sdc/components/sdc-be/values.yaml8
-rw-r--r--kubernetes/sdnc/Chart.yaml14
-rw-r--r--kubernetes/sdnc/components/dgbuilder/Chart.yaml2
-rw-r--r--kubernetes/sdnc/components/dgbuilder/values.yaml2
-rw-r--r--kubernetes/sdnc/components/sdnc-ansible-server/Chart.yaml2
-rw-r--r--kubernetes/sdnc/components/sdnc-ansible-server/values.yaml2
-rw-r--r--kubernetes/sdnc/components/sdnc-web/Chart.yaml2
-rw-r--r--kubernetes/sdnc/components/sdnc-web/values.yaml2
-rw-r--r--kubernetes/sdnc/components/ueb-listener/Chart.yaml2
-rw-r--r--kubernetes/sdnc/components/ueb-listener/values.yaml2
-rw-r--r--kubernetes/sdnc/values.yaml17
-rw-r--r--kubernetes/strimzi/Chart.yaml3
-rw-r--r--kubernetes/strimzi/components/strimzi-kafka-bridge/Chart.yaml2
-rw-r--r--kubernetes/strimzi/components/strimzi-kafka-bridge/templates/configmap.yaml1
-rw-r--r--kubernetes/strimzi/components/strimzi-kafka-bridge/templates/strimzi-kb.yaml12
-rw-r--r--kubernetes/strimzi/components/strimzi-kafka-bridge/values.yaml24
-rw-r--r--kubernetes/strimzi/resources/metrics/cruisecontrol-metrics-config.yml2
-rw-r--r--kubernetes/strimzi/resources/metrics/kafka-metrics-config.yml2
-rw-r--r--kubernetes/strimzi/resources/metrics/zookeeper-metrics-config.yml2
-rw-r--r--kubernetes/strimzi/templates/strimzi-kafka.yaml69
-rw-r--r--kubernetes/strimzi/values.yaml144
-rw-r--r--kubernetes/uui/Chart.yaml5
-rw-r--r--kubernetes/uui/components/uui-intent-analysis/values.yaml2
-rw-r--r--kubernetes/uui/components/uui-llm-adaptation/.helmignore (renamed from kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/.helmignore)2
-rw-r--r--kubernetes/uui/components/uui-llm-adaptation/Chart.yaml35
-rw-r--r--kubernetes/uui/components/uui-llm-adaptation/resources/config/llm-adaptation-init.sql23
-rw-r--r--kubernetes/uui/components/uui-llm-adaptation/resources/entrypoint/run.sh31
-rw-r--r--kubernetes/uui/components/uui-llm-adaptation/templates/configmap.yaml31
-rw-r--r--kubernetes/uui/components/uui-llm-adaptation/templates/deployment.yaml74
-rw-r--r--kubernetes/uui/components/uui-llm-adaptation/templates/job.yaml82
-rw-r--r--kubernetes/uui/components/uui-llm-adaptation/templates/secrets.yaml17
-rw-r--r--kubernetes/uui/components/uui-llm-adaptation/templates/service.yaml17
-rw-r--r--kubernetes/uui/components/uui-llm-adaptation/values.yaml126
-rw-r--r--kubernetes/uui/components/uui-server/values.yaml2
-rw-r--r--kubernetes/uui/values.yaml2
-rw-r--r--kubernetes/vfc/components/Makefile58
836 files changed, 7078 insertions, 2797 deletions
diff --git a/kubernetes/cli/.helmignore b/archive/cli/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/cli/.helmignore
+++ b/archive/cli/.helmignore
diff --git a/kubernetes/cli/Chart.yaml b/archive/cli/Chart.yaml
index 956a923e0d..956a923e0d 100644
--- a/kubernetes/cli/Chart.yaml
+++ b/archive/cli/Chart.yaml
diff --git a/kubernetes/cli/resources/configuration/lighttpd.conf b/archive/cli/resources/configuration/lighttpd.conf
index f1735a1e5d..f1735a1e5d 100644
--- a/kubernetes/cli/resources/configuration/lighttpd.conf
+++ b/archive/cli/resources/configuration/lighttpd.conf
diff --git a/kubernetes/cli/templates/configmap.yaml b/archive/cli/templates/configmap.yaml
index a4c636f0e4..a4c636f0e4 100644
--- a/kubernetes/cli/templates/configmap.yaml
+++ b/archive/cli/templates/configmap.yaml
diff --git a/kubernetes/cli/templates/deployment.yaml b/archive/cli/templates/deployment.yaml
index 9f8d71c332..9f8d71c332 100644
--- a/kubernetes/cli/templates/deployment.yaml
+++ b/archive/cli/templates/deployment.yaml
diff --git a/kubernetes/cli/templates/ingress.yaml b/archive/cli/templates/ingress.yaml
index 0deb6ce481..0deb6ce481 100644
--- a/kubernetes/cli/templates/ingress.yaml
+++ b/archive/cli/templates/ingress.yaml
diff --git a/kubernetes/cli/templates/service.yaml b/archive/cli/templates/service.yaml
index b33db211f9..b33db211f9 100644
--- a/kubernetes/cli/templates/service.yaml
+++ b/archive/cli/templates/service.yaml
diff --git a/kubernetes/cli/values.yaml b/archive/cli/values.yaml
index 8ad2240ee4..8ad2240ee4 100644
--- a/kubernetes/cli/values.yaml
+++ b/archive/cli/values.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/Chart.yaml b/archive/dcaegen2-services/components/dcae-datafile-collector/Chart.yaml
index d5cc948cb4..d5cc948cb4 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/Chart.yaml
+++ b/archive/dcaegen2-services/components/dcae-datafile-collector/Chart.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/authorizationpolicy.yaml b/archive/dcaegen2-services/components/dcae-datafile-collector/templates/authorizationpolicy.yaml
index 7158c0263f..7158c0263f 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/authorizationpolicy.yaml
+++ b/archive/dcaegen2-services/components/dcae-datafile-collector/templates/authorizationpolicy.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/certificates.yaml b/archive/dcaegen2-services/components/dcae-datafile-collector/templates/certificates.yaml
index 78ae858cec..78ae858cec 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/certificates.yaml
+++ b/archive/dcaegen2-services/components/dcae-datafile-collector/templates/certificates.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/configmap.yaml b/archive/dcaegen2-services/components/dcae-datafile-collector/templates/configmap.yaml
index a0cb9a66bd..a0cb9a66bd 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/configmap.yaml
+++ b/archive/dcaegen2-services/components/dcae-datafile-collector/templates/configmap.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/deployment.yaml b/archive/dcaegen2-services/components/dcae-datafile-collector/templates/deployment.yaml
index d992d5c19c..d992d5c19c 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/deployment.yaml
+++ b/archive/dcaegen2-services/components/dcae-datafile-collector/templates/deployment.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/ingress.yaml b/archive/dcaegen2-services/components/dcae-datafile-collector/templates/ingress.yaml
index 79df5ced0c..79df5ced0c 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/ingress.yaml
+++ b/archive/dcaegen2-services/components/dcae-datafile-collector/templates/ingress.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml b/archive/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml
index 13a14a5e12..13a14a5e12 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml
+++ b/archive/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/service.yaml b/archive/dcaegen2-services/components/dcae-datafile-collector/templates/service.yaml
index 2de4a8fe0a..2de4a8fe0a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/service.yaml
+++ b/archive/dcaegen2-services/components/dcae-datafile-collector/templates/service.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/archive/dcaegen2-services/components/dcae-datafile-collector/values.yaml
index 30da823e60..30da823e60 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
+++ b/archive/dcaegen2-services/components/dcae-datafile-collector/values.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/Chart.yaml b/archive/dcaegen2-services/components/dcae-heartbeat/Chart.yaml
index 6ff60f4de5..6ff60f4de5 100644
--- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/Chart.yaml
+++ b/archive/dcaegen2-services/components/dcae-heartbeat/Chart.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/authorizationpolicy.yaml b/archive/dcaegen2-services/components/dcae-heartbeat/templates/authorizationpolicy.yaml
index 30d173c2d8..30d173c2d8 100644
--- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/authorizationpolicy.yaml
+++ b/archive/dcaegen2-services/components/dcae-heartbeat/templates/authorizationpolicy.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/configmap.yaml b/archive/dcaegen2-services/components/dcae-heartbeat/templates/configmap.yaml
index a914446c99..a914446c99 100644
--- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/configmap.yaml
+++ b/archive/dcaegen2-services/components/dcae-heartbeat/templates/configmap.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/deployment.yaml b/archive/dcaegen2-services/components/dcae-heartbeat/templates/deployment.yaml
index 0ad66b62a9..0ad66b62a9 100644
--- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/deployment.yaml
+++ b/archive/dcaegen2-services/components/dcae-heartbeat/templates/deployment.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/secret.yaml b/archive/dcaegen2-services/components/dcae-heartbeat/templates/secret.yaml
index 6b70356ca9..6b70356ca9 100644
--- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/secret.yaml
+++ b/archive/dcaegen2-services/components/dcae-heartbeat/templates/secret.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/service.yaml b/archive/dcaegen2-services/components/dcae-heartbeat/templates/service.yaml
index cf11d2a0c5..cf11d2a0c5 100644
--- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/templates/service.yaml
+++ b/archive/dcaegen2-services/components/dcae-heartbeat/templates/service.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml b/archive/dcaegen2-services/components/dcae-heartbeat/values.yaml
index da8f2c6561..da8f2c6561 100644
--- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
+++ b/archive/dcaegen2-services/components/dcae-heartbeat/values.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/Chart.yaml b/archive/dcaegen2-services/components/dcae-kpi-ms/Chart.yaml
index b4c79c915b..b4c79c915b 100644
--- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/Chart.yaml
+++ b/archive/dcaegen2-services/components/dcae-kpi-ms/Chart.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/authorizationpolicy.yaml b/archive/dcaegen2-services/components/dcae-kpi-ms/templates/authorizationpolicy.yaml
index 5a9baa822f..5a9baa822f 100644
--- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/authorizationpolicy.yaml
+++ b/archive/dcaegen2-services/components/dcae-kpi-ms/templates/authorizationpolicy.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/configmap.yaml b/archive/dcaegen2-services/components/dcae-kpi-ms/templates/configmap.yaml
index 26be310888..26be310888 100644
--- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/configmap.yaml
+++ b/archive/dcaegen2-services/components/dcae-kpi-ms/templates/configmap.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/deployment.yaml b/archive/dcaegen2-services/components/dcae-kpi-ms/templates/deployment.yaml
index 02b5df8135..02b5df8135 100644
--- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/deployment.yaml
+++ b/archive/dcaegen2-services/components/dcae-kpi-ms/templates/deployment.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/secret.yaml b/archive/dcaegen2-services/components/dcae-kpi-ms/templates/secret.yaml
index c4596e5b21..c4596e5b21 100644
--- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/secret.yaml
+++ b/archive/dcaegen2-services/components/dcae-kpi-ms/templates/secret.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/service.yaml b/archive/dcaegen2-services/components/dcae-kpi-ms/templates/service.yaml
index ba0283dda5..ba0283dda5 100644
--- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/templates/service.yaml
+++ b/archive/dcaegen2-services/components/dcae-kpi-ms/templates/service.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml b/archive/dcaegen2-services/components/dcae-kpi-ms/values.yaml
index 61b78fa01f..61b78fa01f 100644
--- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
+++ b/archive/dcaegen2-services/components/dcae-kpi-ms/values.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/Chart.yaml b/archive/dcaegen2-services/components/dcae-pm-mapper/Chart.yaml
index 30cb9cfe6c..30cb9cfe6c 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/Chart.yaml
+++ b/archive/dcaegen2-services/components/dcae-pm-mapper/Chart.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/authorizationpolicy.yaml b/archive/dcaegen2-services/components/dcae-pm-mapper/templates/authorizationpolicy.yaml
index 5a9baa822f..5a9baa822f 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/authorizationpolicy.yaml
+++ b/archive/dcaegen2-services/components/dcae-pm-mapper/templates/authorizationpolicy.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/configmap.yaml b/archive/dcaegen2-services/components/dcae-pm-mapper/templates/configmap.yaml
index a0cb9a66bd..a0cb9a66bd 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/configmap.yaml
+++ b/archive/dcaegen2-services/components/dcae-pm-mapper/templates/configmap.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/deployment.yaml b/archive/dcaegen2-services/components/dcae-pm-mapper/templates/deployment.yaml
index d992d5c19c..d992d5c19c 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/deployment.yaml
+++ b/archive/dcaegen2-services/components/dcae-pm-mapper/templates/deployment.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/secret.yaml b/archive/dcaegen2-services/components/dcae-pm-mapper/templates/secret.yaml
index 1f588464ba..1f588464ba 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/secret.yaml
+++ b/archive/dcaegen2-services/components/dcae-pm-mapper/templates/secret.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/service.yaml b/archive/dcaegen2-services/components/dcae-pm-mapper/templates/service.yaml
index 2de4a8fe0a..2de4a8fe0a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/templates/service.yaml
+++ b/archive/dcaegen2-services/components/dcae-pm-mapper/templates/service.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/archive/dcaegen2-services/components/dcae-pm-mapper/values.yaml
index 290c313b52..290c313b52 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
+++ b/archive/dcaegen2-services/components/dcae-pm-mapper/values.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml b/archive/dcaegen2-services/components/dcae-pmsh/Chart.yaml
index f721f0aba4..f721f0aba4 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml
+++ b/archive/dcaegen2-services/components/dcae-pmsh/Chart.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/authorizationpolicy.yaml b/archive/dcaegen2-services/components/dcae-pmsh/templates/authorizationpolicy.yaml
index 30d173c2d8..30d173c2d8 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/authorizationpolicy.yaml
+++ b/archive/dcaegen2-services/components/dcae-pmsh/templates/authorizationpolicy.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/configmap.yaml b/archive/dcaegen2-services/components/dcae-pmsh/templates/configmap.yaml
index b4b8e59b2e..b4b8e59b2e 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/configmap.yaml
+++ b/archive/dcaegen2-services/components/dcae-pmsh/templates/configmap.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/deployment.yaml b/archive/dcaegen2-services/components/dcae-pmsh/templates/deployment.yaml
index 60fce4a7be..60fce4a7be 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/deployment.yaml
+++ b/archive/dcaegen2-services/components/dcae-pmsh/templates/deployment.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/secret.yaml b/archive/dcaegen2-services/components/dcae-pmsh/templates/secret.yaml
index 0f1129cfb4..0f1129cfb4 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/secret.yaml
+++ b/archive/dcaegen2-services/components/dcae-pmsh/templates/secret.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/service.yaml b/archive/dcaegen2-services/components/dcae-pmsh/templates/service.yaml
index fedb766524..fedb766524 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/service.yaml
+++ b/archive/dcaegen2-services/components/dcae-pmsh/templates/service.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml b/archive/dcaegen2-services/components/dcae-pmsh/values.yaml
index 0f7289cc07..0f7289cc07 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
+++ b/archive/dcaegen2-services/components/dcae-pmsh/values.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/Chart.yaml b/archive/dcaegen2-services/components/dcae-restconf-collector/Chart.yaml
index 72d43e9481..72d43e9481 100644
--- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/Chart.yaml
+++ b/archive/dcaegen2-services/components/dcae-restconf-collector/Chart.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/authorizationpolicy.yaml b/archive/dcaegen2-services/components/dcae-restconf-collector/templates/authorizationpolicy.yaml
index 5a9baa822f..5a9baa822f 100644
--- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/authorizationpolicy.yaml
+++ b/archive/dcaegen2-services/components/dcae-restconf-collector/templates/authorizationpolicy.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/configmap.yaml b/archive/dcaegen2-services/components/dcae-restconf-collector/templates/configmap.yaml
index a914446c99..a914446c99 100644
--- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/configmap.yaml
+++ b/archive/dcaegen2-services/components/dcae-restconf-collector/templates/configmap.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/deployment.yaml b/archive/dcaegen2-services/components/dcae-restconf-collector/templates/deployment.yaml
index 0ad66b62a9..0ad66b62a9 100644
--- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/deployment.yaml
+++ b/archive/dcaegen2-services/components/dcae-restconf-collector/templates/deployment.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/ingress.yaml b/archive/dcaegen2-services/components/dcae-restconf-collector/templates/ingress.yaml
index df12117b3e..df12117b3e 100644
--- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/ingress.yaml
+++ b/archive/dcaegen2-services/components/dcae-restconf-collector/templates/ingress.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/secret.yaml b/archive/dcaegen2-services/components/dcae-restconf-collector/templates/secret.yaml
index 6b70356ca9..6b70356ca9 100644
--- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/secret.yaml
+++ b/archive/dcaegen2-services/components/dcae-restconf-collector/templates/secret.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/service.yaml b/archive/dcaegen2-services/components/dcae-restconf-collector/templates/service.yaml
index cf11d2a0c5..cf11d2a0c5 100644
--- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/service.yaml
+++ b/archive/dcaegen2-services/components/dcae-restconf-collector/templates/service.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml b/archive/dcaegen2-services/components/dcae-restconf-collector/values.yaml
index 8e6cc7a4a6..8e6cc7a4a6 100644
--- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
+++ b/archive/dcaegen2-services/components/dcae-restconf-collector/values.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/Chart.yaml b/archive/dcaegen2-services/components/dcae-slice-analysis-ms/Chart.yaml
index f90bd1ef95..f90bd1ef95 100644
--- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/Chart.yaml
+++ b/archive/dcaegen2-services/components/dcae-slice-analysis-ms/Chart.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/authorizationpolicy.yaml b/archive/dcaegen2-services/components/dcae-slice-analysis-ms/templates/authorizationpolicy.yaml
index 30d173c2d8..30d173c2d8 100644
--- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/authorizationpolicy.yaml
+++ b/archive/dcaegen2-services/components/dcae-slice-analysis-ms/templates/authorizationpolicy.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/configmap.yaml b/archive/dcaegen2-services/components/dcae-slice-analysis-ms/templates/configmap.yaml
index 26be310888..26be310888 100644
--- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/configmap.yaml
+++ b/archive/dcaegen2-services/components/dcae-slice-analysis-ms/templates/configmap.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/deployment.yaml b/archive/dcaegen2-services/components/dcae-slice-analysis-ms/templates/deployment.yaml
index 02b5df8135..02b5df8135 100644
--- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/deployment.yaml
+++ b/archive/dcaegen2-services/components/dcae-slice-analysis-ms/templates/deployment.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/secret.yaml b/archive/dcaegen2-services/components/dcae-slice-analysis-ms/templates/secret.yaml
index c4596e5b21..c4596e5b21 100644
--- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/secret.yaml
+++ b/archive/dcaegen2-services/components/dcae-slice-analysis-ms/templates/secret.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/service.yaml b/archive/dcaegen2-services/components/dcae-slice-analysis-ms/templates/service.yaml
index ba0283dda5..ba0283dda5 100644
--- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/templates/service.yaml
+++ b/archive/dcaegen2-services/components/dcae-slice-analysis-ms/templates/service.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/archive/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
index fd70e36619..fd70e36619 100644
--- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
+++ b/archive/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/Chart.yaml b/archive/dcaegen2-services/components/dcae-snmptrap-collector/Chart.yaml
index 5f2eb49546..5f2eb49546 100644
--- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/Chart.yaml
+++ b/archive/dcaegen2-services/components/dcae-snmptrap-collector/Chart.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/authorizationpolicy.yaml b/archive/dcaegen2-services/components/dcae-snmptrap-collector/templates/authorizationpolicy.yaml
index 5a9baa822f..5a9baa822f 100644
--- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/authorizationpolicy.yaml
+++ b/archive/dcaegen2-services/components/dcae-snmptrap-collector/templates/authorizationpolicy.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/configmap.yaml b/archive/dcaegen2-services/components/dcae-snmptrap-collector/templates/configmap.yaml
index a914446c99..a914446c99 100644
--- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/configmap.yaml
+++ b/archive/dcaegen2-services/components/dcae-snmptrap-collector/templates/configmap.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/deployment.yaml b/archive/dcaegen2-services/components/dcae-snmptrap-collector/templates/deployment.yaml
index 0ad66b62a9..0ad66b62a9 100644
--- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/deployment.yaml
+++ b/archive/dcaegen2-services/components/dcae-snmptrap-collector/templates/deployment.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/secret.yaml b/archive/dcaegen2-services/components/dcae-snmptrap-collector/templates/secret.yaml
index 6b70356ca9..6b70356ca9 100644
--- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/secret.yaml
+++ b/archive/dcaegen2-services/components/dcae-snmptrap-collector/templates/secret.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/service.yaml b/archive/dcaegen2-services/components/dcae-snmptrap-collector/templates/service.yaml
index cf11d2a0c5..cf11d2a0c5 100644
--- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/templates/service.yaml
+++ b/archive/dcaegen2-services/components/dcae-snmptrap-collector/templates/service.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml b/archive/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml
index 599b3d21b9..599b3d21b9 100644
--- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml
+++ b/archive/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/Chart.yaml b/archive/dcaegen2-services/components/dcae-son-handler/Chart.yaml
index b4bde7f0fe..b4bde7f0fe 100644
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/Chart.yaml
+++ b/archive/dcaegen2-services/components/dcae-son-handler/Chart.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/authorizationpolicy.yaml b/archive/dcaegen2-services/components/dcae-son-handler/templates/authorizationpolicy.yaml
index 30d173c2d8..30d173c2d8 100644
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/authorizationpolicy.yaml
+++ b/archive/dcaegen2-services/components/dcae-son-handler/templates/authorizationpolicy.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/configmap.yaml b/archive/dcaegen2-services/components/dcae-son-handler/templates/configmap.yaml
index 48a203963e..48a203963e 100644
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/configmap.yaml
+++ b/archive/dcaegen2-services/components/dcae-son-handler/templates/configmap.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/deployment.yaml b/archive/dcaegen2-services/components/dcae-son-handler/templates/deployment.yaml
index c8cd4d40e5..c8cd4d40e5 100644
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/deployment.yaml
+++ b/archive/dcaegen2-services/components/dcae-son-handler/templates/deployment.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/secret.yaml b/archive/dcaegen2-services/components/dcae-son-handler/templates/secret.yaml
index 26b7b5dbdd..26b7b5dbdd 100644
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/secret.yaml
+++ b/archive/dcaegen2-services/components/dcae-son-handler/templates/secret.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/service.yaml b/archive/dcaegen2-services/components/dcae-son-handler/templates/service.yaml
index 41133e5abc..41133e5abc 100644
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/templates/service.yaml
+++ b/archive/dcaegen2-services/components/dcae-son-handler/templates/service.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/archive/dcaegen2-services/components/dcae-son-handler/values.yaml
index 5e16967203..5e16967203 100644
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
+++ b/archive/dcaegen2-services/components/dcae-son-handler/values.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/Chart.yaml b/archive/dcaegen2-services/components/dcae-tcagen2/Chart.yaml
index 7b30414fa3..8596dcd2e1 100644
--- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/Chart.yaml
+++ b/archive/dcaegen2-services/components/dcae-tcagen2/Chart.yaml
@@ -41,5 +41,5 @@ dependencies:
version: ~13.x-0
repository: '@local'
- name: mongodb
- version: 14.12.3
+ version: ~14.12.x-0
repository: '@local' \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/authorizationpolicy.yaml b/archive/dcaegen2-services/components/dcae-tcagen2/templates/authorizationpolicy.yaml
index 5a9baa822f..5a9baa822f 100644
--- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/authorizationpolicy.yaml
+++ b/archive/dcaegen2-services/components/dcae-tcagen2/templates/authorizationpolicy.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/configmap.yaml b/archive/dcaegen2-services/components/dcae-tcagen2/templates/configmap.yaml
index a7d0acd017..a7d0acd017 100644
--- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/configmap.yaml
+++ b/archive/dcaegen2-services/components/dcae-tcagen2/templates/configmap.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/deployment.yaml b/archive/dcaegen2-services/components/dcae-tcagen2/templates/deployment.yaml
index be56017250..be56017250 100644
--- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/deployment.yaml
+++ b/archive/dcaegen2-services/components/dcae-tcagen2/templates/deployment.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/secret.yaml b/archive/dcaegen2-services/components/dcae-tcagen2/templates/secret.yaml
index 34932b713d..34932b713d 100644
--- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/secret.yaml
+++ b/archive/dcaegen2-services/components/dcae-tcagen2/templates/secret.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/service.yaml b/archive/dcaegen2-services/components/dcae-tcagen2/templates/service.yaml
index c3b0715cd6..c3b0715cd6 100644
--- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/service.yaml
+++ b/archive/dcaegen2-services/components/dcae-tcagen2/templates/service.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/archive/dcaegen2-services/components/dcae-tcagen2/values.yaml
index 393d7936a0..393d7936a0 100644
--- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
+++ b/archive/dcaegen2-services/components/dcae-tcagen2/values.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/Chart.yaml b/archive/dcaegen2-services/components/dcae-ves-mapper/Chart.yaml
index 4d1eb4a595..4d1eb4a595 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/Chart.yaml
+++ b/archive/dcaegen2-services/components/dcae-ves-mapper/Chart.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/authorizationpolicy.yaml b/archive/dcaegen2-services/components/dcae-ves-mapper/templates/authorizationpolicy.yaml
index 5a9baa822f..5a9baa822f 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/authorizationpolicy.yaml
+++ b/archive/dcaegen2-services/components/dcae-ves-mapper/templates/authorizationpolicy.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/configmap.yaml b/archive/dcaegen2-services/components/dcae-ves-mapper/templates/configmap.yaml
index a914446c99..a914446c99 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/configmap.yaml
+++ b/archive/dcaegen2-services/components/dcae-ves-mapper/templates/configmap.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/deployment.yaml b/archive/dcaegen2-services/components/dcae-ves-mapper/templates/deployment.yaml
index 0ad66b62a9..0ad66b62a9 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/deployment.yaml
+++ b/archive/dcaegen2-services/components/dcae-ves-mapper/templates/deployment.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/secret.yaml b/archive/dcaegen2-services/components/dcae-ves-mapper/templates/secret.yaml
index 6b70356ca9..6b70356ca9 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/secret.yaml
+++ b/archive/dcaegen2-services/components/dcae-ves-mapper/templates/secret.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/service.yaml b/archive/dcaegen2-services/components/dcae-ves-mapper/templates/service.yaml
index cf11d2a0c5..cf11d2a0c5 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/templates/service.yaml
+++ b/archive/dcaegen2-services/components/dcae-ves-mapper/templates/service.yaml
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml b/archive/dcaegen2-services/components/dcae-ves-mapper/values.yaml
index b886ae40d3..b886ae40d3 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml
+++ b/archive/dcaegen2-services/components/dcae-ves-mapper/values.yaml
diff --git a/kubernetes/dmaap/.helmignore b/archive/dmaap/.helmignore
index 7ddbad7ef4..7ddbad7ef4 100644
--- a/kubernetes/dmaap/.helmignore
+++ b/archive/dmaap/.helmignore
diff --git a/kubernetes/dmaap/Chart.yaml b/archive/dmaap/Chart.yaml
index 31c57e31d0..31c57e31d0 100644
--- a/kubernetes/dmaap/Chart.yaml
+++ b/archive/dmaap/Chart.yaml
diff --git a/kubernetes/dmaap/Makefile b/archive/dmaap/Makefile
index 5bedb4a7b9..5bedb4a7b9 100644
--- a/kubernetes/dmaap/Makefile
+++ b/archive/dmaap/Makefile
diff --git a/kubernetes/dmaap/README.md b/archive/dmaap/README.md
index 33362926b0..33362926b0 100644
--- a/kubernetes/dmaap/README.md
+++ b/archive/dmaap/README.md
diff --git a/kubernetes/dmaap/components/Makefile b/archive/dmaap/components/Makefile
index 89fff87d25..89fff87d25 100644
--- a/kubernetes/dmaap/components/Makefile
+++ b/archive/dmaap/components/Makefile
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/.helmignore b/archive/dmaap/components/dmaap-dr-node/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/.helmignore
+++ b/archive/dmaap/components/dmaap-dr-node/.helmignore
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/Chart.yaml b/archive/dmaap/components/dmaap-dr-node/Chart.yaml
index 13e4ed7ca2..13e4ed7ca2 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/Chart.yaml
+++ b/archive/dmaap/components/dmaap-dr-node/Chart.yaml
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml b/archive/dmaap/components/dmaap-dr-node/resources/config/logback.xml
index 7d773830cd..7d773830cd 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/logback.xml
+++ b/archive/dmaap/components/dmaap-dr-node/resources/config/logback.xml
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/archive/dmaap/components/dmaap-dr-node/resources/config/node.properties
index 21d7c20abd..21d7c20abd 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
+++ b/archive/dmaap/components/dmaap-dr-node/resources/config/node.properties
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml b/archive/dmaap/components/dmaap-dr-node/templates/configmap.yaml
index ce64cabc92..ce64cabc92 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/configmap.yaml
+++ b/archive/dmaap/components/dmaap-dr-node/templates/configmap.yaml
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/ingress.yaml b/archive/dmaap/components/dmaap-dr-node/templates/ingress.yaml
index f288af9b29..f288af9b29 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/ingress.yaml
+++ b/archive/dmaap/components/dmaap-dr-node/templates/ingress.yaml
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml b/archive/dmaap/components/dmaap-dr-node/templates/pv-event.yaml
index 59b7b8c30e..59b7b8c30e 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml
+++ b/archive/dmaap/components/dmaap-dr-node/templates/pv-event.yaml
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml b/archive/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml
index 8ada88319d..8ada88319d 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml
+++ b/archive/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml b/archive/dmaap/components/dmaap-dr-node/templates/service.yaml
index 306b0f17eb..306b0f17eb 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml
+++ b/archive/dmaap/components/dmaap-dr-node/templates/service.yaml
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/archive/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
index 2795a2b5e5..4bb57063ad 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
+++ b/archive/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
@@ -23,7 +23,11 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- {{ include "common.podSecurityContext" . | indent 6 | trim}}
+ # temporarily use less restrictions
+ securityContext:
+ runAsUser: {{ .Values.securityContext.user_id }}
+ runAsGroup: {{ .Values.securityContext.group_id }}
+ fsGroup: {{ .Values.securityContext.group_id }}
initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 8 }}
- name: {{ include "common.name" . }}-permission-fixer
securityContext:
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/archive/dmaap/components/dmaap-dr-node/values.yaml
index e3f0595b1f..e3f0595b1f 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
+++ b/archive/dmaap/components/dmaap-dr-node/values.yaml
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/.helmignore b/archive/dmaap/components/dmaap-dr-prov/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/.helmignore
+++ b/archive/dmaap/components/dmaap-dr-prov/.helmignore
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/Chart.yaml b/archive/dmaap/components/dmaap-dr-prov/Chart.yaml
index fb3ff1236d..fb3ff1236d 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/Chart.yaml
+++ b/archive/dmaap/components/dmaap-dr-prov/Chart.yaml
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml b/archive/dmaap/components/dmaap-dr-prov/resources/config/logback.xml
index 9a3c383f8f..9a3c383f8f 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/logback.xml
+++ b/archive/dmaap/components/dmaap-dr-prov/resources/config/logback.xml
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/archive/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
index a56de3cd3b..a56de3cd3b 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
+++ b/archive/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml b/archive/dmaap/components/dmaap-dr-prov/templates/configmap.yaml
index 1cd524423e..1cd524423e 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/configmap.yaml
+++ b/archive/dmaap/components/dmaap-dr-prov/templates/configmap.yaml
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/archive/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
index 197638e654..197638e654 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
+++ b/archive/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/ingress.yaml b/archive/dmaap/components/dmaap-dr-prov/templates/ingress.yaml
index f288af9b29..f288af9b29 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/ingress.yaml
+++ b/archive/dmaap/components/dmaap-dr-prov/templates/ingress.yaml
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml b/archive/dmaap/components/dmaap-dr-prov/templates/secret.yaml
index 34932b713d..34932b713d 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml
+++ b/archive/dmaap/components/dmaap-dr-prov/templates/secret.yaml
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml b/archive/dmaap/components/dmaap-dr-prov/templates/service.yaml
index 306b0f17eb..306b0f17eb 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/service.yaml
+++ b/archive/dmaap/components/dmaap-dr-prov/templates/service.yaml
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/archive/dmaap/components/dmaap-dr-prov/values.yaml
index c13ba57c83..c13ba57c83 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
+++ b/archive/dmaap/components/dmaap-dr-prov/values.yaml
diff --git a/kubernetes/dmaap/components/message-router/.helmignore b/archive/dmaap/components/message-router/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/dmaap/components/message-router/.helmignore
+++ b/archive/dmaap/components/message-router/.helmignore
diff --git a/kubernetes/dmaap/components/message-router/Chart.yaml b/archive/dmaap/components/message-router/Chart.yaml
index adc0599e94..adc0599e94 100644
--- a/kubernetes/dmaap/components/message-router/Chart.yaml
+++ b/archive/dmaap/components/message-router/Chart.yaml
diff --git a/kubernetes/dmaap/components/message-router/Makefile b/archive/dmaap/components/message-router/Makefile
index ef273d0e9b..ef273d0e9b 100644
--- a/kubernetes/dmaap/components/message-router/Makefile
+++ b/archive/dmaap/components/message-router/Makefile
diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties b/archive/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties
index 2dea84d289..2dea84d289 100755
--- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties
+++ b/archive/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties
diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml b/archive/dmaap/components/message-router/resources/config/dmaap/logback.xml
index 949a893197..949a893197 100644
--- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml
+++ b/archive/dmaap/components/message-router/resources/config/dmaap/logback.xml
diff --git a/kubernetes/dmaap/components/message-router/templates/configmap.yaml b/archive/dmaap/components/message-router/templates/configmap.yaml
index 3f786ad950..3f786ad950 100644
--- a/kubernetes/dmaap/components/message-router/templates/configmap.yaml
+++ b/archive/dmaap/components/message-router/templates/configmap.yaml
diff --git a/kubernetes/dmaap/components/message-router/templates/ingress.yaml b/archive/dmaap/components/message-router/templates/ingress.yaml
index a90bf83c07..a90bf83c07 100644
--- a/kubernetes/dmaap/components/message-router/templates/ingress.yaml
+++ b/archive/dmaap/components/message-router/templates/ingress.yaml
diff --git a/kubernetes/dmaap/components/message-router/templates/service.yaml b/archive/dmaap/components/message-router/templates/service.yaml
index 8d13879023..8d13879023 100644
--- a/kubernetes/dmaap/components/message-router/templates/service.yaml
+++ b/archive/dmaap/components/message-router/templates/service.yaml
diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/archive/dmaap/components/message-router/templates/statefulset.yaml
index ede6cb025e..ede6cb025e 100644
--- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml
+++ b/archive/dmaap/components/message-router/templates/statefulset.yaml
diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/archive/dmaap/components/message-router/values.yaml
index ab6a31ee2e..ab6a31ee2e 100644
--- a/kubernetes/dmaap/components/message-router/values.yaml
+++ b/archive/dmaap/components/message-router/values.yaml
diff --git a/kubernetes/dmaap/values.yaml b/archive/dmaap/values.yaml
index 6faab9cdbc..6faab9cdbc 100644
--- a/kubernetes/dmaap/values.yaml
+++ b/archive/dmaap/values.yaml
diff --git a/kubernetes/holmes/.helmignore b/archive/holmes/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/holmes/.helmignore
+++ b/archive/holmes/.helmignore
diff --git a/kubernetes/holmes/Chart.yaml b/archive/holmes/Chart.yaml
index 7a8a23a42f..7a8a23a42f 100644
--- a/kubernetes/holmes/Chart.yaml
+++ b/archive/holmes/Chart.yaml
diff --git a/kubernetes/holmes/Makefile b/archive/holmes/Makefile
index 08ed7cb9da..08ed7cb9da 100644
--- a/kubernetes/holmes/Makefile
+++ b/archive/holmes/Makefile
diff --git a/kubernetes/holmes/components/Makefile b/archive/holmes/components/Makefile
index 9544d70f33..9544d70f33 100644
--- a/kubernetes/holmes/components/Makefile
+++ b/archive/holmes/components/Makefile
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/.helmignore b/archive/holmes/components/holmes-engine-mgmt/.helmignore
index 50af031725..50af031725 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/.helmignore
+++ b/archive/holmes/components/holmes-engine-mgmt/.helmignore
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml b/archive/holmes/components/holmes-engine-mgmt/Chart.yaml
index df7f2c0c72..df7f2c0c72 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml
+++ b/archive/holmes/components/holmes-engine-mgmt/Chart.yaml
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml b/archive/holmes/components/holmes-engine-mgmt/resources/config/application.yaml
index 34c4024059..34c4024059 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/application.yaml
+++ b/archive/holmes/components/holmes-engine-mgmt/resources/config/application.yaml
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/cfy.json b/archive/holmes/components/holmes-engine-mgmt/resources/config/cfy.json
index dfa58b098f..dfa58b098f 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/cfy.json
+++ b/archive/holmes/components/holmes-engine-mgmt/resources/config/cfy.json
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml b/archive/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
index 9a16390856..9a16390856 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
+++ b/archive/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql b/archive/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql
index e5eecb1a5a..e5eecb1a5a 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql
+++ b/archive/holmes/components/holmes-engine-mgmt/resources/config/onap-holmes_engine-createobj.sql
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/templates/configmap.yaml b/archive/holmes/components/holmes-engine-mgmt/templates/configmap.yaml
index 76b339faea..76b339faea 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/templates/configmap.yaml
+++ b/archive/holmes/components/holmes-engine-mgmt/templates/configmap.yaml
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml b/archive/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
index 641f032ce4..641f032ce4 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
+++ b/archive/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/templates/secret.yaml b/archive/holmes/components/holmes-engine-mgmt/templates/secret.yaml
index 34932b713d..34932b713d 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/templates/secret.yaml
+++ b/archive/holmes/components/holmes-engine-mgmt/templates/secret.yaml
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/templates/service.yaml b/archive/holmes/components/holmes-engine-mgmt/templates/service.yaml
index 70abf763e0..70abf763e0 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/templates/service.yaml
+++ b/archive/holmes/components/holmes-engine-mgmt/templates/service.yaml
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml b/archive/holmes/components/holmes-engine-mgmt/values.yaml
index bd06bcd1ee..bd06bcd1ee 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
+++ b/archive/holmes/components/holmes-engine-mgmt/values.yaml
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/.helmignore b/archive/holmes/components/holmes-rule-mgmt/.helmignore
index 50af031725..50af031725 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/.helmignore
+++ b/archive/holmes/components/holmes-rule-mgmt/.helmignore
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml b/archive/holmes/components/holmes-rule-mgmt/Chart.yaml
index 4263913b25..4263913b25 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml
+++ b/archive/holmes/components/holmes-rule-mgmt/Chart.yaml
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml b/archive/holmes/components/holmes-rule-mgmt/resources/config/application.yaml
index 2ff0fa6d52..2ff0fa6d52 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/application.yaml
+++ b/archive/holmes/components/holmes-rule-mgmt/resources/config/application.yaml
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/onap-holmes_rulemgt-createobj.sql b/archive/holmes/components/holmes-rule-mgmt/resources/config/onap-holmes_rulemgt-createobj.sql
index 0464a5f8fd..0464a5f8fd 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/onap-holmes_rulemgt-createobj.sql
+++ b/archive/holmes/components/holmes-rule-mgmt/resources/config/onap-holmes_rulemgt-createobj.sql
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml b/archive/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
index 3b7218855a..3b7218855a 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
+++ b/archive/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl b/archive/holmes/components/holmes-rule-mgmt/resources/rules/ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl
index 814aeedf03..814aeedf03 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl
+++ b/archive/holmes/components/holmes-rule-mgmt/resources/rules/ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/index.json b/archive/holmes/components/holmes-rule-mgmt/resources/rules/index.json
index 70f9dd09db..70f9dd09db 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/index.json
+++ b/archive/holmes/components/holmes-rule-mgmt/resources/rules/index.json
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/configmap.yaml b/archive/holmes/components/holmes-rule-mgmt/templates/configmap.yaml
index 3d54264723..3d54264723 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/configmap.yaml
+++ b/archive/holmes/components/holmes-rule-mgmt/templates/configmap.yaml
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml b/archive/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
index e71187c557..e71187c557 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
+++ b/archive/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/ingress.yaml b/archive/holmes/components/holmes-rule-mgmt/templates/ingress.yaml
index bcc60a0953..bcc60a0953 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/ingress.yaml
+++ b/archive/holmes/components/holmes-rule-mgmt/templates/ingress.yaml
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/secret.yaml b/archive/holmes/components/holmes-rule-mgmt/templates/secret.yaml
index 34932b713d..34932b713d 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/secret.yaml
+++ b/archive/holmes/components/holmes-rule-mgmt/templates/secret.yaml
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/service.yaml b/archive/holmes/components/holmes-rule-mgmt/templates/service.yaml
index 70abf763e0..70abf763e0 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/service.yaml
+++ b/archive/holmes/components/holmes-rule-mgmt/templates/service.yaml
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml b/archive/holmes/components/holmes-rule-mgmt/values.yaml
index a7e0e25a17..a7e0e25a17 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
+++ b/archive/holmes/components/holmes-rule-mgmt/values.yaml
diff --git a/kubernetes/holmes/templates/secrets.yaml b/archive/holmes/templates/secrets.yaml
index 34932b713d..34932b713d 100644
--- a/kubernetes/holmes/templates/secrets.yaml
+++ b/archive/holmes/templates/secrets.yaml
diff --git a/kubernetes/holmes/values.yaml b/archive/holmes/values.yaml
index 4ede9a15fd..4ede9a15fd 100644
--- a/kubernetes/holmes/values.yaml
+++ b/archive/holmes/values.yaml
diff --git a/kubernetes/modeling/.helmignore b/archive/modeling/.helmignore
index 7ddbad7ef4..7ddbad7ef4 100644
--- a/kubernetes/modeling/.helmignore
+++ b/archive/modeling/.helmignore
diff --git a/kubernetes/modeling/Chart.yaml b/archive/modeling/Chart.yaml
index 72e6b880d2..72e6b880d2 100644
--- a/kubernetes/modeling/Chart.yaml
+++ b/archive/modeling/Chart.yaml
diff --git a/kubernetes/modeling/Makefile b/archive/modeling/Makefile
index 08ed7cb9da..08ed7cb9da 100644
--- a/kubernetes/modeling/Makefile
+++ b/archive/modeling/Makefile
diff --git a/kubernetes/modeling/components/Makefile b/archive/modeling/components/Makefile
index 9544d70f33..9544d70f33 100644
--- a/kubernetes/modeling/components/Makefile
+++ b/archive/modeling/components/Makefile
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/.helmignore b/archive/modeling/components/modeling-etsicatalog/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/modeling/components/modeling-etsicatalog/.helmignore
+++ b/archive/modeling/components/modeling-etsicatalog/.helmignore
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/Chart.yaml b/archive/modeling/components/modeling-etsicatalog/Chart.yaml
index 80db5cc8b9..80db5cc8b9 100644
--- a/kubernetes/modeling/components/modeling-etsicatalog/Chart.yaml
+++ b/archive/modeling/components/modeling-etsicatalog/Chart.yaml
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/resources/config/log/filebeat/filebeat.yml b/archive/modeling/components/modeling-etsicatalog/resources/config/log/filebeat/filebeat.yml
index 0bc14ea908..0bc14ea908 100644
--- a/kubernetes/modeling/components/modeling-etsicatalog/resources/config/log/filebeat/filebeat.yml
+++ b/archive/modeling/components/modeling-etsicatalog/resources/config/log/filebeat/filebeat.yml
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/resources/config/log/server/log.yml b/archive/modeling/components/modeling-etsicatalog/resources/config/log/server/log.yml
index 5ac5fefe92..5ac5fefe92 100644
--- a/kubernetes/modeling/components/modeling-etsicatalog/resources/config/log/server/log.yml
+++ b/archive/modeling/components/modeling-etsicatalog/resources/config/log/server/log.yml
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/templates/configmap.yaml b/archive/modeling/components/modeling-etsicatalog/templates/configmap.yaml
index fc16d8c0a0..fc16d8c0a0 100644
--- a/kubernetes/modeling/components/modeling-etsicatalog/templates/configmap.yaml
+++ b/archive/modeling/components/modeling-etsicatalog/templates/configmap.yaml
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml b/archive/modeling/components/modeling-etsicatalog/templates/deployment.yaml
index fbe3e0ca07..fbe3e0ca07 100644
--- a/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml
+++ b/archive/modeling/components/modeling-etsicatalog/templates/deployment.yaml
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/templates/pv.yaml b/archive/modeling/components/modeling-etsicatalog/templates/pv.yaml
index d672025068..d672025068 100644
--- a/kubernetes/modeling/components/modeling-etsicatalog/templates/pv.yaml
+++ b/archive/modeling/components/modeling-etsicatalog/templates/pv.yaml
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/templates/pvc.yaml b/archive/modeling/components/modeling-etsicatalog/templates/pvc.yaml
index e04a0b3ed3..e04a0b3ed3 100644
--- a/kubernetes/modeling/components/modeling-etsicatalog/templates/pvc.yaml
+++ b/archive/modeling/components/modeling-etsicatalog/templates/pvc.yaml
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/templates/secrets.yaml b/archive/modeling/components/modeling-etsicatalog/templates/secrets.yaml
index 8bfebf1679..8bfebf1679 100644
--- a/kubernetes/modeling/components/modeling-etsicatalog/templates/secrets.yaml
+++ b/archive/modeling/components/modeling-etsicatalog/templates/secrets.yaml
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/templates/service.yaml b/archive/modeling/components/modeling-etsicatalog/templates/service.yaml
index 688c04b06c..688c04b06c 100644
--- a/kubernetes/modeling/components/modeling-etsicatalog/templates/service.yaml
+++ b/archive/modeling/components/modeling-etsicatalog/templates/service.yaml
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml b/archive/modeling/components/modeling-etsicatalog/values.yaml
index 83cfde8a7b..83cfde8a7b 100644
--- a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml
+++ b/archive/modeling/components/modeling-etsicatalog/values.yaml
diff --git a/kubernetes/modeling/values.yaml b/archive/modeling/values.yaml
index 0a1aec01cc..0a1aec01cc 100644
--- a/kubernetes/modeling/values.yaml
+++ b/archive/modeling/values.yaml
diff --git a/kubernetes/msb/.helmignore b/archive/msb/.helmignore
index 7ddbad7ef4..7ddbad7ef4 100644
--- a/kubernetes/msb/.helmignore
+++ b/archive/msb/.helmignore
diff --git a/kubernetes/msb/Chart.yaml b/archive/msb/Chart.yaml
index 67db10be70..67db10be70 100644
--- a/kubernetes/msb/Chart.yaml
+++ b/archive/msb/Chart.yaml
diff --git a/kubernetes/msb/Makefile b/archive/msb/Makefile
index 08ed7cb9da..08ed7cb9da 100644
--- a/kubernetes/msb/Makefile
+++ b/archive/msb/Makefile
diff --git a/kubernetes/msb/components/Makefile b/archive/msb/components/Makefile
index 9544d70f33..9544d70f33 100644
--- a/kubernetes/msb/components/Makefile
+++ b/archive/msb/components/Makefile
diff --git a/kubernetes/msb/components/kube2msb/.helmignore b/archive/msb/components/kube2msb/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/msb/components/kube2msb/.helmignore
+++ b/archive/msb/components/kube2msb/.helmignore
diff --git a/kubernetes/msb/components/kube2msb/Chart.yaml b/archive/msb/components/kube2msb/Chart.yaml
index 2e823e69b8..2e823e69b8 100644
--- a/kubernetes/msb/components/kube2msb/Chart.yaml
+++ b/archive/msb/components/kube2msb/Chart.yaml
diff --git a/kubernetes/msb/components/kube2msb/templates/deployment.yaml b/archive/msb/components/kube2msb/templates/deployment.yaml
index b83d4c9d99..b83d4c9d99 100644
--- a/kubernetes/msb/components/kube2msb/templates/deployment.yaml
+++ b/archive/msb/components/kube2msb/templates/deployment.yaml
diff --git a/kubernetes/msb/components/kube2msb/values.yaml b/archive/msb/components/kube2msb/values.yaml
index bdc7c06b3b..bdc7c06b3b 100644
--- a/kubernetes/msb/components/kube2msb/values.yaml
+++ b/archive/msb/components/kube2msb/values.yaml
diff --git a/kubernetes/msb/components/msb-consul/.helmignore b/archive/msb/components/msb-consul/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/msb/components/msb-consul/.helmignore
+++ b/archive/msb/components/msb-consul/.helmignore
diff --git a/kubernetes/msb/components/msb-consul/Chart.yaml b/archive/msb/components/msb-consul/Chart.yaml
index 356ca84972..356ca84972 100644
--- a/kubernetes/msb/components/msb-consul/Chart.yaml
+++ b/archive/msb/components/msb-consul/Chart.yaml
diff --git a/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh b/archive/msb/components/msb-consul/resources/docker-entrypoint.sh
index 18692d8afa..18692d8afa 100755
--- a/kubernetes/msb/components/msb-consul/resources/docker-entrypoint.sh
+++ b/archive/msb/components/msb-consul/resources/docker-entrypoint.sh
diff --git a/kubernetes/msb/components/msb-consul/templates/NOTES.txt b/archive/msb/components/msb-consul/templates/NOTES.txt
index e0cea22074..e0cea22074 100644
--- a/kubernetes/msb/components/msb-consul/templates/NOTES.txt
+++ b/archive/msb/components/msb-consul/templates/NOTES.txt
diff --git a/kubernetes/msb/components/msb-consul/templates/configmap.yaml b/archive/msb/components/msb-consul/templates/configmap.yaml
index 32adcaec5f..32adcaec5f 100644
--- a/kubernetes/msb/components/msb-consul/templates/configmap.yaml
+++ b/archive/msb/components/msb-consul/templates/configmap.yaml
diff --git a/kubernetes/msb/components/msb-consul/templates/deployment.yaml b/archive/msb/components/msb-consul/templates/deployment.yaml
index d229590da0..d229590da0 100644
--- a/kubernetes/msb/components/msb-consul/templates/deployment.yaml
+++ b/archive/msb/components/msb-consul/templates/deployment.yaml
diff --git a/kubernetes/msb/components/msb-consul/templates/ingress.yaml b/archive/msb/components/msb-consul/templates/ingress.yaml
index 8f87c68f1e..8f87c68f1e 100644
--- a/kubernetes/msb/components/msb-consul/templates/ingress.yaml
+++ b/archive/msb/components/msb-consul/templates/ingress.yaml
diff --git a/kubernetes/msb/components/msb-consul/templates/service.yaml b/archive/msb/components/msb-consul/templates/service.yaml
index af735b6e74..af735b6e74 100644
--- a/kubernetes/msb/components/msb-consul/templates/service.yaml
+++ b/archive/msb/components/msb-consul/templates/service.yaml
diff --git a/kubernetes/msb/components/msb-consul/values.yaml b/archive/msb/components/msb-consul/values.yaml
index 37ccf988d8..37ccf988d8 100644
--- a/kubernetes/msb/components/msb-consul/values.yaml
+++ b/archive/msb/components/msb-consul/values.yaml
diff --git a/kubernetes/msb/components/msb-discovery/.helmignore b/archive/msb/components/msb-discovery/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/msb/components/msb-discovery/.helmignore
+++ b/archive/msb/components/msb-discovery/.helmignore
diff --git a/kubernetes/msb/components/msb-discovery/Chart.yaml b/archive/msb/components/msb-discovery/Chart.yaml
index 545bc0082a..545bc0082a 100644
--- a/kubernetes/msb/components/msb-discovery/Chart.yaml
+++ b/archive/msb/components/msb-discovery/Chart.yaml
diff --git a/kubernetes/msb/components/msb-discovery/resources/config/logback.xml b/archive/msb/components/msb-discovery/resources/config/logback.xml
index 174a6c5f9b..174a6c5f9b 100644
--- a/kubernetes/msb/components/msb-discovery/resources/config/logback.xml
+++ b/archive/msb/components/msb-discovery/resources/config/logback.xml
diff --git a/kubernetes/msb/components/msb-discovery/templates/NOTES.txt b/archive/msb/components/msb-discovery/templates/NOTES.txt
index e0cea22074..e0cea22074 100644
--- a/kubernetes/msb/components/msb-discovery/templates/NOTES.txt
+++ b/archive/msb/components/msb-discovery/templates/NOTES.txt
diff --git a/kubernetes/msb/components/msb-discovery/templates/configmap.yaml b/archive/msb/components/msb-discovery/templates/configmap.yaml
index 33c77e5eae..33c77e5eae 100644
--- a/kubernetes/msb/components/msb-discovery/templates/configmap.yaml
+++ b/archive/msb/components/msb-discovery/templates/configmap.yaml
diff --git a/kubernetes/msb/components/msb-discovery/templates/deployment.yaml b/archive/msb/components/msb-discovery/templates/deployment.yaml
index 4f286535dc..4f286535dc 100644
--- a/kubernetes/msb/components/msb-discovery/templates/deployment.yaml
+++ b/archive/msb/components/msb-discovery/templates/deployment.yaml
diff --git a/kubernetes/msb/components/msb-discovery/templates/ingress.yaml b/archive/msb/components/msb-discovery/templates/ingress.yaml
index 8f87c68f1e..8f87c68f1e 100644
--- a/kubernetes/msb/components/msb-discovery/templates/ingress.yaml
+++ b/archive/msb/components/msb-discovery/templates/ingress.yaml
diff --git a/kubernetes/msb/components/msb-discovery/templates/service.yaml b/archive/msb/components/msb-discovery/templates/service.yaml
index af735b6e74..af735b6e74 100644
--- a/kubernetes/msb/components/msb-discovery/templates/service.yaml
+++ b/archive/msb/components/msb-discovery/templates/service.yaml
diff --git a/kubernetes/msb/components/msb-discovery/values.yaml b/archive/msb/components/msb-discovery/values.yaml
index b8c361a296..b8c361a296 100644
--- a/kubernetes/msb/components/msb-discovery/values.yaml
+++ b/archive/msb/components/msb-discovery/values.yaml
diff --git a/kubernetes/msb/components/msb-eag/.helmignore b/archive/msb/components/msb-eag/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/msb/components/msb-eag/.helmignore
+++ b/archive/msb/components/msb-eag/.helmignore
diff --git a/kubernetes/msb/components/msb-eag/Chart.yaml b/archive/msb/components/msb-eag/Chart.yaml
index d42c99388d..d42c99388d 100644
--- a/kubernetes/msb/components/msb-eag/Chart.yaml
+++ b/archive/msb/components/msb-eag/Chart.yaml
diff --git a/kubernetes/msb/components/msb-eag/resources/config/logback.xml b/archive/msb/components/msb-eag/resources/config/logback.xml
index 472d8ce735..472d8ce735 100644
--- a/kubernetes/msb/components/msb-eag/resources/config/logback.xml
+++ b/archive/msb/components/msb-eag/resources/config/logback.xml
diff --git a/kubernetes/msb/components/msb-eag/templates/NOTES.txt b/archive/msb/components/msb-eag/templates/NOTES.txt
index e0cea22074..e0cea22074 100644
--- a/kubernetes/msb/components/msb-eag/templates/NOTES.txt
+++ b/archive/msb/components/msb-eag/templates/NOTES.txt
diff --git a/kubernetes/msb/components/msb-eag/templates/configmap.yaml b/archive/msb/components/msb-eag/templates/configmap.yaml
index 62bbf4272a..62bbf4272a 100644
--- a/kubernetes/msb/components/msb-eag/templates/configmap.yaml
+++ b/archive/msb/components/msb-eag/templates/configmap.yaml
diff --git a/kubernetes/msb/components/msb-eag/templates/deployment.yaml b/archive/msb/components/msb-eag/templates/deployment.yaml
index da2afc3bfc..da2afc3bfc 100644
--- a/kubernetes/msb/components/msb-eag/templates/deployment.yaml
+++ b/archive/msb/components/msb-eag/templates/deployment.yaml
diff --git a/kubernetes/msb/components/msb-eag/templates/ingress.yaml b/archive/msb/components/msb-eag/templates/ingress.yaml
index 8f87c68f1e..8f87c68f1e 100644
--- a/kubernetes/msb/components/msb-eag/templates/ingress.yaml
+++ b/archive/msb/components/msb-eag/templates/ingress.yaml
diff --git a/kubernetes/msb/components/msb-eag/templates/service.yaml b/archive/msb/components/msb-eag/templates/service.yaml
index eeeafc15fc..eeeafc15fc 100644
--- a/kubernetes/msb/components/msb-eag/templates/service.yaml
+++ b/archive/msb/components/msb-eag/templates/service.yaml
diff --git a/kubernetes/msb/components/msb-eag/values.yaml b/archive/msb/components/msb-eag/values.yaml
index 49f0be78f5..49f0be78f5 100644
--- a/kubernetes/msb/components/msb-eag/values.yaml
+++ b/archive/msb/components/msb-eag/values.yaml
diff --git a/kubernetes/msb/components/msb-iag/.helmignore b/archive/msb/components/msb-iag/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/msb/components/msb-iag/.helmignore
+++ b/archive/msb/components/msb-iag/.helmignore
diff --git a/kubernetes/msb/components/msb-iag/Chart.yaml b/archive/msb/components/msb-iag/Chart.yaml
index 50fa020c8b..50fa020c8b 100644
--- a/kubernetes/msb/components/msb-iag/Chart.yaml
+++ b/archive/msb/components/msb-iag/Chart.yaml
diff --git a/kubernetes/msb/components/msb-iag/resources/config/logback.xml b/archive/msb/components/msb-iag/resources/config/logback.xml
index a93d4ec56f..a93d4ec56f 100644
--- a/kubernetes/msb/components/msb-iag/resources/config/logback.xml
+++ b/archive/msb/components/msb-iag/resources/config/logback.xml
diff --git a/kubernetes/msb/components/msb-iag/templates/NOTES.txt b/archive/msb/components/msb-iag/templates/NOTES.txt
index e0cea22074..e0cea22074 100644
--- a/kubernetes/msb/components/msb-iag/templates/NOTES.txt
+++ b/archive/msb/components/msb-iag/templates/NOTES.txt
diff --git a/kubernetes/msb/components/msb-iag/templates/configmap.yaml b/archive/msb/components/msb-iag/templates/configmap.yaml
index 7214c8a95f..7214c8a95f 100644
--- a/kubernetes/msb/components/msb-iag/templates/configmap.yaml
+++ b/archive/msb/components/msb-iag/templates/configmap.yaml
diff --git a/kubernetes/msb/components/msb-iag/templates/deployment.yaml b/archive/msb/components/msb-iag/templates/deployment.yaml
index da2afc3bfc..da2afc3bfc 100644
--- a/kubernetes/msb/components/msb-iag/templates/deployment.yaml
+++ b/archive/msb/components/msb-iag/templates/deployment.yaml
diff --git a/kubernetes/msb/components/msb-iag/templates/ingress.yaml b/archive/msb/components/msb-iag/templates/ingress.yaml
index 8f87c68f1e..8f87c68f1e 100644
--- a/kubernetes/msb/components/msb-iag/templates/ingress.yaml
+++ b/archive/msb/components/msb-iag/templates/ingress.yaml
diff --git a/kubernetes/msb/components/msb-iag/templates/service.yaml b/archive/msb/components/msb-iag/templates/service.yaml
index eeeafc15fc..eeeafc15fc 100644
--- a/kubernetes/msb/components/msb-iag/templates/service.yaml
+++ b/archive/msb/components/msb-iag/templates/service.yaml
diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/archive/msb/components/msb-iag/values.yaml
index 19b500a62c..19b500a62c 100644
--- a/kubernetes/msb/components/msb-iag/values.yaml
+++ b/archive/msb/components/msb-iag/values.yaml
diff --git a/kubernetes/msb/resources/config/log/discovery/logback.xml b/archive/msb/resources/config/log/discovery/logback.xml
index d590c3afbe..d590c3afbe 100644
--- a/kubernetes/msb/resources/config/log/discovery/logback.xml
+++ b/archive/msb/resources/config/log/discovery/logback.xml
diff --git a/kubernetes/msb/resources/config/log/eag/logback.xml b/archive/msb/resources/config/log/eag/logback.xml
index 03d2b10fe1..03d2b10fe1 100644
--- a/kubernetes/msb/resources/config/log/eag/logback.xml
+++ b/archive/msb/resources/config/log/eag/logback.xml
diff --git a/kubernetes/msb/resources/config/log/filebeat/filebeat.yml b/archive/msb/resources/config/log/filebeat/filebeat.yml
index 2ba652719f..2ba652719f 100644
--- a/kubernetes/msb/resources/config/log/filebeat/filebeat.yml
+++ b/archive/msb/resources/config/log/filebeat/filebeat.yml
diff --git a/kubernetes/msb/resources/config/log/iag/logback.xml b/archive/msb/resources/config/log/iag/logback.xml
index 8c89320bd0..8c89320bd0 100644
--- a/kubernetes/msb/resources/config/log/iag/logback.xml
+++ b/archive/msb/resources/config/log/iag/logback.xml
diff --git a/kubernetes/msb/templates/configmap.yaml b/archive/msb/templates/configmap.yaml
index 385a37f9ea..385a37f9ea 100644
--- a/kubernetes/msb/templates/configmap.yaml
+++ b/archive/msb/templates/configmap.yaml
diff --git a/kubernetes/msb/templates/serviceaccount.yaml b/archive/msb/templates/serviceaccount.yaml
index 50cbebf984..50cbebf984 100644
--- a/kubernetes/msb/templates/serviceaccount.yaml
+++ b/archive/msb/templates/serviceaccount.yaml
diff --git a/kubernetes/msb/values.yaml b/archive/msb/values.yaml
index 4f1b659f1e..4f1b659f1e 100644
--- a/kubernetes/msb/values.yaml
+++ b/archive/msb/values.yaml
diff --git a/kubernetes/multicloud/components/multicloud-pike/.helmignore b/archive/multicloud/components/multicloud-pike/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/multicloud/components/multicloud-pike/.helmignore
+++ b/archive/multicloud/components/multicloud-pike/.helmignore
diff --git a/kubernetes/multicloud/components/multicloud-pike/Chart.yaml b/archive/multicloud/components/multicloud-pike/Chart.yaml
index 74d6b8ce29..74d6b8ce29 100644
--- a/kubernetes/multicloud/components/multicloud-pike/Chart.yaml
+++ b/archive/multicloud/components/multicloud-pike/Chart.yaml
diff --git a/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml b/archive/multicloud/components/multicloud-pike/resources/config/log/log.yml
index 9c82852f79..9c82852f79 100644
--- a/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml
+++ b/archive/multicloud/components/multicloud-pike/resources/config/log/log.yml
diff --git a/kubernetes/multicloud/components/multicloud-pike/templates/NOTES.txt b/archive/multicloud/components/multicloud-pike/templates/NOTES.txt
index 7adeb620b5..7adeb620b5 100644
--- a/kubernetes/multicloud/components/multicloud-pike/templates/NOTES.txt
+++ b/archive/multicloud/components/multicloud-pike/templates/NOTES.txt
diff --git a/kubernetes/multicloud/components/multicloud-pike/templates/configmap.yaml b/archive/multicloud/components/multicloud-pike/templates/configmap.yaml
index df5f76a478..df5f76a478 100644
--- a/kubernetes/multicloud/components/multicloud-pike/templates/configmap.yaml
+++ b/archive/multicloud/components/multicloud-pike/templates/configmap.yaml
diff --git a/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml b/archive/multicloud/components/multicloud-pike/templates/deployment.yaml
index 1822695eab..1822695eab 100644
--- a/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml
+++ b/archive/multicloud/components/multicloud-pike/templates/deployment.yaml
diff --git a/kubernetes/multicloud/components/multicloud-pike/templates/ingress.yaml b/archive/multicloud/components/multicloud-pike/templates/ingress.yaml
index bcc60a0953..bcc60a0953 100644
--- a/kubernetes/multicloud/components/multicloud-pike/templates/ingress.yaml
+++ b/archive/multicloud/components/multicloud-pike/templates/ingress.yaml
diff --git a/kubernetes/multicloud/components/multicloud-pike/templates/service.yaml b/archive/multicloud/components/multicloud-pike/templates/service.yaml
index adbb87c70d..adbb87c70d 100644
--- a/kubernetes/multicloud/components/multicloud-pike/templates/service.yaml
+++ b/archive/multicloud/components/multicloud-pike/templates/service.yaml
diff --git a/kubernetes/multicloud/components/multicloud-pike/values.yaml b/archive/multicloud/components/multicloud-pike/values.yaml
index 643daa7e3f..643daa7e3f 100644
--- a/kubernetes/multicloud/components/multicloud-pike/values.yaml
+++ b/archive/multicloud/components/multicloud-pike/values.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/Chart.yaml b/archive/multicloud/components/multicloud-prometheus/Chart.yaml
index 2ed930aa65..2ed930aa65 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/Chart.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/Chart.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/Chart.yaml b/archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/Chart.yaml
index b4643db800..b4643db800 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/Chart.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/Chart.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/resources/config/alertmanager.yml b/archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/resources/config/alertmanager.yml
index 3dd1acb5b0..3dd1acb5b0 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/resources/config/alertmanager.yml
+++ b/archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/resources/config/alertmanager.yml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/configmap.yaml b/archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/configmap.yaml
index 2dafcc381e..2dafcc381e 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/configmap.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/configmap.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/deployment.yaml b/archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/deployment.yaml
index 185aa1e47b..185aa1e47b 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/deployment.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/deployment.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/pv.yaml b/archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/pv.yaml
index aa1485da57..aa1485da57 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/pv.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/pv.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/pvc.yaml b/archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/pvc.yaml
index 918d002cdb..918d002cdb 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/pvc.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/pvc.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/service.yaml b/archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/service.yaml
index a21ec43d9b..a21ec43d9b 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/service.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/templates/service.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/values.yaml b/archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/values.yaml
index 5b48f73a45..5b48f73a45 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/values.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/components/prometheus-alertmanager/values.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/Chart.yaml b/archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/Chart.yaml
index cc89de3d26..cc89de3d26 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/Chart.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/Chart.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/resources/config/grafana.ini b/archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/resources/config/grafana.ini
index 9dc0f09cd9..9dc0f09cd9 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/resources/config/grafana.ini
+++ b/archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/resources/config/grafana.ini
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/configmap.yaml b/archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/configmap.yaml
index ab570896db..ab570896db 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/configmap.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/configmap.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/deployment.yaml b/archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/deployment.yaml
index e578feb96d..e578feb96d 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/deployment.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/deployment.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/pv.yaml b/archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/pv.yaml
index 0c7ea4b560..0c7ea4b560 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/pv.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/pv.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/pvc.yaml b/archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/pvc.yaml
index 68ab6c487f..68ab6c487f 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/pvc.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/pvc.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/service.yaml b/archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/service.yaml
index 775af0afa7..775af0afa7 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/service.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/templates/service.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/values.yaml b/archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/values.yaml
index 0d066bbdc7..0d066bbdc7 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/components/prometheus-grafana/values.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/components/prometheus-grafana/values.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/resources/config/prometheus.yml b/archive/multicloud/components/multicloud-prometheus/resources/config/prometheus.yml
index 0355b48ab5..0355b48ab5 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/resources/config/prometheus.yml
+++ b/archive/multicloud/components/multicloud-prometheus/resources/config/prometheus.yml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/templates/configmap.yaml b/archive/multicloud/components/multicloud-prometheus/templates/configmap.yaml
index 471c9094aa..471c9094aa 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/templates/configmap.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/templates/configmap.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml b/archive/multicloud/components/multicloud-prometheus/templates/deployment.yaml
index a75ac28b2d..a75ac28b2d 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/templates/deployment.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/templates/pv.yaml b/archive/multicloud/components/multicloud-prometheus/templates/pv.yaml
index 1b67193e7a..1b67193e7a 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/templates/pv.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/templates/pv.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/templates/pvc.yaml b/archive/multicloud/components/multicloud-prometheus/templates/pvc.yaml
index 77cc681743..77cc681743 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/templates/pvc.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/templates/pvc.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/templates/service.yaml b/archive/multicloud/components/multicloud-prometheus/templates/service.yaml
index ec4e1a7011..ec4e1a7011 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/templates/service.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/templates/service.yaml
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/values.yaml b/archive/multicloud/components/multicloud-prometheus/values.yaml
index 20ab052169..20ab052169 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/values.yaml
+++ b/archive/multicloud/components/multicloud-prometheus/values.yaml
diff --git a/kubernetes/multicloud/components/multicloud-starlingx/.helmignore b/archive/multicloud/components/multicloud-starlingx/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/multicloud/components/multicloud-starlingx/.helmignore
+++ b/archive/multicloud/components/multicloud-starlingx/.helmignore
diff --git a/kubernetes/multicloud/components/multicloud-starlingx/Chart.yaml b/archive/multicloud/components/multicloud-starlingx/Chart.yaml
index dd0d9e5564..dd0d9e5564 100644
--- a/kubernetes/multicloud/components/multicloud-starlingx/Chart.yaml
+++ b/archive/multicloud/components/multicloud-starlingx/Chart.yaml
diff --git a/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/config.json b/archive/multicloud/components/multicloud-starlingx/resources/config/log/config.json
index ebc53849d6..ebc53849d6 100644
--- a/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/config.json
+++ b/archive/multicloud/components/multicloud-starlingx/resources/config/log/config.json
diff --git a/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml b/archive/multicloud/components/multicloud-starlingx/resources/config/log/log.yml
index 243e51e665..243e51e665 100644
--- a/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml
+++ b/archive/multicloud/components/multicloud-starlingx/resources/config/log/log.yml
diff --git a/kubernetes/multicloud/components/multicloud-starlingx/templates/NOTES.txt b/archive/multicloud/components/multicloud-starlingx/templates/NOTES.txt
index 746215b541..746215b541 100644
--- a/kubernetes/multicloud/components/multicloud-starlingx/templates/NOTES.txt
+++ b/archive/multicloud/components/multicloud-starlingx/templates/NOTES.txt
diff --git a/kubernetes/multicloud/components/multicloud-starlingx/templates/configmap.yaml b/archive/multicloud/components/multicloud-starlingx/templates/configmap.yaml
index e271a4f233..e271a4f233 100644
--- a/kubernetes/multicloud/components/multicloud-starlingx/templates/configmap.yaml
+++ b/archive/multicloud/components/multicloud-starlingx/templates/configmap.yaml
diff --git a/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml b/archive/multicloud/components/multicloud-starlingx/templates/deployment.yaml
index 96942ddae5..96942ddae5 100644
--- a/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml
+++ b/archive/multicloud/components/multicloud-starlingx/templates/deployment.yaml
diff --git a/kubernetes/multicloud/components/multicloud-starlingx/templates/ingress.yaml b/archive/multicloud/components/multicloud-starlingx/templates/ingress.yaml
index bcc60a0953..bcc60a0953 100644
--- a/kubernetes/multicloud/components/multicloud-starlingx/templates/ingress.yaml
+++ b/archive/multicloud/components/multicloud-starlingx/templates/ingress.yaml
diff --git a/kubernetes/multicloud/components/multicloud-starlingx/templates/service.yaml b/archive/multicloud/components/multicloud-starlingx/templates/service.yaml
index 6eb90e5630..6eb90e5630 100644
--- a/kubernetes/multicloud/components/multicloud-starlingx/templates/service.yaml
+++ b/archive/multicloud/components/multicloud-starlingx/templates/service.yaml
diff --git a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml b/archive/multicloud/components/multicloud-starlingx/values.yaml
index 2f06b4b3d4..2f06b4b3d4 100644
--- a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml
+++ b/archive/multicloud/components/multicloud-starlingx/values.yaml
diff --git a/kubernetes/multicloud/components/multicloud-vio/.helmignore b/archive/multicloud/components/multicloud-vio/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/multicloud/components/multicloud-vio/.helmignore
+++ b/archive/multicloud/components/multicloud-vio/.helmignore
diff --git a/kubernetes/multicloud/components/multicloud-vio/Chart.yaml b/archive/multicloud/components/multicloud-vio/Chart.yaml
index 2efafe9267..2efafe9267 100644
--- a/kubernetes/multicloud/components/multicloud-vio/Chart.yaml
+++ b/archive/multicloud/components/multicloud-vio/Chart.yaml
diff --git a/kubernetes/multicloud/components/multicloud-vio/resources/config/log/log.yml b/archive/multicloud/components/multicloud-vio/resources/config/log/log.yml
index 137a6908f3..137a6908f3 100644
--- a/kubernetes/multicloud/components/multicloud-vio/resources/config/log/log.yml
+++ b/archive/multicloud/components/multicloud-vio/resources/config/log/log.yml
diff --git a/kubernetes/multicloud/components/multicloud-vio/templates/NOTES.txt b/archive/multicloud/components/multicloud-vio/templates/NOTES.txt
index befedf4578..befedf4578 100644
--- a/kubernetes/multicloud/components/multicloud-vio/templates/NOTES.txt
+++ b/archive/multicloud/components/multicloud-vio/templates/NOTES.txt
diff --git a/kubernetes/multicloud/components/multicloud-vio/templates/configmap.yaml b/archive/multicloud/components/multicloud-vio/templates/configmap.yaml
index ed43b24c76..ed43b24c76 100644
--- a/kubernetes/multicloud/components/multicloud-vio/templates/configmap.yaml
+++ b/archive/multicloud/components/multicloud-vio/templates/configmap.yaml
diff --git a/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml b/archive/multicloud/components/multicloud-vio/templates/deployment.yaml
index 9e26cc3d14..9e26cc3d14 100644
--- a/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml
+++ b/archive/multicloud/components/multicloud-vio/templates/deployment.yaml
diff --git a/kubernetes/multicloud/components/multicloud-vio/templates/ingress.yaml b/archive/multicloud/components/multicloud-vio/templates/ingress.yaml
index bcc60a0953..bcc60a0953 100644
--- a/kubernetes/multicloud/components/multicloud-vio/templates/ingress.yaml
+++ b/archive/multicloud/components/multicloud-vio/templates/ingress.yaml
diff --git a/kubernetes/multicloud/components/multicloud-vio/templates/service.yaml b/archive/multicloud/components/multicloud-vio/templates/service.yaml
index 0cff91a68c..0cff91a68c 100644
--- a/kubernetes/multicloud/components/multicloud-vio/templates/service.yaml
+++ b/archive/multicloud/components/multicloud-vio/templates/service.yaml
diff --git a/kubernetes/multicloud/components/multicloud-vio/values.yaml b/archive/multicloud/components/multicloud-vio/values.yaml
index 1337362a34..1337362a34 100644
--- a/kubernetes/multicloud/components/multicloud-vio/values.yaml
+++ b/archive/multicloud/components/multicloud-vio/values.yaml
diff --git a/kubernetes/multicloud/components/multicloud-windriver/.helmignore b/archive/multicloud/components/multicloud-windriver/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/multicloud/components/multicloud-windriver/.helmignore
+++ b/archive/multicloud/components/multicloud-windriver/.helmignore
diff --git a/kubernetes/multicloud/components/multicloud-windriver/Chart.yaml b/archive/multicloud/components/multicloud-windriver/Chart.yaml
index 110cba02c2..110cba02c2 100644
--- a/kubernetes/multicloud/components/multicloud-windriver/Chart.yaml
+++ b/archive/multicloud/components/multicloud-windriver/Chart.yaml
diff --git a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/config.json b/archive/multicloud/components/multicloud-windriver/resources/config/log/config.json
index e34637666f..e34637666f 100644
--- a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/config.json
+++ b/archive/multicloud/components/multicloud-windriver/resources/config/log/config.json
diff --git a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml b/archive/multicloud/components/multicloud-windriver/resources/config/log/log.yml
index 80792c9c70..80792c9c70 100644
--- a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml
+++ b/archive/multicloud/components/multicloud-windriver/resources/config/log/log.yml
diff --git a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/test.txt b/archive/multicloud/components/multicloud-windriver/resources/config/log/test.txt
index 6c1e709b92..6c1e709b92 100644
--- a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/test.txt
+++ b/archive/multicloud/components/multicloud-windriver/resources/config/log/test.txt
diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/NOTES.txt b/archive/multicloud/components/multicloud-windriver/templates/NOTES.txt
index befedf4578..befedf4578 100644
--- a/kubernetes/multicloud/components/multicloud-windriver/templates/NOTES.txt
+++ b/archive/multicloud/components/multicloud-windriver/templates/NOTES.txt
diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/configmap.yaml b/archive/multicloud/components/multicloud-windriver/templates/configmap.yaml
index ed43b24c76..ed43b24c76 100644
--- a/kubernetes/multicloud/components/multicloud-windriver/templates/configmap.yaml
+++ b/archive/multicloud/components/multicloud-windriver/templates/configmap.yaml
diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml b/archive/multicloud/components/multicloud-windriver/templates/deployment.yaml
index 434c0d156e..434c0d156e 100644
--- a/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml
+++ b/archive/multicloud/components/multicloud-windriver/templates/deployment.yaml
diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/ingress.yaml b/archive/multicloud/components/multicloud-windriver/templates/ingress.yaml
index bcc60a0953..bcc60a0953 100644
--- a/kubernetes/multicloud/components/multicloud-windriver/templates/ingress.yaml
+++ b/archive/multicloud/components/multicloud-windriver/templates/ingress.yaml
diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/pv.yaml b/archive/multicloud/components/multicloud-windriver/templates/pv.yaml
index f798053f71..f798053f71 100644
--- a/kubernetes/multicloud/components/multicloud-windriver/templates/pv.yaml
+++ b/archive/multicloud/components/multicloud-windriver/templates/pv.yaml
diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/pvc.yaml b/archive/multicloud/components/multicloud-windriver/templates/pvc.yaml
index 3c4d646638..3c4d646638 100644
--- a/kubernetes/multicloud/components/multicloud-windriver/templates/pvc.yaml
+++ b/archive/multicloud/components/multicloud-windriver/templates/pvc.yaml
diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/service.yaml b/archive/multicloud/components/multicloud-windriver/templates/service.yaml
index 578036bb8d..578036bb8d 100644
--- a/kubernetes/multicloud/components/multicloud-windriver/templates/service.yaml
+++ b/archive/multicloud/components/multicloud-windriver/templates/service.yaml
diff --git a/kubernetes/multicloud/components/multicloud-windriver/values.yaml b/archive/multicloud/components/multicloud-windriver/values.yaml
index 0af9df856b..0af9df856b 100644
--- a/kubernetes/multicloud/components/multicloud-windriver/values.yaml
+++ b/archive/multicloud/components/multicloud-windriver/values.yaml
diff --git a/kubernetes/nbi/.helmignore b/archive/nbi/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/nbi/.helmignore
+++ b/archive/nbi/.helmignore
diff --git a/kubernetes/nbi/Chart.yaml b/archive/nbi/Chart.yaml
index 6f403f7f74..3ffd2a1f81 100644
--- a/kubernetes/nbi/Chart.yaml
+++ b/archive/nbi/Chart.yaml
@@ -27,7 +27,7 @@ dependencies:
# be published independently to a repo (at this point)
repository: '@local'
- name: mongodb
- version: 14.12.3
+ version: ~14.12.x-0
repository: '@local'
- name: mariadb-galera
version: ~13.x-0
diff --git a/kubernetes/nbi/README.md b/archive/nbi/README.md
index 9d79efe618..9d79efe618 100644
--- a/kubernetes/nbi/README.md
+++ b/archive/nbi/README.md
diff --git a/kubernetes/nbi/templates/deployment.yaml b/archive/nbi/templates/deployment.yaml
index 863926a8ce..863926a8ce 100644
--- a/kubernetes/nbi/templates/deployment.yaml
+++ b/archive/nbi/templates/deployment.yaml
diff --git a/kubernetes/nbi/templates/ingress.yaml b/archive/nbi/templates/ingress.yaml
index 06e66ebbf1..06e66ebbf1 100644
--- a/kubernetes/nbi/templates/ingress.yaml
+++ b/archive/nbi/templates/ingress.yaml
diff --git a/kubernetes/nbi/templates/secret.yaml b/archive/nbi/templates/secret.yaml
index 34932b713d..34932b713d 100644
--- a/kubernetes/nbi/templates/secret.yaml
+++ b/archive/nbi/templates/secret.yaml
diff --git a/kubernetes/nbi/templates/service.yaml b/archive/nbi/templates/service.yaml
index 11fae18dc1..11fae18dc1 100644
--- a/kubernetes/nbi/templates/service.yaml
+++ b/archive/nbi/templates/service.yaml
diff --git a/kubernetes/nbi/tests/deployment_test.yaml b/archive/nbi/tests/deployment_test.yaml
index fe9d0d2977..fe9d0d2977 100644
--- a/kubernetes/nbi/tests/deployment_test.yaml
+++ b/archive/nbi/tests/deployment_test.yaml
diff --git a/kubernetes/nbi/values.yaml b/archive/nbi/values.yaml
index 0d143dc6c6..0d143dc6c6 100644
--- a/kubernetes/nbi/values.yaml
+++ b/archive/nbi/values.yaml
diff --git a/kubernetes/oof/.helmignore b/archive/oof/.helmignore
index 68ffb32406..68ffb32406 100644
--- a/kubernetes/oof/.helmignore
+++ b/archive/oof/.helmignore
diff --git a/kubernetes/oof/Chart.yaml b/archive/oof/Chart.yaml
index 6be063fc4c..6be063fc4c 100755
--- a/kubernetes/oof/Chart.yaml
+++ b/archive/oof/Chart.yaml
diff --git a/kubernetes/oof/Makefile b/archive/oof/Makefile
index eea1b7aefb..eea1b7aefb 100644
--- a/kubernetes/oof/Makefile
+++ b/archive/oof/Makefile
diff --git a/kubernetes/oof/components/Makefile b/archive/oof/components/Makefile
index f09e21e75c..f09e21e75c 100755
--- a/kubernetes/oof/components/Makefile
+++ b/archive/oof/components/Makefile
diff --git a/kubernetes/oof/components/oof-has/.helmignore b/archive/oof/components/oof-has/.helmignore
index 68ffb32406..68ffb32406 100644
--- a/kubernetes/oof/components/oof-has/.helmignore
+++ b/archive/oof/components/oof-has/.helmignore
diff --git a/kubernetes/oof/components/oof-has/Chart.yaml b/archive/oof/components/oof-has/Chart.yaml
index 79f19c176c..79f19c176c 100755
--- a/kubernetes/oof/components/oof-has/Chart.yaml
+++ b/archive/oof/components/oof-has/Chart.yaml
diff --git a/kubernetes/oof/components/oof-has/Makefile b/archive/oof/components/oof-has/Makefile
index 2de7c19587..2de7c19587 100644
--- a/kubernetes/oof/components/oof-has/Makefile
+++ b/archive/oof/components/oof-has/Makefile
diff --git a/kubernetes/oof/components/oof-has/components/Makefile b/archive/oof/components/oof-has/components/Makefile
index 6d0030d4cf..6d0030d4cf 100755
--- a/kubernetes/oof/components/oof-has/components/Makefile
+++ b/archive/oof/components/oof-has/components/Makefile
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml b/archive/oof/components/oof-has/components/oof-has-api/Chart.yaml
index c6c07bd8ef..c6c07bd8ef 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/Chart.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-api/Chart.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/NOTES.txt b/archive/oof/components/oof-has/components/oof-has-api/templates/NOTES.txt
index 1ec56d38b3..1ec56d38b3 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/NOTES.txt
+++ b/archive/oof/components/oof-has/components/oof-has-api/templates/NOTES.txt
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml b/archive/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
index 703d8bb7c4..703d8bb7c4 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml b/archive/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml
index 2afc5dad2a..2afc5dad2a 100644
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-api/templates/ingress.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml b/archive/oof/components/oof-has/components/oof-has-api/templates/secret.yaml
index c5fe2be5da..c5fe2be5da 100644
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/secret.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-api/templates/secret.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml b/archive/oof/components/oof-has/components/oof-has-api/templates/service.yaml
index b77b592c08..b77b592c08 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/service.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-api/templates/service.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/archive/oof/components/oof-has/components/oof-has-api/values.yaml
index 0d7bd7c995..0d7bd7c995 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-api/values.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml b/archive/oof/components/oof-has/components/oof-has-controller/Chart.yaml
index 9c155e8525..9c155e8525 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/Chart.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-controller/Chart.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml b/archive/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml
index 2367da742e..2367da742e 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml b/archive/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml
index c5fe2be5da..c5fe2be5da 100644
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-controller/templates/secret.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/archive/oof/components/oof-has/components/oof-has-controller/values.yaml
index 7cbfafbc76..7cbfafbc76 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-controller/values.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml b/archive/oof/components/oof-has/components/oof-has-data/Chart.yaml
index 142f6e563e..142f6e563e 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/Chart.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-data/Chart.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml b/archive/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml
index 765d3dbda4..765d3dbda4 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml b/archive/oof/components/oof-has/components/oof-has-data/templates/secret.yaml
index c5fe2be5da..c5fe2be5da 100644
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/secret.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-data/templates/secret.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/archive/oof/components/oof-has/components/oof-has-data/values.yaml
index 37e131ba91..37e131ba91 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-data/values.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml b/archive/oof/components/oof-has/components/oof-has-reservation/Chart.yaml
index 2e7666ca06..2e7666ca06 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/Chart.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-reservation/Chart.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml b/archive/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml
index d7b53346e9..d7b53346e9 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml b/archive/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml
index c5fe2be5da..c5fe2be5da 100644
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-reservation/templates/secret.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/archive/oof/components/oof-has/components/oof-has-reservation/values.yaml
index 6a1bc53582..6a1bc53582 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-reservation/values.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml b/archive/oof/components/oof-has/components/oof-has-solver/Chart.yaml
index 7fe3d0c8ca..7fe3d0c8ca 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/Chart.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-solver/Chart.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml b/archive/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml
index 5d9c0763b5..5d9c0763b5 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml b/archive/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml
index c5fe2be5da..c5fe2be5da 100644
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-solver/templates/secret.yaml
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/archive/oof/components/oof-has/components/oof-has-solver/values.yaml
index e0a9b0cdd1..e0a9b0cdd1 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
+++ b/archive/oof/components/oof-has/components/oof-has-solver/values.yaml
diff --git a/kubernetes/oof/components/oof-has/resources/config/conductor.conf b/archive/oof/components/oof-has/resources/config/conductor.conf
index 511c0cd6de..511c0cd6de 100755
--- a/kubernetes/oof/components/oof-has/resources/config/conductor.conf
+++ b/archive/oof/components/oof-has/resources/config/conductor.conf
diff --git a/kubernetes/oof/components/oof-has/resources/config/healthy.sh b/archive/oof/components/oof-has/resources/config/healthy.sh
index 5495e4271b..5495e4271b 100755
--- a/kubernetes/oof/components/oof-has/resources/config/healthy.sh
+++ b/archive/oof/components/oof-has/resources/config/healthy.sh
diff --git a/kubernetes/oof/components/oof-has/resources/config/log.conf b/archive/oof/components/oof-has/resources/config/log.conf
index c9bf3fabc9..c9bf3fabc9 100755
--- a/kubernetes/oof/components/oof-has/resources/config/log.conf
+++ b/archive/oof/components/oof-has/resources/config/log.conf
diff --git a/kubernetes/oof/components/oof-has/resources/config/log/filebeat.yml b/archive/oof/components/oof-has/resources/config/log/filebeat.yml
index 8b1e926e10..8b1e926e10 100755
--- a/kubernetes/oof/components/oof-has/resources/config/log/filebeat.yml
+++ b/archive/oof/components/oof-has/resources/config/log/filebeat.yml
diff --git a/kubernetes/oof/components/oof-has/resources/config/nginx.conf b/archive/oof/components/oof-has/resources/config/nginx.conf
index 1c1094dacb..1c1094dacb 100644
--- a/kubernetes/oof/components/oof-has/resources/config/nginx.conf
+++ b/archive/oof/components/oof-has/resources/config/nginx.conf
diff --git a/kubernetes/oof/components/oof-has/templates/configmap.yaml b/archive/oof/components/oof-has/templates/configmap.yaml
index 35581366e6..35581366e6 100755
--- a/kubernetes/oof/components/oof-has/templates/configmap.yaml
+++ b/archive/oof/components/oof-has/templates/configmap.yaml
diff --git a/kubernetes/oof/components/oof-has/templates/secret.yaml b/archive/oof/components/oof-has/templates/secret.yaml
index c5fe2be5da..c5fe2be5da 100644
--- a/kubernetes/oof/components/oof-has/templates/secret.yaml
+++ b/archive/oof/components/oof-has/templates/secret.yaml
diff --git a/kubernetes/oof/components/oof-has/values.yaml b/archive/oof/components/oof-has/values.yaml
index 33558c4567..33558c4567 100755
--- a/kubernetes/oof/components/oof-has/values.yaml
+++ b/archive/oof/components/oof-has/values.yaml
diff --git a/kubernetes/oof/components/oof-templates/Chart.yaml b/archive/oof/components/oof-templates/Chart.yaml
index 946be1fd2d..946be1fd2d 100755
--- a/kubernetes/oof/components/oof-templates/Chart.yaml
+++ b/archive/oof/components/oof-templates/Chart.yaml
diff --git a/kubernetes/oof/components/oof-templates/templates/_secret.tpl b/archive/oof/components/oof-templates/templates/_secret.tpl
index 0b04f7120b..0b04f7120b 100644
--- a/kubernetes/oof/components/oof-templates/templates/_secret.tpl
+++ b/archive/oof/components/oof-templates/templates/_secret.tpl
diff --git a/kubernetes/oof/components/oof-templates/values.yaml b/archive/oof/components/oof-templates/values.yaml
index a97238e9af..a97238e9af 100644
--- a/kubernetes/oof/components/oof-templates/values.yaml
+++ b/archive/oof/components/oof-templates/values.yaml
diff --git a/kubernetes/oof/resources/config/conf/common_config.yaml b/archive/oof/resources/config/conf/common_config.yaml
index 394bece9d9..394bece9d9 100644
--- a/kubernetes/oof/resources/config/conf/common_config.yaml
+++ b/archive/oof/resources/config/conf/common_config.yaml
diff --git a/kubernetes/oof/resources/config/conf/log.yml b/archive/oof/resources/config/conf/log.yml
index 3966ea28c0..3966ea28c0 100644
--- a/kubernetes/oof/resources/config/conf/log.yml
+++ b/archive/oof/resources/config/conf/log.yml
diff --git a/kubernetes/oof/resources/config/conf/osdf_config.yaml b/archive/oof/resources/config/conf/osdf_config.yaml
index 818d4f340a..818d4f340a 100755
--- a/kubernetes/oof/resources/config/conf/osdf_config.yaml
+++ b/archive/oof/resources/config/conf/osdf_config.yaml
diff --git a/kubernetes/oof/resources/config/conf/slicing_config.yaml b/archive/oof/resources/config/conf/slicing_config.yaml
index 97ed73d524..97ed73d524 100644
--- a/kubernetes/oof/resources/config/conf/slicing_config.yaml
+++ b/archive/oof/resources/config/conf/slicing_config.yaml
diff --git a/kubernetes/oof/templates/NOTES.txt b/archive/oof/templates/NOTES.txt
index acb7dd94b3..acb7dd94b3 100644
--- a/kubernetes/oof/templates/NOTES.txt
+++ b/archive/oof/templates/NOTES.txt
diff --git a/kubernetes/oof/templates/configmap.yaml b/archive/oof/templates/configmap.yaml
index 59920a63bd..59920a63bd 100644
--- a/kubernetes/oof/templates/configmap.yaml
+++ b/archive/oof/templates/configmap.yaml
diff --git a/kubernetes/oof/templates/deployment.yaml b/archive/oof/templates/deployment.yaml
index 5eb0fc0c6a..5eb0fc0c6a 100644
--- a/kubernetes/oof/templates/deployment.yaml
+++ b/archive/oof/templates/deployment.yaml
diff --git a/kubernetes/oof/templates/ingress.yaml b/archive/oof/templates/ingress.yaml
index 99c7f87970..99c7f87970 100644
--- a/kubernetes/oof/templates/ingress.yaml
+++ b/archive/oof/templates/ingress.yaml
diff --git a/kubernetes/oof/templates/secret.yaml b/archive/oof/templates/secret.yaml
index c5fe2be5da..c5fe2be5da 100644
--- a/kubernetes/oof/templates/secret.yaml
+++ b/archive/oof/templates/secret.yaml
diff --git a/kubernetes/oof/templates/service.yaml b/archive/oof/templates/service.yaml
index 418f89ac93..418f89ac93 100644
--- a/kubernetes/oof/templates/service.yaml
+++ b/archive/oof/templates/service.yaml
diff --git a/kubernetes/oof/values.yaml b/archive/oof/values.yaml
index 738df14015..738df14015 100644
--- a/kubernetes/oof/values.yaml
+++ b/archive/oof/values.yaml
diff --git a/kubernetes/policy/components/policy-gui/Chart.yaml b/archive/policy/components/policy-gui/Chart.yaml
index 28972b59b0..28972b59b0 100644
--- a/kubernetes/policy/components/policy-gui/Chart.yaml
+++ b/archive/policy/components/policy-gui/Chart.yaml
diff --git a/kubernetes/policy/components/policy-gui/resources/config/application.yml b/archive/policy/components/policy-gui/resources/config/application.yml
index f81a1b452a..f81a1b452a 100644
--- a/kubernetes/policy/components/policy-gui/resources/config/application.yml
+++ b/archive/policy/components/policy-gui/resources/config/application.yml
diff --git a/kubernetes/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml b/archive/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml
index 0b3951726b..0b3951726b 100644
--- a/kubernetes/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml
+++ b/archive/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml
diff --git a/kubernetes/policy/components/policy-gui/resources/config/logback.xml b/archive/policy/components/policy-gui/resources/config/logback.xml
index c20df8329d..c20df8329d 100644
--- a/kubernetes/policy/components/policy-gui/resources/config/logback.xml
+++ b/archive/policy/components/policy-gui/resources/config/logback.xml
diff --git a/kubernetes/policy/components/policy-gui/templates/NOTES.txt b/archive/policy/components/policy-gui/templates/NOTES.txt
index e44f333e11..e44f333e11 100644
--- a/kubernetes/policy/components/policy-gui/templates/NOTES.txt
+++ b/archive/policy/components/policy-gui/templates/NOTES.txt
diff --git a/kubernetes/policy/components/policy-gui/templates/authorizationpolicy.yaml b/archive/policy/components/policy-gui/templates/authorizationpolicy.yaml
index 7158c0263f..7158c0263f 100644
--- a/kubernetes/policy/components/policy-gui/templates/authorizationpolicy.yaml
+++ b/archive/policy/components/policy-gui/templates/authorizationpolicy.yaml
diff --git a/kubernetes/policy/components/policy-gui/templates/configmap.yaml b/archive/policy/components/policy-gui/templates/configmap.yaml
index 9426b0f54f..9426b0f54f 100644
--- a/kubernetes/policy/components/policy-gui/templates/configmap.yaml
+++ b/archive/policy/components/policy-gui/templates/configmap.yaml
diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/archive/policy/components/policy-gui/templates/deployment.yaml
index a236d5f558..a236d5f558 100644
--- a/kubernetes/policy/components/policy-gui/templates/deployment.yaml
+++ b/archive/policy/components/policy-gui/templates/deployment.yaml
diff --git a/kubernetes/policy/components/policy-gui/templates/ingress.yaml b/archive/policy/components/policy-gui/templates/ingress.yaml
index e3dd7cb0f6..e3dd7cb0f6 100644
--- a/kubernetes/policy/components/policy-gui/templates/ingress.yaml
+++ b/archive/policy/components/policy-gui/templates/ingress.yaml
diff --git a/kubernetes/policy/components/policy-gui/templates/secrets.yaml b/archive/policy/components/policy-gui/templates/secrets.yaml
index 2af7fae2d9..2af7fae2d9 100644
--- a/kubernetes/policy/components/policy-gui/templates/secrets.yaml
+++ b/archive/policy/components/policy-gui/templates/secrets.yaml
diff --git a/kubernetes/policy/components/policy-gui/templates/service.yaml b/archive/policy/components/policy-gui/templates/service.yaml
index 36406228d5..36406228d5 100644
--- a/kubernetes/policy/components/policy-gui/templates/service.yaml
+++ b/archive/policy/components/policy-gui/templates/service.yaml
diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/archive/policy/components/policy-gui/values.yaml
index 6d9b712250..1533f823a9 100644
--- a/kubernetes/policy/components/policy-gui/values.yaml
+++ b/archive/policy/components/policy-gui/values.yaml
@@ -29,7 +29,7 @@ subChartsOnly:
flavor: small
# application image
-image: onap/policy-gui:3.1.2
+image: onap/policy-gui:3.1.3
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/components/dmaap-listener/Chart.yaml b/archive/sdnc/components/dmaap-listener/Chart.yaml
index 0fdddec268..41c018ebc3 100644
--- a/kubernetes/sdnc/components/dmaap-listener/Chart.yaml
+++ b/archive/sdnc/components/dmaap-listener/Chart.yaml
@@ -16,7 +16,7 @@
apiVersion: v2
description: SDNC DMaaP Listener
name: dmaap-listener
-version: 13.0.0
+version: 14.0.0
dependencies:
- name: common
diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/aai.properties b/archive/sdnc/components/dmaap-listener/resources/config/aai.properties
index 6a4ca4ca16..6a4ca4ca16 100644
--- a/kubernetes/sdnc/components/dmaap-listener/resources/config/aai.properties
+++ b/archive/sdnc/components/dmaap-listener/resources/config/aai.properties
diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/dblib.properties b/archive/sdnc/components/dmaap-listener/resources/config/dblib.properties
index 846abc2381..846abc2381 100644
--- a/kubernetes/sdnc/components/dmaap-listener/resources/config/dblib.properties
+++ b/archive/sdnc/components/dmaap-listener/resources/config/dblib.properties
diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/dhcpalert.properties b/archive/sdnc/components/dmaap-listener/resources/config/dhcpalert.properties
index d2b55fb131..d2b55fb131 100644
--- a/kubernetes/sdnc/components/dmaap-listener/resources/config/dhcpalert.properties
+++ b/archive/sdnc/components/dmaap-listener/resources/config/dhcpalert.properties
diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties b/archive/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties
index 6d5afef190..6d5afef190 100644
--- a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties
+++ b/archive/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties
diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties b/archive/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties
index f114a9c65b..f114a9c65b 100644
--- a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties
+++ b/archive/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-RANSlice.properties
diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties b/archive/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties
index fcb56e08c3..fcb56e08c3 100644
--- a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties
+++ b/archive/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties
diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties b/archive/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties
index a03871d428..a03871d428 100644
--- a/kubernetes/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties
+++ b/archive/sdnc/components/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties
diff --git a/kubernetes/sdnc/components/dmaap-listener/resources/config/lcm.properties b/archive/sdnc/components/dmaap-listener/resources/config/lcm.properties
index 15f32c4248..15f32c4248 100644
--- a/kubernetes/sdnc/components/dmaap-listener/resources/config/lcm.properties
+++ b/archive/sdnc/components/dmaap-listener/resources/config/lcm.properties
diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/authorizationpolicy.yaml b/archive/sdnc/components/dmaap-listener/templates/authorizationpolicy.yaml
index 7158c0263f..7158c0263f 100644
--- a/kubernetes/sdnc/components/dmaap-listener/templates/authorizationpolicy.yaml
+++ b/archive/sdnc/components/dmaap-listener/templates/authorizationpolicy.yaml
diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/configmap.yaml b/archive/sdnc/components/dmaap-listener/templates/configmap.yaml
index c41c3ef0d6..c41c3ef0d6 100644
--- a/kubernetes/sdnc/components/dmaap-listener/templates/configmap.yaml
+++ b/archive/sdnc/components/dmaap-listener/templates/configmap.yaml
diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml b/archive/sdnc/components/dmaap-listener/templates/deployment.yaml
index 110001a6a6..110001a6a6 100644
--- a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml
+++ b/archive/sdnc/components/dmaap-listener/templates/deployment.yaml
diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/secret.yaml b/archive/sdnc/components/dmaap-listener/templates/secret.yaml
index 34932b713d..34932b713d 100644
--- a/kubernetes/sdnc/components/dmaap-listener/templates/secret.yaml
+++ b/archive/sdnc/components/dmaap-listener/templates/secret.yaml
diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/service.yaml b/archive/sdnc/components/dmaap-listener/templates/service.yaml
index 77b0d878c1..77b0d878c1 100644
--- a/kubernetes/sdnc/components/dmaap-listener/templates/service.yaml
+++ b/archive/sdnc/components/dmaap-listener/templates/service.yaml
diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/archive/sdnc/components/dmaap-listener/values.yaml
index 084afa18cb..f6363c6903 100644
--- a/kubernetes/sdnc/components/dmaap-listener/values.yaml
+++ b/archive/sdnc/components/dmaap-listener/values.yaml
@@ -51,7 +51,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-dmaap-listener-image:2.5.5
+image: onap/sdnc-dmaap-listener-image:2.6.1
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/vfc/.helmignore b/archive/vfc/.helmignore
index 7ddbad7ef4..7ddbad7ef4 100644
--- a/kubernetes/vfc/.helmignore
+++ b/archive/vfc/.helmignore
diff --git a/kubernetes/vfc/Chart.yaml b/archive/vfc/Chart.yaml
index 0965d00905..0965d00905 100644
--- a/kubernetes/vfc/Chart.yaml
+++ b/archive/vfc/Chart.yaml
diff --git a/kubernetes/vfc/Makefile b/archive/vfc/Makefile
index 08ed7cb9da..08ed7cb9da 100644
--- a/kubernetes/vfc/Makefile
+++ b/archive/vfc/Makefile
diff --git a/kubernetes/platform/components/oauth2-proxy/components/Makefile b/archive/vfc/components/Makefile
index 9544d70f33..9544d70f33 100755..100644
--- a/kubernetes/platform/components/oauth2-proxy/components/Makefile
+++ b/archive/vfc/components/Makefile
diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/.helmignore b/archive/vfc/components/vfc-generic-vnfm-driver/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/vfc/components/vfc-generic-vnfm-driver/.helmignore
+++ b/archive/vfc/components/vfc-generic-vnfm-driver/.helmignore
diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/Chart.yaml b/archive/vfc/components/vfc-generic-vnfm-driver/Chart.yaml
index a8f441dce4..a8f441dce4 100644
--- a/kubernetes/vfc/components/vfc-generic-vnfm-driver/Chart.yaml
+++ b/archive/vfc/components/vfc-generic-vnfm-driver/Chart.yaml
diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/resources/config/logging/log.yml b/archive/vfc/components/vfc-generic-vnfm-driver/resources/config/logging/log.yml
index 844f993df1..844f993df1 100644
--- a/kubernetes/vfc/components/vfc-generic-vnfm-driver/resources/config/logging/log.yml
+++ b/archive/vfc/components/vfc-generic-vnfm-driver/resources/config/logging/log.yml
diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/configmap.yaml b/archive/vfc/components/vfc-generic-vnfm-driver/templates/configmap.yaml
index 83f658f751..83f658f751 100644
--- a/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/configmap.yaml
+++ b/archive/vfc/components/vfc-generic-vnfm-driver/templates/configmap.yaml
diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/deployment.yaml b/archive/vfc/components/vfc-generic-vnfm-driver/templates/deployment.yaml
index 4cd1100988..4cd1100988 100644
--- a/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/deployment.yaml
+++ b/archive/vfc/components/vfc-generic-vnfm-driver/templates/deployment.yaml
diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/service.yaml b/archive/vfc/components/vfc-generic-vnfm-driver/templates/service.yaml
index 85498aeca8..85498aeca8 100644
--- a/kubernetes/vfc/components/vfc-generic-vnfm-driver/templates/service.yaml
+++ b/archive/vfc/components/vfc-generic-vnfm-driver/templates/service.yaml
diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml b/archive/vfc/components/vfc-generic-vnfm-driver/values.yaml
index c96712be4f..c96712be4f 100644
--- a/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml
+++ b/archive/vfc/components/vfc-generic-vnfm-driver/values.yaml
diff --git a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/.helmignore b/archive/vfc/components/vfc-huawei-vnfm-driver/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/.helmignore
+++ b/archive/vfc/components/vfc-huawei-vnfm-driver/.helmignore
diff --git a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/Chart.yaml b/archive/vfc/components/vfc-huawei-vnfm-driver/Chart.yaml
index 37158d942d..37158d942d 100644
--- a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/Chart.yaml
+++ b/archive/vfc/components/vfc-huawei-vnfm-driver/Chart.yaml
diff --git a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/resources/config/logging/log4j.properties b/archive/vfc/components/vfc-huawei-vnfm-driver/resources/config/logging/log4j.properties
index e2036398fe..e2036398fe 100644
--- a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/resources/config/logging/log4j.properties
+++ b/archive/vfc/components/vfc-huawei-vnfm-driver/resources/config/logging/log4j.properties
diff --git a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/configmap.yaml b/archive/vfc/components/vfc-huawei-vnfm-driver/templates/configmap.yaml
index 83f658f751..83f658f751 100644
--- a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/configmap.yaml
+++ b/archive/vfc/components/vfc-huawei-vnfm-driver/templates/configmap.yaml
diff --git a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/deployment.yaml b/archive/vfc/components/vfc-huawei-vnfm-driver/templates/deployment.yaml
index ff22976b17..ff22976b17 100644
--- a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/deployment.yaml
+++ b/archive/vfc/components/vfc-huawei-vnfm-driver/templates/deployment.yaml
diff --git a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/service.yaml b/archive/vfc/components/vfc-huawei-vnfm-driver/templates/service.yaml
index def3fa2a54..def3fa2a54 100644
--- a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/templates/service.yaml
+++ b/archive/vfc/components/vfc-huawei-vnfm-driver/templates/service.yaml
diff --git a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/values.yaml b/archive/vfc/components/vfc-huawei-vnfm-driver/values.yaml
index 040ad08694..040ad08694 100644
--- a/kubernetes/vfc/components/vfc-huawei-vnfm-driver/values.yaml
+++ b/archive/vfc/components/vfc-huawei-vnfm-driver/values.yaml
diff --git a/kubernetes/vfc/components/vfc-nslcm/.helmignore b/archive/vfc/components/vfc-nslcm/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/vfc/components/vfc-nslcm/.helmignore
+++ b/archive/vfc/components/vfc-nslcm/.helmignore
diff --git a/kubernetes/vfc/components/vfc-nslcm/Chart.yaml b/archive/vfc/components/vfc-nslcm/Chart.yaml
index 3bef3a8743..3bef3a8743 100644
--- a/kubernetes/vfc/components/vfc-nslcm/Chart.yaml
+++ b/archive/vfc/components/vfc-nslcm/Chart.yaml
diff --git a/kubernetes/vfc/components/vfc-nslcm/resources/config/logging/log.yml b/archive/vfc/components/vfc-nslcm/resources/config/logging/log.yml
index c88606239e..c88606239e 100644
--- a/kubernetes/vfc/components/vfc-nslcm/resources/config/logging/log.yml
+++ b/archive/vfc/components/vfc-nslcm/resources/config/logging/log.yml
diff --git a/kubernetes/vfc/components/vfc-nslcm/templates/configmap.yaml b/archive/vfc/components/vfc-nslcm/templates/configmap.yaml
index 83f658f751..83f658f751 100644
--- a/kubernetes/vfc/components/vfc-nslcm/templates/configmap.yaml
+++ b/archive/vfc/components/vfc-nslcm/templates/configmap.yaml
diff --git a/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml b/archive/vfc/components/vfc-nslcm/templates/deployment.yaml
index 88c322fef7..88c322fef7 100644
--- a/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml
+++ b/archive/vfc/components/vfc-nslcm/templates/deployment.yaml
diff --git a/kubernetes/vfc/components/vfc-nslcm/templates/secrets.yaml b/archive/vfc/components/vfc-nslcm/templates/secrets.yaml
index 246928825e..246928825e 100644
--- a/kubernetes/vfc/components/vfc-nslcm/templates/secrets.yaml
+++ b/archive/vfc/components/vfc-nslcm/templates/secrets.yaml
diff --git a/kubernetes/vfc/components/vfc-nslcm/templates/service.yaml b/archive/vfc/components/vfc-nslcm/templates/service.yaml
index 4ca1cb891c..4ca1cb891c 100644
--- a/kubernetes/vfc/components/vfc-nslcm/templates/service.yaml
+++ b/archive/vfc/components/vfc-nslcm/templates/service.yaml
diff --git a/kubernetes/vfc/components/vfc-nslcm/values.yaml b/archive/vfc/components/vfc-nslcm/values.yaml
index 48cce40822..48cce40822 100644
--- a/kubernetes/vfc/components/vfc-nslcm/values.yaml
+++ b/archive/vfc/components/vfc-nslcm/values.yaml
diff --git a/kubernetes/vfc/components/vfc-redis/.helmignore b/archive/vfc/components/vfc-redis/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/vfc/components/vfc-redis/.helmignore
+++ b/archive/vfc/components/vfc-redis/.helmignore
diff --git a/kubernetes/vfc/components/vfc-redis/Chart.yaml b/archive/vfc/components/vfc-redis/Chart.yaml
index 84736f364b..84736f364b 100644
--- a/kubernetes/vfc/components/vfc-redis/Chart.yaml
+++ b/archive/vfc/components/vfc-redis/Chart.yaml
diff --git a/kubernetes/vfc/components/vfc-redis/templates/deployment.yaml b/archive/vfc/components/vfc-redis/templates/deployment.yaml
index 02fc994599..02fc994599 100644
--- a/kubernetes/vfc/components/vfc-redis/templates/deployment.yaml
+++ b/archive/vfc/components/vfc-redis/templates/deployment.yaml
diff --git a/kubernetes/vfc/components/vfc-redis/templates/service.yaml b/archive/vfc/components/vfc-redis/templates/service.yaml
index 23518e95f1..23518e95f1 100644
--- a/kubernetes/vfc/components/vfc-redis/templates/service.yaml
+++ b/archive/vfc/components/vfc-redis/templates/service.yaml
diff --git a/kubernetes/vfc/components/vfc-redis/values.yaml b/archive/vfc/components/vfc-redis/values.yaml
index 60c95b9b7c..60c95b9b7c 100644
--- a/kubernetes/vfc/components/vfc-redis/values.yaml
+++ b/archive/vfc/components/vfc-redis/values.yaml
diff --git a/kubernetes/vfc/components/vfc-vnflcm/.helmignore b/archive/vfc/components/vfc-vnflcm/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/vfc/components/vfc-vnflcm/.helmignore
+++ b/archive/vfc/components/vfc-vnflcm/.helmignore
diff --git a/kubernetes/vfc/components/vfc-vnflcm/Chart.yaml b/archive/vfc/components/vfc-vnflcm/Chart.yaml
index fe0ce9b4f9..fe0ce9b4f9 100644
--- a/kubernetes/vfc/components/vfc-vnflcm/Chart.yaml
+++ b/archive/vfc/components/vfc-vnflcm/Chart.yaml
diff --git a/kubernetes/vfc/components/vfc-vnflcm/resources/config/logging/log.yml b/archive/vfc/components/vfc-vnflcm/resources/config/logging/log.yml
index 9dbf475beb..9dbf475beb 100644
--- a/kubernetes/vfc/components/vfc-vnflcm/resources/config/logging/log.yml
+++ b/archive/vfc/components/vfc-vnflcm/resources/config/logging/log.yml
diff --git a/kubernetes/vfc/components/vfc-vnflcm/templates/configmap.yaml b/archive/vfc/components/vfc-vnflcm/templates/configmap.yaml
index 83f658f751..83f658f751 100644
--- a/kubernetes/vfc/components/vfc-vnflcm/templates/configmap.yaml
+++ b/archive/vfc/components/vfc-vnflcm/templates/configmap.yaml
diff --git a/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml b/archive/vfc/components/vfc-vnflcm/templates/deployment.yaml
index e915587a4f..e915587a4f 100644
--- a/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml
+++ b/archive/vfc/components/vfc-vnflcm/templates/deployment.yaml
diff --git a/kubernetes/vfc/components/vfc-vnflcm/templates/secrets.yaml b/archive/vfc/components/vfc-vnflcm/templates/secrets.yaml
index 246928825e..246928825e 100644
--- a/kubernetes/vfc/components/vfc-vnflcm/templates/secrets.yaml
+++ b/archive/vfc/components/vfc-vnflcm/templates/secrets.yaml
diff --git a/kubernetes/vfc/components/vfc-vnflcm/templates/service.yaml b/archive/vfc/components/vfc-vnflcm/templates/service.yaml
index 7970e8a9b1..7970e8a9b1 100644
--- a/kubernetes/vfc/components/vfc-vnflcm/templates/service.yaml
+++ b/archive/vfc/components/vfc-vnflcm/templates/service.yaml
diff --git a/kubernetes/vfc/components/vfc-vnflcm/values.yaml b/archive/vfc/components/vfc-vnflcm/values.yaml
index bc22a32206..bc22a32206 100644
--- a/kubernetes/vfc/components/vfc-vnflcm/values.yaml
+++ b/archive/vfc/components/vfc-vnflcm/values.yaml
diff --git a/kubernetes/vfc/components/vfc-vnfmgr/.helmignore b/archive/vfc/components/vfc-vnfmgr/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/vfc/components/vfc-vnfmgr/.helmignore
+++ b/archive/vfc/components/vfc-vnfmgr/.helmignore
diff --git a/kubernetes/vfc/components/vfc-vnfmgr/Chart.yaml b/archive/vfc/components/vfc-vnfmgr/Chart.yaml
index d5ec0cfc80..d5ec0cfc80 100644
--- a/kubernetes/vfc/components/vfc-vnfmgr/Chart.yaml
+++ b/archive/vfc/components/vfc-vnfmgr/Chart.yaml
diff --git a/kubernetes/vfc/components/vfc-vnfmgr/resources/config/logging/log.yml b/archive/vfc/components/vfc-vnfmgr/resources/config/logging/log.yml
index 9dbf475beb..9dbf475beb 100644
--- a/kubernetes/vfc/components/vfc-vnfmgr/resources/config/logging/log.yml
+++ b/archive/vfc/components/vfc-vnfmgr/resources/config/logging/log.yml
diff --git a/kubernetes/vfc/components/vfc-vnfmgr/templates/configmap.yaml b/archive/vfc/components/vfc-vnfmgr/templates/configmap.yaml
index 83f658f751..83f658f751 100644
--- a/kubernetes/vfc/components/vfc-vnfmgr/templates/configmap.yaml
+++ b/archive/vfc/components/vfc-vnfmgr/templates/configmap.yaml
diff --git a/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml b/archive/vfc/components/vfc-vnfmgr/templates/deployment.yaml
index 8dd9f57921..8dd9f57921 100644
--- a/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml
+++ b/archive/vfc/components/vfc-vnfmgr/templates/deployment.yaml
diff --git a/kubernetes/vfc/components/vfc-vnfmgr/templates/secrets.yaml b/archive/vfc/components/vfc-vnfmgr/templates/secrets.yaml
index 246928825e..246928825e 100644
--- a/kubernetes/vfc/components/vfc-vnfmgr/templates/secrets.yaml
+++ b/archive/vfc/components/vfc-vnfmgr/templates/secrets.yaml
diff --git a/kubernetes/vfc/components/vfc-vnfmgr/templates/service.yaml b/archive/vfc/components/vfc-vnfmgr/templates/service.yaml
index 9daf4e0e26..9daf4e0e26 100644
--- a/kubernetes/vfc/components/vfc-vnfmgr/templates/service.yaml
+++ b/archive/vfc/components/vfc-vnfmgr/templates/service.yaml
diff --git a/kubernetes/vfc/components/vfc-vnfmgr/values.yaml b/archive/vfc/components/vfc-vnfmgr/values.yaml
index 31b5a66fd0..31b5a66fd0 100644
--- a/kubernetes/vfc/components/vfc-vnfmgr/values.yaml
+++ b/archive/vfc/components/vfc-vnfmgr/values.yaml
diff --git a/kubernetes/vfc/components/vfc-vnfres/.helmignore b/archive/vfc/components/vfc-vnfres/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/vfc/components/vfc-vnfres/.helmignore
+++ b/archive/vfc/components/vfc-vnfres/.helmignore
diff --git a/kubernetes/vfc/components/vfc-vnfres/Chart.yaml b/archive/vfc/components/vfc-vnfres/Chart.yaml
index be05a88d7a..be05a88d7a 100644
--- a/kubernetes/vfc/components/vfc-vnfres/Chart.yaml
+++ b/archive/vfc/components/vfc-vnfres/Chart.yaml
diff --git a/kubernetes/vfc/components/vfc-vnfres/resources/config/logging/log.yml b/archive/vfc/components/vfc-vnfres/resources/config/logging/log.yml
index 7644af1e1b..7644af1e1b 100644
--- a/kubernetes/vfc/components/vfc-vnfres/resources/config/logging/log.yml
+++ b/archive/vfc/components/vfc-vnfres/resources/config/logging/log.yml
diff --git a/kubernetes/vfc/components/vfc-vnfres/templates/configmap.yaml b/archive/vfc/components/vfc-vnfres/templates/configmap.yaml
index 83f658f751..83f658f751 100644
--- a/kubernetes/vfc/components/vfc-vnfres/templates/configmap.yaml
+++ b/archive/vfc/components/vfc-vnfres/templates/configmap.yaml
diff --git a/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml b/archive/vfc/components/vfc-vnfres/templates/deployment.yaml
index f4138d256f..f4138d256f 100644
--- a/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml
+++ b/archive/vfc/components/vfc-vnfres/templates/deployment.yaml
diff --git a/kubernetes/vfc/components/vfc-vnfres/templates/secrets.yaml b/archive/vfc/components/vfc-vnfres/templates/secrets.yaml
index 246928825e..246928825e 100644
--- a/kubernetes/vfc/components/vfc-vnfres/templates/secrets.yaml
+++ b/archive/vfc/components/vfc-vnfres/templates/secrets.yaml
diff --git a/kubernetes/vfc/components/vfc-vnfres/templates/service.yaml b/archive/vfc/components/vfc-vnfres/templates/service.yaml
index 4f583f2181..4f583f2181 100644
--- a/kubernetes/vfc/components/vfc-vnfres/templates/service.yaml
+++ b/archive/vfc/components/vfc-vnfres/templates/service.yaml
diff --git a/kubernetes/vfc/components/vfc-vnfres/values.yaml b/archive/vfc/components/vfc-vnfres/values.yaml
index 2c54249de4..2c54249de4 100644
--- a/kubernetes/vfc/components/vfc-vnfres/values.yaml
+++ b/archive/vfc/components/vfc-vnfres/values.yaml
diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/.helmignore b/archive/vfc/components/vfc-zte-vnfm-driver/.helmignore
index f0c1319444..f0c1319444 100644
--- a/kubernetes/vfc/components/vfc-zte-vnfm-driver/.helmignore
+++ b/archive/vfc/components/vfc-zte-vnfm-driver/.helmignore
diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/Chart.yaml b/archive/vfc/components/vfc-zte-vnfm-driver/Chart.yaml
index 2511b5e587..2511b5e587 100644
--- a/kubernetes/vfc/components/vfc-zte-vnfm-driver/Chart.yaml
+++ b/archive/vfc/components/vfc-zte-vnfm-driver/Chart.yaml
diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/resources/config/logging/log.yml b/archive/vfc/components/vfc-zte-vnfm-driver/resources/config/logging/log.yml
index 6c00048ff7..6c00048ff7 100644
--- a/kubernetes/vfc/components/vfc-zte-vnfm-driver/resources/config/logging/log.yml
+++ b/archive/vfc/components/vfc-zte-vnfm-driver/resources/config/logging/log.yml
diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/configmap.yaml b/archive/vfc/components/vfc-zte-vnfm-driver/templates/configmap.yaml
index 83f658f751..83f658f751 100644
--- a/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/configmap.yaml
+++ b/archive/vfc/components/vfc-zte-vnfm-driver/templates/configmap.yaml
diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/deployment.yaml b/archive/vfc/components/vfc-zte-vnfm-driver/templates/deployment.yaml
index c58957c2a2..c58957c2a2 100644
--- a/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/deployment.yaml
+++ b/archive/vfc/components/vfc-zte-vnfm-driver/templates/deployment.yaml
diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/service.yaml b/archive/vfc/components/vfc-zte-vnfm-driver/templates/service.yaml
index 8a80a87062..8a80a87062 100644
--- a/kubernetes/vfc/components/vfc-zte-vnfm-driver/templates/service.yaml
+++ b/archive/vfc/components/vfc-zte-vnfm-driver/templates/service.yaml
diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml b/archive/vfc/components/vfc-zte-vnfm-driver/values.yaml
index 3588ba548e..3588ba548e 100644
--- a/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml
+++ b/archive/vfc/components/vfc-zte-vnfm-driver/values.yaml
diff --git a/kubernetes/vfc/resources/config/log/filebeat/filebeat.yml b/archive/vfc/resources/config/log/filebeat/filebeat.yml
index 0bc14ea908..0bc14ea908 100644
--- a/kubernetes/vfc/resources/config/log/filebeat/filebeat.yml
+++ b/archive/vfc/resources/config/log/filebeat/filebeat.yml
diff --git a/kubernetes/vfc/templates/configmap.yaml b/archive/vfc/templates/configmap.yaml
index e890b8d957..e890b8d957 100644
--- a/kubernetes/vfc/templates/configmap.yaml
+++ b/archive/vfc/templates/configmap.yaml
diff --git a/kubernetes/vfc/templates/secrets.yaml b/archive/vfc/templates/secrets.yaml
index 246928825e..246928825e 100644
--- a/kubernetes/vfc/templates/secrets.yaml
+++ b/archive/vfc/templates/secrets.yaml
diff --git a/kubernetes/vfc/values.yaml b/archive/vfc/values.yaml
index 05b7eb1fa3..05b7eb1fa3 100644
--- a/kubernetes/vfc/values.yaml
+++ b/archive/vfc/values.yaml
diff --git a/kubernetes/vnfsdk/Chart.yaml b/archive/vnfsdk/Chart.yaml
index bf0dbe6640..bf0dbe6640 100644
--- a/kubernetes/vnfsdk/Chart.yaml
+++ b/archive/vnfsdk/Chart.yaml
diff --git a/kubernetes/vnfsdk/resources/config/configuration.xml b/archive/vnfsdk/resources/config/configuration.xml
index 09b6551c00..09b6551c00 100644
--- a/kubernetes/vnfsdk/resources/config/configuration.xml
+++ b/archive/vnfsdk/resources/config/configuration.xml
diff --git a/kubernetes/vnfsdk/resources/config/marketplace_tables_postgres.sql b/archive/vnfsdk/resources/config/marketplace_tables_postgres.sql
index c05d7f2d00..c05d7f2d00 100644
--- a/kubernetes/vnfsdk/resources/config/marketplace_tables_postgres.sql
+++ b/archive/vnfsdk/resources/config/marketplace_tables_postgres.sql
diff --git a/kubernetes/vnfsdk/resources/nginx/nginx.conf b/archive/vnfsdk/resources/nginx/nginx.conf
index 9d7aa78b36..9d7aa78b36 100644
--- a/kubernetes/vnfsdk/resources/nginx/nginx.conf
+++ b/archive/vnfsdk/resources/nginx/nginx.conf
diff --git a/kubernetes/vnfsdk/templates/NOTES.txt b/archive/vnfsdk/templates/NOTES.txt
index cf415bd51c..cf415bd51c 100644
--- a/kubernetes/vnfsdk/templates/NOTES.txt
+++ b/archive/vnfsdk/templates/NOTES.txt
diff --git a/kubernetes/vnfsdk/templates/configmap.yaml b/archive/vnfsdk/templates/configmap.yaml
index d06379331f..d06379331f 100644
--- a/kubernetes/vnfsdk/templates/configmap.yaml
+++ b/archive/vnfsdk/templates/configmap.yaml
diff --git a/kubernetes/vnfsdk/templates/deployment.yaml b/archive/vnfsdk/templates/deployment.yaml
index bf9ad3e031..bf9ad3e031 100644
--- a/kubernetes/vnfsdk/templates/deployment.yaml
+++ b/archive/vnfsdk/templates/deployment.yaml
diff --git a/kubernetes/vnfsdk/templates/ingress.yaml b/archive/vnfsdk/templates/ingress.yaml
index 1f6ec7ab0e..1f6ec7ab0e 100644
--- a/kubernetes/vnfsdk/templates/ingress.yaml
+++ b/archive/vnfsdk/templates/ingress.yaml
diff --git a/kubernetes/vnfsdk/templates/job.yaml b/archive/vnfsdk/templates/job.yaml
index a6966a7708..a6966a7708 100644
--- a/kubernetes/vnfsdk/templates/job.yaml
+++ b/archive/vnfsdk/templates/job.yaml
diff --git a/kubernetes/vnfsdk/templates/secrets.yaml b/archive/vnfsdk/templates/secrets.yaml
index b143034d8f..b143034d8f 100644
--- a/kubernetes/vnfsdk/templates/secrets.yaml
+++ b/archive/vnfsdk/templates/secrets.yaml
diff --git a/kubernetes/vnfsdk/templates/service.yaml b/archive/vnfsdk/templates/service.yaml
index 6127b2b373..6127b2b373 100644
--- a/kubernetes/vnfsdk/templates/service.yaml
+++ b/archive/vnfsdk/templates/service.yaml
diff --git a/kubernetes/vnfsdk/values.yaml b/archive/vnfsdk/values.yaml
index 723dfc3b4f..723dfc3b4f 100644
--- a/kubernetes/vnfsdk/values.yaml
+++ b/archive/vnfsdk/values.yaml
diff --git a/docs/_static/logo_onap_2024.png b/docs/_static/logo_onap_2024.png
new file mode 100644
index 0000000000..55d307fc34
--- /dev/null
+++ b/docs/_static/logo_onap_2024.png
Binary files differ
diff --git a/docs/conf.py b/docs/conf.py
index 16ad9a9fc8..3a63e0fab3 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -11,7 +11,7 @@ html_theme = "sphinx_rtd_theme"
html_theme_options = {
"style_nav_header_background": "white",
"sticky_navigation": "False" }
-html_logo = "_static/logo_onap_2017.png"
+html_logo = "_static/logo_onap_2024.png"
html_favicon = "_static/favicon.ico"
html_static_path = ["_static"]
html_show_sphinx = False
diff --git a/docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst b/docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst
index f25f4e716c..db8d37ddff 100644
--- a/docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst
+++ b/docs/sections/guides/infra_guides/oom_infra_base_config_setup.rst
@@ -65,14 +65,14 @@ Validate the installation::
::
NAME STATUS ROLES AGE VERSION
- onap-control-1 Ready controlplane,etcd 3h53m v1.27.5
- onap-control-2 Ready controlplane,etcd 3h53m v1.27.5
- onap-k8s-1 Ready worker 3h53m v1.27.5
- onap-k8s-2 Ready worker 3h53m v1.27.5
- onap-k8s-3 Ready worker 3h53m v1.27.5
- onap-k8s-4 Ready worker 3h53m v1.27.5
- onap-k8s-5 Ready worker 3h53m v1.27.5
- onap-k8s-6 Ready worker 3h53m v1.27.5
+ onap-control-1 Ready controlplane,etcd 3h53m v1.28.6
+ onap-control-2 Ready controlplane,etcd 3h53m v1.28.6
+ onap-k8s-1 Ready worker 3h53m v1.28.6
+ onap-k8s-2 Ready worker 3h53m v1.28.6
+ onap-k8s-3 Ready worker 3h53m v1.28.6
+ onap-k8s-4 Ready worker 3h53m v1.28.6
+ onap-k8s-5 Ready worker 3h53m v1.28.6
+ onap-k8s-6 Ready worker 3h53m v1.28.6
Install & configure helm
@@ -249,8 +249,16 @@ Install Istio Basic Platform
- Create an override for istiod (e.g. istiod.yaml) to add the oauth2-proxy as external
authentication provider and apply some specific config settings
+ Be aware, that from Istio version 1.21.0 the format of the values.yaml changes.
+ Additionally a new feature (Native Sidecars) can be enabled, if it is enabled in
+ Kubernetes (version > 1.28)
- .. collapse:: istiod.yaml
+ .. collapse:: istiod.yaml (version => 1.21)
+
+ .. include:: ../../resources/yaml/istiod-1_21.yaml
+ :code: yaml
+
+ .. collapse:: istiod.yaml (version < 1.21)
.. include:: ../../resources/yaml/istiod.yaml
:code: yaml
diff --git a/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst b/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst
index 4b2a7528cb..5020e22563 100644
--- a/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst
+++ b/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst
@@ -48,9 +48,9 @@ The versions of software that are supported and tested by OOM are as follows:
============== =========== ======= ======== ======== ============= ========
Release Kubernetes Helm kubectl Docker Cert-Manager Strimzi
============== =========== ======= ======== ======== ============= ========
- London 1.23.8 3.8.2 1.23.x 20.10.x 1.12.2 0.35.0
Montreal 1.27.5 3.12.3 1.27.x 20.10.x 1.13.2 0.36.1
- New Delhi 1.27.5 3.12.3 1.27.x 20.10.x 1.13.2 0.40.0
+ New Delhi 1.28.6 3.13.1 1.28.x 20.10.x 1.14.4 0.41.0
+ Oslo 1.28.6 3.13.1 1.28.x 20.10.x 1.14.4 0.43.0
============== =========== ======= ======== ======== ============= ========
.. table:: OOM Software Requirements (production)
@@ -58,9 +58,9 @@ The versions of software that are supported and tested by OOM are as follows:
============== ====== ============ ==============
Release Istio Gateway-API Keycloak
============== ====== ============ ==============
- London 1.17.2 v0.6.2 19.0.3-legacy
Montreal 1.19.3 v1.0.0 19.0.3-legacy
- New Delhi 1.19.3 v1.0.0 22.0.4
+ New Delhi 1.21.0 v1.0.0 22.0.4
+ Oslo 1.23.0 v1.0.0 22.0.4
============== ====== ============ ==============
.. table:: OOM Software Requirements (optional)
@@ -68,7 +68,7 @@ The versions of software that are supported and tested by OOM are as follows:
============== ================= ========== =================
Release Prometheus Stack K8ssandra MariaDB-Operator
============== ================= ========== =================
- London 45.x 1.6.1
Montreal 45.x 1.10.2 0.23.1
- New Delhi 45.x 1.11.0 0.24.0
+ New Delhi 45.x 1.16.0 0.28.1
+ Oslo 45.x 1.19.0 0.30.0
============== ================= ========== =================
diff --git a/docs/sections/release_notes/release-notes-montreal.rst b/docs/sections/release_notes/release-notes-montreal.rst
new file mode 100644
index 0000000000..aa0b84ac07
--- /dev/null
+++ b/docs/sections/release_notes/release-notes-montreal.rst
@@ -0,0 +1,131 @@
+.. This work is licensed under a Creative Commons Attribution 4.0
+ International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. (c) ONAP Project and its contributors
+.. _release_notes_montreal:
+
+:orphan:
+
+*************************************
+ONAP Operations Manager Release Notes
+*************************************
+
+Previous Release Notes
+======================
+
+- :ref:`London <release_notes_london>`
+- :ref:`Kohn <release_notes_kohn>`
+- :ref:`Jakarta <release_notes_jakarta>`
+- :ref:`Istanbul <release_notes_istanbul>`
+- :ref:`Honolulu <release_notes_honolulu>`
+- :ref:`Guilin <release_notes_guilin>`
+- :ref:`Frankfurt <release_notes_frankfurt>`
+- :ref:`El Alto <release_notes_elalto>`
+- :ref:`Dublin <release_notes_dublin>`
+- :ref:`Casablanca <release_notes_casablanca>`
+- :ref:`Beijing <release_notes_beijing>`
+- :ref:`Amsterdam <release_notes_amsterdam>`
+
+Abstract
+========
+
+This document provides the release notes for the Montreal release.
+
+Summary
+=======
+
+
+
+Release Data
+============
+
++--------------------------------------+--------------------------------------+
+| **Project** | OOM |
+| | |
++--------------------------------------+--------------------------------------+
+| **Docker images** | N/A |
+| | |
++--------------------------------------+--------------------------------------+
+| **Release designation** | Montreal |
+| | |
++--------------------------------------+--------------------------------------+
+| **Release date** | 2023/12/14 |
+| | |
++--------------------------------------+--------------------------------------+
+
+New features
+------------
+
+* Introduction of "Production" ONAP setup, including:
+
+ * Besides the Istio Ingress APIs now the support for `Gateway-API`_
+ is added to the templates, which includes:
+
+ * TCP Routes
+ * UDP Routes
+
+* Update of Helmcharts to use common templates and practices
+* Default support for Cassandra 4.x using k8ssandra-operator
+* Default support for MariaDB 11.x using mariadb-operator
+
+**Bug fixes**
+
+A list of issues resolved in this release can be found here:
+https://jira.onap.org/projects/OOM/versions/11501
+
+**Known Issues**
+
+* Components not working under ServiceMesh
+
+ * SO Monitor UI
+ * Policy UI
+
+Deliverables
+------------
+
+Software Deliverables
+~~~~~~~~~~~~~~~~~~~~~
+
+OOM provides `Helm charts <https://nexus3.onap.org/service/rest/repository/browse/onap-helm-release/>`_
+
+Documentation Deliverables
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- :ref:`Project Description <oom_project_description>` - a guide for developers of OOM
+- :ref:`oom_dev_guide` - a guide for developers of OOM
+- :ref:`oom_infra_guide` - a guide for those setting up the environments that OOM will use
+- :ref:`oom_deploy_guide` - a guide for those deploying OOM on an existing cloud
+- :ref:`oom_user_guide` - a guide for operators of an OOM instance
+- :ref:`oom_access_info_guide` - a guide for operators who require access to OOM applications
+
+Known Limitations, Issues and Workarounds
+=========================================
+
+Known Vulnerabilities
+---------------------
+
+
+Workarounds
+-----------
+
+Security Notes
+--------------
+
+**Fixed Security Issues**
+
+References
+==========
+
+For more information on the ONAP Istanbul release, please see:
+
+#. `ONAP Home Page`_
+#. `ONAP Documentation`_
+#. `ONAP Release Downloads`_
+#. `ONAP Wiki Page`_
+
+
+.. _`ONAP Home Page`: https://www.onap.org
+.. _`ONAP Wiki Page`: https://wiki.onap.org
+.. _`ONAP Documentation`: https://docs.onap.org
+.. _`ONAP Release Downloads`: https://git.onap.org
+.. _`Gateway-API`: https://istio.io/latest/docs/tasks/traffic-management/ingress/gateway-api/
diff --git a/docs/sections/release_notes/release-notes.rst b/docs/sections/release_notes/release-notes.rst
index 0df9483e95..879f16fb4c 100644
--- a/docs/sections/release_notes/release-notes.rst
+++ b/docs/sections/release_notes/release-notes.rst
@@ -11,6 +11,7 @@ ONAP Operations Manager Release Notes
Previous Release Notes
======================
+- :ref:`Montreal <release_notes_montreal>`
- :ref:`London <release_notes_london>`
- :ref:`Kohn <release_notes_kohn>`
- :ref:`Jakarta <release_notes_jakarta>`
@@ -27,7 +28,7 @@ Previous Release Notes
Abstract
========
-This document provides the release notes for the Montreal release.
+This document provides the release notes for the New Delhi release.
Summary
=======
@@ -44,39 +45,41 @@ Release Data
| **Docker images** | N/A |
| | |
+--------------------------------------+--------------------------------------+
-| **Release designation** | Montreal |
+| **Release designation** | New Delhi |
| | |
+--------------------------------------+--------------------------------------+
-| **Release date** | 2023/12/xx |
+| **Release date** | 2024/06/13 |
| | |
+--------------------------------------+--------------------------------------+
New features
------------
-* Introduction of "Production" ONAP setup, including:
+* authentication (14.0.0) - add configurable Keycloak Realm and enable Ingress
+ Interface Authentication and Authorization
+* Update the helm common templates (13.2.0) to:
- * Besides the Istio Ingress APIs now the support for `Gateway-API`_
- is added to the templates, which includes:
+ * Support the latest Database Operators:
- * TCP Routes
- * UDP Routes
+ * MariaDB-Operator (0.28.1)
+ * K8ssandra-Operator (v0.16.0)
+ * Postgres-Operator (CrunchyData) (5.5.0)
-* Update of Helmcharts to use common templates and practices
-* Default support for Cassandra 4.x using k8ssandra-operator
-* Default support for MariaDB 11.x using mariadb-operator
+* cassandra (13.1.0) - support for new K8ssandra-Operator
+* mariadb-galera (13.1.0) - support for new MariaDB-Operator
+* mongodb (14.12.3) - update to latest bitnami chart version
+* postgres (13.1.0) - support for new Postgres-Operator
+* postgres-init (13.0.1) - support for new Postgres-Operator
+* readinessCheck (13.1.0) - added check for "Service" readiness
+* serviceAccount (13.0.1) - add default role creation
**Bug fixes**
A list of issues resolved in this release can be found here:
-https://jira.onap.org/projects/OOM/versions/11501
+https://jira.onap.org/projects/OOM/versions/11502
**Known Issues**
-* Components not working under ServiceMesh
-
- * SO Monitor UI
- * Policy UI
Deliverables
------------
diff --git a/docs/sections/resources/yaml/istiod-1_21.yaml b/docs/sections/resources/yaml/istiod-1_21.yaml
new file mode 100644
index 0000000000..d85ec1137f
--- /dev/null
+++ b/docs/sections/resources/yaml/istiod-1_21.yaml
@@ -0,0 +1,21 @@
+defaults:
+ #global:
+ #logging:
+ # level: "default:debug"
+ meshConfig:
+ rootNamespace: istio-config
+ # Controls if sidecar is injected at the front of the container list and blocks the start of the other containers until the proxy is ready
+ holdApplicationUntilProxyStarts: true
+ extensionProviders:
+ - name: oauth2-proxy
+ envoyExtAuthzHttp:
+ service: oauth2-proxy.default.svc.cluster.local
+ port: 80
+ timeout: 1.5s
+ includeHeadersInCheck: ["authorization", "cookie"]
+ headersToUpstreamOnAllow: ["x-forwarded-access-token", "authorization", "path", "x-auth-request-user", "x-auth-request-email", "x-auth-request-access-token"]
+ headersToDownstreamOnDeny: ["content-type", "set-cookie"]
+ pilot:
+ env:
+ PILOT_HTTP10: true
+ ENABLE_NATIVE_SIDECARS: true \ No newline at end of file
diff --git a/docs/sections/resources/yaml/keycloak-server-values.yaml b/docs/sections/resources/yaml/keycloak-server-values.yaml
index 0160ce86e8..516a26a76b 100644
--- a/docs/sections/resources/yaml/keycloak-server-values.yaml
+++ b/docs/sections/resources/yaml/keycloak-server-values.yaml
@@ -46,3 +46,7 @@ secrets:
stringData:
user: admin
password: secret
+
+http:
+ # For backwards compatibility reasons we set this to the value used by previous Keycloak versions.
+ relativePath: "/" # "/auth"
diff --git a/kubernetes/aai/Chart.yaml b/kubernetes/aai/Chart.yaml
index 7f00c2f002..b06609a0c4 100644
--- a/kubernetes/aai/Chart.yaml
+++ b/kubernetes/aai/Chart.yaml
@@ -18,7 +18,7 @@
apiVersion: v2
description: ONAP Active and Available Inventory
name: aai
-version: 13.0.1
+version: 14.0.3
dependencies:
- name: common
@@ -35,31 +35,31 @@ dependencies:
version: ~13.x-0
repository: '@local'
- name: aai-babel
- version: ~13.x-0
+ version: ~14.x-0
repository: 'file://components/aai-babel'
condition: aai-babel.enabled
- name: aai-graphadmin
- version: ~13.x-0
+ version: ~14.x-1
repository: 'file://components/aai-graphadmin'
condition: aai-graphadmin.enabled
- name: aai-modelloader
- version: ~13.x-0
+ version: ~14.x-0
repository: 'file://components/aai-modelloader'
condition: aai-modelloader.enabled
- name: aai-resources
- version: ~13.x-0
+ version: ~14.x-1
repository: 'file://components/aai-resources'
condition: aai-resources.enabled
- name: aai-schema-service
- version: ~13.x-0
+ version: ~14.x-0
repository: 'file://components/aai-schema-service'
condition: aai-schema-service.enabled
- name: aai-sparky-be
- version: ~13.x-0
+ version: ~14.x-0
repository: 'file://components/aai-sparky-be'
condition: aai-sparky-be.enabled
- name: aai-traversal
- version: ~13.x-0
+ version: ~14.x-1
repository: 'file://components/aai-traversal'
condition: aai-traversal.enabled
- name: serviceAccount
diff --git a/kubernetes/aai/components/aai-babel/Chart.yaml b/kubernetes/aai/components/aai-babel/Chart.yaml
index 447b59f573..50a7c24ee0 100644
--- a/kubernetes/aai/components/aai-babel/Chart.yaml
+++ b/kubernetes/aai/components/aai-babel/Chart.yaml
@@ -18,7 +18,7 @@
apiVersion: v2
description: Babel microservice
name: aai-babel
-version: 13.0.0
+version: 14.0.2
dependencies:
- name: common
diff --git a/kubernetes/aai/components/aai-babel/resources/config/application.properties b/kubernetes/aai/components/aai-babel/resources/config/application.properties
index 96f1a3eb89..56560d5cb2 100644
--- a/kubernetes/aai/components/aai-babel/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-babel/resources/config/application.properties
@@ -1,7 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Copyright © 2021 Orange
-# Modifications Copyright © 2023 Nordix Foundation
+# Modifications Copyright � 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -23,3 +23,5 @@ spring.main.allow-bean-definition-overriding=true
server.servlet.context-path=/services/babel-service
logging.config=${CONFIG_HOME}/logback.xml
tosca.mappings.config=${CONFIG_HOME}/tosca-mappings.json
+
+management.endpoints.web.exposure.include=*
diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
index 24d34e861c..f3fc04c00c 100644
--- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
@@ -22,7 +22,12 @@ kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector: {{- include "common.selectors" . | nindent 4 }}
+ {{- if .Values.debug.enabled }}
+ replicas: 1
+ {{- else }}
replicas: {{ .Values.replicaCount }}
+ {{- end }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
strategy:
type: {{ .Values.updateStrategy.type }}
{{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
@@ -37,10 +42,19 @@ spec:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports: {{ include "common.containerPorts" . | nindent 12 }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
+ ports:
+ {{- if .Values.debug.enabled }}
+ - containerPort: {{ .Values.debug.port }}
+ name: {{ .Values.debug.portName }}
+ {{- end }}
+ {{- if .Values.profiling.enabled }}
+ - containerPort: {{ .Values.profiling.port }}
+ name: {{ .Values.profiling.portName }}
+ {{- end }}
+ {{ include "common.containerPorts" . | nindent 12 }}
+ # disable liveness probe when
+ # debugging.enabled=true or profiling.enabled=true
+ {{- if and .Values.liveness.enabled (not (or .Values.debug.enabled .Values.profiling.enabled)) }}
livenessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
@@ -57,6 +71,14 @@ spec:
value: NotUsed
- name: CONFIG_HOME
value: /opt/app/babel/config
+ {{- if .Values.profiling.enabled }}
+ - name: JVM_OPTS
+ value: '{{ join " " .Values.profiling.args }}'
+ {{- end }}
+ {{- if .Values.debug.enabled }}
+ - name: JVM_OPTS
+ value: {{ .Values.debug.args | quote }}
+ {{- end }}
volumeMounts:
- mountPath: /opt/app/babel/config/application.properties
name: config
diff --git a/kubernetes/aai/components/aai-babel/templates/servicemonitor.yaml b/kubernetes/aai/components/aai-babel/templates/servicemonitor.yaml
new file mode 100644
index 0000000000..dc706029bf
--- /dev/null
+++ b/kubernetes/aai/components/aai-babel/templates/servicemonitor.yaml
@@ -0,0 +1,3 @@
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml
index 579289a908..54f8c5ea98 100644
--- a/kubernetes/aai/components/aai-babel/values.yaml
+++ b/kubernetes/aai/components/aai-babel/values.yaml
@@ -25,7 +25,7 @@ global: {}
#################################################################
# application image
-image: onap/babel:1.12.3
+image: onap/babel:1.13.3
flavor: small
flavorOverride: small
@@ -33,6 +33,9 @@ flavorOverride: small
# default number of instances
replicaCount: 1
+# number of ReplicaSets that should be retained for the Deployment
+revisionHistoryLimit: 2
+
updateStrategy:
type: RollingUpdate
maxUnavailable: 0
@@ -95,6 +98,41 @@ resources:
memory: "2Gi"
unlimited: {}
+tracing:
+ collector:
+ baseUrl: http://jaeger-collector.istio-system:9411
+ sampling:
+ probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%)
+
+# adds jvm args for remote debugging the application
+debug:
+ enabled: false
+ args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
+ port: 5005
+ portName: debug
+
+# adds jvm args for remote profiling the application
+profiling:
+ enabled: false
+ args:
+ - "-Dcom.sun.management.jmxremote"
+ - "-Dcom.sun.management.jmxremote.ssl=false"
+ - "-Dcom.sun.management.jmxremote.authenticate=false"
+ - "-Dcom.sun.management.jmxremote.local.only=false"
+ - "-Dcom.sun.management.jmxremote.port=9999"
+ - "-Dcom.sun.management.jmxremote.rmi.port=9999"
+ - "-Djava.rmi.server.hostname=127.0.0.1"
+ port: 9999
+ portName: jmx
+
+metrics:
+ serviceMonitor:
+ enabled: true
+ targetPort: 9516
+ path: /services/babel-service/actuator/prometheus
+ basicAuth:
+ enabled: false
+
#Pods Service Account
serviceAccount:
nameOverride: aai-babel
diff --git a/kubernetes/aai/components/aai-graphadmin/Chart.yaml b/kubernetes/aai/components/aai-graphadmin/Chart.yaml
index 69abea193f..7c86fed9dd 100644
--- a/kubernetes/aai/components/aai-graphadmin/Chart.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/Chart.yaml
@@ -22,7 +22,7 @@
apiVersion: v2
description: ONAP AAI GraphAdmin
name: aai-graphadmin
-version: 13.0.0
+version: 14.0.2
dependencies:
- name: common
@@ -34,3 +34,6 @@ dependencies:
- name: serviceAccount
version: ~13.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local'
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
index 83689da093..d124f63141 100644
--- a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties
@@ -55,7 +55,6 @@ server.ssl.enabled=false
# JMS bind address host port
jms.bind.address=tcp://localhost:61649
-
# dmaap is deprecated now kafka is used
spring.kafka.producer.bootstrap-servers=${BOOTSTRAP_SERVERS}
spring.kafka.producer.properties.security.protocol=SASL_PLAINTEXT
@@ -110,8 +109,7 @@ aperture.service.base.url=http://localhost:8457/aai/aperture
aperture.service.timeout-in-milliseconds=300000
#To Expose the Prometheus scraping endpoint
-management.server.port=8448
+management.server.port={{ .Values.service.actuatorPort }}
management.endpoints.enabled-by-default=true
management.endpoints.web.exposure.include=info,health,prometheus
-endpoints.enabled=false
-management.security.enabled=false \ No newline at end of file
+management.security.enabled=false
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-cached.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-cached.properties
deleted file mode 100644
index 5962ebd6fc..0000000000
--- a/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-cached.properties
+++ /dev/null
@@ -1,99 +0,0 @@
-{{/*
-#
-# ============LICENSE_START=======================================================
-# org.onap.aai
-# ================================================================================
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-query.fast-property=true
-query.smart-limit=false
-
-{{ if .Values.global.config.cluster.cassandra.dynamic }}
-
-storage.backend=cql
-storage.hostname={{.Values.global.cassandra.serviceName}}
-storage.cql.keyspace=aaigraph
-storage.username={{.Values.global.cassandra.username}}
-storage.password={{.Values.global.cassandra.password}}
-
-storage.cql.read-consistency-level=LOCAL_QUORUM
-storage.cql.write-consistency-level=LOCAL_QUORUM
-storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
-storage.cql.only-use-local-consistency-for-system-operations=true
-
-{{ else }}
-
-{{ if .Values.global.config.storage }}
-
-storage.backend={{ .Values.global.config.storage.backend }}
-
-{{ if eq .Values.global.config.storage.backend "cassandra" }}
-
-storage.hostname={{ .Values.global.config.storage.hostname }}
-storage.cassandra.keyspace={{ .Values.global.config.storage.name }}
-
-storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }}
-storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }}
-storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }}
-storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }}
-storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }}
-
-storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
-cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
-log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
-
-{{ else if eq .Values.global.config.storage.backend "cql" }}
-
-storage.hostname={{ .Values.global.config.storage.hostname }}
-storage.cql.keyspace={{ .Values.global.config.storage.name }}
-
-storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
-storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
-storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }}
-
-storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }}
-storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }}
-storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }}
-
-storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
-cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
-log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
-
-{{ else if eq .Values.global.config.storage.backend "hbase" }}
-
-storage.hostname={{ .Values.global.config.storage.hostname }}
-storage.hbase.table={{ .Values.global.config.storage.name }}
-
-storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
-cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
-log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
-
-{{ end }}
-
-{{ end }}
-
-{{ end }}
-
-storage.lock.wait-time=300
-#caching on
-cache.db-cache = true
-cache.db-cache-clean-wait = 20
-cache.db-cache-time = 180000
-cache.db-cache-size = 0.3
-
-#load graphson file on startup
-load.snapshot.file=false
diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-realtime.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-realtime.properties
index 61550e7a57..d1797a407e 100644
--- a/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-realtime.properties
+++ b/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-realtime.properties
@@ -20,44 +20,39 @@
query.fast-property=true
query.smart-limit=false
-{{ if .Values.global.config.cluster.cassandra.dynamic }}
+{{- if .Values.global.config.cluster.cassandra.dynamic }}
storage.backend=cql
storage.hostname={{.Values.global.cassandra.serviceName}}
-storage.cql.keyspace=aaigraph
storage.username={{.Values.global.cassandra.username}}
storage.password={{.Values.global.cassandra.password}}
+storage.cql.keyspace=aaigraph
+storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }}
storage.cql.read-consistency-level=LOCAL_QUORUM
storage.cql.write-consistency-level=LOCAL_QUORUM
storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
storage.cql.only-use-local-consistency-for-system-operations=true
-{{ else }}
+{{- if .Values.global.cassandra.partitionerName }}
+storage.cql.partitioner-name={{ .Values.global.cassandra.partitionerName }}
+{{- end }}
-{{ if .Values.global.config.storage }}
+{{- if .Values.config.janusgraph.cassandraDriver }}
+storage.cql.internal.string-configuration = datastax-java-driver { {{ .Values.config.janusgraph.cassandraDriver.configuration }} }
+{{- end }}
-storage.backend={{ .Values.global.config.storage.backend }}
+{{- else -}}
-{{ if eq .Values.global.config.storage.backend "cassandra" }}
+{{- if .Values.global.config.storage }}
-storage.hostname={{ .Values.global.config.storage.hostname }}
-storage.cassandra.keyspace={{ .Values.global.config.storage.name }}
-
-storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }}
-storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }}
-storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }}
-storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }}
-storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }}
-
-storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
-cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
-log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
+storage.backend={{ .Values.global.config.storage.backend }}
-{{ else if eq .Values.global.config.storage.backend "cql" }}
+{{- if eq .Values.global.config.storage.backend "cql" }}
storage.hostname={{ .Values.global.config.storage.hostname }}
storage.cql.keyspace={{ .Values.global.config.storage.name }}
+storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }}
storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
@@ -65,13 +60,13 @@ storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationF
storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }}
storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }}
-storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }}
+storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }}
storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
-{{ else if eq .Values.global.config.storage.backend "hbase" }}
+{{- else if eq .Values.global.config.storage.backend "hbase" }}
storage.hostname={{ .Values.global.config.storage.hostname }}
storage.hbase.table={{ .Values.global.config.storage.name }}
@@ -80,14 +75,16 @@ storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout |
cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
-{{ end }}
-
-{{ end }}
-
-{{ end }}
+{{- end }}
+{{- end }}
+{{- end }}
storage.lock.wait-time=300
# Setting db-cache to false ensure the fastest propagation of changes across servers
-cache.db-cache = false
+cache.db-cache=false
#load graphson file on startup
load.snapshot.file=false
+
+{{- if .Values.config.janusgraph.allowUpgrade }}
+graph.allow-upgrade=true
+{{- end }}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/aai-graph-kafka-user.yml b/kubernetes/aai/components/aai-graphadmin/templates/aai-graph-kafka-user.yml
index b028df7807..4e9bf7f7ff 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/aai-graph-kafka-user.yml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/aai-graph-kafka-user.yml
@@ -28,4 +28,5 @@ spec:
- resource:
type: topic
name: AAI-EVENT
- operation: All \ No newline at end of file
+ operations:
+ - All
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml b/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml
index 8eb4a4a781..ddf752b480 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml
@@ -40,7 +40,6 @@ data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }}
---
apiVersion: v1
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
index 9a0ca764bf..6ac078b756 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
@@ -38,7 +38,12 @@ metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ {{- if .Values.config.debug.enabled }}
+ replicas: 1
+ {{- else }}
replicas: {{ .Values.replicaCount }}
+ {{- end }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
minReadySeconds: {{ .Values.minReadySeconds }}
strategy:
type: {{ .Values.updateStrategy.type }}
@@ -65,59 +70,36 @@ spec:
spec:
hostname: aai-graphadmin
terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
- {{ if .Values.global.initContainers.enabled }}
+ {{- if .Values.global.initContainers.enabled }}
initContainers:
- - command:
- {{ if .Values.global.jobs.migration.enabled }}
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-aai-graphadmin-migration
- {{ else if .Values.global.jobs.createSchema.enabled }}
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-aai-graphadmin-create-db-schema
- {{ else }}
- - /app/ready.py
- args:
- - --service-name
- - {{ .Values.global.cassandra.serviceName }}
- - --service-name
- - aai-schema-service
- {{ end }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
- {{ end }}
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForWithCreateSchemaDisabled ) | indent 6 | trim}}
+ {{- end }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
env:
- - name: LOCAL_USER_ID
- value: {{ .Values.securityContext.user_id | quote }}
- - name: LOCAL_GROUP_ID
- value: {{ .Values.securityContext.group_id | quote }}
+ {{- if .Values.config.env }}
+ {{- range $key,$value := .Values.config.env }}
+ - name: {{ $key | upper | quote}}
+ value: {{ $value | quote}}
+ {{- end }}
+ {{- end }}
+ {{- if eq .Values.flavor "small" }}
+ - name: MAX_HEAP_SIZE
+ value: {{ .Values.small.maxHeapSize | quote }}
+ {{- else if eq .Values.flavor "large" }}
+ - name: MAX_HEAP_SIZE
+ value: {{ .Values.large.maxHeapSize | quote }}
+ {{- end }}
- name: INTERNAL_PORT_1
- value: {{ .Values.service.internalPort | quote }}
+ value: {{ .Values.service.appPort | quote }}
- name: INTERNAL_PORT_2
- value: {{ .Values.service.internalPort2 | quote }}
+ value: {{ .Values.service.debugPort | quote }}
- name: INTERNAL_PORT_3
- value: {{ .Values.service.internalPort3 | quote }}
+ value: {{ .Values.service.actuatorPort | quote }}
- name: BOOTSTRAP_SERVERS
value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
- name: JAAS_CONFIG
@@ -125,18 +107,25 @@ spec:
secretKeyRef:
name: {{ include "common.release" . }}-{{ .Values.global.aaiGraphKafkaUser }}
key: sasl.jaas.config
+ {{- if .Values.config.profiling.enabled }}
+ - name: PRE_JVM_ARGS
+ value: '{{ join " " .Values.config.profiling.args }}'
+ {{- end }}
+ {{- if .Values.config.debug.enabled }}
+ - name: POST_JVM_ARGS
+ value: {{ .Values.config.debug.args | quote }}
+ {{- end }}
volumeMounts:
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
name: config
subPath: janusgraph-realtime.properties
- - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
- name: config
- subPath: janusgraph-cached.properties
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
name: properties
subPath: aaiconfig.properties
- mountPath: /opt/aai/logroot/AAI-RES
name: logs
+ - mountPath: /opt/app/aai-graphadmin/logs
+ name: script-logs
- mountPath: /opt/app/aai-graphadmin/resources/logback.xml
name: config
subPath: logback.xml
@@ -149,13 +138,21 @@ spec:
- mountPath: /opt/app/aai-graphadmin/resources/application.properties
name: properties
subPath: application.properties
+ - mountPath: /tmp
+ name: tmp-volume
ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - containerPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
- - containerPort: {{ .Values.service.internalPort3 }}
- name: {{ .Values.service.portName3 }}
+ - containerPort: {{ .Values.service.appPort }}
+ name: {{ .Values.service.appPortName }}
+ {{- if .Values.config.debug.enabled }}
+ - containerPort: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
+ {{- end }}
+ {{- if .Values.config.profiling.enabled }}
+ - containerPort: {{ .Values.service.profilingPort }}
+ name: {{ .Values.service.profilingPortName }}
+ {{- end }}
+ - containerPort: {{ .Values.service.actuatorPort }}
+ name: {{ .Values.service.actuatorPortName }}
lifecycle:
# wait for active requests (long-running tasks) to be finished
# Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
@@ -165,23 +162,36 @@ spec:
- sh
- -c
- |
- while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2)
- do sleep 10
+ while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2) do
+ echo "Still active connections. Waiting for active requests to be finished"
+ sleep 3
done
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
+ # disable liveness probe when
+ # debugging.enabled=true or profiling.enabled=true
+ {{- if and .Values.liveness.enabled (not (or .Values.config.debug.enabled .Values.config.profiling.enabled)) }}
livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
+ httpGet:
+ port: {{ .Values.service.actuatorPort }}
+ path: {{ .Values.liveness.path }}
+ {{- if .Values.liveness.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ {{- end }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
+ {{- end }}
readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
+ httpGet:
+ port: {{ .Values.service.actuatorPort }}
+ path: {{ .Values.readiness.path }}
+ {{- if .Values.readiness.initialDelaySeconds }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ {{- end }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ startupProbe:
+ httpGet:
+ port: {{ .Values.service.actuatorPort }}
+ path: {{ .Values.startup.path }}
+ failureThreshold: {{ .Values.startup.failureThreshold }}
+ periodSeconds: {{ .Values.startup.periodSeconds }}
resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
@@ -196,8 +206,12 @@ spec:
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: tmp-volume
+ emptyDir: {}
- name: logs
emptyDir: {}
+ - name: script-logs
+ emptyDir: {}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: config
configMap:
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
index c949f7dbf8..3f0c4e11e5 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
@@ -60,7 +60,7 @@ spec:
name: {{ include "common.name" . }}
spec:
initContainers:
- {{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
+ {{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
- command:
- /bin/bash
- -c
@@ -95,11 +95,6 @@ spec:
echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
bash docker-entrypoint.sh dataSnapshot.sh;
{{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
- env:
- - name: LOCAL_USER_ID
- value: {{ .Values.securityContext.user_id | quote }}
- - name: LOCAL_GROUP_ID
- value: {{ .Values.securityContext.group_id | quote }}
volumeMounts:
- mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots
name: snapshots
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
index 5046b0c06b..e67479a1d5 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
@@ -55,33 +55,13 @@ spec:
name: {{ include "common.name" . }}
spec:
initContainers:
- - command:
- - /app/ready.py
- args:
- - --service-name
- - {{ .Values.global.cassandra.serviceName }}
- - --service-name
- - aai-schema-service
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForWithCreateSchemaDisabled) | indent 6 | trim }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}-job
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
command:
- sh
args:
@@ -89,20 +69,22 @@ spec:
- |
{{- if include "common.onServiceMesh" . }}
echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
- bash docker-entrypoint.sh createDBSchema.sh;
+ sh docker-entrypoint.sh createDBSchema.sh;
{{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- - name: LOCAL_USER_ID
- value: {{ .Values.securityContext.user_id | quote }}
- - name: LOCAL_GROUP_ID
- value: {{ .Values.securityContext.group_id | quote }}
+ {{- if .Values.config.debug.enabled }}
+ - name: JVM_OPTS
+ value: {{ .Values.config.debug.args | quote }}
+ {{- end }}
+ ports:
+ {{- if .Values.config.debug.enabled }}
+ - containerPort: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
+ {{- end }}
volumeMounts:
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
name: config
subPath: janusgraph-realtime.properties
- - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
- name: config
- subPath: janusgraph-cached.properties
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
name: properties
subPath: aaiconfig.properties
@@ -128,7 +110,8 @@ spec:
volumes:
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: logs
- emptyDir: {}
+ emptyDir:
+ sizeLimit: 64Mi
- name: config
configMap:
name: {{ include "common.fullname" . }}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
index 92474032b1..4ec2306eca 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
@@ -88,21 +88,13 @@ spec:
args:
- -c
- |
- bash docker-entrypoint.sh dataRestoreFromSnapshot.sh `ls -t /opt/app/aai-graphadmin/logs/data/dataSnapshots|head -1|awk -F".P" '{ print $1 }'`
- env:
- - name: LOCAL_USER_ID
- value: {{ .Values.securityContext.user_id | quote }}
- - name: LOCAL_GROUP_ID
- value: {{ .Values.securityContext.group_id | quote }}
+ sh docker-entrypoint.sh dataRestoreFromSnapshot.sh `ls -t /opt/app/aai-graphadmin/logs/data/dataSnapshots|head -1|awk -F".P" '{ print $1 }'`
volumeMounts:
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
name: config
subPath: janusgraph-realtime.properties
- mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots
name: snapshots
- - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
- name: config
- subPath: janusgraph-cached.properties
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
name: properties
subPath: aaiconfig.properties
@@ -131,20 +123,12 @@ spec:
- |
{{- if include "common.onServiceMesh" . }}
echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
- bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges ;
+ sh docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges ;
{{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
- env:
- - name: LOCAL_USER_ID
- value: {{ .Values.securityContext.user_id | quote }}
- - name: LOCAL_GROUP_ID
- value: {{ .Values.securityContext.group_id | quote }}
volumeMounts:
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
name: config
subPath: janusgraph-realtime.properties
- - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
- name: config
- subPath: janusgraph-cached.properties
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
name: properties
subPath: aaiconfig.properties
@@ -207,7 +191,7 @@ spec:
name: {{ include "common.name" . }}
spec:
initContainers:
- {{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
+ {{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
- command:
- /bin/bash
- -c
@@ -240,13 +224,8 @@ spec:
- |
{{- if include "common.onServiceMesh" . }}
echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
- bash docker-entrypoint.sh dataSnapshot.sh
+ sh docker-entrypoint.sh dataSnapshot.sh
{{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
- env:
- - name: LOCAL_USER_ID
- value: {{ .Values.securityContext.user_id | quote }}
- - name: LOCAL_GROUP_ID
- value: {{ .Values.securityContext.group_id | quote }}
volumeMounts:
- mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots
name: snapshots
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
index e3f7569767..16924e9d5c 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
@@ -35,28 +35,28 @@ spec:
type: {{ .Values.service.type }}
ports:
{{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
+ - port: {{ .Values.service.appPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- targetPort: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.appPortName }}
+ targetPort: {{ .Values.service.appPortName }}
+ - port: {{ .Values.service.debugPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName2 }}
- targetPort: {{ .Values.service.portName2 }}
- - port: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.debugPortName }}
+ targetPort: {{ .Values.service.debugPortName }}
+ - port: {{ .Values.service.actuatorPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: {{ .Values.service.portName3 }}
- targetPort: {{ .Values.service.portName3 }}
+ name: {{ .Values.service.actuatorPortName }}
+ targetPort: {{ .Values.service.actuatorPortName }}
{{- else -}}
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- targetPort: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
- targetPort: {{ .Values.service.portName2 }}
- - port: {{ .Values.service.internalPort3 }}
- name: {{ .Values.service.portName3 }}
- targetPort: {{ .Values.service.portName }}
+ - port: {{ .Values.service.appPort }}
+ name: {{ .Values.service.appPortName }}
+ targetPort: {{ .Values.service.appPortName }}
+ - port: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
+ targetPort: {{ .Values.service.debugPortName }}
+ - port: {{ .Values.service.actuatorPort }}
+ name: {{ .Values.service.actuatorPortName }}
+ targetPort: {{ .Values.service.appPort }}
{{- end}}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml
index 89d27a82cc..dd95c8b67a 100644
--- a/kubernetes/aai/components/aai-graphadmin/values.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/values.yaml
@@ -32,6 +32,8 @@ global: # global defaults
localCluster: false
# flag to enable the DB creation via k8ssandra-operator
useOperator: true
+ #Cassandra datacenter name
+ localDataCenter: dc1
initContainers:
enabled: true
jobs:
@@ -41,26 +43,24 @@ global: # global defaults
#migration using helm hooks
migration:
enabled: false
+ duplicates:
+ enabled: false
config:
-
# Specifies that the cluster connected to a dynamic
# cluster being spinned up by kubernetes deployment
cluster:
cassandra:
dynamic: true
-
# Specifies if the basic authorization is enabled
basic:
auth:
enabled: true
username: AAI
passwd: AAI
-
# Notification event specific properties
notification:
eventType: AAI-EVENT
domain: dev
-
# Schema specific properties that include supported versions of api
schema:
# Specifies if the connection should be one way ssl, two way ssl or no auth
@@ -81,11 +81,11 @@ global: # global defaults
version:
# Current version of the REST API
api:
- default: v28
+ default: v29
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29
# Specifies from which version related link should appear
related:
link: v11
@@ -98,19 +98,22 @@ global: # global defaults
# Specifies from which version the edge label appeared in API
edge:
label: v12
-
# Specifies which clients should always default to realtime graph connection
realtime:
clients: SDNC,-1|MSO,-1|SO,-1|robot-ete,-1
# application image
-image: onap/aai-graphadmin:1.12.3
+image: onap/aai-graphadmin:1.14.7
pullPolicy: Always
restartPolicy: Always
flavor: small
-flavorOverride: small
+
# default number of instances
replicaCount: 1
+
+# number of ReplicaSets that should be retained for the Deployment
+revisionHistoryLimit: 2
+
# the minimum number of seconds that a newly created Pod should be ready
minReadySeconds: 30
updateStrategy:
@@ -122,29 +125,31 @@ updateStrategy:
# Configuration for the graphadmin deployment
config:
-
# Specify the profiles for the graphadmin microservice
profiles:
active: kafka
- kafkaBootstrap: strimzi-kafka-bootstrap
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.aaiGraphKafkaUser }}'
someConfig: graphrandom
- aaiTopic: AAI-EVENT
# Specifies the timeout limit for the REST API requests
timeout:
enabled: true
limit: 180000
-
+ janusgraph:
+ # temporarily enable this to update the graph storage version
+ # see: https://docs.janusgraph.org/changelog/#upgrade-instructions_9
+ allowUpgrade: true
+ # config override for the cassandra driver
+ # see: https://docs.janusgraph.org/master/configs/configuration-reference/#storagecqlinternal
+ cassandraDriver:
+ configuration: advanced.metadata.schema.debouncer.window = 1 second
# Default maximum records to fix for the data grooming and dupeTool
maxFix:
dataGrooming: 150
dupeTool: 25
-
# Default number of sleep minutes for dataGrooming and dupeTool
sleepMinutes:
dataGrooming: 7
dupeTool: 7
-
# Cron specific attributes to be triggered for the graphadmin spring cron tasks
cron:
# Specifies that the data grooming tool which runs duplicates should be enabled
@@ -154,10 +159,8 @@ config:
dataSnapshot:
enabled: true
params: JUST_TAKE_SNAPSHOT
-
# Data cleanup which zips snapshots older than x days and deletes older than y days
dataCleanup:
-
dataGrooming:
enabled: true
# Zips up the dataGrooming files older than 5 days
@@ -176,7 +179,21 @@ config:
lock:
uri:
enabled: false
-
+ # adds jvm args for remote debugging the application
+ debug:
+ enabled: false
+ args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
+ # adds jvm args for remote profiling the application
+ profiling:
+ enabled: false
+ args:
+ - "-Dcom.sun.management.jmxremote"
+ - "-Dcom.sun.management.jmxremote.ssl=false"
+ - "-Dcom.sun.management.jmxremote.authenticate=false"
+ - "-Dcom.sun.management.jmxremote.local.only=false"
+ - "-Dcom.sun.management.jmxremote.port=9999"
+ - "-Dcom.sun.management.jmxremote.rmi.port=9999"
+ - "-Djava.rmi.server.hostname=127.0.0.1"
nodeSelector: {}
@@ -184,26 +201,40 @@ affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 60
- periodSeconds: 60
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
+ enabled: true
+ path: /actuator/health/liveness
+ periodSeconds: 10
readiness:
- initialDelaySeconds: 60
+ path: /actuator/health/readiness
periodSeconds: 10
+startup:
+ path: /actuator/health/liveness
+ failureThreshold: 60
+ periodSeconds: 5
+
+readinessCheck:
+ waitForWithCreateSchemaEnabled:
+ jobs:
+ - '{{ include "common.release" . }}-aai-graphadmin-create-db-schema'
+ waitForWithCreateSchemaDisabled:
+ services:
+ - '{{ .Values.global.cassandra.serviceName }}'
+ - aai-schema-service
+
service:
type: ClusterIP
# REST API port for the graphadmin microservice
- portName: http
- internalPort: 8449
- portName2: tcp-5005
- internalPort2: 5005
- portName3: http-graphadmin
- internalPort3: 8448
- terminationGracePeriodSeconds: 120
+ appPortName: http
+ appPort: 8449
+ debugPortName: tcp-5005
+ debugPort: 5005
+ profilingPortName: jxm-9999
+ profilingPort: 9999
+ actuatorPortName: http-graphadmin
+ actuatorPort: 8448
+ terminationGracePeriodSeconds: 45
ingress:
enabled: false
@@ -261,12 +292,19 @@ resources:
memory: "8Gi"
requests:
cpu: "1"
- memory: "3.2Gi"
+ memory: "4Gi"
unlimited: {}
+# define the heap size for the JVM
+# according to the resource flavor
+small:
+ maxHeapSize: "1g"
+large:
+ maxHeapSize: "5g"
+
metrics:
serviceMonitor:
- enabled: false
+ enabled: true
targetPort: 8448
path: /actuator/prometheus
basicAuth:
@@ -284,8 +322,8 @@ metrics:
# Not fully used for now
securityContext:
- user_id: 1000
- group_id: 1000
+ user_id: 65534
+ group_id: 65534
#Pods Service Account
serviceAccount:
@@ -296,9 +334,17 @@ serviceAccount:
log:
path: /var/log/onap
level:
- root: DEBUG
- base: DEBUG
+ root: INFO
+ base: INFO
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
+
+#DupeTool cronjob parameters
+dupeToolParams:
+ schedule: "0 8 * * *"
+ userId: "am8383 "
+ nodeType: "complex"
+ timeWindowMinutes: 60
+ autoFix: true
#################################################################
# Secrets metaconfig
#################################################################
@@ -315,4 +361,4 @@ kafkaUser:
acls:
- name: AAI-EVENT
type: topic
- operations: [Read, Write] \ No newline at end of file
+ operations: [Read, Write]
diff --git a/kubernetes/aai/components/aai-modelloader/Chart.yaml b/kubernetes/aai/components/aai-modelloader/Chart.yaml
index 123da099a5..5ce5902869 100644
--- a/kubernetes/aai/components/aai-modelloader/Chart.yaml
+++ b/kubernetes/aai/components/aai-modelloader/Chart.yaml
@@ -17,7 +17,7 @@
apiVersion: v2
description: ONAP AAI modelloader
name: aai-modelloader
-version: 13.0.0
+version: 14.0.1
dependencies:
- name: common
diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
index 8dee92f77e..486ffbaa49 100644
--- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
@@ -34,7 +34,12 @@ metadata:
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
+ {{- if .Values.debug.enabled }}
+ replicas: 1
+ {{- else }}
replicas: {{ .Values.replicaCount }}
+ {{- end }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
strategy:
type: {{ .Values.updateStrategy.type }}
{{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
@@ -76,6 +81,25 @@ spec:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
+ {{- if .Values.profiling.enabled }}
+ - name: JVM_ARGS
+ value: '{{ join " " .Values.profiling.args }}'
+ {{- end }}
+ {{- if .Values.debug.enabled }}
+ - name: JVM_ARGS
+ value: {{ .Values.debug.args | quote }}
+ {{- end }}
+ ports:
+ - containerPort: 9500
+ name: http
+ {{- if .Values.debug.enabled }}
+ - containerPort: {{ .Values.debug.port }}
+ name: {{ .Values.debug.portName }}
+ {{- end }}
+ {{- if .Values.profiling.enabled }}
+ - containerPort: {{ .Values.profiling.port }}
+ name: {{ .Values.profiling.portName }}
+ {{- end }}
volumeMounts:
- mountPath: /opt/app/model-loader/config/model-loader.properties
subPath: model-loader.properties
diff --git a/kubernetes/aai/components/aai-modelloader/templates/podmonitor.yaml b/kubernetes/aai/components/aai-modelloader/templates/podmonitor.yaml
new file mode 100644
index 0000000000..1eb564ed72
--- /dev/null
+++ b/kubernetes/aai/components/aai-modelloader/templates/podmonitor.yaml
@@ -0,0 +1,34 @@
+{{/*
+# Copyright © 2024 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.metrics.podMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+ name: {{ include "common.fullname" . }}
+ labels:
+ {{- include "common.labels" . | nindent 4 }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ podMetricsEndpoints:
+ - port: {{ .Values.metrics.podMonitor.port }}
+ path: {{ .Values.metrics.podMonitor.path }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+{{- end }}
diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml
index 97f489f9e9..b28989c78f 100644
--- a/kubernetes/aai/components/aai-modelloader/values.yaml
+++ b/kubernetes/aai/components/aai-modelloader/values.yaml
@@ -21,7 +21,7 @@ global: # global defaults
nodePortPrefix: 302
# application image
-image: onap/model-loader:1.13.6
+image: onap/model-loader:1.14.2
pullPolicy: Always
restartPolicy: Always
flavor: small
@@ -41,11 +41,36 @@ kafkaUser:
# default number of instances
replicaCount: 1
+# number of ReplicaSets that should be retained for the Deployment
+revisionHistoryLimit: 2
+
updateStrategy:
type: RollingUpdate
maxUnavailable: 0
maxSurge: 1
+# adds jvm args for remote debugging the application
+debug:
+ enabled: false
+ args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
+ port: 5005
+ portName: debug
+
+# adds jvm args for remote profiling the application
+profiling:
+ enabled: false
+ args:
+ - "-Dcom.sun.management.jmxremote"
+ - "-Dcom.sun.management.jmxremote.ssl=false"
+ - "-Dcom.sun.management.jmxremote.authenticate=false"
+ - "-Dcom.sun.management.jmxremote.local.only=false"
+ - "-Dcom.sun.management.jmxremote.port=9999"
+ - "-Dcom.sun.management.jmxremote.rmi.port=9999"
+ - "-Djava.rmi.server.hostname=127.0.0.1"
+ port: 9999
+ portName: jmx
+
+
nodeSelector: {}
affinity: {}
@@ -88,6 +113,12 @@ tracing:
ignorePatterns:
- /aai/util.*
+metrics:
+ podMonitor:
+ enabled: true
+ port: http
+ path: /actuator/prometheus
+
#Pods Service Account
serviceAccount:
nameOverride: aai-modelloader
diff --git a/kubernetes/aai/components/aai-resources/.helmignore b/kubernetes/aai/components/aai-resources/.helmignore
index daebc7da77..f0c1319444 100644
--- a/kubernetes/aai/components/aai-resources/.helmignore
+++ b/kubernetes/aai/components/aai-resources/.helmignore
@@ -1,21 +1,21 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/aai/components/aai-resources/Chart.yaml b/kubernetes/aai/components/aai-resources/Chart.yaml
index 3594492675..c67329d234 100644
--- a/kubernetes/aai/components/aai-resources/Chart.yaml
+++ b/kubernetes/aai/components/aai-resources/Chart.yaml
@@ -18,7 +18,7 @@
apiVersion: v2
description: ONAP AAI resources
name: aai-resources
-version: 13.0.1
+version: 14.0.2
dependencies:
- name: common
diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties
index adabae3ac7..0f6f2923af 100644
--- a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties
+++ b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties
@@ -5,7 +5,7 @@
# ================================================================================
# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2020 Orange
-# Modifications Copyright © 2023 Nordix Foundation
+# Modifications Copyright © 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -97,4 +97,4 @@ aai.graph.checker.task.enabled=true
aai.graph.checker.task.delay=5
# Period, in seconds, between two consecutive executions of the scheduled task, if enabled
-aai.graph.checker.task.period=10 \ No newline at end of file
+aai.graph.checker.task.period=10
diff --git a/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties b/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties
index 4835560665..36940a8921 100644
--- a/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties
+++ b/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties
@@ -15,9 +15,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
-#
-# ECOMP is a trademark and service mark of AT&T Intellectual Property.
-#
*/}}
query.fast-property=true
@@ -27,40 +24,31 @@ query.smart-limit=false
storage.backend=cql
storage.hostname={{.Values.global.cassandra.serviceName}}
-storage.cql.keyspace=aaigraph
storage.username={{.Values.global.cassandra.username}}
storage.password={{.Values.global.cassandra.password}}
+storage.cql.keyspace=aaigraph
+storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }}
storage.cql.read-consistency-level=LOCAL_QUORUM
storage.cql.write-consistency-level=LOCAL_QUORUM
storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
storage.cql.only-use-local-consistency-for-system-operations=true
+{{ if .Values.global.cassandra.partitionerName }}
+storage.cql.partitioner-name={{ .Values.global.cassandra.partitionerName }}
+{{ end }}
+
{{ else }}
{{ if .Values.global.config.storage }}
storage.backend={{ .Values.global.config.storage.backend }}
-{{ if eq .Values.global.config.storage.backend "cassandra" }}
-
-storage.hostname={{ .Values.global.config.storage.hostname }}
-storage.cassandra.keyspace={{ .Values.global.config.storage.name }}
-
-storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }}
-storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }}
-storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }}
-storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }}
-storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }}
-
-storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
-cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
-log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
-
-{{ else if eq .Values.global.config.storage.backend "cql" }}
+{{ if eq .Values.global.config.storage.backend "cql" }}
storage.hostname={{ .Values.global.config.storage.hostname }}
storage.cql.keyspace={{ .Values.global.config.storage.name }}
+storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }}
storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
@@ -104,3 +92,7 @@ cache.db-cache-clean-wait={{ .Values.config.janusgraph.caching.dbCacheCleanWait
#load graphson file on startup
load.snapshot.file=false
+
+{{ if .Values.config.janusgraph.allowUpgrade }}
+graph.allow-upgrade=true
+{{ end }}
diff --git a/kubernetes/aai/components/aai-resources/templates/aai-kafka-user.yml b/kubernetes/aai/components/aai-resources/templates/aai-kafka-user.yml
index e4fa84a041..6b703e7cdd 100644
--- a/kubernetes/aai/components/aai-resources/templates/aai-kafka-user.yml
+++ b/kubernetes/aai/components/aai-resources/templates/aai-kafka-user.yml
@@ -28,4 +28,5 @@ spec:
- resource:
type: topic
name: AAI-EVENT
- operation: All \ No newline at end of file
+ operations:
+ - All
diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
index 7cccfb11a8..f00cb99d21 100644
--- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -36,6 +36,7 @@ metadata:
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
minReadySeconds: {{ .Values.minReadySeconds }}
strategy:
type: {{ .Values.updateStrategy.type }}
@@ -130,13 +131,6 @@ spec:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - -c
- - |
- echo "*** actual launch of AAI Resources"
- /bin/bash /opt/app/aai-resources/docker-entrypoint.sh
env:
{{- if .Values.config.env }}
{{- range $key,$value := .Values.config.env }}
@@ -157,11 +151,11 @@ spec:
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
- name: INTERNAL_PORT_1
- value: {{ .Values.service.internalPort | quote }}
+ value: {{ .Values.service.resourcesPort | quote }}
- name: INTERNAL_PORT_2
- value: {{ .Values.service.internalPort2 | quote }}
+ value: {{ .Values.service.debugPort | quote }}
- name: INTERNAL_PORT_3
- value: {{ .Values.service.internalPort3 | quote }}
+ value: {{ .Values.service.metricsPort | quote }}
- name: BOOTSTRAP_SERVERS
value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
- name: JAAS_CONFIG
@@ -197,19 +191,18 @@ spec:
name: {{ include "common.fullname" . }}-config
subPath: application-keycloak.properties
ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ - containerPort: {{ .Values.service.resourcesPort }}
+ name: {{ .Values.service.resourcesPortName }}
{{- if .Values.config.debug.enabled }}
- - containerPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
+ - containerPort: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
{{- end }}
- - containerPort: {{ .Values.service.internalPort3 }}
- name: {{ .Values.service.portName3 }}
+ - containerPort: {{ .Values.service.metricsPort }}
+ name: {{ .Values.service.metricsPortName }}
{{- if .Values.config.profiling.enabled }}
- - containerPort: {{ .Values.service.internalPort4 }}
- name: {{ .Values.service.portName4 }}
+ - containerPort: {{ .Values.service.profilingPort }}
+ name: {{ .Values.service.profilingPortName }}
{{- end }}
-
lifecycle:
# wait for active requests (long-running tasks) to be finished
# Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
@@ -219,16 +212,16 @@ spec:
- sh
- -c
- |
- while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2)
- do sleep 10
+ while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1)
+ do sleep 3
done
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if .Values.liveness.enabled }}
+ # disable liveness probe when
+ # debugging.enable=true or profiling.enabled=true
+ {{- if and .Values.liveness.enabled (not (or .Values.config.debug.enabled .Values.config.profiling.enabled)) }}
livenessProbe:
httpGet:
path: /aai/util/echo?action=checkDB
- port: {{ .Values.service.internalPort }}
+ port: {{ .Values.service.resourcesPort }}
scheme: HTTP
httpHeaders:
- name: X-FromAppId
@@ -243,7 +236,7 @@ spec:
readinessProbe:
httpGet:
path: /aai/util/echo?action=checkDB
- port: {{ .Values.service.internalPort }}
+ port: {{ .Values.service.resourcesPort }}
scheme: HTTP
httpHeaders:
- name: X-FromAppId
diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml
index 0613129aac..308dc052c8 100644
--- a/kubernetes/aai/components/aai-resources/templates/service.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/service.yaml
@@ -29,28 +29,30 @@ spec:
type: {{ .Values.service.type }}
ports:
{{ if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
+ - port: {{ .Values.service.resourcesPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- targetPort: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.resourcesPortName }}
+ targetPort: {{ .Values.service.resourcesPortName }}
+ - port: {{ .Values.service.debugPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName2 }}
- targetPort: {{ .Values.service.portName2 }}
- - port: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.debugPortName }}
+ targetPort: {{ .Values.service.debugPortName }}
+ - port: {{ .Values.service.metricsPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: {{ .Values.service.portName3 }}
- targetPort: {{ .Values.service.portName3 }}
+ name: {{ .Values.service.metricsPortName }}
+ targetPort: {{ .Values.service.metricsPortName }}
{{- else -}}
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- targetPort: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
- targetPort: {{ .Values.service.portName2 }}
- - port: {{ .Values.service.internalPort3 }}
- name: {{ .Values.service.portName3 }}
- targetPort: {{ .Values.service.portName3 }}
+ - port: {{ .Values.service.resourcesPort }}
+ name: {{ .Values.service.resourcesPortName }}
+ targetPort: {{ .Values.service.resourcesPortName }}
+ {{- if .Values.config.debug.enabled }}
+ - port: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
+ targetPort: {{ .Values.service.debugPortName }}
+ {{- end }}
+ - port: {{ .Values.service.metricsPort }}
+ name: {{ .Values.service.metricsPortName }}
+ targetPort: {{ .Values.service.metricsPortName }}
{{- end }}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index 329c487ee7..630c88a244 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -77,11 +77,11 @@ global: # global defaults
version:
# Current version of the REST API
api:
- default: v28
+ default: v29
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29
# Specifies from which version related link should appear
related:
link: v11
@@ -98,11 +98,6 @@ global: # global defaults
# Specifies which clients should always default to realtime graph connection
realtime:
clients: SDNC,MSO,SO,robot-ete
- kafkaBootstrap: strimzi-kafka-bootstrap
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.aaiKafkaUser }}'
- someConfig: random
- aaiTopic: AAI-EVENT
-
api_list:
- 11
- 12
@@ -113,6 +108,16 @@ api_list:
- 17
- 18
- 19
+ - 20
+ - 21
+ - 22
+ - 23
+ - 24
+ - 25
+ - 26
+ - 27
+ - 28
+ - 29
aai_enpoints:
- name: aai-cloudInfrastructure
@@ -129,13 +134,17 @@ aai_enpoints:
url: external-system
# application image
-image: onap/aai-resources:1.13.4
+image: onap/aai-resources:1.14.7
pullPolicy: Always
restartPolicy: Always
flavor: small
flavorOverride: small
# default number of instances
replicaCount: 1
+
+# number of ReplicaSets that should be retained for the Deployment
+revisionHistoryLimit: 2
+
# the minimum number of seconds that a newly created Pod should be ready
minReadySeconds: 30
updateStrategy:
@@ -166,11 +175,15 @@ config:
# modifications to graph done by this service/janusgraph instance will immediately invalidate the cache
# modifications to graph done by other services (traversal) will only be visible
# after time specified in db-cache-time
- enabled: false
+ enabled: true
# Documentation: https://docs.janusgraph.org/operations/cache/#database-level-caching
dbCacheTime: 180000 # in milliseconds
dbCacheSize: 0.1 # percentage (expressed as a decimal between 0 and 1) of the total heap space available to the JVM running
dbCacheCleanWait: 20 # in milliseconds
+ # temporarily enable this to update the graph storage version
+ # see: https://docs.janusgraph.org/changelog/#upgrade-instructions_9
+ allowUpgrade: true
+
# Specifies crud related operation timeouts and overrides
@@ -196,7 +209,7 @@ config:
# environment variables added to the launch of the image in deployment
env:
MIN_HEAP_SIZE: "512m"
- MAX_HEAP_SIZE: "1024m"
+ MAX_HEAP_SIZE: "2g"
MAX_METASPACE_SIZE: "512m"
# adds jvm args for remote debugging the application
@@ -228,9 +241,7 @@ affinity: {}
liveness:
initialDelaySeconds: 60
periodSeconds: 60
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
+ enabled: true
readiness:
initialDelaySeconds: 60
@@ -238,13 +249,15 @@ readiness:
service:
type: ClusterIP
- portName: http
- internalPort: 8447
- portName2: tcp-5005
- internalPort2: 5005
- portName3: http-resources
- internalPort3: 8448
- terminationGracePeriodSeconds: 120
+ resourcesPortName: http
+ resourcesPort: 8447
+ debugPortName: tcp-5005
+ debugPort: 5005
+ metricsPortName: metrics
+ metricsPort: 8448
+ profilingPortName: jmx-9999
+ profilingPort: 9999
+ terminationGracePeriodSeconds: 30
sessionAffinity: None
ingress:
@@ -266,13 +279,6 @@ serviceMesh:
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
# Minimum memory for development is 2 CPU cores and 4GB memory
# Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: "2"
-# memory: "4Gi"
-# requests:
-# cpu: "2"
-# memory: "4Gi"
resources:
small:
limits:
@@ -283,10 +289,10 @@ resources:
memory: "3Gi"
large:
limits:
- cpu: "4"
- memory: "8Gi"
+ cpu: "8"
+ memory: "12Gi"
requests:
- cpu: "2"
+ cpu: "4"
memory: "6Gi"
unlimited: {}
@@ -399,4 +405,4 @@ kafkaUser:
acls:
- name: AAI-EVENT
type: topic
- operations: [Read, Write] \ No newline at end of file
+ operations: [Read, Write]
diff --git a/kubernetes/aai/components/aai-schema-service/.helmignore b/kubernetes/aai/components/aai-schema-service/.helmignore
index daebc7da77..f0c1319444 100644
--- a/kubernetes/aai/components/aai-schema-service/.helmignore
+++ b/kubernetes/aai/components/aai-schema-service/.helmignore
@@ -1,21 +1,21 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/aai/components/aai-schema-service/Chart.yaml b/kubernetes/aai/components/aai-schema-service/Chart.yaml
index 3860826d1b..47064859d5 100644
--- a/kubernetes/aai/components/aai-schema-service/Chart.yaml
+++ b/kubernetes/aai/components/aai-schema-service/Chart.yaml
@@ -18,7 +18,7 @@
apiVersion: v2
description: ONAP AAI Schema Service
name: aai-schema-service
-version: 13.0.0
+version: 14.0.2
dependencies:
- name: common
diff --git a/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties b/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties
index 4c620a0028..1cd6335585 100644
--- a/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties
+++ b/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties
@@ -4,7 +4,7 @@
# org.onap.aai
# ================================================================================
# Copyright © 2019 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2023 Nordix Foundation
+# Modifications Copyright © 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/kubernetes/aai/components/aai-schema-service/config/application.properties b/kubernetes/aai/components/aai-schema-service/config/application.properties
index 20dc6bc520..5d55923021 100644
--- a/kubernetes/aai/components/aai-schema-service/config/application.properties
+++ b/kubernetes/aai/components/aai-schema-service/config/application.properties
@@ -1,6 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2023 Nordix Foundation
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
index 0ecc2b2d80..d4041bed57 100644
--- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
@@ -35,6 +35,7 @@ metadata:
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
strategy:
type: {{ .Values.updateStrategy.type }}
{{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
@@ -69,6 +70,14 @@ spec:
value: {{ .Values.securityContext.user_id | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.securityContext.group_id | quote }}
+ {{- if .Values.profiling.enabled }}
+ - name: PRE_JVM_ARGS
+ value: '{{ join " " .Values.profiling.args }}'
+ {{- end }}
+ {{- if .Values.debug.enabled }}
+ - name: POST_JAVA_OPTS
+ value: {{ .Values.debug.args | quote }}
+ {{- end }}
volumeMounts:
- mountPath: /opt/app/aai-schema-service/resources/etc/appprops/aaiconfig.properties
name: aaiconfig-conf
@@ -88,22 +97,28 @@ spec:
name: springapp-conf
subPath: application.properties
ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - containerPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
+ - containerPort: {{ .Values.service.appPort }}
+ name: {{ .Values.service.appPortName }}
+ {{- if .Values.debug.enabled }}
+ - containerPort: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
+ {{- end }}
+ {{- if .Values.profiling.enabled }}
+ - containerPort: {{ .Values.service.profilingPort }}
+ name: {{ .Values.service.profilingPortName }}
+ {{- end }}
+ # disable liveness probe when
+ # debugging.enabled=true or profiling.enabled=true
+ {{- if and .Values.liveness.enabled (not (or .Values.debug.enabled .Values.profiling.enabled)) }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ .Values.service.appPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort }}
+ port: {{ .Values.service.appPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
resources: {{ include "common.resources" . | nindent 10 }}
diff --git a/kubernetes/aai/components/aai-schema-service/templates/service.yaml b/kubernetes/aai/components/aai-schema-service/templates/service.yaml
index 79f01d6638..412b62c6fe 100644
--- a/kubernetes/aai/components/aai-schema-service/templates/service.yaml
+++ b/kubernetes/aai/components/aai-schema-service/templates/service.yaml
@@ -29,21 +29,21 @@ spec:
type: {{ .Values.service.type }}
ports:
{{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
+ - port: {{ .Values.service.appPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- targetPort: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.appPortName }}
+ targetPort: {{ .Values.service.appPortName }}
+ - port: {{ .Values.service.debugPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName2 }}
- targetPort: {{ .Values.service.portName2 }}
+ name: {{ .Values.service.debugPortName }}
+ targetPort: {{ .Values.service.debugPortName }}
{{- else -}}
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- targetPort: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
- targetPort: {{ .Values.service.portName2 }}
+ - port: {{ .Values.service.appPort }}
+ name: {{ .Values.service.appPortName }}
+ targetPort: {{ .Values.service.appPortName }}
+ - port: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
+ targetPort: {{ .Values.service.debugPortName }}
{{- end }}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml
index ccda86dc0d..12dfaea091 100644
--- a/kubernetes/aai/components/aai-schema-service/values.yaml
+++ b/kubernetes/aai/components/aai-schema-service/values.yaml
@@ -41,11 +41,11 @@ global: # global defaults
version:
# Current version of the REST API
api:
- default: v28
+ default: v29
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29
# Specifies from which version related link should appear
related:
link: v11
@@ -60,13 +60,33 @@ global: # global defaults
label: v12
# application image
-image: onap/aai-schema-service:1.12.3
+image: onap/aai-schema-service:1.12.5
pullPolicy: Always
restartPolicy: Always
flavorOverride: small
# default number of instances
replicaCount: 1
+# adds jvm args for remote debugging the application
+debug:
+ enabled: false
+ args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
+
+# adds jvm args for remote profiling the application
+profiling:
+ enabled: false
+ args:
+ - "-Dcom.sun.management.jmxremote"
+ - "-Dcom.sun.management.jmxremote.ssl=false"
+ - "-Dcom.sun.management.jmxremote.authenticate=false"
+ - "-Dcom.sun.management.jmxremote.local.only=false"
+ - "-Dcom.sun.management.jmxremote.port=9999"
+ - "-Dcom.sun.management.jmxremote.rmi.port=9999"
+ - "-Djava.rmi.server.hostname=127.0.0.1"
+
+# number of ReplicaSets that should be retained for the Deployment
+revisionHistoryLimit: 2
+
updateStrategy:
type: RollingUpdate
maxUnavailable: 0
@@ -90,10 +110,12 @@ readiness:
service:
type: ClusterIP
- portName: http
- internalPort: 8452
- portName2: tcp-5005
- internalPort2: 5005
+ appPortName: http
+ appPort: 8452
+ debugPortName: tcp-5005
+ debugPort: 5005
+ profilingPortName: jmx-9999
+ profilingPort: 9999
ingress:
enabled: false
diff --git a/kubernetes/aai/components/aai-sparky-be/.helmignore b/kubernetes/aai/components/aai-sparky-be/.helmignore
index daebc7da77..f0c1319444 100644
--- a/kubernetes/aai/components/aai-sparky-be/.helmignore
+++ b/kubernetes/aai/components/aai-sparky-be/.helmignore
@@ -1,21 +1,21 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/aai/components/aai-sparky-be/Chart.yaml b/kubernetes/aai/components/aai-sparky-be/Chart.yaml
index a057002f57..5f05c6d428 100644
--- a/kubernetes/aai/components/aai-sparky-be/Chart.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/Chart.yaml
@@ -17,7 +17,7 @@
apiVersion: v2
description: ONAP AAI sparky-be
name: aai-sparky-be
-version: 13.0.0
+version: 14.0.0
dependencies:
- name: common
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties
index 178adb80b3..79f48da2aa 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-oxm-schema-prod.properties
@@ -1,6 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2023 Nordix Foundation
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
index e9ed63e76e..e0cf24c40b 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-resources.properties
@@ -1,6 +1,6 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2023 Nordix Foundation
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -19,4 +19,3 @@ resources.hostname=aai
resources.port=80
resources.authType=HTTP_NOAUTH
-
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties
index c6e1baac2a..68e1141cb3 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application-ssl.properties
@@ -1,5 +1,5 @@
# Copyright © 2018 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2023 Nordix Foundation
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -16,4 +16,3 @@
server.port=8000
security.require-ssl=false
server.ssl.enabled=false
-
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties
index b5ad6b3f4a..41c41d29b1 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/application.properties
@@ -1,5 +1,5 @@
# Copyright © 2018 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2023 Nordix Foundation
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -30,3 +30,55 @@ searchservice.hostname={{.Values.global.searchData.serviceName}}
searchservice.port=9509
schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties
+
+# Properties for the SchemaLocationsBean
+# Files named aai_oxm_v*.xml are unpacked here:
+# Schema Version Related Attributes
+schema.uri.base.path=/aai
+# Lists all of the versions in the schema
+schema.version.list=v9,v10,v11,v12,v13,v14
+# Specifies from which version should the depth parameter to default to zero
+schema.version.depth.start=v10
+# Specifies from which version should the related link be displayed in response payload
+schema.version.related.link.start=v10
+# Specifies from which version should the client see only the uri excluding host info
+# Before this version server base will also be included
+schema.version.app.root.start=v11
+# Specifies from which version should the namespace be changed
+schema.version.namespace.change.start=v12
+# Specifies from which version should the client start seeing the edge label in payload
+schema.version.edge.label.start=v12
+# Specifies the version that the application should default to
+schema.version.api.default=v14
+# Schema Location Related Attributes
+schema.configuration.location=NA
+# New propterties required by the aai-common - aai-schema-ingest lib as of 1.3.0
+schema.configuration.location=N/A
+schema.nodes.location=${APP_HOME}/onap/oxm
+schema.edges.location=
+# Setting this values to ${oxm.apiVersion} only to ensure the value used exists (we don't use this properties in our application)
+# schema.version.depth.start=${oxm.apiVersion}
+# schema.version.related.link.start=${oxm.apiVersion}
+# schema.version.app.root.start=${oxm.apiVersion}
+# schema.version.namespace.change.start=${oxm.apiVersion}
+# schema.version.edge.label.start=${oxm.apiVersion}
+# Properties required by AAI Schema Service MS
+schema.translator.list=config
+schema.service.base.url=${oxm.schemaServiceBaseUrl}
+schema.service.nodes.endpoint=nodes?version=
+schema.service.edges.endpoint=edgerules?version=
+schema.service.versions.endpoint=versions
+schema.local=true
+schema.filename=mockrequests
+#Default rest client is the two-way-ssl
+#schema.service.client=two-way-ssl
+#Replace the below with the A&AI client key store
+schema.service.ssl.key-store=${oxm.schemaServiceKeystore}
+#Replace the below with the A&AI tomcat trust store
+schema.service.ssl.trust-store=${oxm.schemaServiceTruststore}
+schema.service.ssl.key-store-password=${oxm.schemaServiceKeystorePassword}
+schema.service.ssl.trust-store-password=${oxm.schemaServiceTruststorePassword}
+spring.application.name=sparky
+nodeDir=src/main/resources/schema/onap/oxm/
+edgeDir=src/main/resources/schema/onap/oxm
+schemaIngestPropLoc=src/main/resources/schema/onap/oxm
diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config b/kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config
index ce69e88918..093e7b01fa 100644
--- a/kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config
+++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application/users.config
@@ -1,20 +1,20 @@
-[{
- "orgId": null,
- "managerId": null,
- "firstName": "Demo",
- "middleInitial": null,
- "lastName": "User",
- "phone": null,
- "email": "demo@email.com",
- "hrid": null,
- "orgUserId": "demo",
- "orgCode": null,
- "orgManagerUserId": null,
- "jobTitle": null,
- "loginId": "demo",
- "active": false,
- "roles": [{
- "id": 1,
- "name": "View"
- }]
-}] \ No newline at end of file
+[{
+ "orgId": null,
+ "managerId": null,
+ "firstName": "Demo",
+ "middleInitial": null,
+ "lastName": "User",
+ "phone": null,
+ "email": "demo@email.com",
+ "hrid": null,
+ "orgUserId": "demo",
+ "orgCode": null,
+ "orgManagerUserId": null,
+ "jobTitle": null,
+ "loginId": "demo",
+ "active": false,
+ "roles": [{
+ "id": 1,
+ "name": "View"
+ }]
+}]
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
index f8813cdf69..3c0b4b9d92 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
@@ -23,6 +23,7 @@ metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
strategy:
type: {{ .Values.updateStrategy.type }}
{{- if (eq "RollingUpdate" .Values.updateStrategy.type) }}
@@ -96,10 +97,34 @@ spec:
- mountPath: /opt/app/sparky/config/logging/logback.xml
name: config
subPath: logback.xml
- ports: {{ include "common.containerPorts" . | nindent 10 }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
+ ports:
+ {{- if .Values.debug.enabled }}
+ - containerPort: {{ .Values.debug.port }}
+ name: {{ .Values.debug.portName }}
+ {{- end }}
+ {{- if .Values.profiling.enabled }}
+ - containerPort: {{ .Values.profiling.port }}
+ name: {{ .Values.profiling.portName }}
+ {{- end }}
+ {{ include "common.containerPorts" . | nindent 10 }}
+ env:
+ {{- if .Values.config.env }}
+ {{- range $key,$value := .Values.config.env }}
+ - name: {{ $key | upper | quote}}
+ value: {{ $value | quote}}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.profiling.enabled }}
+ - name: JVM_ARGS
+ value: '{{ join " " .Values.profiling.args }}'
+ {{- end }}
+ {{- if .Values.debug.enabled }}
+ - name: JVM_ARGS
+ value: {{ .Values.debug.args | quote }}
+ {{- end }}
+ # disable liveness probe when
+ # debugging.enabled=true or profiling.enabled=true
+ {{- if and .Values.liveness.enabled (not (or .Values.debug.enabled .Values.profiling.enabled)) }}
livenessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
index 0a9de51e54..e017032b03 100644
--- a/kubernetes/aai/components/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -1,5 +1,5 @@
-# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
-# Modifications Copyright (c) 2020 Nokia, Orange
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2020 Nokia, Orange
# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -29,7 +29,7 @@ global: # global defaults
serviceName: aai-search-data
# application image
-image: onap/sparky-be:2.0.3
+image: onap/sparky-be:2.0.5
pullPolicy: Always
restartPolicy: Always
flavor: small
@@ -46,6 +46,8 @@ config:
portalCookieName: UserId
portalAppRoles: ui_view
cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor
+ env:
+ JVM_ARGS: -XX:MaxRAMPercentage=50.0
# ONAP Cookie Processing - During initial development, the following flag, if true, will
# prevent the portal interface's login processing from searching for a user
@@ -53,9 +55,33 @@ config:
portalOnapEnabled: true
#
+# adds jvm args for remote debugging the application
+debug:
+ enabled: false
+ args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
+ port: 5555
+ portName: debug
+
+# adds jvm args for remote profiling the application
+profiling:
+ enabled: false
+ args:
+ - "-Dcom.sun.management.jmxremote"
+ - "-Dcom.sun.management.jmxremote.ssl=false"
+ - "-Dcom.sun.management.jmxremote.authenticate=false"
+ - "-Dcom.sun.management.jmxremote.local.only=false"
+ - "-Dcom.sun.management.jmxremote.port=9999"
+ - "-Dcom.sun.management.jmxremote.rmi.port=9999"
+ - "-Djava.rmi.server.hostname=127.0.0.1"
+ port: 9999
+ portName: jmx
+
# default number of instances
replicaCount: 1
+# number of ReplicaSets that should be retained for the Deployment
+revisionHistoryLimit: 2
+
updateStrategy:
type: RollingUpdate
maxUnavailable: 0
diff --git a/kubernetes/aai/components/aai-traversal/.helmignore b/kubernetes/aai/components/aai-traversal/.helmignore
index daebc7da77..f0c1319444 100644
--- a/kubernetes/aai/components/aai-traversal/.helmignore
+++ b/kubernetes/aai/components/aai-traversal/.helmignore
@@ -1,21 +1,21 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/aai/components/aai-traversal/Chart.yaml b/kubernetes/aai/components/aai-traversal/Chart.yaml
index 8c77848368..3b2d8b819e 100644
--- a/kubernetes/aai/components/aai-traversal/Chart.yaml
+++ b/kubernetes/aai/components/aai-traversal/Chart.yaml
@@ -17,7 +17,7 @@
apiVersion: v2
description: ONAP AAI traversal
name: aai-traversal
-version: 13.0.0
+version: 14.0.2
dependencies:
- name: common
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties
index 559166ba8e..c844b3d194 100644
--- a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties
+++ b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties
@@ -5,7 +5,7 @@
# ================================================================================
# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2020 Orange
-# Modifications Copyright © 2023 Nordix Foundation
+# Modifications Copyright © 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties
index 1b58ad6167..da2703dd41 100644
--- a/kubernetes/aai/components/aai-traversal/resources/config/application.properties
+++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties
@@ -1,7 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2020 Orange
-# Modifications Copyright � 2023 Nordix Foundation
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -112,4 +112,4 @@ management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms
#Add common tag for grouping all aai related metrics
management.metrics.tags.group_id=aai
#It is not advisable to use labels to store dimensions with high cardinality. Enable this option only for debug purposes. For more information: https://github.com/micrometer-metrics/micrometer/issues/1584
-scrape.uri.metrics=false \ No newline at end of file
+scrape.uri.metrics=false
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties b/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties
index 4835560665..36940a8921 100644
--- a/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties
+++ b/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties
@@ -15,9 +15,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
-#
-# ECOMP is a trademark and service mark of AT&T Intellectual Property.
-#
*/}}
query.fast-property=true
@@ -27,40 +24,31 @@ query.smart-limit=false
storage.backend=cql
storage.hostname={{.Values.global.cassandra.serviceName}}
-storage.cql.keyspace=aaigraph
storage.username={{.Values.global.cassandra.username}}
storage.password={{.Values.global.cassandra.password}}
+storage.cql.keyspace=aaigraph
+storage.cql.local-datacenter={{ .Values.global.cassandra.localDataCenter }}
storage.cql.read-consistency-level=LOCAL_QUORUM
storage.cql.write-consistency-level=LOCAL_QUORUM
storage.cql.replication-factor={{.Values.global.cassandra.replicas}}
storage.cql.only-use-local-consistency-for-system-operations=true
+{{ if .Values.global.cassandra.partitionerName }}
+storage.cql.partitioner-name={{ .Values.global.cassandra.partitionerName }}
+{{ end }}
+
{{ else }}
{{ if .Values.global.config.storage }}
storage.backend={{ .Values.global.config.storage.backend }}
-{{ if eq .Values.global.config.storage.backend "cassandra" }}
-
-storage.hostname={{ .Values.global.config.storage.hostname }}
-storage.cassandra.keyspace={{ .Values.global.config.storage.name }}
-
-storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }}
-storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }}
-storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }}
-storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }}
-storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }}
-
-storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }}
-cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }}
-log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }}
-
-{{ else if eq .Values.global.config.storage.backend "cql" }}
+{{ if eq .Values.global.config.storage.backend "cql" }}
storage.hostname={{ .Values.global.config.storage.hostname }}
storage.cql.keyspace={{ .Values.global.config.storage.name }}
+storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }}
storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }}
@@ -104,3 +92,7 @@ cache.db-cache-clean-wait={{ .Values.config.janusgraph.caching.dbCacheCleanWait
#load graphson file on startup
load.snapshot.file=false
+
+{{ if .Values.config.janusgraph.allowUpgrade }}
+graph.allow-upgrade=true
+{{ end }}
diff --git a/kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml b/kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml
index 1754227d7f..7c6a252315 100644
--- a/kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml
+++ b/kubernetes/aai/components/aai-traversal/templates/aai-trav-kafka-user.yml
@@ -28,4 +28,5 @@ spec:
- resource:
type: topic
name: AAI-EVENT
- operation: All \ No newline at end of file
+ operations:
+ - All
diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
index 67e1b996e3..d8977520a5 100644
--- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
@@ -1,8 +1,8 @@
{{/*
-# Copyright (c) 2017 Amdocs, Bell Canada
-# Modifications Copyright (c) 2018 AT&T
-# Modifications Copyright (c) 2020 Nokia, Orange
-# Modifications Copyright (c) 2021 Orange
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2020 Nokia, Orange
+# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -36,6 +36,7 @@ metadata:
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
minReadySeconds: {{ .Values.minReadySeconds }}
strategy:
type: {{ .Values.updateStrategy.type }}
@@ -149,13 +150,6 @@ spec:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - -c
- - |
- echo "*** actual launch of AAI Resources"
- /bin/bash /opt/app/aai-traversal/docker-entrypoint.sh
env:
{{- if .Values.config.env }}
{{- range $key,$value := .Values.config.env }}
@@ -178,11 +172,11 @@ spec:
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
- name: INTERNAL_PORT_1
- value: {{ .Values.service.internalPort | quote }}
+ value: {{ .Values.service.traversalPort | quote }}
- name: INTERNAL_PORT_2
- value: {{ .Values.service.internalPort2 | quote }}
+ value: {{ .Values.service.debugPort | quote }}
- name: INTERNAL_PORT_3
- value: {{ .Values.service.internalPort3 | quote }}
+ value: {{ .Values.service.metricsPort | quote }}
- name: BOOTSTRAP_SERVERS
value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
- name: JAAS_CONFIG
@@ -220,20 +214,18 @@ spec:
name: {{ include "common.fullname" . }}-config
subPath: application-keycloak.properties
ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
-
+ - containerPort: {{ .Values.service.traversalPort }}
+ name: {{ .Values.service.traversalPortName }}
{{- if .Values.config.debug.enabled }}
- - containerPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
+ - containerPort: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
{{- end }}
- - containerPort: {{ .Values.service.internalPort3 }}
- name: {{ .Values.service.portName3 }}
+ - containerPort: {{ .Values.service.metricsPort }}
+ name: {{ .Values.service.metricsPortName }}
{{- if .Values.config.profiling.enabled }}
- - containerPort: {{ .Values.service.internalPort4 }}
- name: {{ .Values.service.portName4 }}
+ - containerPort: {{ .Values.service.profilingPort }}
+ name: {{ .Values.service.profilingPortName }}
{{- end }}
-
lifecycle:
# wait for active requests (long-running tasks) to be finished
# Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
@@ -243,16 +235,16 @@ spec:
- sh
- -c
- |
- while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1 -e $INTERNAL_PORT_2)
+ while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1)
do sleep 10
done
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
+ # disable liveness probe when
+ # debugging.enable=true or profiling.enabled=true
+ {{- if and .Values.liveness.enabled (not (or .Values.config.debug.enabled .Values.config.profiling.enabled)) }}
livenessProbe:
httpGet:
path: /aai/util/echo?action=checkDB
- port: {{ .Values.service.internalPort }}
+ port: {{ .Values.service.traversalPort }}
scheme: HTTP
httpHeaders:
- name: X-FromAppId
@@ -267,7 +259,7 @@ spec:
readinessProbe:
httpGet:
path: /aai/util/echo?action=checkDB
- port: {{ .Values.service.internalPort }}
+ port: {{ .Values.service.traversalPort }}
scheme: HTTP
httpHeaders:
- name: X-FromAppId
diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml
index 88fbe4788a..3977f827d6 100644
--- a/kubernetes/aai/components/aai-traversal/templates/job.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml
@@ -44,7 +44,10 @@ spec:
name: {{ include "common.name" . }}
spec:
initContainers:
- - command:
+ - name: {{ include "common.name" . }}-readiness
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
- /app/ready.py
args:
- --service-name
@@ -55,9 +58,24 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
+ - name: {{ include "common.name" . }}-wait-for-aai-haproxy
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ command:
+ - sh
+ - "-c"
+ - |
+ until nc -w10 -z -v aai.{{.Release.Namespace}} 80; do
+ echo "Retrying to reach aai on port 80";
+ sleep 1;
+ done;
resources:
limits:
cpu: "100m"
@@ -70,13 +88,16 @@ spec:
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- - bash
+ - sh
- "-c"
- |
- set -x
- if [ ! -d /opt/aai/logroot/AAI-GQ/misc ]; then mkdir -p /opt/aai/logroot/AAI-GQ/misc; fi
- until nc -w10 -z -v aai.{{.Release.Namespace}} 80; do echo "Retrying to reach aai on port 80"; done;
- bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh ;
+ set -x;
+ if [ ! -d /opt/aai/logroot/AAI-GQ/misc ];
+ then mkdir -p /opt/aai/logroot/AAI-GQ/misc;
+ fi
+
+ sh -x /opt/app/aai-traversal/bin/install/updateQueryData.sh ;
+
{{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
diff --git a/kubernetes/aai/components/aai-traversal/templates/service.yaml b/kubernetes/aai/components/aai-traversal/templates/service.yaml
index 2fac1e5a42..49ed56306a 100644
--- a/kubernetes/aai/components/aai-traversal/templates/service.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/service.yaml
@@ -29,28 +29,30 @@ spec:
type: {{ .Values.service.type }}
ports:
{{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
+ - port: {{ .Values.service.traversalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- targetPort: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.traversalPortName }}
+ targetPort: {{ .Values.service.traversalPortName }}
+ - port: {{ .Values.service.debugPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName2 }}
- targetPort: {{ .Values.service.portName2 }}
- - port: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.debugPortName }}
+ targetPort: {{ .Values.service.debugPortName }}
+ - port: {{ .Values.service.metricsPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: {{ .Values.service.portName3 }}
- targetPort: {{ .Values.service.portName3 }}
+ name: {{ .Values.service.metricsPortName }}
+ targetPort: {{ .Values.service.metricsPortName }}
{{- else -}}
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- targetPort: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
- targetPort: {{ .Values.service.portName2 }}
- - port: {{ .Values.service.internalPort3 }}
- name: {{ .Values.service.portName3 }}
- targetPort: {{ .Values.service.portName3 }}
+ - port: {{ .Values.service.traversalPort }}
+ name: {{ .Values.service.traversalPortName }}
+ targetPort: {{ .Values.service.traversalPortName }}
+ {{- if .Values.config.debug.enabled }}
+ - port: {{ .Values.service.debugPort }}
+ name: {{ .Values.service.debugPortName }}
+ targetPort: {{ .Values.service.debugPortName }}
+ {{- end }}
+ - port: {{ .Values.service.metricsPort }}
+ name: {{ .Values.service.metricsPortName }}
+ targetPort: {{ .Values.service.metricsPortName }}
{{- end }}
selector:
app: {{ include "common.name" . }}
diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
index dd06a28a95..6b268cae42 100644
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -26,7 +26,8 @@ global: # global defaults
#Service Name of the cassandra cluster to connect to.
#Override it to aai-cassandra if localCluster is enabled.
serviceName: cassandra
-
+ # Cassandra datacenter name
+ localDataCenter: dc1
# Specifies a list of jobs to be run
jobs:
# When enabled, it will create the schema based on oxm and edge rules
@@ -85,11 +86,11 @@ global: # global defaults
version:
# Current version of the REST API
api:
- default: v28
+ default: v29
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29
# Specifies from which version related link should appear
related:
link: v11
@@ -106,13 +107,11 @@ global: # global defaults
# Specifies which clients should always default to realtime graph connection
realtime:
clients: SDNC,MSO,SO,robot-ete
- kafkaBootstrap: strimzi-kafka-bootstrap
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.aaiTravKafkaUser }}'
someConfig: random
- aaiTopic: AAI-EVENT
# application image
-image: onap/aai-traversal:1.13.4
+image: onap/aai-traversal:1.14.7
pullPolicy: Always
restartPolicy: Always
flavor: small
@@ -136,6 +135,16 @@ api_list:
- 17
- 18
- 19
+ - 20
+ - 21
+ - 22
+ - 23
+ - 24
+ - 25
+ - 26
+ - 27
+ - 28
+ - 29
aai_enpoints:
- name: aai-generic-query
@@ -147,6 +156,7 @@ aai_enpoints:
# application configuration
config:
+
# configure keycloak according to your environment.
# don't forget to add keycloak in active profiles above (global.config.profiles)
keycloak:
@@ -164,14 +174,16 @@ config:
caching:
# enable when running read-heavy workloads
# modifications to graph done by this service/janusgraph instance will immediately invalidate the cache
- # modifications to graph done by other services (resources) will only be visible
+ # modifications to graph done by other services (traversal) will only be visible
# after time specified in db-cache-time
- enabled: false
+ enabled: true
# Documentation: https://docs.janusgraph.org/operations/cache/#database-level-caching
dbCacheTime: 180000 # in milliseconds
dbCacheSize: 0.1 # percentage (expressed as a decimal between 0 and 1) of the total heap space available to the JVM running
dbCacheCleanWait: 20 # in milliseconds
-
+ # temporarily enable this to update the graph storage version
+ # see: https://docs.janusgraph.org/changelog/#upgrade-instructions_9
+ allowUpgrade: true
# Specifies timeout information such as application specific and limits
timeout:
@@ -185,8 +197,9 @@ config:
# environment variables added to the launch of the image in deployment
env:
MIN_HEAP_SIZE: "512m"
- MAX_HEAP_SIZE: "1024m"
+ MAX_HEAP_SIZE: "2g"
MAX_METASPACE_SIZE: "512m"
+ # POST_JVM_ARGS: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
# adds jvm args for remote debugging the application
debug:
@@ -237,6 +250,9 @@ persistence:
# default number of instances
replicaCount: 1
+# number of ReplicaSets that should be retained for the Deployment
+revisionHistoryLimit: 2
+
nodeSelector: {}
affinity: {}
@@ -245,9 +261,7 @@ affinity: {}
liveness:
initialDelaySeconds: 60
periodSeconds: 60
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
+ enabled: true
readiness:
initialDelaySeconds: 10
@@ -255,13 +269,15 @@ readiness:
service:
type: ClusterIP
- portName: http
- internalPort: 8446
- portName2: tcp-5005
- internalPort2: 5005
- portName3: http-traversal
- internalPort3: 8448
- terminationGracePeriodSeconds: 120
+ traversalPortName: http
+ traversalPort: 8446
+ debugPortName: tcp-5005
+ debugPort: 5005
+ metricsPortName: metrics
+ metricsPort: 8448
+ profilingPortName: jmx-9999
+ profilingPort: 9999
+ terminationGracePeriodSeconds: 30
sessionAffinity: None
ingress:
@@ -281,8 +297,8 @@ logback:
queueSize: 1000
accessLogback:
- livenessAccessLogEnabled: false # false: do not log kubernetes liveness probes
logToFileEnabled: false
+ livenessAccessLogEnabled: false # false: do not log kubernetes liveness probes
maxHistory: 7
totalSizeCap: 6GB
@@ -305,6 +321,14 @@ resources:
memory: "4Gi"
unlimited: {}
+tracing:
+ collector:
+ baseUrl: http://jaeger-collector.istio-system:9411
+ sampling:
+ probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%)
+ ignorePatterns:
+ - /aai/util.*
+
endpoints:
enabled: true
health:
@@ -393,4 +417,4 @@ kafkaUser:
acls:
- name: AAI-EVENT
type: topic
- operations: [Read, Write] \ No newline at end of file
+ operations: [Read, Write]
diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
index a257ee0c8c..8607e58f60 100644
--- a/kubernetes/aai/values.yaml
+++ b/kubernetes/aai/values.yaml
@@ -64,6 +64,15 @@ global: # global defaults
username: cassandra
password: cassandra
+ #Cassandra datacenter name
+ localDataCenter: dc1
+
+ # The name of Cassandra cluster's partitioner.
+ # It will be retrieved by client if not provided.
+ # See storage.cql.partitioner-name in https://docs.janusgraph.org/v0.6/configs/configuration-reference/#storagecql
+ partitionerName: org.apache.cassandra.dht.Murmur3Partitioner
+
+
aai:
serviceName: aai
babel:
@@ -238,11 +247,11 @@ global: # global defaults
version:
# Current version of the REST API
api:
- default: v28
+ default: v29
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29
# Specifies from which version related link should appear
related:
link: v11
diff --git a/kubernetes/platform/components/keycloak-init/.helmignore b/kubernetes/authentication/.helmignore
index cf02291a2a..cf02291a2a 100644
--- a/kubernetes/platform/components/keycloak-init/.helmignore
+++ b/kubernetes/authentication/.helmignore
diff --git a/kubernetes/platform/components/keycloak-init/Chart.yaml b/kubernetes/authentication/Chart.yaml
index 44ac9f5213..e8400aeb81 100644
--- a/kubernetes/platform/components/keycloak-init/Chart.yaml
+++ b/kubernetes/authentication/Chart.yaml
@@ -1,6 +1,6 @@
#============LICENSE_START========================================================
# ================================================================================
-# Copyright © 2022 Deutsche Telekom
+# Copyright © 2024 Deutsche Telekom
# ================================================================================
# Original licence (https://github.com/codecentric/helm-charts/blob/master/LICENSE)
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -16,9 +16,9 @@
# limitations under the License.
# ============LICENSE_END=========================================================
apiVersion: v2
-version: 13.0.1
-description: ONAP Realm creation and configuration
-name: keycloak-init
+version: 14.0.1
+description: ONAP Realm creation, Oauth2Proxy installation and configuration
+name: authentication
sources:
- https://github.com/adorsys/keycloak-config-cli
@@ -31,5 +31,8 @@ dependencies:
version: ~13.x-0
repository: '@local'
- name: onap-keycloak-config-cli
- version: 5.10.0
+ version: 5.12.0
repository: 'file://components/keycloak-config-cli'
+ - name: onap-oauth2-proxy
+ version: 7.5.4
+ repository: 'file://components/oauth2-proxy'
diff --git a/kubernetes/platform/components/keycloak-init/Makefile b/kubernetes/authentication/Makefile
index 5970a97115..f47666e135 100644
--- a/kubernetes/platform/components/keycloak-init/Makefile
+++ b/kubernetes/authentication/Makefile
@@ -18,7 +18,7 @@ OUTPUT_DIR := $(ROOT_DIR)/../../dist
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
-EXCLUDES :=
+EXCLUDES := dist resources templates charts
HELM_BIN := helm
ifneq ($(SKIP_LINT),TRUE)
HELM_LINT_CMD := $(HELM_BIN) lint
diff --git a/kubernetes/authentication/README.md b/kubernetes/authentication/README.md
new file mode 100644
index 0000000000..306e2f9645
--- /dev/null
+++ b/kubernetes/authentication/README.md
@@ -0,0 +1,305 @@
+# Helm Chart for Authentication Application
+
+This component delivers:
+
+- Keycloak Realm creation and import
+- (Optionally) creation of AuthenticationPolicies for Ingress to enable
+ OAuth Authentication and RoleBased access to Ingress APIs and UIs
+
+## REALM Configuration settings
+
+- In the configuration section "realmSettings" multiple REALMs can be configured
+- Each REALM configuration has the following sections:
+ - [General REALM settings](#general-realm-settings)
+ - [CLIENT definitions](#client-definitions)
+ - (optional) [CLIENT SCOPE definitions](#client-scope-definitions)
+ - (optional) [Access control definitions](#access-control-definitions)
+ - (optional) [GROUP definitions](#group-definitions)
+ - (optional) [USER definitions](#user-definitions)
+ - (optional) [IDENTITY PROVIDER definitions](#identity-provider-and-mapper-definitions)
+ - (optional) [SMTP server definitions](#smtp-server-definitions)
+
+### General REALM settings
+
+This sections sets the realm general attributes shown in Keycloak
+
+```yaml
+realmSettings:
+ - name: <Realm ID> - unique ID for a realm (e.g. "ONAP")
+ displayName: <Display Name> - (optional) Keycloak Display Name (e.g. "ONAP Realm")
+ themes: - (optional) Keycloak Theme settings
+ login: <login theme> - (optional) Keycloak Theme for Login UI (e.g. "base")
+ admin: <admin theme> - (optional) Keycloak Theme for Admin UI (e.g. "base")
+ account: <account theme> - (optional) Keycloak Theme for Account UI (e.g. "base")
+ email: <email theme> - (optional) Keycloak Theme for Email UI (e.g. "base")
+ attributes:
+ frontendUrl: "<Keycloak URL>" - External Url for Keycloak access (e.g. "https://keycloak-$PARAM_BASE_URL/")
+```
+
+### CLIENT definitions
+
+In this section each realm authentication client is defined e.g. portal-bff, oauth2-proxy, grafana
+
+possible "attribute" settings (maybe more):
+ - id.token.as.detached.signature: "false"
+ - exclude.session.state.from.auth.response: "false"
+ - tls.client.certificate.bound.access.tokens: "false"
+ - saml.allow.ecp.flow: "false"
+ - saml.assertion.signature: "false"
+ - saml.force.post.binding: "false"
+ - saml.multivalued.roles: "false"
+ - saml.encrypt: "false"
+ - saml.server.signature: "false"
+ - saml.server.signature.keyinfo.ext: "false"
+ - saml.artifact.binding: "false"
+ - saml_force_name_id_format: "false"
+ - saml.client.signature: "false"
+ - saml.authnstatement: "false"
+ - saml.onetimeuse.condition: "false"
+ - oidc.ciba.grant.enabled: "false"
+ - frontchannel.logout.session.required: "true"
+ - backchannel.logout.session.required: "true"
+ - backchannel.logout.revoke.offline.tokens: "false"
+ - client_credentials.use_refresh_token: "false"
+ - acr.loa.map: "{}"
+ - require.pushed.authorization.requests: "false"
+ - oauth2.device.authorization.grant.enabled: "false"
+ - display.on.consent.screen: "false"
+ - token.response.type.bearer.lower-case: "false"
+ - use.refresh.tokens: "true"
+ - post.logout.redirect.uris: '<url>'
+
+```yaml
+ clients:
+ oauth2_proxy:
+ clientId: "<client ID>" - client ID
+ name: "<client name>" - (optional) client name
+ secret: <client secret> - (optional) client secret
+ clientAuthenticatorType: <type> - (optional) auth type (default: client-secret)
+ protocol: <protocol> - (optional) auth protocol (default: openid-connect)
+ description: "<description>" - (optional) client description
+ baseUrl: "<base path>" - (optional) url subpath (e.g. /application)
+ rootUrl: "<root URL>" - (optional) root url
+ adminUrl: "<admin URL>" - (optional) admin url
+ bearerOnly: "<false|true>" - (optional) bearerOnly (default: false)
+ consentRequired: "<false|true>" - (optional) consentRequired (default: false)
+ standardFlowEnabled: "<false|true>" - (optional) standardFlowEnabled (default: true)
+ implicitFlowEnabled: "<false|true>" - (optional) implicitFlowEnabled (default: false)
+ directAccessGrantsEnabled: "<false|true>" - (optional) directAccessGrantsEnabled (default: true)
+ serviceAccountsEnabled: "<false|true>" - (optional) serviceAccountsEnabled (default: false)
+ frontchannelLogout: "<false|true>" - (optional) frontend channel logout (default: true)
+ surrogateAuthRequired: "<false|true>" - (optional) surrogate Auth Required (default: false)
+ publicClient: "<false|true>" - (optional) public Client (default: false)
+ attributes: - (optional) attributes settings (see code)
+ post.logout.redirect.uris: '<url>' - example
+ protocolMappers: - (optional) protocol mappers
+ - name: "Audience for Oauth2Proxy" - examples
+ protocolMapper: "oidc-audience-mapper"
+ config:
+ included.client.audience: "oauth2-proxy-onap"
+ id.token.claim: "false"
+ access.token.claim: "true"
+ included.custom.audience: "oauth2-proxy-onap"
+ - name: "SDC-User"
+ protocolMapper: "oidc-usermodel-attribute-mapper"
+ config:
+ multivalued: "false"
+ userinfo.token.claim: "true"
+ user.attribute: "sdc_user"
+ id.token.claim: "true"
+ access.token.claim: "true"
+ claim.name: "sdc_user"
+ jsonType.label: "String"
+ additionalDefaultScopes:
+ - "onap_roles"
+ redirectUris:
+ - "https://portal-$PARAM_BASE_URL/*"
+ - "http://localhost/*"
+ webOrigins:
+ - "https://argocd-$PARAM_BASE_URL"
+ defaultClientScopes:
+ - "web-origins"
+ - "profile"
+ - "acr"
+ - "email"
+ - "roles"
+ - "groups"
+```
+
+### CLIENT SCOPE definitions
+
+Here additional scopes besides the default scopes can be defined and set as default client scope
+
+default scopes:
+
+ - roles
+ - groups
+ - acr
+ - profile
+ - address
+ - web-origin
+ - phone
+ - email
+ - offline_access
+ - role_list
+ - microprofile-jwt
+
+```yaml
+ defaultClientScopes:
+ - "onap_roles"
+ additionalClientScopes:
+ - name: onap_roles
+ description: OpenID Connect scope for add user onap roles to the access token
+ protocolMappers:
+ - name: aud
+ protocol: openid-connect
+ protocolMapper: oidc-audience-mapper
+ consentRequired: false
+ config:
+ included.client.audience: oauth2-proxy
+ id.token.claim: 'false'
+ access.token.claim: 'true'
+ - name: client roles
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-client-role-mapper
+ consentRequired: false
+ config:
+ multivalued: 'true'
+ userinfo.token.claim: 'false'
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: onap_roles
+ jsonType.label: String
+ usermodel.clientRoleMapping.clientId: oauth2-proxy
+```
+
+### Access control definitions
+
+In this section additional roles (assignableRoles) besides the default roles can be set.
+
+default roles:
+ - user
+ - admin
+ - offline_access
+ - uma_authorization
+ - default-roles-<realm>
+
+(optional) accessRoles can be defined.
+These access roles are used in the Ingress "Auhorization Policy" to restrict the access to certain services
+The access role is assigned to a realm client (e.g. oauth2_proxy)
+
+```yaml
+ accessControl:
+ assignableRoles:
+ - name: onap-operator-read
+ description: "Allows to perform GET operations for all ONAP components"
+ associatedAccessRoles: [ "dmaap-bc-api-read", ... ]
+ accessRoles:
+ "oauth2_proxy":
+ - name: dmaap-bc-api-read
+ methodsAllowed: ["GET"]
+ servicePrefix: dmaap-bc-api
+```
+
+### GROUP definitions
+
+```yaml
+ groups: - (optional) Group definitions
+ - name: <group name> - Group name
+ path: /path> - Group URL path
+ roles: [ <role>,... ] - (optional) List of Realm roles
+```
+
+### USER definitions
+
+```yaml
+ initialUsers: - (optional) List of initial users
+ - username: <user name> - Name of the User
+ firstName: <first name> - (optional) First Name
+ lastName: <last name> - (optional) Last Name
+ email: <email> - (optional) Email Address
+ emailVerified : <true|false>- (optional)Email verified
+ credentials: - (optional) credentials
+ - type: password - (optional) initial password (<pwd>: encrypted password, <salt>: used salt)
+ secretData: "{\"value\":\"<pwd>\",\"salt\":\"<salt>\"}"
+ credentialData: "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}"
+ attributes: - (optional) additional attributes
+ sdc_user: - example attribute
+ - "cs0008"
+ realmRoles: - (optional) assigned realm roles
+ - <role name>
+ groups: - (optional) group membership
+ - <group name>
+```
+
+### Identity Provider and Mapper definitions
+
+```yaml
+ identityProviders:
+ - name: "gitlab"
+ displayName: "gitlab"
+ config:
+ userInfoUrl: "https://gitlab.devops.telekom.de/oauth/userinfo"
+ validateSignature: "true"
+ clientId: "ee4e0db734157e9cdad16733656ba285f2f813354aa7c590a8693e48ed156860"
+ tokenUrl: "https://gitlab.devops.telekom.de/oauth/token"
+ jwksUrl: "https://gitlab.devops.telekom.de/oauth/discovery/keys"
+ issuer: "https://gitlab.devops.telekom.de"
+ useJwksUrl: "true"
+ authorizationUrl: "https://gitlab.devops.telekom.de/oauth/authorize"
+ clientAuthMethod: "client_secret_post"
+ syncMode: "IMPORT"
+ clientSecret: "gloas-35267790bf6fb7c4b507aea11db46d80174cb8ef4192e77424803b595eef735e"
+ defaultScope: "openid read_user email"
+ identityProviderMappers:
+ - name: "argo-admins"
+ identityProviderAlias: "gitlab"
+ identityProviderMapper: "oidc-advanced-group-idp-mapper"
+ config:
+ claims: "[{\"key\":\"groups_direct\",\"value\":\"dt-rc\"}]"
+ syncMode: "FORCE"
+ group: "/ArgoCDAdmins"
+ - name: "ArgoCDRestricted"
+ identityProviderAlias: "gitlab"
+ identityProviderMapper: "oidc-advanced-group-idp-mapper"
+ config:
+ claims: "[{\"key\":\"groups_direct\",\"value\":\"\"}]"
+ syncMode: "FORCE"
+ group: "/ArgoCDRestricted"
+ - name: "lastName "
+ identityProviderAlias: "gitlab"
+ identityProviderMapper: "oidc-user-attribute-idp-mapper"
+ config:
+ claim: "nickname"
+ syncMode: "FORCE"
+ user.attribute: "lastName"
+```
+
+### SMTP Server definitions
+
+```yaml
+ smtpServer:
+ password: "<password>"
+ starttls: "true"
+ auth: "true"
+ port: "587"
+ host: "<mailserver>"
+ from: "<mail-address>"
+ fromDisplayName: "onapsupport"
+ ssl: "false"
+ user: "onapsupport"
+```
+
+## Ingress Authentication settings
+
+Activating the Ingress Authentication (enabled: true) will create AuthorizationPolicy resources for each defined "accessControl.accessRoles" in a REALM definition.
+
+```
+ingressAuthentication:
+ enabled: false
+ exceptions:
+ - '{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}'
+ - '{{ include "ingress.config.host" (dict "dot" . "baseaddr" "portal-ui") }}'
+ - '{{ include "ingress.config.host" (dict "dot" . "baseaddr" "minio-console") }}'
+ - '{{ include "ingress.config.host" (dict "dot" . "baseaddr" "uui-server") }}'
+```
diff --git a/kubernetes/platform/components/keycloak-init/components/Makefile b/kubernetes/authentication/components/Makefile
index 4ecfbc53cc..4ecfbc53cc 100644
--- a/kubernetes/platform/components/keycloak-init/components/Makefile
+++ b/kubernetes/authentication/components/Makefile
diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/.helmignore b/kubernetes/authentication/components/keycloak-config-cli/.helmignore
index 0e8a0eb36f..0e8a0eb36f 100644
--- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/.helmignore
+++ b/kubernetes/authentication/components/keycloak-config-cli/.helmignore
diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/Chart.yaml b/kubernetes/authentication/components/keycloak-config-cli/Chart.yaml
index abcf889834..80e5d27c9f 100644
--- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/Chart.yaml
+++ b/kubernetes/authentication/components/keycloak-config-cli/Chart.yaml
@@ -20,8 +20,8 @@ apiVersion: v2
name: onap-keycloak-config-cli
description: Import JSON-formatted configuration files into Keycloak - Configuration as Code for Keycloak.
home: https://github.com/adorsys/keycloak-config-cli
-version: 5.10.0
-appVersion: 5.10.0
+version: 5.12.0
+appVersion: 5.12.0
maintainers:
- name: jkroepke
email: joe@adorsys.de
diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/_helpers.tpl b/kubernetes/authentication/components/keycloak-config-cli/templates/_helpers.tpl
index cc1ad7ad8d..cc1ad7ad8d 100644
--- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/_helpers.tpl
+++ b/kubernetes/authentication/components/keycloak-config-cli/templates/_helpers.tpl
diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/job.yaml b/kubernetes/authentication/components/keycloak-config-cli/templates/job.yaml
index 322db2b7a1..322db2b7a1 100644
--- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/job.yaml
+++ b/kubernetes/authentication/components/keycloak-config-cli/templates/job.yaml
diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/realms.yaml b/kubernetes/authentication/components/keycloak-config-cli/templates/realms.yaml
index fa9363e9d0..fa9363e9d0 100644
--- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/realms.yaml
+++ b/kubernetes/authentication/components/keycloak-config-cli/templates/realms.yaml
diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/secrets.yaml b/kubernetes/authentication/components/keycloak-config-cli/templates/secrets.yaml
index 94505289e6..94505289e6 100644
--- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/templates/secrets.yaml
+++ b/kubernetes/authentication/components/keycloak-config-cli/templates/secrets.yaml
diff --git a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/values.yaml b/kubernetes/authentication/components/keycloak-config-cli/values.yaml
index 5f8d4a3fd5..46c67dd220 100644
--- a/kubernetes/platform/components/keycloak-init/components/keycloak-config-cli/values.yaml
+++ b/kubernetes/authentication/components/keycloak-config-cli/values.yaml
@@ -47,10 +47,10 @@ labels: {}
resources: {}
# limits:
# cpu: "100m"
- # memory: "1Gi"
+ # memory: "1024Mi"
# requests:
# cpu: "100m"
-# memory: "1Gi"
+# memory: "1024Mi"
env:
KEYCLOAK_URL: http://keycloak:8080
diff --git a/kubernetes/platform/components/oauth2-proxy/.helmignore b/kubernetes/authentication/components/oauth2-proxy/.helmignore
index 825c007791..825c007791 100644
--- a/kubernetes/platform/components/oauth2-proxy/.helmignore
+++ b/kubernetes/authentication/components/oauth2-proxy/.helmignore
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/Chart.yaml b/kubernetes/authentication/components/oauth2-proxy/Chart.yaml
index b31b35f46d..3bcf687241 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/Chart.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/Chart.yaml
@@ -1,7 +1,7 @@
name: onap-oauth2-proxy
-version: 6.10.1
+version: 7.5.4
apiVersion: v2
-appVersion: 7.4.0
+appVersion: 7.6.0
home: https://oauth2-proxy.github.io/oauth2-proxy/
description: A reverse proxy that provides authentication with Google, Github or other providers
keywords:
@@ -14,7 +14,7 @@ keywords:
- redis
dependencies:
- name: redis
- version: ~16.13.2
+ version: 19.1.0
repository: https://charts.bitnami.com/bitnami
alias: redis
condition: redis.enabled
@@ -39,3 +39,10 @@ maintainers:
- name: pierluigilenoci
email: pierluigi.lenoci@gmail.com
kubeVersion: ">=1.9.0-0"
+annotations:
+ artifacthub.io/changes: |
+ - kind: changed
+ description: Wait for redis script fixes for cluster and sentinel
+ links:
+ - name: Github PR
+ url: https://github.com/oauth2-proxy/manifests/issues/205
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/README.md b/kubernetes/authentication/components/oauth2-proxy/README.md
index 9e18388501..55a5e44429 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/README.md
+++ b/kubernetes/authentication/components/oauth2-proxy/README.md
@@ -98,7 +98,7 @@ Parameter | Description | Default
`config.clientID` | oauth client ID | `""`
`config.clientSecret` | oauth client secret | `""`
`config.cookieSecret` | server specific cookie for the secret; create a new one with `openssl rand -base64 32 \| head -c 32 \| base64` | `""`
-`config.existingSecret` | existing Kubernetes secret to use for OAuth2 credentials. See [secret template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/secret.yaml) for the required values | `nil`
+`config.existingSecret` | existing Kubernetes secret to use for OAuth2 credentials. See [oauth2-proxy.secrets helper](https://github.com/oauth2-proxy/manifests/blob/main/helm/oauth2-proxy/templates/_helpers.tpl#L157C13-L157C33) for the required values | `nil`
`config.configFile` | custom [oauth2_proxy.cfg](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/contrib/oauth2-proxy.cfg.example) contents for settings not overridable via environment nor command line | `""`
`config.existingConfig` | existing Kubernetes configmap to use for the configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/configmap.yaml) for the required values | `nil`
`config.cookieName` | The name of the cookie that oauth2-proxy will create. | `""`
@@ -107,7 +107,9 @@ Parameter | Description | Default
`alphaConfig.serverConfigData` | Arbitrary configuration data to append to the server section | `{}`
`alphaConfig.metricsConfigData` | Arbitrary configuration data to append to the metrics section | `{}`
`alphaConfig.configData` | Arbitrary configuration data to append | `{}`
-`alphaConfig.existingConfig` | existing Kubernetes configmap to use for the alpha configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/configmap-alpha.yaml) for the required values | `nil`
+`alphaConfig.configFile` | Arbitrary configuration to append, treated as a Go template and rendered with the root context | `""`
+`alphaConfig.existingConfig` | existing Kubernetes configmap to use for the alpha configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/secret-alpha.yaml) for the required values | `nil`
+`alphaConfig.existingSecret` | existing Kubernetes secret to use for the alpha configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/secret-alpha.yaml) for the required values | `nil`
`customLabels` | Custom labels to add into metadata | `{}` |
`config.google.adminEmail` | user impersonated by the google service account | `""`
`config.google.useApplicationDefaultCredentials` | use the application-default credentials (i.e. Workload Identity on GKE) instead of providing a service account json | `false`
@@ -121,9 +123,7 @@ Parameter | Description | Default
`extraEnv` | key:value list of extra environment variables to give the binary | `[]`
`extraVolumes` | list of extra volumes | `[]`
`extraVolumeMounts` | list of extra volumeMounts | `[]`
-`hostAlias.enabled` | provide extra ip:hostname alias for network name resolution.
-`hostAlias.ip` | `ip` address `hostAliases.hostname` should resolve to.
-`hostAlias.hostname` | `hostname` associated to `hostAliases.ip`.
+`hostAliases` | hostAliases is a list of aliases to be added to /etc/hosts for network name resolution.
`htpasswdFile.enabled` | enable htpasswd-file option | `false`
`htpasswdFile.entries` | list of [encrypted user:passwords](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview#command-line-options) | `{}`
`htpasswdFile.existingSecret` | existing Kubernetes secret to use for OAuth2 htpasswd file | `""`
@@ -137,12 +137,21 @@ Parameter | Description | Default
`ingress.path` | Ingress accepted path | `/`
`ingress.pathType` | Ingress [path type](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) | `ImplementationSpecific`
`ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]`
+`ingress.labels` | Ingress extra labels | `{}`
`ingress.annotations` | Ingress annotations | `nil`
`ingress.hosts` | Ingress accepted hostnames | `nil`
`ingress.tls` | Ingress TLS configuration | `nil`
+`initContainers.waitForRedis.enabled` | if `redis.enabled` is true, use an init container to wait for the redis master pod to be ready. If `serviceAccount.enabled` is true, create additionally a role/binding to get, list and watch the redis master pod | `true`
+`initContainers.waitForRedis.image.pullPolicy` | kubectl image pull policy | `IfNotPresent`
+`initContainers.waitForRedis.image.repository` | kubectl image repository | `docker.io/bitnami/kubectl`
+`initContainers.waitForRedis.kubectlVersion` | kubectl version to use for the init container | `printf "%s.%s" .Capabilities.KubeVersion.Major (.Capabilities.KubeVersion.Minor | replace "+" "")`
+`initContainers.waitForRedis.securityContext.enabled` | enable Kubernetes security context on container | `true`
+`initContainers.waitForRedis.timeout` | number of seconds | 180
+`initContainers.waitForRedis.resources` | pod resource requests & limits | `{}`
`livenessProbe.enabled` | enable Kubernetes livenessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks) | `true`
`livenessProbe.initialDelaySeconds` | number of seconds | 0
`livenessProbe.timeoutSeconds` | number of seconds | 1
+`namespaceOverride` | Override the deployment namespace | `""`
`nodeSelector` | node labels for pod assignment | `{}`
`deploymentAnnotations` | annotations to add to the deployment | `{}`
`podAnnotations` | annotations to add to each pod | `{}`
@@ -169,9 +178,9 @@ Parameter | Description | Default
`serviceAccount.enabled` | create a service account | `true`
`serviceAccount.name` | the service account name | ``
`serviceAccount.annotations` | (optional) annotations for the service account | `{}`
+`strategy` | configure deployment strategy | `{}`
`tolerations` | list of node taints to tolerate | `[]`
-`securityContext.enabled` | enable Kubernetes security context on container | `false`
-`securityContext.runAsNonRoot` | make sure that the container runs as a non-root user | `true`
+`securityContext.enabled` | enable Kubernetes security context on container | `true`
`proxyVarsAsSecrets` | choose between environment values or secrets for setting up OAUTH2_PROXY variables. When set to false, remember to add the variables OAUTH2_PROXY_CLIENT_ID, OAUTH2_PROXY_CLIENT_SECRET, OAUTH2_PROXY_COOKIE_SECRET in extraEnv | `true`
`sessionStorage.type` | Session storage type which can be one of the following: cookie or redis | `cookie`
`sessionStorage.redis.existingSecret` | Name of the Kubernetes secret containing the redis & redis sentinel password values (see also `sessionStorage.redis.passwordKey`) | `""`
@@ -192,12 +201,18 @@ Parameter | Description | Default
`metrics.port` | Serve Prometheus metrics on this port | `44180`
`metrics.nodePort` | External port for the metrics when service.type is `NodePort` | `nil`
`metrics.service.appProtocol` | application protocol of the metrics port in the service | `http`
-`metrics.servicemonitor.enabled` | Enable Prometheus Operator ServiceMonitor | `false`
-`metrics.servicemonitor.namespace` | Define the namespace where to deploy the ServiceMonitor resource | `""`
-`metrics.servicemonitor.prometheusInstance` | Prometheus Instance definition | `default`
-`metrics.servicemonitor.interval` | Prometheus scrape interval | `60s`
-`metrics.servicemonitor.scrapeTimeout` | Prometheus scrape timeout | `30s`
-`metrics.servicemonitor.labels` | Add custom labels to the ServiceMonitor resource| `{}`
+`metrics.serviceMonitor.enabled` | Enable Prometheus Operator ServiceMonitor | `false`
+`metrics.serviceMonitor.namespace` | Define the namespace where to deploy the ServiceMonitor resource | `""`
+`metrics.serviceMonitor.prometheusInstance` | Prometheus Instance definition | `default`
+`metrics.serviceMonitor.interval` | Prometheus scrape interval | `60s`
+`metrics.serviceMonitor.scrapeTimeout` | Prometheus scrape timeout | `30s`
+`metrics.serviceMonitor.labels` | Add custom labels to the ServiceMonitor resource| `{}`
+`metrics.serviceMonitor.scheme` | HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.| `""`
+`metrics.serviceMonitor.tlsConfig` | TLS configuration to use when scraping the endpoint. For example if using istio mTLS.| `{}`
+`metrics.serviceMonitor.bearerTokenFile` | Path to bearer token file.| `""`
+`metrics.serviceMonitor.annotations` | Used to pass annotations that are used by the Prometheus installed in your cluster| `{}`
+`metrics.serviceMonitor.metricRelabelings` | Metric relabel configs to apply to samples before ingestion.| `[]`
+`metrics.serviceMonitor.relabelings` | Relabel configs to apply to samples before ingestion.| `[]`
`extraObjects` | Extra K8s manifests to deploy | `[]`
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/default-values.yaml b/kubernetes/authentication/components/oauth2-proxy/ci/default-values.yaml
index fc2ba605ad..fc2ba605ad 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/default-values.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/ci/default-values.yaml
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-args-as-dict-values.yaml b/kubernetes/authentication/components/oauth2-proxy/ci/extra-args-as-dict-values.yaml
index 92dc451807..92dc451807 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-args-as-dict-values.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/ci/extra-args-as-dict-values.yaml
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-args-as-list-values.yaml b/kubernetes/authentication/components/oauth2-proxy/ci/extra-args-as-list-values.yaml
index 5f47a5f479..5f47a5f479 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-args-as-list-values.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/ci/extra-args-as-list-values.yaml
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-env-tpl-values.yaml b/kubernetes/authentication/components/oauth2-proxy/ci/extra-env-tpl-values.yaml
index 357dba9153..357dba9153 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/extra-env-tpl-values.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/ci/extra-env-tpl-values.yaml
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/ingress-extra-paths-values.yaml b/kubernetes/authentication/components/oauth2-proxy/ci/ingress-extra-paths-values.yaml
index e74a393db0..e74a393db0 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/ingress-extra-paths-values.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/ci/ingress-extra-paths-values.yaml
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/pdb-values.yaml b/kubernetes/authentication/components/oauth2-proxy/ci/pdb-values.yaml
index 25b16272a7..25b16272a7 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/pdb-values.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/ci/pdb-values.yaml
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/pod-security-context-values.yaml b/kubernetes/authentication/components/oauth2-proxy/ci/pod-security-context-values.yaml
index b7c8cea546..b7c8cea546 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/pod-security-context-values.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/ci/pod-security-context-values.yaml
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/redis-standalone-values.yaml b/kubernetes/authentication/components/oauth2-proxy/ci/redis-standalone-values.yaml
index e3418c39fa..e58c32cf0c 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/redis-standalone-values.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/ci/redis-standalone-values.yaml
@@ -10,3 +10,6 @@ redis:
global:
redis:
password: "foo"
+initContainers:
+ waitForRedis:
+ enabled: true
diff --git a/kubernetes/authentication/components/oauth2-proxy/ci/servicemonitor-values.yaml b/kubernetes/authentication/components/oauth2-proxy/ci/servicemonitor-values.yaml
new file mode 100644
index 0000000000..0c232bf5c1
--- /dev/null
+++ b/kubernetes/authentication/components/oauth2-proxy/ci/servicemonitor-values.yaml
@@ -0,0 +1,18 @@
+metrics:
+ enabled: true
+ serviceMonitor:
+ enabled: true
+ annotations:
+ key: value
+ metricRelabelings:
+ - action: keep
+ regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+ sourceLabels: [__name__]
+
+ relabelings:
+ - sourceLabels: [__meta_kubernetes_pod_node_name]
+ separator: ;
+ regex: ^(.*)$
+ targetLabel: nodename
+ replacement: $1
+ action: replace
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/tpl-values.yaml b/kubernetes/authentication/components/oauth2-proxy/ci/tpl-values.yaml
index 65977d921b..65977d921b 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/tpl-values.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/ci/tpl-values.yaml
diff --git a/kubernetes/authentication/components/oauth2-proxy/scripts/check-redis.sh b/kubernetes/authentication/components/oauth2-proxy/scripts/check-redis.sh
new file mode 100644
index 0000000000..24e628f426
--- /dev/null
+++ b/kubernetes/authentication/components/oauth2-proxy/scripts/check-redis.sh
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+RETRY_INTERVAL=5 # Interval between retries in seconds
+elapsed=0 # Elapsed time
+
+check_redis() {
+ host=$1
+ port=$2
+ while [ $elapsed -lt $TOTAL_RETRY_TIME ]; do
+ echo "Checking Redis at $host:$port... Elapsed time: ${elapsed}s"
+ if nc -z -w1 $TIMEOUT $host $port > /dev/null 2>&1; then
+ echo "Redis is up at $host:$port!"
+ return 0
+ else
+ echo "Redis is down at $host:$port. Retrying in $RETRY_INTERVAL seconds."
+ sleep $RETRY_INTERVAL
+ elapsed=$((elapsed + RETRY_INTERVAL))
+ fi
+ done
+ echo "Failed to connect to Redis at $host:$port after $TOTAL_RETRY_TIME seconds."
+ return 1
+}
+
+# For parsing and checking connections
+parse_and_check() {
+ url=$1
+ clean_url=${url#redis://}
+ host=$(echo $clean_url | cut -d':' -f1)
+ port=$(echo $clean_url | cut -d':' -f2)
+ check_redis $host $port
+}
+
+# Main
+if [ -n "$OAUTH2_PROXY_REDIS_CLUSTER_CONNECTION_URLS" ]; then
+ echo "Checking Redis in cluster mode..."
+ echo "$OAUTH2_PROXY_REDIS_CLUSTER_CONNECTION_URLS" | tr ',' '\n' | while read -r addr; do
+ parse_and_check $addr || exit 1
+ done
+elif [ -n "$OAUTH2_PROXY_REDIS_SENTINEL_CONNECTION_URLS" ]; then
+ echo "Checking Redis in sentinel mode..."
+ echo "$OAUTH2_PROXY_REDIS_SENTINEL_CONNECTION_URLS" | tr ',' '\n' | while read -r addr; do
+ parse_and_check $addr || exit 1
+ done
+elif [ -n "$OAUTH2_PROXY_REDIS_CONNECTION_URL" ]; then
+ echo "Checking standalone Redis..."
+ parse_and_check "$OAUTH2_PROXY_REDIS_CONNECTION_URL" || exit 1
+else
+ echo "Redis configuration not specified."
+ exit 1
+fi
+
+echo "Redis check completed."
diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/NOTES.txt b/kubernetes/authentication/components/oauth2-proxy/templates/NOTES.txt
new file mode 100644
index 0000000000..36ded35867
--- /dev/null
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/NOTES.txt
@@ -0,0 +1,3 @@
+To verify that oauth2-proxy has started, run:
+
+ kubectl --namespace={{ template "oauth2-proxy.namespace" $ }} get pods -l "app={{ template "oauth2-proxy.name" . }}"
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_capabilities.tpl b/kubernetes/authentication/components/oauth2-proxy/templates/_capabilities.tpl
index f959f10e49..f959f10e49 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_capabilities.tpl
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/_capabilities.tpl
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_helpers.tpl b/kubernetes/authentication/components/oauth2-proxy/templates/_helpers.tpl
index 87c64493b7..6a9bbb320d 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_helpers.tpl
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/_helpers.tpl
@@ -79,6 +79,17 @@ Create the name of the service account to use
{{- end -}}
{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "oauth2-proxy.namespace" -}}
+ {{- if .Values.namespaceOverride -}}
+ {{- .Values.namespaceOverride -}}
+ {{- else -}}
+ {{- .Release.Namespace -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
Redis subcharts fullname
*/}}
{{- define "oauth2-proxy.redis.fullname" -}}
@@ -106,5 +117,45 @@ Compute the redis url if not set explicitly.
Returns the version
*/}}
{{- define "oauth2-proxy.version" -}}
-{{ trimPrefix "v" (lower (.Values.image.tag | default (printf "v%s" .Chart.AppVersion))) }}
+{{ .Values.image.tag | default (printf "v%s" .Chart.AppVersion) }}
+{{- end -}}
+
+{{/*
+Returns the kubectl version
+Workaround for EKS https://github.com/aws/eks-distro/issues/1128
+*/}}
+{{- define "kubectl.version" -}}
+{{- if .Values.initContainers.waitForRedis.kubectlVersion -}}
+{{ .Values.initContainers.waitForRedis.kubectlVersion }}
+{{- else -}}
+{{- printf "%s.%s" .Capabilities.KubeVersion.Major (.Capabilities.KubeVersion.Minor | replace "+" "") -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "oauth2-proxy.alpha-config" -}}
+---
+server:
+ BindAddress: '0.0.0.0:4180'
+{{- if .Values.alphaConfig.serverConfigData }}
+{{- toYaml .Values.alphaConfig.serverConfigData | nindent 2 }}
+{{- end }}
+{{- if .Values.metrics.enabled }}
+metricsServer:
+ BindAddress: '0.0.0.0:44180'
+{{- if .Values.alphaConfig.metricsConfigData }}
+{{- toYaml .Values.alphaConfig.metricsConfigData | nindent 2 }}
+{{- end }}
+{{- end }}
+{{- if .Values.alphaConfig.configData }}
+{{- toYaml .Values.alphaConfig.configData | nindent 0 }}
+{{- end }}
+{{- if .Values.alphaConfig.configFile }}
+{{- tpl .Values.alphaConfig.configFile $ | nindent 0 }}
+{{- end }}
+{{- end -}}
+
+{{- define "oauth2-proxy.secrets" -}}
+cookie-secret: {{ tpl .Values.config.cookieSecret $ | b64enc | quote }}
+client-secret: {{ tpl .Values.config.clientSecret $ | b64enc | quote }}
+client-id: {{ tpl .Values.config.clientID $ | b64enc | quote }}
{{- end -}}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_ingress.tpl b/kubernetes/authentication/components/oauth2-proxy/templates/_ingress.tpl
index f4a3cad0e4..f4a3cad0e4 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/_ingress.tpl
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/_ingress.tpl
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml
index cf4e77eaaa..d9f9cffef7 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/configmap-authenticated-emails-file.yaml
@@ -11,6 +11,7 @@ metadata:
{{ toYaml .Values.authenticatedEmailsFile.annotations | indent 4 }}
{{- end }}
name: {{ template "oauth2-proxy.fullname" . }}-accesslist
+ namespace: {{ template "oauth2-proxy.namespace" $ }}
data:
{{ default "restricted_user_access" .Values.authenticatedEmailsFile.restrictedUserAccessKey }}: {{ .Values.authenticatedEmailsFile.restricted_access | quote }}
{{- end }}
diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/configmap-wait-for-redis.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/configmap-wait-for-redis.yaml
new file mode 100644
index 0000000000..721048d786
--- /dev/null
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/configmap-wait-for-redis.yaml
@@ -0,0 +1,13 @@
+{{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+ name: {{ template "oauth2-proxy.fullname" . }}-wait-for-redis
+ namespace: {{ template "oauth2-proxy.namespace" $ }}
+data:
+ check-redis.sh: |
+{{ .Files.Get "scripts/check-redis.sh" | indent 4 }}
+{{- end }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/configmap.yaml
index 8a19ccb943..94d7806d2e 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/configmap.yaml
@@ -11,6 +11,7 @@ metadata:
app: {{ template "oauth2-proxy.name" . }}
{{- include "oauth2-proxy.labels" . | indent 4 }}
name: {{ template "oauth2-proxy.fullname" . }}
+ namespace: {{ template "oauth2-proxy.namespace" $ }}
data:
oauth2_proxy.cfg: {{ tpl .Values.config.configFile $ | quote }}
{{- end }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/deployment.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/deployment.yaml
index 4523591231..1a626d1ab8 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/deployment.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/deployment.yaml
@@ -9,10 +9,13 @@ metadata:
{{ toYaml .Values.deploymentAnnotations | indent 8 }}
{{- end }}
name: {{ template "oauth2-proxy.fullname" . }}
+ namespace: {{ template "oauth2-proxy.namespace" $ }}
spec:
replicas: {{ .Values.replicaCount }}
- {{- if .Values.revisionHistoryLimit }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ {{- with .Values.strategy }}
+ strategy:
+ {{ toYaml . | nindent 4 }}
{{- end }}
selector:
matchLabels:
@@ -20,16 +23,18 @@ spec:
template:
metadata:
annotations:
- checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ checksum/config: {{ tpl .Values.config.configFile $ | sha256sum }}
{{- if .Values.alphaConfig.enabled }}
- checksum/alpha-config: {{ include (print $.Template.BasePath "/configmap-alpha.yaml") . | sha256sum }}
+ checksum/alpha-config: {{ include "oauth2-proxy.alpha-config" . | sha256sum }}
{{- end }}
+ {{- if .Values.authenticatedEmailsFile.enabled }}
checksum/config-emails: {{ include (print $.Template.BasePath "/configmap-authenticated-emails-file.yaml") . | sha256sum }}
- checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+ {{- end }}
+ checksum/secret: {{ include "oauth2-proxy.secrets" . | sha256sum }}
checksum/google-secret: {{ include (print $.Template.BasePath "/google-secret.yaml") . | sha256sum }}
checksum/redis-secret: {{ include (print $.Template.BasePath "/redis-secret.yaml") . | sha256sum }}
{{- if .Values.htpasswdFile.enabled }}
- checksum/htpasswd: {{ include (print $.Template.BasePath "/secret-htpasswd-file.yaml") . | sha256sum }}
+ checksum/htpasswd: {{ toYaml .Values.htpasswdFile.entries | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | indent 8 }}
@@ -49,17 +54,53 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "oauth2-proxy.serviceAccountName" . }}
- automountServiceAccountToken : {{ .Values.serviceAccount.automountServiceAccountToken }}
- {{- if .Values.hostAlias.enabled }}
+ automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+ {{- if .Values.hostAliases }}
hostAliases:
- - ip: {{ .Values.hostAlias.ip }}
- hostnames:
- - {{ .Values.hostAlias.hostname }}
+ {{ toYaml .Values.hostAliases | nindent 8}}
+ {{- end }}
+ {{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }}
+ initContainers:
+ - name: wait-for-redis
+ #image: "{{ .Values.initContainers.waitForRedis.image.repository }}:{{ .Values.initContainers.waitForRedis.image.tag }}"
+ image: "{{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.initContainers.waitForRedis.image.repository }}:{{ .Values.initContainers.waitForRedis.image.tag }}"
+ imagePullPolicy: {{ .Values.initContainers.waitForRedis.image.pullPolicy }}
+ command: ["/bin/sh", "-c", "/scripts/check-redis.sh"]
+ env:
+ - name: TOTAL_RETRY_TIME
+ value: "{{ .Values.initContainers.waitForRedis.timeout }}"
+ {{- if eq (default "" .Values.sessionStorage.redis.clientType) "standalone" }}
+ - name: OAUTH2_PROXY_REDIS_CONNECTION_URL
+ value: {{ include "oauth2-proxy.redis.StandaloneUrl" . }}
+ {{- else if eq (default "" .Values.sessionStorage.redis.clientType) "cluster" }}
+ - name: OAUTH2_PROXY_REDIS_USE_CLUSTER
+ value: "true"
+ - name: OAUTH2_PROXY_REDIS_CLUSTER_CONNECTION_URLS
+ value: {{ .Values.sessionStorage.redis.cluster.connectionUrls }}
+ {{- else if eq (default "" .Values.sessionStorage.redis.clientType) "sentinel" }}
+ - name: OAUTH2_PROXY_REDIS_USE_SENTINEL
+ value: "true"
+ - name: OAUTH2_PROXY_REDIS_SENTINEL_CONNECTION_URLS
+ value: {{ .Values.sessionStorage.redis.sentinel.connectionUrls }}
+ {{- end }}
+ {{- if .Values.initContainers.waitForRedis.securityContext.enabled }}
+ {{- $securityContext := unset .Values.initContainers.waitForRedis.securityContext "enabled" }}
+ securityContext:
+ {{- toYaml $securityContext | nindent 10 }}
+ {{- end }}
+ resources:
+ {{- toYaml .Values.initContainers.waitForRedis.resources | nindent 10 }}
+ volumeMounts:
+ - name: redis-script
+ mountPath: /scripts
+ {{- end }}
+ {{- if .Values.terminationGracePeriodSeconds }}
+ terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
- image: "{{ include "repositoryGenerator.quayRepository" . }}/{{ .Values.image.repository }}:v{{ include "oauth2-proxy.version" . }}"
- #image: "{{ .Values.image.repository }}:v{{ include "oauth2-proxy.version" . }}"
+ image: "{{ include "repositoryGenerator.quayRepository" . }}/{{ .Values.image.repository }}:{{ include "oauth2-proxy.version" . }}"
+ #image: "{{ .Values.image.repository }}:{{ include "oauth2-proxy.version" . }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
{{- if .Values.alphaConfig.enabled }}
@@ -76,7 +117,7 @@ spec:
{{- end }}
{{- if kindIs "map" .Values.extraArgs }}
{{- range $key, $value := .Values.extraArgs }}
- {{- if $value }}
+ {{- if not (kindIs "invalid" $value) }}
- --{{ $key }}={{ tpl ($value | toString) $ }}
{{- else }}
- --{{ $key }}
@@ -119,6 +160,10 @@ spec:
{{- if .Values.htpasswdFile.enabled }}
- --htpasswd-file=/etc/oauth2_proxy/htpasswd/users.txt
{{- end }}
+{{- if .Values.lifecycle }}
+ lifecycle:
+{{ toYaml .Values.lifecycle | indent 10 }}
+{{- end }}
env:
{{- if .Values.proxyVarsAsSecrets }}
- name: OAUTH2_PROXY_CLIENT_ID
@@ -184,6 +229,10 @@ spec:
{{- if .Values.extraEnv }}
{{ tpl (toYaml .Values.extraEnv) . | indent 8 }}
{{- end }}
+ {{- if .Values.envFrom }}
+ envFrom:
+{{ tpl (toYaml .Values.envFrom) . | indent 8 }}
+ {{- end }}
ports:
{{- if .Values.containerPort }}
- containerPort: {{ .Values.containerPort }}
@@ -292,7 +341,12 @@ spec:
secretName: {{ template "oauth2-proxy.fullname" . }}-accesslist
{{- end }}
{{- end }}
-
+{{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }}
+ - name: redis-script
+ configMap:
+ name: {{ template "oauth2-proxy.fullname" . }}-wait-for-redis
+ defaultMode: 0775
+{{- end }}
{{- if or .Values.config.existingConfig .Values.config.configFile }}
- configMap:
defaultMode: 420
@@ -300,10 +354,17 @@ spec:
name: configmain
{{- end }}
{{- if .Values.alphaConfig.enabled }}
+{{- if .Values.alphaConfig.existingConfig }}
- configMap:
defaultMode: 420
- name: {{ if .Values.alphaConfig.existingConfig }}{{ .Values.alphaConfig.existingConfig }}{{ else }}{{ template "oauth2-proxy.fullname" . }}-alpha{{ end }}
+ name: {{ .Values.alphaConfig.existingConfig }}
name: configalpha
+{{- else }}
+ - secret:
+ defaultMode: 420
+ secretName: {{ if .Values.alphaConfig.existingSecret }}{{ .Values.alphaConfig.existingSecret }}{{ else }}{{ template "oauth2-proxy.fullname" . }}-alpha{{ end }}
+ name: configalpha
+{{- end }}
{{- end }}
{{- if ne (len .Values.extraVolumes) 0 }}
{{ toYaml .Values.extraVolumes | indent 6 }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/deprecation.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/deprecation.yaml
index 126d3e7a18..126d3e7a18 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/deprecation.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/deprecation.yaml
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/extra-manifests.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/extra-manifests.yaml
index a9bb3b6ba8..a9bb3b6ba8 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/extra-manifests.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/extra-manifests.yaml
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/google-secret.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/google-secret.yaml
index 5703273d93..30a9ae1bb6 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/google-secret.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/google-secret.yaml
@@ -6,6 +6,7 @@ metadata:
app: {{ template "oauth2-proxy.name" . }}
{{- include "oauth2-proxy.labels" . | indent 4 }}
name: {{ template "oauth2-proxy.fullname" . }}-google
+ namespace: {{ template "oauth2-proxy.namespace" $ }}
type: Opaque
data:
service-account.json: {{ .Values.config.google.serviceAccountJson | b64enc | quote }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/ingress.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/ingress.yaml
index 73fd758d16..5323820487 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/ingress.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/ingress.yaml
@@ -9,8 +9,12 @@ kind: Ingress
metadata:
labels:
app: {{ template "oauth2-proxy.name" . }}
-{{- include "oauth2-proxy.labels" . | indent 4 }}
+ {{- include "oauth2-proxy.labels" . | indent 4 }}
+{{- if .Values.ingress.labels }}
+{{ toYaml .Values.ingress.labels | indent 4 }}
+{{- end }}
name: {{ template "oauth2-proxy.fullname" . }}
+ namespace: {{ template "oauth2-proxy.namespace" $ }}
{{- with .Values.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/poddisruptionbudget.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/poddisruptionbudget.yaml
index 7cdbbbeabb..1fc8ecc005 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/poddisruptionbudget.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/poddisruptionbudget.yaml
@@ -6,6 +6,7 @@ metadata:
app: {{ template "oauth2-proxy.name" . }}
{{- include "oauth2-proxy.labels" . | indent 4 }}
name: {{ template "oauth2-proxy.fullname" . }}
+ namespace: {{ template "oauth2-proxy.namespace" $ }}
spec:
selector:
matchLabels:
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/redis-secret.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/redis-secret.yaml
index 7a1555d8b3..202e9243e3 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/redis-secret.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/redis-secret.yaml
@@ -10,6 +10,7 @@ metadata:
app: {{ $name }}
{{- $labels | indent 4 }}
name: {{ $fullName }}-redis-access
+ namespace: {{ template "oauth2-proxy.namespace" $ }}
type: Opaque
data:
{{- if and .redis.password (not .redis.existingSecret) }}
diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/secret-alpha.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/secret-alpha.yaml
new file mode 100644
index 0000000000..15bb89338e
--- /dev/null
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/secret-alpha.yaml
@@ -0,0 +1,20 @@
+{{-
+ if and
+ .Values.alphaConfig.enabled
+ (not .Values.alphaConfig.existingConfig)
+ (not .Values.alphaConfig.existingSecret)
+}}
+apiVersion: v1
+kind: Secret
+metadata:
+{{- if .Values.alphaConfig.annotations }}
+ annotations: {{- toYaml .Values.alphaConfig.annotations | nindent 4 }}
+{{- end }}
+ labels:
+ app: {{ template "oauth2-proxy.name" . }}
+ {{- include "oauth2-proxy.labels" . | indent 4 }}
+ name: {{ template "oauth2-proxy.fullname" . }}-alpha
+ namespace: {{ template "oauth2-proxy.namespace" $ }}
+data:
+ oauth2_proxy.yml: {{ include "oauth2-proxy.alpha-config" . | b64enc | quote }}
+{{- end }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret-authenticated-emails-file.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/secret-authenticated-emails-file.yaml
index ce79db1dce..95f85a8006 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret-authenticated-emails-file.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/secret-authenticated-emails-file.yaml
@@ -12,6 +12,7 @@ metadata:
{{ toYaml .Values.authenticatedEmailsFile.annotations | indent 4 }}
{{- end }}
name: {{ template "oauth2-proxy.fullname" . }}-accesslist
+ namespace: {{ template "oauth2-proxy.namespace" $ }}
data:
{{ default "restricted_user_access" .Values.authenticatedEmailsFile.restrictedUserAccessKey }}: {{ .Values.authenticatedEmailsFile.restricted_access | b64enc }}
{{- end }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret-htpasswd-file.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/secret-htpasswd-file.yaml
index 44fe67e96a..c5ea330ff7 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret-htpasswd-file.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/secret-htpasswd-file.yaml
@@ -6,10 +6,11 @@ metadata:
app: {{ template "oauth2-proxy.name" . }}
{{- include "oauth2-proxy.labels" . | indent 4 }}
name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
+ namespace: {{ template "oauth2-proxy.namespace" $ }}
type: Opaque
stringData:
users.txt: |-
{{- range $entries := .Values.htpasswdFile.entries }}
{{ $entries }}
{{- end -}}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/secret.yaml
index c9b3791f89..f3364e95a9 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/secret.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/secret.yaml
@@ -10,9 +10,8 @@ metadata:
app: {{ template "oauth2-proxy.name" . }}
{{- include "oauth2-proxy.labels" . | indent 4 }}
name: {{ template "oauth2-proxy.fullname" . }}
+ namespace: {{ template "oauth2-proxy.namespace" $ }}
type: Opaque
data:
- cookie-secret: {{ tpl .Values.config.cookieSecret $ | b64enc | quote }}
- client-secret: {{ tpl .Values.config.clientSecret $ | b64enc | quote }}
- client-id: {{ tpl .Values.config.clientID $ | b64enc | quote }}
+{{- include "oauth2-proxy.secrets" . | nindent 2 }}
{{- end -}}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/service.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/service.yaml
index d9563ac283..d16120ee91 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/service.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/service.yaml
@@ -5,6 +5,7 @@ metadata:
app: {{ template "oauth2-proxy.name" . }}
{{- include "oauth2-proxy.labels" . | indent 4 }}
name: {{ template "oauth2-proxy.fullname" . }}
+ namespace: {{ template "oauth2-proxy.namespace" $ }}
{{- if .Values.service.annotations }}
annotations:
{{ toYaml .Values.service.annotations | indent 4 }}
diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/serviceaccount.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..2a89c4b9e3
--- /dev/null
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/serviceaccount.yaml
@@ -0,0 +1,60 @@
+{{- if or .Values.serviceAccount.enabled -}}
+{{- $fullName := include "oauth2-proxy.fullname" . -}}
+{{- $saName := include "oauth2-proxy.serviceAccountName" . -}}
+{{- $name := include "oauth2-proxy.name" . -}}
+{{- $namespace := include "oauth2-proxy.namespace" $ -}}
+{{- $labels := include "oauth2-proxy.labels" . -}}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ labels:
+ app: {{ $name }}
+{{- $labels | indent 4 }}
+ name: {{ $saName }}
+ namespace: {{ $namespace }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+{{- if and .Values.redis.enabled .Values.initContainers.waitForRedis.enabled }}
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ $fullName }}-watch-redis
+ namespace: {{ $namespace }}
+ labels:
+ app: {{ $name }}
+ {{- $labels | nindent 4 }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ resourceNames:
+ - "{{ include "oauth2-proxy.redis.fullname" . }}-master-0"
+ verbs:
+ - get
+ - list
+ - watch
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ $saName }}-watch-redis
+ namespace: {{ $namespace }}
+ labels:
+ app: {{ $name }}
+ {{- $labels | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+ name: {{ $saName }}
+ apiGroup: ""
+roleRef:
+ kind: Role
+ name: {{ $fullName }}-watch-redis
+ apiGroup: ""
+{{- end -}}
+{{- end -}}
diff --git a/kubernetes/authentication/components/oauth2-proxy/templates/servicemonitor.yaml b/kubernetes/authentication/components/oauth2-proxy/templates/servicemonitor.yaml
new file mode 100644
index 0000000000..3802666be0
--- /dev/null
+++ b/kubernetes/authentication/components/oauth2-proxy/templates/servicemonitor.yaml
@@ -0,0 +1,57 @@
+{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ {{- with .Values.metrics.serviceMonitor.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ template "oauth2-proxy.fullname" . }}
+{{- if .Values.metrics.serviceMonitor.namespace }}
+ namespace: {{ .Values.metrics.serviceMonitor.namespace }}
+{{- else }}
+ namespace: {{ template "oauth2-proxy.namespace" $ }}
+{{- end }}
+ labels:
+ prometheus: {{ .Values.metrics.serviceMonitor.prometheusInstance }}
+ app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+{{- if .Values.metrics.serviceMonitor.labels }}
+{{ toYaml .Values.metrics.serviceMonitor.labels | indent 4}}
+{{- end }}
+spec:
+ jobLabel: {{ template "oauth2-proxy.fullname" . }}
+ selector:
+ matchLabels:
+ {{- include "oauth2-proxy.selectorLabels" . | indent 6 }}
+ namespaceSelector:
+ matchNames:
+ - {{ template "oauth2-proxy.namespace" $ }}
+ endpoints:
+ - port: metrics
+ path: "/metrics"
+ {{- with .Values.metrics.serviceMonitor.interval }}
+ interval: {{ . }}
+ {{- end }}
+ {{- with .Values.metrics.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ . }}
+ {{- end }}
+ {{- with .Values.metrics.serviceMonitor.scheme }}
+ scheme: {{ . }}
+ {{- end }}
+ {{- with .Values.metrics.serviceMonitor.bearerTokenFile }}
+ bearerTokenFile: {{ . }}
+ {{- end }}
+ {{- with .Values.metrics.serviceMonitor.tlsConfig }}
+ tlsConfig:
+ {{- toYaml .| nindent 6 }}
+ {{- end }}
+ {{- with .Values.metrics.serviceMonitor.metricRelabelings }}
+ metricRelabelings:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.metrics.serviceMonitor.relabelings }}
+ relabelings:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/values.yaml b/kubernetes/authentication/components/oauth2-proxy/values.yaml
index 8f81e15d03..f49cb638fa 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/values.yaml
+++ b/kubernetes/authentication/components/oauth2-proxy/values.yaml
@@ -1,5 +1,17 @@
global:
quayRepository: quay.io
+ dockerHubRepository: docker.io
+ # Additions for Redis ****************************
+ # If dockerHubRepository is changes the following entry needs
+ # to be changed as well
+ imageRegistry: docker.io
+ imagePullSecrets:
+ - '{{ include "common.names.namespace" . }}-docker-registry-key'
+ # *************************************************
+
+## Override the deployment namespace
+##
+namespaceOverride: ""
# Force the target Kubernetes version (it uses Helm `.Capabilities` if not set).
# This is especially useful for `helm template` as capabilities are always empty
@@ -57,8 +69,13 @@ alphaConfig:
metricsConfigData: {}
# Arbitrary configuration data to append
configData: {}
- # Use an existing config map (see configmap-alpha.yaml for required fields)
+ # Arbitrary configuration to append
+ # This is treated as a Go template and rendered with the root context
+ configFile: ""
+ # Use an existing config map (see secret-alpha.yaml for required fields)
existingConfig: ~
+ # Use an existing secret
+ existingSecret: ~
image:
#repository: "quay.io/oauth2-proxy/oauth2-proxy"
@@ -81,6 +98,19 @@ image:
extraArgs: {}
extraEnv: []
+envFrom: []
+# Load environment variables from a ConfigMap(s) and/or Secret(s)
+# that already exists (created and managed by you).
+# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables
+#
+# PS: Changes in these ConfigMaps or Secrets will not be automatically
+# detected and you must manually restart the relevant Pods after changes.
+#
+# - configMapRef:
+# name: special-config
+# - secretRef:
+# name: special-config-secret
+
# -- Custom labels to add into metadata
customLabels: {}
@@ -153,6 +183,7 @@ ingress:
# name: ssl-redirect
# port:
# name: use-annotation
+ labels: {}
# annotations:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
@@ -164,11 +195,11 @@ ingress:
resources: {}
# limits:
- # cpu: "100m"
- # memory: "300Mi"
+ # cpu: 100m
+ # memory: 300Mi
# requests:
- # cpu: "100m"
- # memory: "300Mi"
+ # cpu: 100m
+ # memory: 300Mi
extraVolumes: []
# - name: ca-bundle-cert
@@ -186,11 +217,15 @@ extraContainers: []
priorityClassName: ""
-# Host aliases, useful when working "on premise" where (public) DNS resolver does not know about my hosts.
-hostAlias:
- enabled: false
- # ip: "10.xxx.xxx.xxx"
- # hostname: "auth.example.com"
+# hostAliases is a list of aliases to be added to /etc/hosts for network name resolution
+hostAliases: []
+# - ip: "10.xxx.xxx.xxx"
+# hostnames:
+# - "auth.example.com"
+# - ip: 127.0.0.1
+# hostnames:
+# - chart-example.local
+# - example.local
# [TopologySpreadConstraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) configuration.
# Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling
@@ -229,16 +264,24 @@ readinessProbe:
# Configure Kubernetes security context for container
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
securityContext:
- enabled: false
+ enabled: true
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
runAsNonRoot: true
- # allowPrivilegeEscalation: false
- # runAsUser: 2000
+ runAsUser: 2000
+ runAsGroup: 2000
+ seccompProfile:
+ type: RuntimeDefault
deploymentAnnotations: {}
podAnnotations: {}
podLabels: {}
replicaCount: 1
revisionHistoryLimit: 10
+strategy: {}
## PodDisruptionBudget settings
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
@@ -253,12 +296,47 @@ podSecurityContext: {}
# whether to use http or https
httpScheme: http
+initContainers:
+ # if the redis sub-chart is enabled, wait for it to be ready
+ # before starting the proxy
+ # creates a role binding to get, list, watch, the redis master pod
+ # if service account is enabled
+ waitForRedis:
+ enabled: true
+ image:
+ repository: "alpine"
+ tag: "latest"
+ pullPolicy: "IfNotPresent"
+ # uses the kubernetes version of the cluster
+ # the chart is deployed on, if not set
+ kubectlVersion: ""
+ securityContext:
+ enabled: true
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ runAsUser: 65534
+ runAsGroup: 65534
+ seccompProfile:
+ type: RuntimeDefault
+ timeout: 180
+ resources: {}
+ # limits:
+ # cpu: 100m
+ # memory: 300Mi
+ # requests:
+ # cpu: 100m
+ # memory: 300Mi
+
# Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -B" for bcrypt encryption.
# Alternatively supply an existing secret which contains the required information.
htpasswdFile:
enabled: false
existingSecret: ""
- entries: {}
+ entries: []
# One row for each user
# example:
# entries:
@@ -302,13 +380,18 @@ redis:
# Redis specific helm chart settings, please see:
# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
# redisPort: 6379
- # cluster:
- # enabled: false
- # slaveCount: 1
+ # architecture: standalone
# Enables apiVersion deprecation checks
checkDeprecation: true
+# Allows graceful shutdown
+# terminationGracePeriodSeconds: 65
+# lifecycle:
+# preStop:
+# exec:
+# command: [ "sh", "-c", "sleep 60" ]
+
metrics:
# Enable Prometheus metrics endpoint
enabled: true
@@ -319,7 +402,7 @@ metrics:
# Protocol set on the service for the metrics port
service:
appProtocol: http
- servicemonitor:
+ serviceMonitor:
# Enable Prometheus Operator ServiceMonitor
enabled: false
# Define the namespace where to deploy the ServiceMonitor resource
@@ -333,6 +416,37 @@ metrics:
# Add custom labels to the ServiceMonitor resource
labels: {}
+ ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
+ scheme: ""
+
+ ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
+ ## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig
+ tlsConfig: {}
+
+ ## bearerTokenFile: Path to bearer token file.
+ bearerTokenFile: ""
+
+ ## Used to pass annotations that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+ annotations: {}
+
+ ## Metric relabel configs to apply to samples before ingestion.
+ ## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs)
+ metricRelabelings: []
+ # - action: keep
+ # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
+ # sourceLabels: [__name__]
+
+ ## Relabel configs to apply to samples before ingestion.
+ ## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config)
+ relabelings: []
+ # - sourceLabels: [__meta_kubernetes_pod_node_name]
+ # separator: ;
+ # regex: ^(.*)$
+ # targetLabel: nodename
+ # replacement: $1
+ # action: replace
+
# Extra K8s manifests to deploy
extraObjects: []
# - apiVersion: secrets-store.csi.x-k8s.io/v1
diff --git a/kubernetes/authentication/resources/oauth2_proxy.cfg b/kubernetes/authentication/resources/oauth2_proxy.cfg
new file mode 100644
index 0000000000..60aaad4b52
--- /dev/null
+++ b/kubernetes/authentication/resources/oauth2_proxy.cfg
@@ -0,0 +1,38 @@
+provider = "oidc"
+provider_display_name = "ONAPKeycloakID"
+client_id = "{{ index .Values "onap-oauth2-proxy" "config" "clientId" }}"
+client_secret = "{{ index .Values "onap-oauth2-proxy" "config" "clientSecret" }}"
+oidc_issuer_url = 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}/realms/onap'
+oidc_jwks_url = 'http://{{ include "common.namespace" . }}-authentication-keycloakx-http.{{ include "common.namespace" . }}/realms/onap/protocol/openid-connect/certs'
+profile_url = 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}/realms/onap/protocol/openid-connect/userinfo'
+validate_url = 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}/realms/onap/protocol/openid-connect/userinfo'
+redeem_url = 'http://{{ include "common.namespace" . }}-authentication-keycloakx-http.{{ include "common.namespace" . }}/realms/onap/protocol/openid-connect/token'
+scope = "openid email profile groups onap_roles"
+skip_oidc_discovery = true
+cookie_secure = false
+cookie_secret = "{{ index .Values "onap-oauth2-proxy" "config" "cookieSecret" }}"
+email_domains = [ "*" ]
+auth_logging = true
+request_logging = true
+standard_logging = true
+show_debug_on_error = true
+cookie_domains = ".{{ .Values.global.ingress.virtualhost.baseurl }}"
+cookie_samesite = "lax"
+whitelist_domains = ".{{ .Values.global.ingress.virtualhost.baseurl }}"
+login_url = 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}/realms/onap/protocol/openid-connect/auth'
+pass_access_token = true
+pass_authorization_header = true
+pass_host_header = true
+pass_user_headers = true
+http_address = "0.0.0.0:4180"
+oidc_email_claim = "email"
+oidc_groups_claim = "groups"
+insecure_oidc_skip_issuer_verification = true
+insecure_oidc_allow_unverified_email = true
+silence_ping_logging = true
+upstreams = "static://200"
+set_xauthrequest = true
+set_authorization_header = true
+skip_provider_button = true
+skip_jwt_bearer_tokens = true
+cookie_expire = "30m"
diff --git a/kubernetes/authentication/templates/_utils.tpl b/kubernetes/authentication/templates/_utils.tpl
new file mode 100644
index 0000000000..806f96164a
--- /dev/null
+++ b/kubernetes/authentication/templates/_utils.tpl
@@ -0,0 +1,811 @@
+{{/*
+# Copyright © 2024 Tata Communication Limited (TCL), Deutsche Telekom AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+Renders a value that contains template.
+Usage:
+{{ include "auth.realm" ( dict "dot" . "realm" .Values.path.to.realm) }}
+*/}}
+{{- define "auth.realm" -}}
+{{- $dot := default . .dot -}}
+{{- $realm := (required "'realm' param, set to the specific service, is required." .realm) -}}
+realm: {{ $realm.name }}
+{{ if $realm.displayName }}displayName: {{ $realm.displayName }}{{ end }}
+id: {{ $realm.name }}
+accessTokenLifespan: 1900
+registrationAllowed: false
+resetPasswordAllowed: true
+enabled: true
+{{ if $realm.themes }}
+{{ if $realm.themes.login }}loginTheme: {{ $realm.themes.login }}{{ end }}
+{{ if $realm.themes.admin }}adminTheme: {{ $realm.themes.admin }}{{ end }}
+{{ if $realm.themes.account }}accountTheme: {{ $realm.themes.account }}{{ end }}
+{{ if $realm.themes.email }}emailTheme: {{ $realm.themes.email }}{{ end }}
+{{- end }}
+{{- if $realm.accessControl }}
+{{ include "auth._roles" $realm }}
+{{- end }}
+{{ include "auth._clients" (dict "dot" $dot "realm" $realm) }}
+{{ include "auth._clientScopes" $realm }}
+{{ include "auth._defaultClientScopes" $realm }}
+{{ include "auth._groups" $realm }}
+{{ include "auth._users" $realm }}
+{{ include "auth._identity" $realm }}
+{{ include "auth._identityMapper" $realm }}
+{{ include "auth._smtpServer" $realm }}
+{{ include "auth._attributes" (dict "dot" $dot "realm" $realm) }}
+{{- end -}}
+
+{{/*
+Renders the roles section in a realm.
+Usage:
+{{ include "auth._roles" ( dict "dot" .Values) }}
+*/}}
+{{- define "auth._roles" -}}
+{{- $realm := default . .dot -}}
+roles:
+ realm:
+ {{- range $index, $role := $realm.accessControl.assignableRoles }}
+ - name: "{{ $role.name }}"
+ description: "{{ $role.description }}"
+ {{- if $role.associatedAccessRoles }}
+ composite: true
+ composites:
+ client:
+ {{- range $key, $accessRole := $realm.accessControl.accessRoles }}
+ {{ $client := index $realm.clients $key -}}
+ {{ $client.clientId }}:
+ {{- range $index2, $associatedRole := $role.associatedAccessRoles }}
+ - {{ $associatedRole }}
+ {{- end }}
+ {{- end }}
+ {{- else }}
+ composite: false
+ {{- end }}
+ clientRole: false
+ containerId: "{{ $realm.name }}"
+ attributes: {}
+ {{- end }}
+ - name: "user"
+ composite: false
+ clientRole: false
+ containerId: "{{ $realm.name }}"
+ attributes: {}
+ - name: "admin"
+ composite: false
+ clientRole: false
+ containerId: "{{ $realm.name }}"
+ attributes: {}
+ - name: "offline_access"
+ description: "${role_offline-access}"
+ composite: false
+ clientRole: false
+ containerId: "{{ $realm.name }}"
+ attributes: {}
+ - name: "uma_authorization"
+ description: "${role_uma_authorization}"
+ composite: false
+ clientRole: false
+ containerId: "{{ $realm.name }}"
+ attributes: {}
+ - name: "default-roles-{{ $realm.name }}"
+ description: "${role_default-roles}"
+ composite: true
+ composites:
+ realm:
+ - "offline_access"
+ - "uma_authorization"
+ client:
+ account:
+ - "view-profile"
+ - "manage-account"
+ clientRole: false
+ containerId: "{{ $realm.name }}"
+ attributes: {}
+ {{- if $realm.accessControl.accessRoles }}
+ client:
+ {{- range $key, $accessRole := $realm.accessControl.accessRoles }}
+ {{ $client := index $realm.clients $key -}}
+ {{ $client.clientId }}:
+ {{- range $index, $role := get $realm.accessControl.accessRoles $key }}
+ - name: "{{ $role.name }}"
+ description: "Allows to perform {{ $role.methodsAllowed }} operations for {{ $role.name }} component"
+ composite: false
+ clientRole: false
+ containerId: "{{ $client.clientId }}"
+ attributes: {}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{- end }}
+
+{{/*
+Renders the clients section in a realm.
+Usage:
+{{ include "auth._clients" ( dict "dot" . "realm" $realm ) }}
+*/}}
+{{- define "auth._clients" -}}
+{{- $dot := default . .dot -}}
+{{- $realm := (required "'realm' param, set to the specific service, is required." .realm) -}}
+clients:
+ {{- range $index, $client := $realm.clients }}
+ - clientId: "{{ $client.clientId }}"
+ {{- if $client.name }}
+ name: "{{ $client.name }}"
+ {{- end }}
+ {{- if $client.description }}
+ description: "{{ $client.description }}"
+ {{- end }}
+ {{- if $client.rootUrl }}
+ rootUrl: {{ tpl $client.rootUrl $dot }}
+ {{- end }}
+ {{- if $client.adminUrl }}
+ adminUrl: {{ tpl $client.adminUrl $dot }}
+ {{- end }}
+ {{- if $client.baseUrl }}
+ baseUrl: {{ tpl $client.baseUrl $dot }}
+ {{- end }}
+ surrogateAuthRequired: {{ default false $client.surrogateAuthRequired }}
+ enabled: true
+ alwaysDisplayInConsole: false
+ clientAuthenticatorType: {{ default "client-secret" $client.clientAuthenticatorType }}
+ {{- if $client.secret }}
+ secret: "{{ $client.secret }}"
+ {{- end }}
+ {{- if $client.redirectUris }}
+ redirectUris:
+ {{- range $index2, $url := $client.redirectUris }}
+ - {{ tpl $url $dot }}
+ {{- end }}
+ {{- else }}
+ redirectUris: []
+ {{- end }}
+ {{- if $client.webOrigins }}
+ webOrigins:
+ {{- range $index3, $web := $client.webOrigins }}
+ - {{ $web | quote }}
+ {{- end }}
+ {{- else }}
+ webOrigins: []
+ {{- end }}
+ notBefore: 0
+ bearerOnly: {{ default false $client.bearerOnly }}
+ consentRequired: {{ default false $client.consentRequired }}
+ standardFlowEnabled: {{ default true $client.standardFlowEnabled }}
+ implicitFlowEnabled: {{ default false $client.implicitFlowEnabled }}
+ directAccessGrantsEnabled: {{ default true $client.directAccessGrantsEnabled }}
+ serviceAccountsEnabled: {{ default false $client.serviceAccountsEnabled }}
+ publicClient: {{ default false $client.publicClient }}
+ frontchannelLogout: {{ default false $client.frontchannelLogout }}
+ protocol: "{{ default "openid-connect" $client.protocol }}"
+ {{- if $client.attributes }}
+ attributes:
+ {{- range $key,$value := $client.attributes }}
+ {{ $key }}: {{ tpl $value $dot }}
+ {{- end }}
+ {{- end }}
+ authenticationFlowBindingOverrides: {}
+ fullScopeAllowed: true
+ nodeReRegistrationTimeout: -1
+ protocolMappers:
+ {{- if $client.protocolMappers }}
+ {{- range $index2, $mapper := $client.protocolMappers }}
+ - name: {{ $mapper.name }}
+ protocol: "openid-connect"
+ protocolMapper: {{ $mapper.protocolMapper }}
+ consentRequired: false
+ config:
+ {{ toYaml $mapper.config | nindent 10 }}
+ {{- end }}
+ {{- end }}
+ defaultClientScopes:
+ {{- if $client.defaultClientScopes }}
+ {{- range $index2, $scope := $client.defaultClientScopes }}
+ - {{ $scope }}
+ {{- end }}
+ {{- else }}
+ - web-origins
+ - profile
+ - acr
+ - email
+ {{- end }}
+ optionalClientScopes:
+ {{- if $client.optionalClientScopes }}
+ {{- range $index2, $scope := $client.optionalClientScopes }}
+ - {{ $scope }}
+ {{- end }}
+ {{- else }}
+ - address
+ - phone
+ - offline_access
+ - microprofile-jwt
+ {{- end }}
+ {{- end }}
+{{- end }}
+
+{{/*
+Renders the defaulDefaultClientScopes section in a realm.
+Usage:
+{{ include "auth._defaultClientScopes" ( dict "dot" .Values) }}
+*/}}
+{{- define "auth._defaultClientScopes" -}}
+{{- $dot := default . .dot -}}
+{{- if $dot.defaultClientScopes }}
+defaultDefaultClientScopes:
+ {{- range $index, $scope := $dot.defaultClientScopes }}
+ - {{ $scope }}
+ {{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Renders the clientScopes section in a realm.
+Usage:
+{{ include "auth._clientScopes" ( dict "dot" .Values) }}
+*/}}
+{{- define "auth._clientScopes" -}}
+{{- $dot := default . .dot -}}
+clientScopes:
+{{- if $dot.additionalClientScopes }}
+{{- range $index, $scope := $dot.additionalClientScopes }}
+- name: {{ $scope.name }}
+ description: "{{ default "" $scope.description }}"
+ protocol: openid-connect
+ attributes:
+ include.in.token.scope: 'false'
+ display.on.consent.screen: 'true'
+ gui.order: ''
+ consent.screen.text: "${rolesScopeConsentText}"
+ protocolMappers:
+ {{- if $scope.protocolMappers }}
+ {{- range $index2, $mapper := $scope.protocolMappers }}
+ - name: {{ $mapper.name }}
+ protocol: "openid-connect"
+ protocolMapper: {{ $mapper.protocolMapper }}
+ consentRequired: false
+ config:
+ {{ toYaml $mapper.config | nindent 8 }}
+ {{- end }}
+ {{- end }}
+
+{{- end }}
+{{- end }}
+- name: roles
+ description: OpenID Connect scope for add user roles to the access token
+ protocol: openid-connect
+ attributes:
+ include.in.token.scope: 'false'
+ display.on.consent.screen: 'true'
+ consent.screen.text: "${rolesScopeConsentText}"
+ protocolMappers:
+ - name: audience resolve
+ protocol: openid-connect
+ protocolMapper: oidc-audience-resolve-mapper
+ consentRequired: false
+ config: {}
+ - name: realm roles
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-realm-role-mapper
+ consentRequired: false
+ config:
+ user.attribute: foo
+ access.token.claim: 'true'
+ claim.name: realm_access.roles
+ jsonType.label: String
+ multivalued: 'true'
+ - name: client roles
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-client-role-mapper
+ consentRequired: false
+ config:
+ user.attribute: foo
+ access.token.claim: 'true'
+ claim.name: resource_access.${client_id}.roles
+ jsonType.label: String
+ multivalued: 'true'
+- name: groups
+ description: Membership to a group
+ protocol: openid-connect
+ attributes:
+ include.in.token.scope: 'true'
+ display.on.consent.screen: 'true'
+ gui.order: ''
+ consent.screen.text: ''
+ protocolMappers:
+ - name: groups
+ protocol: openid-connect
+ protocolMapper: oidc-group-membership-mapper
+ consentRequired: false
+ config:
+ full.path: 'false'
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: groups
+ userinfo.token.claim: 'true'
+- name: acr
+ description: OpenID Connect scope for add acr (authentication context class reference)
+ to the token
+ protocol: openid-connect
+ attributes:
+ include.in.token.scope: 'false'
+ display.on.consent.screen: 'false'
+ protocolMappers:
+ - name: acr loa level
+ protocol: openid-connect
+ protocolMapper: oidc-acr-mapper
+ consentRequired: false
+ config:
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+- name: profile
+ description: 'OpenID Connect built-in scope: profile'
+ protocol: openid-connect
+ attributes:
+ include.in.token.scope: 'true'
+ display.on.consent.screen: 'true'
+ consent.screen.text: "${profileScopeConsentText}"
+ protocolMappers:
+ - name: profile
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-attribute-mapper
+ consentRequired: false
+ config:
+ userinfo.token.claim: 'true'
+ user.attribute: profile
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: profile
+ jsonType.label: String
+ - name: given name
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-property-mapper
+ consentRequired: false
+ config:
+ userinfo.token.claim: 'true'
+ user.attribute: firstName
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: given_name
+ jsonType.label: String
+ - name: website
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-attribute-mapper
+ consentRequired: false
+ config:
+ userinfo.token.claim: 'true'
+ user.attribute: website
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: website
+ jsonType.label: String
+ - name: zoneinfo
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-attribute-mapper
+ consentRequired: false
+ config:
+ userinfo.token.claim: 'true'
+ user.attribute: zoneinfo
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: zoneinfo
+ jsonType.label: String
+ - name: locale
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-attribute-mapper
+ consentRequired: false
+ config:
+ userinfo.token.claim: 'true'
+ user.attribute: locale
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: locale
+ jsonType.label: String
+ - name: gender
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-attribute-mapper
+ consentRequired: false
+ config:
+ userinfo.token.claim: 'true'
+ user.attribute: gender
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: gender
+ jsonType.label: String
+ - name: family name
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-property-mapper
+ consentRequired: false
+ config:
+ userinfo.token.claim: 'true'
+ user.attribute: lastName
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: family_name
+ jsonType.label: String
+ - name: username
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-property-mapper
+ consentRequired: false
+ config:
+ userinfo.token.claim: 'true'
+ user.attribute: username
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: preferred_username
+ jsonType.label: String
+ - name: middle name
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-attribute-mapper
+ consentRequired: false
+ config:
+ userinfo.token.claim: 'true'
+ user.attribute: middleName
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: middle_name
+ jsonType.label: String
+ - name: birthdate
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-attribute-mapper
+ consentRequired: false
+ config:
+ userinfo.token.claim: 'true'
+ user.attribute: birthdate
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: birthdate
+ jsonType.label: String
+ - name: updated at
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-attribute-mapper
+ consentRequired: false
+ config:
+ userinfo.token.claim: 'true'
+ user.attribute: updatedAt
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: updated_at
+ jsonType.label: long
+ - name: full name
+ protocol: openid-connect
+ protocolMapper: oidc-full-name-mapper
+ consentRequired: false
+ config:
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ userinfo.token.claim: 'true'
+ - name: nickname
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-attribute-mapper
+ consentRequired: false
+ config:
+ userinfo.token.claim: 'true'
+ user.attribute: nickname
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: nickname
+ jsonType.label: String
+ - name: picture
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-attribute-mapper
+ consentRequired: false
+ config:
+ userinfo.token.claim: 'true'
+ user.attribute: picture
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: picture
+ jsonType.label: String
+- name: address
+ description: 'OpenID Connect built-in scope: address'
+ protocol: openid-connect
+ attributes:
+ include.in.token.scope: 'true'
+ display.on.consent.screen: 'true'
+ consent.screen.text: "${addressScopeConsentText}"
+ protocolMappers:
+ - name: address
+ protocol: openid-connect
+ protocolMapper: oidc-address-mapper
+ consentRequired: false
+ config:
+ user.attribute.formatted: formatted
+ user.attribute.country: country
+ user.attribute.postal_code: postal_code
+ userinfo.token.claim: 'true'
+ user.attribute.street: street
+ id.token.claim: 'true'
+ user.attribute.region: region
+ access.token.claim: 'true'
+ user.attribute.locality: locality
+- name: web-origins
+ description: OpenID Connect scope for add allowed web origins to the access token
+ protocol: openid-connect
+ attributes:
+ include.in.token.scope: 'false'
+ display.on.consent.screen: 'false'
+ consent.screen.text: ''
+ protocolMappers:
+ - name: allowed web origins
+ protocol: openid-connect
+ protocolMapper: oidc-allowed-origins-mapper
+ consentRequired: false
+ config: {}
+- name: phone
+ description: 'OpenID Connect built-in scope: phone'
+ protocol: openid-connect
+ attributes:
+ include.in.token.scope: 'true'
+ display.on.consent.screen: 'true'
+ consent.screen.text: "${phoneScopeConsentText}"
+ protocolMappers:
+ - name: phone number verified
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-attribute-mapper
+ consentRequired: false
+ config:
+ userinfo.token.claim: 'true'
+ user.attribute: phoneNumberVerified
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: phone_number_verified
+ jsonType.label: boolean
+ - name: phone number
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-attribute-mapper
+ consentRequired: false
+ config:
+ userinfo.token.claim: 'true'
+ user.attribute: phoneNumber
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: phone_number
+ jsonType.label: String
+- name: offline_access
+ description: 'OpenID Connect built-in scope: offline_access'
+ protocol: openid-connect
+ attributes:
+ consent.screen.text: "${offlineAccessScopeConsentText}"
+ display.on.consent.screen: 'true'
+- name: role_list
+ description: SAML role list
+ protocol: saml
+ attributes:
+ consent.screen.text: "${samlRoleListScopeConsentText}"
+ display.on.consent.screen: 'true'
+ protocolMappers:
+ - name: role list
+ protocol: saml
+ protocolMapper: saml-role-list-mapper
+ consentRequired: false
+ config:
+ single: 'false'
+ attribute.nameformat: Basic
+ attribute.name: Role
+- name: microprofile-jwt
+ description: Microprofile - JWT built-in scope
+ protocol: openid-connect
+ attributes:
+ include.in.token.scope: 'true'
+ display.on.consent.screen: 'false'
+ protocolMappers:
+ - name: upn
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-property-mapper
+ consentRequired: false
+ config:
+ userinfo.token.claim: 'true'
+ user.attribute: username
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: upn
+ jsonType.label: String
+ - name: groups
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-realm-role-mapper
+ consentRequired: false
+ config:
+ multivalued: 'true'
+ user.attribute: foo
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: groups
+ jsonType.label: String
+- name: email
+ description: 'OpenID Connect built-in scope: email'
+ protocol: openid-connect
+ attributes:
+ include.in.token.scope: 'true'
+ display.on.consent.screen: 'true'
+ consent.screen.text: "${emailScopeConsentText}"
+ protocolMappers:
+ - name: email
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-property-mapper
+ consentRequired: false
+ config:
+ userinfo.token.claim: 'true'
+ user.attribute: email
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: email
+ jsonType.label: String
+ - name: email verified
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-property-mapper
+ consentRequired: false
+ config:
+ userinfo.token.claim: 'true'
+ user.attribute: emailVerified
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: email_verified
+ jsonType.label: boolean
+{{- end }}
+
+{{/*
+Renders the groups section in a realm.
+Usage:
+{{ include "auth._groups" ( dict "dot" .Values) }}
+*/}}
+{{- define "auth._groups" -}}
+{{- $dot := default . .dot -}}
+{{- if $dot.groups }}
+groups:
+{{- range $index, $group := $dot.groups }}
+ - name: "{{ $group.name }}"
+ path: "{{ $group.path }}"
+ attributes: {}
+ {{- if $group.roles }}
+ realmRoles:
+ {{- range $index2, $groupRole := $group.roles }}
+ - "{{ $groupRole }}"
+ {{- end }}
+ {{- else }}
+ realmRoles: []
+ {{- end }}
+ clientRoles: {}
+ subGroups: []
+{{- end }}
+{{- else }}
+groups: []
+{{- end }}
+{{- end }}
+
+{{/*
+Renders the users section in a realm.
+Usage:
+{{ include "auth._users" ( dict "dot" .Values) }}
+*/}}
+{{- define "auth._users" -}}
+{{- $dot := default . .dot -}}
+{{- if $dot.initialUsers }}
+users:
+ {{- range $index, $user := $dot.initialUsers }}
+ - username: "{{ $user.username }}"
+ enabled: true
+ totp: false
+ email: "{{ default "" $user.email }}"
+ emailVerified: "{{ default true $user.emailVerified }}"
+ firstName: "{{ default "" $user.firstName }}"
+ lastName: "{{ default "" $user.lastName }}"
+ {{- if $user.attributes }}
+ attributes:
+ {{ toYaml $user.attributes | nindent 6 }}
+ {{- else }}
+ attributes: {}
+ {{- end }}
+ {{- if $user.password }}
+ credentials:
+ - type: "password"
+ temporary: false
+ value: "{{ $user.password }}"
+ {{- end }}
+ {{- if $user.credentials }}
+ credentials:
+ {{ toYaml $user.credentials | nindent 6 }}
+ {{- end }}
+ disableableCredentialTypes: []
+ requiredActions: []
+ {{- if $user.realmRoles }}
+ realmRoles:
+ {{- range $index2, $realmRole := $user.realmRoles }}
+ - "{{ $realmRole }}"
+ {{- end }}
+ {{- else }}
+ realmRoles: [ "default-roles-{{ $dot.name }}" ]
+ {{- end }}
+ {{- if $user.clientRoles }}
+ clientRoles:
+ {{ toYaml $user.clientRoles | nindent 6 }}
+ {{- end }}
+ notBefore: 0
+ groups: {{ $user.groups | toJson }}
+ {{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Renders the identityProviders section in a realm.
+Usage:
+{{ include "auth._identity" ( dict "dot" .Values) }}
+*/}}
+{{- define "auth._identity" -}}
+{{- $dot := default . .dot -}}
+{{- if $dot.identityProviders }}
+identityProviders:
+{{- range $index, $provider := $dot.identityProviders }}
+ - alias: {{ $provider.name }}
+ displayName: {{ $provider.displayName }}
+ providerId: oidc
+ enabled: true
+ updateProfileFirstLoginMode: "on"
+ trustEmail: true
+ storeToken: true
+ addReadTokenRoleOnCreate: true
+ authenticateByDefault: false
+ linkOnly: false
+ firstBrokerLoginFlowAlias: "first broker login"
+ config:
+ {{ toYaml $provider.config | nindent 6 }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Renders the identityProviderMappers section in a realm.
+Usage:
+{{ include "auth._identityMapper" ( dict "dot" .Values) }}
+*/}}
+{{- define "auth._identityMapper" -}}
+{{- $dot := default . .dot -}}
+{{- if $dot.identityProviderMappers }}
+identityProviderMappers:
+{{- range $index, $mapper := $dot.identityProviderMappers }}
+ - name: {{ $mapper.name }}
+ identityProviderAlias: {{ $mapper.identityProviderAlias }}
+ identityProviderMapper: {{ $mapper.identityProviderMapper }}
+ config:
+ {{ toYaml $mapper.config | nindent 6 }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Renders the smtpServer section in a realm.
+Usage:
+{{ include "auth._smtpServer" ( dict "dot" .Values) }}
+*/}}
+{{- define "auth._smtpServer" -}}
+{{- $dot := default . .dot -}}
+{{- if $dot.smtpServer }}
+smtpServer:
+ {{ toYaml $dot.smtpServer | nindent 2 }}
+{{- end }}
+{{- end }}
+
+{{/*
+Renders the attributes section in a realm.
+Usage:
+{{ include "auth._attributes" ( dict "dot" . "realm" $realm ) }}
+*/}}
+{{- define "auth._attributes" -}}
+{{- $dot := default . .dot -}}
+{{- $realm := (required "'realm' param, set to the specific service, is required." .realm) -}}
+attributes:
+ frontendUrl: {{ tpl $realm.attributes.frontendUrl $dot }}
+ acr.loa.map: "{\"ABC\":\"5\"}"
+{{- end }}
diff --git a/kubernetes/authentication/templates/authorizationpolicy.yaml b/kubernetes/authentication/templates/authorizationpolicy.yaml
new file mode 100644
index 0000000000..abd40725da
--- /dev/null
+++ b/kubernetes/authentication/templates/authorizationpolicy.yaml
@@ -0,0 +1,90 @@
+{{/*
+# Copyright © 2024 Tata Communication Limited (TCL), Deutsche Telekom AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.ingressAuthentication.enabled }}
+---
+{{- $dot := . }}
+{{- range $index, $realm := .Values.realmSettings }}
+{{- range $key, $accessRole := $realm.accessControl.accessRoles }}
+{{- range $index, $role := get $realm.accessControl.accessRoles $key }}
+apiVersion: security.istio.io/v1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ $key }}-{{ $role.name }}-jwt
+ namespace: istio-ingress
+spec:
+ action: ALLOW
+ rules:
+ - to:
+ - operation:
+ hosts:
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $role.servicePrefix) }}
+ methods:
+ {{- range $role.methodsAllowed }}
+ - {{ . }}
+ {{- end }}
+ when:
+ - key: request.auth.claims[onap_roles]
+ values:
+ - {{ $role.name }}
+ selector:
+ matchLabels:
+ istio: ingress
+---
+{{- end }}
+{{- end }}
+{{- end }}
+apiVersion: security.istio.io/v1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ .Release.Name }}-custom-action
+ namespace: istio-ingress
+spec:
+ action: CUSTOM
+ provider:
+ name: oauth2-proxy
+ rules:
+ - to:
+ - operation:
+ notHosts:
+ {{- if .Values.ingressAuthentication.exceptions }}
+ {{- range $index, $url := .Values.ingressAuthentication.exceptions }}
+ - {{ tpl $url $dot }}
+ {{- end }}
+ {{- end }}
+ selector:
+ matchLabels:
+ istio: ingress
+---
+apiVersion: security.istio.io/v1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ .Release.Name }}-allowed-exceptions
+ namespace: istio-ingress
+spec:
+ action: ALLOW
+ rules:
+ - to:
+ - operation:
+ hosts:
+ {{- if .Values.ingressAuthentication.exceptions }}
+ {{- range $index, $url := .Values.ingressAuthentication.exceptions }}
+ - {{ tpl $url $dot }}
+ {{- end }}
+ {{- end }}
+ selector:
+ matchLabels:
+ istio: ingress
+{{- end }}
diff --git a/kubernetes/authentication/templates/configmap.yaml b/kubernetes/authentication/templates/configmap.yaml
new file mode 100644
index 0000000000..f373754379
--- /dev/null
+++ b/kubernetes/authentication/templates/configmap.yaml
@@ -0,0 +1,23 @@
+{{/*
+# Copyright © 2024 Tata Communication Limited (TCL), Deutsche Telekom AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: oauth2-onap-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/oauth2_proxy.cfg").AsConfig . | indent 2 }}
diff --git a/kubernetes/authentication/templates/requestauthentication.yaml b/kubernetes/authentication/templates/requestauthentication.yaml
new file mode 100644
index 0000000000..92bea9f48e
--- /dev/null
+++ b/kubernetes/authentication/templates/requestauthentication.yaml
@@ -0,0 +1,36 @@
+{{/*
+# Copyright © 2024 Tata Communication Limited (TCL), Deutsche Telekom AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.ingressAuthentication.enabled }}
+---
+apiVersion: security.istio.io/v1beta1
+kind: RequestAuthentication
+metadata:
+ name: {{ .Release.Name }}-request-auth
+ namespace: istio-ingress
+spec:
+ selector:
+ matchLabels:
+ istio: ingress
+ jwtRules:
+ {{- $dot := . }}
+ {{- range $index, $realm := .Values.realmSettings }}
+ - issuer: "https://{{ include "ingress.config.host" (dict "dot" $dot "baseaddr" "keycloak-ui") }}/{{ $dot.Values.keycloak.relativePath }}realms/{{ $realm.name }}"
+ jwksUri: {{ $dot.Values.keycloak.intURL }}realms/{{ $realm.name }}/protocol/openid-connect/certs
+ {{- end }}
+ - issuer: "https://{{ include "ingress.config.host" (dict "dot" $dot "baseaddr" "keycloak-ui") }}/{{ .Values.keycloak.relativePath }}realms/master"
+ jwksUri: {{ .Values.keycloak.intURL }}realms/master/protocol/openid-connect/certs
+ forwardOriginalToken: true
+{{- end }}
diff --git a/kubernetes/platform/components/keycloak-init/templates/secret.yaml b/kubernetes/authentication/templates/secret.yaml
index 0d9b387dfa..1488be6969 100644
--- a/kubernetes/platform/components/keycloak-init/templates/secret.yaml
+++ b/kubernetes/authentication/templates/secret.yaml
@@ -9,9 +9,8 @@ metadata:
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
-{{- with .Files.Glob "resources/realms/*json" }}
data:
-{{- range $path, $bytes := . }}
- {{ base $path }}: {{ tpl ($.Files.Get $path) $ | b64enc | quote }}
-{{- end }}
-{{- end }}
+{{- $dot := . }}
+{{- range $realm := .Values.realmSettings }}
+ {{ $realm.name }}: {{ include "auth.realm" (dict "dot" $dot "realm" $realm) | fromYaml | toPrettyJson | indent 2 | b64enc | quote }}
+{{- end -}}
diff --git a/kubernetes/authentication/values.yaml b/kubernetes/authentication/values.yaml
new file mode 100644
index 0000000000..ba99879e87
--- /dev/null
+++ b/kubernetes/authentication/values.yaml
@@ -0,0 +1,648 @@
+# Copyright © 2024, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global:
+ # Global ingress configuration
+ ingress:
+ enabled: false
+ virtualhost:
+ baseurl: "simpledemo.onap.org"
+ # prefix for baseaddr
+ # can be overwritten in component by setting ingress.preaddrOverride
+ preaddr: ""
+ # postfix for baseaddr
+ # can be overwritten in component by setting ingress.postaddrOverride
+ postaddr: ""
+
+keycloak:
+ intURL: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/"
+ relativePath: "auth/"
+ingressAuthentication:
+ enabled: false
+ exceptions:
+ - '{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}'
+ - '{{ include "ingress.config.host" (dict "dot" . "baseaddr" "portal-ui") }}'
+ - '{{ include "ingress.config.host" (dict "dot" . "baseaddr" "minio-console") }}'
+ - '{{ include "ingress.config.host" (dict "dot" . "baseaddr" "uui-server") }}'
+
+onap-keycloak-config-cli:
+ image:
+ pullSecrets:
+ - name: onap-docker-registry-key
+ #existingSecret: "keycloak-keycloakx-admin-creds"
+ env:
+ # internal KC URL plus relative path
+ KEYCLOAK_URL: "http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/"
+ KEYCLOAK_SSLVERIFY: "false"
+ KEYCLOAK_AVAILABILITYCHECK_ENABLED: "true"
+ secrets:
+ KEYCLOAK_PASSWORD: secret
+ existingConfigSecret: "keycloak-config-cli-config-realms"
+ securityContext:
+ runAsGroup: 65534
+ runAsNonRoot: true
+ runAsUser: 65534
+ seccompProfile:
+ type: RuntimeDefault
+ containerSecurityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ readOnlyRootFilesystem: true
+ resources:
+ limits:
+ cpu: "1"
+ memory: 500Mi
+ requests:
+ cpu: 100m
+ memory: 10Mi
+
+onap-oauth2-proxy:
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+
+ resources:
+ limits:
+ cpu: 500m
+ memory: 500Mi
+ requests:
+ cpu: 500m
+ memory: 500Mi
+
+ initContainers:
+ waitForRedis:
+ #image:
+ # repository: "dockerhub.devops.telekom.de/alpine"
+ # tag: "3.20"
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ resources:
+ limits:
+ cpu: 100m
+ memory: 300Mi
+ requests:
+ cpu: 100m
+ memory: 300Mi
+
+ # Oauth client configuration specifics
+ config:
+ # Create a new secret with the following command
+ # openssl rand -base64 32 | head -c 32 | base64
+ cookieSecret: "CbgXFXDJ16laaCfChtFBpKy1trNEmJZDIjaiaIMLyRA="
+ clientID: &clientID "oauth2-proxy-onap"
+ # To be set in helmfile
+ clientSecret: &clientSecret "5YSOkJz99WHv8enDZPknzJuGqVSerELp"
+ # To be set in helmfile
+ cookieName: "onap-cookie"
+ # settings see https://github.com/oauth2-proxy/oauth2-proxy/blob/master/docs/docs/configuration/overview.md
+ existingConfig: "oauth2-onap-config"
+
+ # Configure the session storage type, between cookie and redis
+ sessionStorage:
+ # Can be one of the supported session storage cookie|redis
+ type: redis
+ redis:
+ # Name of the Kubernetes secret containing the redis & redis sentinel password values (see also `sessionStorage.redis.passwordKey`)
+ existingSecret: "onap-authentication-redis"
+ # Redis password value. Applicable for all Redis configurations. Taken from redis subchart secret if not set. `sessionStorage.redis.existingSecret` takes precedence
+ password: ""
+ # Key of the Kubernetes secret data containing the redis password value
+ passwordKey: "redis-password"
+ # Can be one of standalone|cluster|sentinel
+ clientType: "sentinel"
+ standalone:
+ # URL of redis standalone server for redis session storage (e.g. `redis://HOST[:PORT]`). Automatically generated if not set
+ connectionUrl: ""
+ cluster:
+ # List of Redis cluster connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`)
+ connectionUrls: []
+ sentinel:
+ # Name of the Kubernetes secret containing the redis sentinel password value (see also `sessionStorage.redis.sentinel.passwordKey`). Default: `sessionStorage.redis.existingSecret`
+ existingSecret: ""
+ # Redis sentinel password. Used only for sentinel connection; any redis node passwords need to use `sessionStorage.redis.password`
+ password: ""
+ # Key of the Kubernetes secret data containing the redis sentinel password value
+ passwordKey: "redis-password"
+ # Redis sentinel master name
+ masterName: "mymaster"
+ # List of Redis sentinel connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`)
+ connectionUrls: "redis://onap-authentication-redis-node-0.onap-authentication-redis-headless.onap:26379,redis://onap-authentication-redis-node-1.onap-authentication-redis-headless.onap:26379,redis://onap-authentication-redis-node-2.onap-authentication-redis-headless.onap:26379"
+
+ # Enables and configure the automatic deployment of the redis subchart
+ redis:
+ # provision an instance of the redis sub-chart
+ enabled: true
+ master:
+ containerSecurityContext:
+ capabilities:
+ drop: ["ALL", "CAP_NET_RAW"]
+ replica:
+ containerSecurityContext:
+ capabilities:
+ drop: ["ALL", "CAP_NET_RAW"]
+ sentinel:
+ enabled: true
+ containerSecurityContext:
+ capabilities:
+ drop: ["ALL", "CAP_NET_RAW"]
+
+serviceAccount:
+ nameOverride: keycloak-init
+ roles:
+ - read
+
+realmSettings:
+ - name: onap
+ displayName: "ONAP Realm"
+ attributes:
+ frontendUrl: 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "keycloak-ui") }}/{{ .Values.keycloak.relativePath }}'
+ themes:
+ login: "base"
+ admin: "base"
+ account: "base"
+ email: "base"
+ groups:
+ - name: admins
+ path: /admins
+ roles: [ "platform-all-full" ]
+ - name: contributors
+ path: /contributors
+ roles: [ "platform-all-write" ]
+ - name: readers
+ path: /readers
+ roles: [ "platform-all-read" ]
+ initialUsers:
+ - username: "onap-admin"
+ credentials:
+ - type: password
+ secretData: "{\"value\":\"nD4K4x8HEgk6xlWIAgzZOE+EOjdbovJfEa7N3WXwIMCWCfdXpn7Riys7hZhI1NbKcc9QPI9j8LQB/JSuZVcXKA==\",\"salt\":\"T8X9A9tT2cyLvEjHFo+zuQ==\",\"additionalParameters\":{}}"
+ credentialData : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ attributes:
+ sdc_user:
+ - "cs0008"
+ realmRoles:
+ - default-roles-onap
+ - portal_admin
+ groups: []
+ - username: "onap-designer"
+ credentials: []
+ attributes:
+ sdc_user:
+ - "cs0008"
+ realmRoles:
+ - default-roles-onap
+ - portal_designer
+ groups: []
+ - username: "onap-operator"
+ credentials: []
+ attributes:
+ sdc_user:
+ - "cs0008"
+ realmRoles:
+ - default-roles-onap
+ - portal_operator
+ groups: []
+ - username: "service-account-portal-bff"
+ serviceAccountClientId: "portal-bff"
+ credentials: []
+ clientRoles:
+ realm-management:
+ - manage-realm
+ - manage-users
+ groups: []
+ - username: adminek
+ password: Adminek
+ email: "onap-admin@amartus.com"
+ groups:
+ - admins
+ - username: onapadmin
+ password: ONAPAdmin
+ email: "onap-admin1@amartus.com"
+ groups:
+ - admins
+ - username: contributor
+ password: Contributor
+ email: "onap-contributor@amartus.com"
+ groups:
+ - contributors
+ - username: reader
+ password: Reader
+ email: "onap-reader@amartus.com"
+ groups:
+ - readers
+ clients:
+ oauth2_proxy:
+ clientId: *clientID
+ name: "Oauth2 Proxy"
+ secret: *clientSecret
+ protocol: openid-connect
+ protocolMappers:
+ - name: "Audience for Oauth2Proxy"
+ protocolMapper: "oidc-audience-mapper"
+ config:
+ included.client.audience: "oauth2-proxy-onap"
+ id.token.claim: "false"
+ access.token.claim: "true"
+ included.custom.audience: "oauth2-proxy-onap"
+ - name: "SDC-User"
+ protocolMapper: "oidc-usermodel-attribute-mapper"
+ config:
+ multivalued: "false"
+ userinfo.token.claim: "true"
+ user.attribute: "sdc_user"
+ id.token.claim: "true"
+ access.token.claim: "true"
+ claim.name: "sdc_user"
+ jsonType.label: "String"
+ additionalDefaultScopes:
+ - "onap_roles"
+ portal_app:
+ clientId: "portal-app"
+ redirectUris:
+ - 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "portal-ng-ui") }}/*'
+ - 'http://localhost/*'
+ protocol: openid-connect
+ additionalAttributes:
+ post.logout.redirect.uris: 'https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" "portal-ng-ui") }}/*'
+ protocolMappers:
+ - name: "User-Roles"
+ protocolMapper: "oidc-usermodel-attribute-mapper"
+ config:
+ userinfo.token.claim: "true"
+ id.token.claim: "true"
+ access.token.claim: "true"
+ claim.name: "roles"
+ multivalued: "true"
+ - name: "SDC-User"
+ protocolMapper: "oidc-usermodel-attribute-mapper"
+ config:
+ userinfo.token.claim: "true"
+ user.attribute: "sdc_user"
+ id.token.claim: "true"
+ access.token.claim: "true"
+ claim.name: "sdc_user"
+ jsonType.label: "String"
+ portal_bff:
+ clientId: "portal-bff"
+ protocol: openid-connect
+ secret : pKOuVH1bwRZoNzp5P5t4GV8CqcCJYVtr
+ protocolMappers:
+ - name: "Client Host"
+ protocolMapper: "oidc-usersessionmodel-note-mapper"
+ config:
+ user.session.note : "clientHost"
+ id.token.claim : "true"
+ access.token.claim : "true"
+ claim.name : "clientHost"
+ jsonType.label : "String"
+ - name: "Client IP Address"
+ protocolMapper: "oidc-usersessionmodel-note-mapper"
+ config:
+ user.session.note : "clientAddress"
+ id.token.claim : "true"
+ access.token.claim : "true"
+ claim.name : "clientAddress"
+ jsonType.label : "String"
+ defaultClientScopes:
+ - "onap_roles"
+ additionalClientScopes:
+ - name: onap_roles
+ description: OpenID Connect scope for add user onap roles to the access token
+ protocolMappers:
+ - name: aud
+ protocol: openid-connect
+ protocolMapper: oidc-audience-mapper
+ consentRequired: false
+ config:
+ included.client.audience: oauth2-proxy
+ id.token.claim: 'false'
+ access.token.claim: 'true'
+ - name: client roles
+ protocol: openid-connect
+ protocolMapper: oidc-usermodel-client-role-mapper
+ consentRequired: false
+ config:
+ multivalued: 'true'
+ userinfo.token.claim: 'false'
+ id.token.claim: 'true'
+ access.token.claim: 'true'
+ claim.name: onap_roles
+ jsonType.label: String
+ usermodel.clientRoleMapping.clientId: oauth2-proxy
+ accessControl:
+ assignableRoles:
+ - name: portal_admin
+ description: "User role for administration tasks in the portal."
+ - name: portal_designer
+ description: "User role for designer tasks in the portal."
+ - name: portal_operator
+ description: "User role for operator tasks in the portal."
+ - name: onap-operator-read
+ description: "Allows to perform GET operations for all ONAP components"
+ associatedAccessRoles: [ "dmaap-bc-api-read", "dmaap-dr-node-api-read", "dmaap-dr-prov-api-read", "dmaap-mr-api-read", "msb-consul-api-read", "msb-discovery-api-read", "msb-eag-ui-read", "msb-iag-ui-read", "nbi-api-read", "aai-api-read", "aai-babel-api-read", "aai-sparkybe-api-read", "cds-blueprintsprocessor-api-read", "cds-ui-read", "cps-core-api-read", "cps-ncmp-dmi-plugin-api-read", "cps-temporal-api-read", "reaper-dc1-read", "sdc-be-api-read", "sdc-fe-ui-read", "sdc-wfd-be-api-read", "sdc-wfd-fe-ui-read", "so-admin-cockpit-ui-read", "so-api-read", "usecase-ui-read", "uui-server-read" ]
+ - name: onap-operator-write
+ description: "Allows to perform GET, POST, PUT, PATCH operations for all ONAP components"
+ associatedAccessRoles: [ "dmaap-bc-api-write", "dmaap-dr-node-api-write", "dmaap-dr-prov-api-write", "dmaap-mr-api-write", "msb-consul-api-write", "msb-discovery-api-write", "msb-eag-ui-write", "msb-iag-ui-write", "nbi-api-write", "aai-api-write", "aai-babel-api-write", "aai-sparkybe-api-write", "cds-blueprintsprocessor-api-write", "cds-ui-write", "cps-core-api-write", "cps-ncmp-dmi-plugin-api-write", "cps-temporal-api-write", "reaper-dc1-write", "sdc-be-api-write", "sdc-fe-ui-write", "sdc-wfd-be-api-write", "sdc-wfd-fe-ui-write", "so-admin-cockpit-ui-write", "so-api-write", "usecase-ui-write", "uui-server-write" ]
+ - name: onap-operator-full
+ description: "Allows to perform GET, POST, PUT, PATCH, DELETE operations for all ONAP components"
+ associatedAccessRoles: [ "dmaap-bc-api-full", "dmaap-dr-node-api-full", "dmaap-dr-prov-api-full", "dmaap-mr-api-full", "msb-consul-api-full", "msb-discovery-api-full", "msb-eag-ui-full", "msb-iag-ui-full", "nbi-api-full", "aai-api-full", "aai-babel-api-full", "aai-sparkybe-api-full", "cds-blueprintsprocessor-api-full", "cds-ui-full", "cps-core-api-full", "cps-ncmp-dmi-plugin-api-full", "cps-temporal-api-full", "reaper-dc1-full", "sdc-be-api-full", "sdc-fe-ui-full", "sdc-wfd-be-api-full", "sdc-wfd-fe-ui-full", "so-admin-cockpit-ui-full", "so-api-full", "usecase-ui-full", "uui-server-full" ]
+ - name: platform-operator-read
+ description: "Allows to perform GET operations for all ONAP components"
+ associatedAccessRoles: [ "grafana-read", "kibana-read" ]
+ - name: platform-operator-write
+ description: "Allows to perform GET, POST, PUT, PATCH operations for all ONAP components"
+ associatedAccessRoles: [ "grafana-write", "kibana-write" ]
+ - name: platform-operator-full
+ description: "Allows to perform GET, POST, PUT, PATCH, DELETE operations for all ONAP components"
+ associatedAccessRoles: [ "grafana-full", "kibana-full" ]
+ - name: platform-all-read
+ description: "Allows to perform GET operations for all PLATFORM components"
+ associatedAccessRoles: [ "dmaap-bc-api-read", "dmaap-dr-node-api-read", "dmaap-dr-prov-api-read", "dmaap-mr-api-read", "msb-consul-api-read", "msb-discovery-api-read", "msb-eag-ui-read", "msb-iag-ui-read", "nbi-api-read", "aai-api-read", "aai-babel-api-read", "aai-sparkybe-api-read", "cds-blueprintsprocessor-api-read", "cds-ui-read", "cps-core-api-read", "cps-ncmp-dmi-plugin-api-read", "cps-temporal-api-read", "grafana-read", "kibana-read", "reaper-dc1-read", "sdc-be-api-read", "sdc-fe-ui-read", "sdc-wfd-be-api-read", "sdc-wfd-fe-ui-read", "so-admin-cockpit-ui-read", "so-api-read", "usecase-ui-read", "uui-server-read" ]
+ - name: platform-all-write
+ description: "Allows to perform GET, POST, PUT, PATCH operations for all PLATFORM components"
+ associatedAccessRoles: [ "dmaap-bc-api-write", "dmaap-dr-node-api-write", "dmaap-dr-prov-api-write", "dmaap-mr-api-write", "msb-consul-api-write", "msb-discovery-api-write", "msb-eag-ui-write", "msb-iag-ui-write", "nbi-api-write", "aai-api-write", "aai-babel-api-write", "aai-sparkybe-api-write", "cds-blueprintsprocessor-api-write", "cds-ui-write", "cps-core-api-write", "cps-ncmp-dmi-plugin-api-write", "cps-temporal-api-write", "grafana-write", "kibana-write", "reaper-dc1-write", "sdc-be-api-write", "sdc-fe-ui-write", "sdc-wfd-be-api-write", "sdc-wfd-fe-ui-write", "so-admin-cockpit-ui-write", "so-api-write", "usecase-ui-write", "uui-server-write" ]
+ - name: platform-all-full
+ description: "Allows to perform GET, POST, PUT, PATCH, DELETE operations for all PLATFORM components"
+ associatedAccessRoles: [ "dmaap-bc-api-full", "dmaap-dr-node-api-full", "dmaap-dr-prov-api-full", "dmaap-mr-api-full", "msb-consul-api-full", "msb-discovery-api-full", "msb-eag-ui-full", "msb-iag-ui-full", "nbi-api-full", "aai-api-full", "aai-babel-api-full", "aai-sparkybe-api-full", "cds-blueprintsprocessor-api-full", "cds-ui-full", "cps-core-api-full", "cps-ncmp-dmi-plugin-api-full", "cps-temporal-api-full", "grafana-full", "kibana-full", "reaper-dc1-full", "sdc-be-api-full", "sdc-fe-ui-full", "sdc-wfd-be-api-full", "sdc-wfd-fe-ui-full", "so-admin-cockpit-ui-full", "so-api-full", "usecase-ui-full", "uui-server-full" ]
+ accessRoles:
+ "oauth2_proxy":
+ - name: dmaap-bc-api-read
+ methodsAllowed: ["GET"]
+ servicePrefix: dmaap-bc-api
+ - name: dmaap-bc-api-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: dmaap-bc-api
+ - name: dmaap-bc-api-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: dmaap-bc-api
+ - name: dmaap-dr-node-api-read
+ methodsAllowed: ["GET"]
+ servicePrefix: dmaap-dr-node-api
+ - name: dmaap-dr-node-api-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: dmaap-dr-node-api
+ - name: dmaap-dr-node-api-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: dmaap-dr-node-api
+ - name: dmaap-dr-prov-api-read
+ methodsAllowed: ["GET"]
+ servicePrefix: dmaap-dr-prov-api
+ - name: dmaap-dr-prov-api-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: dmaap-dr-prov-api
+ - name: dmaap-dr-prov-api-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: dmaap-dr-prov-api
+ - name: dmaap-mr-api-read
+ methodsAllowed: ["GET"]
+ servicePrefix: dmaap-mr-api
+ - name: dmaap-mr-api-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: dmaap-mr-api
+ - name: dmaap-mr-api-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: dmaap-mr-api
+ - name: msb-consul-api-read
+ methodsAllowed: ["GET"]
+ servicePrefix: msb-consul-api
+ - name: msb-consul-api-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: msb-consul-api
+ - name: msb-consul-api-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: msb-consul-api
+ - name: msb-discovery-api-read
+ methodsAllowed: ["GET"]
+ servicePrefix: msb-discovery-api
+ - name: msb-discovery-api-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: msb-discovery-api
+ - name: msb-discovery-api-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: msb-discovery-api
+ - name: msb-eag-ui-read
+ methodsAllowed: ["GET"]
+ servicePrefix: msb-eag-ui
+ - name: msb-eag-ui-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: msb-eag-ui
+ - name: msb-eag-ui-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: msb-eag-ui
+ - name: msb-iag-ui-read
+ methodsAllowed: ["GET"]
+ servicePrefix: msb-iag-ui
+ - name: msb-iag-ui-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: msb-iag-ui
+ - name: msb-iag-ui-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: msb-iag-ui
+ - name: nbi-api-read
+ methodsAllowed: ["GET"]
+ servicePrefix: nbi-api
+ - name: nbi-api-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: nbi-api
+ - name: nbi-api-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: nbi-api
+ - name: aai-api-read
+ methodsAllowed: ["GET"]
+ servicePrefix: aai-api
+ - name: aai-api-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: aai-api
+ - name: aai-api-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: aai-api
+ - name: aai-babel-api-read
+ methodsAllowed: ["GET"]
+ servicePrefix: aai-babel-api
+ - name: aai-babel-api-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: aai-babel-api
+ - name: aai-babel-api-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: aai-babel-api
+ - name: aai-sparkybe-api-read
+ methodsAllowed: ["GET"]
+ servicePrefix: aai-sparkybe-api
+ - name: aai-sparkybe-api-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: aai-sparkybe-api
+ - name: aai-sparkybe-api-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: aai-sparkybe-api
+ - name: cds-blueprintsprocessor-api-read
+ methodsAllowed: ["GET"]
+ servicePrefix: cds-blueprintsprocessor-api
+ - name: cds-blueprintsprocessor-api-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: cds-blueprintsprocessor-api
+ - name: cds-blueprintsprocessor-api-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: cds-blueprintsprocessor-api
+ - name: cds-ui-read
+ methodsAllowed: ["GET"]
+ servicePrefix: cds-ui
+ - name: cds-ui-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: cds-ui
+ - name: cds-ui-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: cds-ui
+ - name: cps-core-api-read
+ methodsAllowed: ["GET"]
+ servicePrefix: cps-core-api
+ - name: cps-core-api-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: cps-core-api
+ - name: cps-core-api-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: cps-core-api
+ - name: cps-ncmp-dmi-plugin-api-read
+ methodsAllowed: ["GET"]
+ servicePrefix: cps-ncmp-dmi-plugin-api
+ - name: cps-ncmp-dmi-plugin-api-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: cps-ncmp-dmi-plugin-api
+ - name: cps-ncmp-dmi-plugin-api-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: cps-ncmp-dmi-plugin-api
+ - name: cps-temporal-api-read
+ methodsAllowed: ["GET"]
+ servicePrefix: cps-temporal-api
+ - name: cps-temporal-api-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: cps-temporal-api
+ - name: cps-temporal-api-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: cps-temporal-api
+ - name: grafana-read
+ methodsAllowed: ["GET"]
+ servicePrefix: grafana
+ - name: grafana-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: grafana
+ - name: grafana-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: grafana
+ - name: kibana-read
+ methodsAllowed: ["GET"]
+ servicePrefix: kibana
+ - name: kibana-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: kibana
+ - name: kibana-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: kibana
+ - name: minio-read
+ methodsAllowed: ["GET"]
+ servicePrefix: minio-console
+ - name: minio-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: minio-console
+ - name: minio-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: minio-console
+ - name: reaper-dc1-read
+ methodsAllowed: ["GET"]
+ servicePrefix: reaper-dc1
+ - name: reaper-dc1-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: reaper-dc1
+ - name: reaper-dc1-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: reaper-dc1
+ - name: sdc-be-api-read
+ methodsAllowed: ["GET"]
+ servicePrefix: sdc-be-api
+ - name: sdc-be-api-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: sdc-be-api
+ - name: sdc-be-api-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: sdc-be-api
+ - name: sdc-fe-ui-read
+ methodsAllowed: ["GET"]
+ servicePrefix: sdc-fe-ui
+ - name: sdc-fe-ui-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: sdc-fe-ui
+ - name: sdc-fe-ui-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: sdc-fe-ui
+ - name: sdc-wfd-be-api-read
+ methodsAllowed: ["GET"]
+ servicePrefix: sdc-wfd-be-api
+ - name: sdc-wfd-be-api-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: sdc-wfd-be-api
+ - name: sdc-wfd-be-api-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: sdc-wfd-be-api
+ - name: sdc-wfd-fe-ui-read
+ methodsAllowed: ["GET"]
+ servicePrefix: sdc-wfd-fe-ui
+ - name: sdc-wfd-fe-ui-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: sdc-wfd-fe-ui
+ - name: sdc-wfd-fe-ui-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: sdc-wfd-fe-ui
+ - name: so-admin-cockpit-ui-read
+ methodsAllowed: ["GET"]
+ servicePrefix: so-admin-cockpit-ui
+ - name: so-admin-cockpit-ui-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: so-admin-cockpit-ui
+ - name: so-admin-cockpit-ui-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: so-admin-cockpit-ui
+ - name: so-api-read
+ methodsAllowed: ["GET"]
+ servicePrefix: so-api
+ - name: so-api-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: so-api
+ - name: so-api-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: so-api
+ - name: usecase-ui-read
+ methodsAllowed: ["GET"]
+ servicePrefix: usecase-ui
+ - name: usecase-ui-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: usecase-ui
+ - name: usecase-ui-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: usecase-ui
+ - name: uui-server-read
+ methodsAllowed: ["GET"]
+ servicePrefix: uui-server
+ - name: uui-server-write
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH"]
+ servicePrefix: uui-server
+ - name: uui-server-full
+ methodsAllowed: ["GET", "POST", "PUT", "PATCH", "DELETE"]
+ servicePrefix: uui-server
diff --git a/kubernetes/common/cassandra/.helmignore b/kubernetes/common/cassandra/.helmignore
new file mode 100644
index 0000000000..0bab41b6b1
--- /dev/null
+++ b/kubernetes/common/cassandra/.helmignore
@@ -0,0 +1,32 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/cassandra/Chart.yaml b/kubernetes/common/cassandra/Chart.yaml
index ee3f4e5355..544ebb247d 100644
--- a/kubernetes/common/cassandra/Chart.yaml
+++ b/kubernetes/common/cassandra/Chart.yaml
@@ -18,7 +18,7 @@
apiVersion: v2
description: ONAP cassandra
name: cassandra
-version: 13.1.0
+version: 13.1.1
dependencies:
- name: common
@@ -30,4 +30,4 @@ dependencies:
- name: serviceAccount
version: ~13.x-0
repository: 'file://../serviceAccount'
- condition: global.cassandra.enableServiceAccount \ No newline at end of file
+ condition: global.cassandra.enableServiceAccount
diff --git a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
index f9f62739f2..50051b4b44 100644
--- a/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
+++ b/kubernetes/common/cassandra/resources/config/docker-entrypoint.sh
@@ -93,4 +93,3 @@ if [ "$1" = 'cassandra' ]; then
fi
exec "$@"
-
diff --git a/kubernetes/common/cassandra/resources/exec.py b/kubernetes/common/cassandra/resources/exec.py
index a7f297399e..ec2f0b4fc6 100644
--- a/kubernetes/common/cassandra/resources/exec.py
+++ b/kubernetes/common/cassandra/resources/exec.py
@@ -118,5 +118,3 @@ def main(argv):
if __name__ == "__main__":
main(sys.argv[1:])
-
-
diff --git a/kubernetes/common/cassandra/templates/backup/cronjob.yaml b/kubernetes/common/cassandra/templates/backup/cronjob.yaml
index 6db1202b4f..263ac28512 100644
--- a/kubernetes/common/cassandra/templates/backup/cronjob.yaml
+++ b/kubernetes/common/cassandra/templates/backup/cronjob.yaml
@@ -250,4 +250,4 @@ spec:
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-backup-data
{{- end -}}
-{{- end -}} \ No newline at end of file
+{{- end -}}
diff --git a/kubernetes/common/cassandra/templates/cassOp.yaml b/kubernetes/common/cassandra/templates/cassOp.yaml
index 9f463adf08..6b7052d10e 100644
--- a/kubernetes/common/cassandra/templates/cassOp.yaml
+++ b/kubernetes/common/cassandra/templates/cassOp.yaml
@@ -16,4 +16,4 @@
{{- if .Values.global.cassandra.useOperator }}
{{ include "common.k8ssandraCluster" . }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/cassandra/templates/configmap.yaml b/kubernetes/common/cassandra/templates/configmap.yaml
index 5510986e54..117100a441 100644
--- a/kubernetes/common/cassandra/templates/configmap.yaml
+++ b/kubernetes/common/cassandra/templates/configmap.yaml
@@ -26,4 +26,4 @@ metadata:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/docker-entrypoint.sh").AsConfig . | indent 2 }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/cassandra/templates/pv.yaml b/kubernetes/common/cassandra/templates/pv.yaml
index d18e51d2f4..00e61d3bb5 100644
--- a/kubernetes/common/cassandra/templates/pv.yaml
+++ b/kubernetes/common/cassandra/templates/pv.yaml
@@ -15,4 +15,4 @@
*/}}
{{- if not .Values.global.cassandra.useOperator }}
{{ include "common.replicaPV" . }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/cassandra/templates/secrets.yaml b/kubernetes/common/cassandra/templates/secrets.yaml
index 5a611a9bef..181e5f98a7 100644
--- a/kubernetes/common/cassandra/templates/secrets.yaml
+++ b/kubernetes/common/cassandra/templates/secrets.yaml
@@ -18,4 +18,4 @@
{{- if .Values.global.cassandra.useOperator }}
{{ include "common.secretFast" . }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/cassandra/templates/service.yaml b/kubernetes/common/cassandra/templates/service.yaml
index 8b2e534a5f..6b6f585d2f 100644
--- a/kubernetes/common/cassandra/templates/service.yaml
+++ b/kubernetes/common/cassandra/templates/service.yaml
@@ -16,4 +16,4 @@
{{- if not .Values.global.cassandra.useOperator }}
{{ include "common.headlessService" . }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/cassandra/templates/servicemonitor.yaml b/kubernetes/common/cassandra/templates/servicemonitor.yaml
index 078107393a..57f4d3f412 100644
--- a/kubernetes/common/cassandra/templates/servicemonitor.yaml
+++ b/kubernetes/common/cassandra/templates/servicemonitor.yaml
@@ -18,4 +18,4 @@
{{- if .Values.metrics.serviceMonitor.enabled }}
{{ include "common.serviceMonitor" . }}
{{- end }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml
index ddaff5c7c0..d76dde3454 100644
--- a/kubernetes/common/cassandra/templates/statefulset.yaml
+++ b/kubernetes/common/cassandra/templates/statefulset.yaml
@@ -199,4 +199,4 @@ spec:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- end }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml
index 0ab1f0961c..842c268c8a 100644
--- a/kubernetes/common/cassandra/values.yaml
+++ b/kubernetes/common/cassandra/values.yaml
@@ -40,16 +40,30 @@ k8ssandraOperator:
superuserPassword: &superuserpassword cassandra
casOptions:
authorizer: AllowAllAuthorizer
- read_request_timeout: 10000ms
- write_request_timeout: 10000ms
+ read_request_timeout: 15000ms
+ write_request_timeout: 15000ms
counter_write_request_timeout: 15000ms
+ request_timeout: 15000ms
+ auto_snapshot: false
+ commitlog_segment_size: 128MiB
+ commitlog_sync_period: 15000ms
+ concurrent_reads: 16
+ concurrent_writes: 16
+ counter_cache_size: 16MiB
jvmOptions:
heap_initial_size: 512M
- heap_max_size: 8192M
+ heap_max_size: 4096M
hostNetwork: false
datacenters:
- name: dc1
size: 3
+ resources:
+ requests:
+ cpu: 2
+ memory: 8Gi
+ limits:
+ cpu: 8
+ memory: 8Gi
reaper:
enabled: true
stargate:
diff --git a/kubernetes/common/common/.helmignore b/kubernetes/common/common/.helmignore
new file mode 100644
index 0000000000..f066c4b723
--- /dev/null
+++ b/kubernetes/common/common/.helmignore
@@ -0,0 +1,32 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.local/
+.config/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/common/Chart.yaml b/kubernetes/common/common/Chart.yaml
index ffcda6736a..6fa292639e 100644
--- a/kubernetes/common/common/Chart.yaml
+++ b/kubernetes/common/common/Chart.yaml
@@ -1,5 +1,6 @@
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2021 Orange
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,8 +13,8 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
+---
apiVersion: v2
description: Common templates for inclusion in other charts
name: common
-version: 13.2.0
+version: 13.2.6
diff --git a/kubernetes/common/common/templates/_affinities.tpl b/kubernetes/common/common/templates/_affinities.tpl
index bf7ae497ca..69d0e78680 100644
--- a/kubernetes/common/common/templates/_affinities.tpl
+++ b/kubernetes/common/common/templates/_affinities.tpl
@@ -106,4 +106,4 @@ Return a podAffinity/podAntiAffinity definition
{{- else if eq .type "hard" }}
{{- include "common.affinities.pods.hard" . -}}
{{- end -}}
-{{- end -}} \ No newline at end of file
+{{- end -}}
diff --git a/kubernetes/common/common/templates/_cassOp.tpl b/kubernetes/common/common/templates/_cassOp.tpl
index b0cf8e331e..c707312b80 100644
--- a/kubernetes/common/common/templates/_cassOp.tpl
+++ b/kubernetes/common/common/templates/_cassOp.tpl
@@ -1,5 +1,5 @@
{{/*
-# Copyright © 2022 Deutsche Telekom AG
+# Copyright © 2022-2024 Deutsche Telekom AG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -45,6 +45,29 @@ spec:
endpoint:
address: 0.0.0.0
{{- end }}
+ podSecurityContext:
+ fsGroup: 1001
+ runAsGroup: 1001
+ runAsUser: 1001
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ initContainerSecurityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
{{- end }}
{{ if .Values.k8ssandraOperator.stargate.enabled -}}
stargate:
@@ -110,14 +133,61 @@ spec:
- metadata:
name: {{ $datacenter.name }}
size: {{ $datacenter.size }}
+ {{ if $datacenter.resources -}}
+ resources:
+ {{ toYaml $datacenter.resources | nindent 10 }}
+ {{- end }}
{{- end }}
- {{ if .Values.podAnnotations -}}
+ initContainers:
+ - name: server-config-init-base
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ - name: server-config-init
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ containers:
+ - name: cassandra
+ securityContext:
+ allowPrivilegeEscalation: false
+ #readOnlyRootFilesystem: true
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ - name: server-system-logger
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ podSecurityContext:
+ fsGroup: 999
+ runAsGroup: 999
+ runAsUser: 999
+ runAsNonRoot: true
metadata:
+ {{ if .Values.podAnnotations -}}
pods:
annotations:
{{ toYaml .Values.podAnnotations | nindent 10 }}
+ {{- end }}
commonLabels:
app: {{ .Values.k8ssandraOperator.config.clusterName }}
version: {{ .Values.k8ssandraOperator.cassandraVersion }}
- {{- end }}
{{ end }}
diff --git a/kubernetes/common/common/templates/_dmaapProvisioning.tpl b/kubernetes/common/common/templates/_dmaapProvisioning.tpl
index e7b90ea8ff..f162e9a2f9 100644
--- a/kubernetes/common/common/templates/_dmaapProvisioning.tpl
+++ b/kubernetes/common/common/templates/_dmaapProvisioning.tpl
@@ -115,4 +115,4 @@
{{- include "common.dmaap.provisioning._volumeMounts" $dot | trim | nindent 2 }}
resources: {{ include "common.resources" $dot | nindent 4 }}
{{- end -}}
-{{- end -}} \ No newline at end of file
+{{- end -}}
diff --git a/kubernetes/common/common/templates/_log.tpl b/kubernetes/common/common/templates/_log.tpl
index 993c48239a..dc900dd4e4 100644
--- a/kubernetes/common/common/templates/_log.tpl
+++ b/kubernetes/common/common/templates/_log.tpl
@@ -59,4 +59,3 @@ data:
{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}
{{- end }}
{{- end -}}
-
diff --git a/kubernetes/common/common/templates/_mariadb.tpl b/kubernetes/common/common/templates/_mariadb.tpl
index 3092298a7d..0e46e5ef26 100644
--- a/kubernetes/common/common/templates/_mariadb.tpl
+++ b/kubernetes/common/common/templates/_mariadb.tpl
@@ -257,6 +257,29 @@ spec:
runAsUser: 10001
runAsGroup: 10001
fsGroup: 10001
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ securityContext:
+ readOnlyRootFilesystem: true
+ privileged: false
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ volumes:
+ - name: run
+ emptyDir:
+ sizeLimit: 64Mi
+ - name: tmp
+ emptyDir:
+ sizeLimit: 64Mi
+ volumeMounts:
+ - name: run
+ mountPath: /run/mysqld
+ - name: tmp
+ mountPath: /tmp
inheritMetadata:
{{ if .Values.podAnnotations -}}
annotations: {{ toYaml .Values.podAnnotations | nindent 6 }}
@@ -288,6 +311,17 @@ spec:
enabled: true
authDelegatorRoleName: {{ $dbinst }}-auth
gracefulShutdownTimeout: 5s
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ privileged: false
+ runAsNonRoot: true
+ runAsUser: 10001
+ seccompProfile:
+ type: RuntimeDefault
primary:
automaticFailover: true
podIndex: 0
@@ -301,6 +335,17 @@ spec:
initContainer:
image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ $dot.Values.mariadbOperator.galera.initImage }}:{{ $dot.Values.mariadbOperator.galera.initVersion }}
imagePullPolicy: IfNotPresent
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ privileged: false
+ runAsNonRoot: true
+ runAsUser: 10001
+ seccompProfile:
+ type: RuntimeDefault
config:
reuseStorageVolume: false
volumeClaimTemplate:
@@ -334,6 +379,31 @@ spec:
{{- if default false $dot.Values.global.metrics.enabled }}
metrics:
enabled: true
+ exporter:
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/prom/mysqld-exporter:v0.15.1
+ port: 9104
+ podSecurityContext:
+ fsGroup: 10001
+ runAsGroup: 10001
+ runAsUser: 10001
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ securityContext:
+ readOnlyRootFilesystem: true
+ privileged: false
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ resources:
+ limits:
+ cpu: 100m
+ memory: 128Mi
+ requests:
+ cpu: 100m
+ memory: 128Mi
{{- end }}
affinity:
podAntiAffinity:
diff --git a/kubernetes/common/common/templates/_mongodb.tpl b/kubernetes/common/common/templates/_mongodb.tpl
new file mode 100644
index 0000000000..80d8d72194
--- /dev/null
+++ b/kubernetes/common/common/templates/_mongodb.tpl
@@ -0,0 +1,165 @@
+{{/*
+# Copyright © 2019 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{/*
+ UID of mongodb root password
+*/}}
+{{- define "common.mongodb.secret.rootPassUID" -}}
+ {{- printf "db-root-password" }}
+{{- end -}}
+
+{{/*
+ Name of mongodb secret
+*/}}
+{{- define "common.mongodb.secret._secretName" -}}
+ {{- $global := .dot }}
+ {{- $chartName := tpl .chartName $global -}}
+ {{- include "common.secret.genName" (dict "global" $global "uid" (include .uidTemplate $global) "chartName" $chartName) }}
+{{- end -}}
+
+{{/*
+ Name of mongodb root password secret
+*/}}
+{{- define "common.mongodb.secret.rootPassSecretName" -}}
+ {{- include "common.mongodb.secret._secretName" (set . "uidTemplate" "common.mongodb.secret.rootPassUID") }}
+{{- end -}}
+
+{{/*
+ UID of mongodb user credentials
+*/}}
+{{- define "common.mongodb.secret.userCredentialsUID" -}}
+ {{- printf "db-user-credentials" }}
+{{- end -}}
+
+{{/*
+ Name of mongodb user credentials secret
+*/}}
+{{- define "common.mongodb.secret.userCredentialsSecretName" -}}
+ {{- include "common.mongodb.secret._secretName" (set . "uidTemplate" "common.mongodb.secret.userCredentialsUID") }}
+{{- end -}}
+
+{{/*
+ UID of mongodb primary password
+*/}}
+{{- define "common.mongodb.secret.primaryPasswordUID" -}}
+ {{- printf "primary-password" }}
+{{- end -}}
+
+{{/*
+ Name of mongodb user credentials secret
+*/}}
+{{- define "common.mongodb.secret.primaryPasswordSecretName" -}}
+ {{- include "common.mongodb.secret._secretName" (set . "uidTemplate" "common.mongodb.secret.primaryPasswordUID") }}
+{{- end -}}
+
+{{/*
+ Choose the name of the mongodb app label to use.
+*/}}
+{{- define "common.mongodbAppName" -}}
+ {{- if .Values.global.mongodb.localCluster -}}
+ {{- index .Values "mongodb" "nameOverride" -}}
+ {{- else -}}
+ {{- .Values.global.mongodb.nameOverride -}}
+ {{- end -}}
+{{- end -}}
+
+#Not edited yet
+{{/*
+ Create mongodb cluster via mongodb percona-operator
+*/}}
+{{- define "common.mongodbOpInstance" -}}
+{{- $dot := default . .dot -}}
+{{- $global := $dot.Values.global -}}
+{{- $dbinst := include "common.name" $dot -}}
+---
+
+apiVersion: psmdb.percona.com/v1
+kind: PerconaServerMongoDB
+metadata:
+ name: {{ $dbinst }}
+ labels:
+ app: {{ $dbinst }}
+ version: "5.5"
+spec:
+ metadata:
+ labels:
+ app: {{ $dbinst }}
+ version: "5.5"
+ {{- if .Values.mongodbOperator.imageMongo }}
+ image: {{ .Values.mongodbOperator.imageMongo | quote }}
+ {{- end }}
+ imagePullSecrets:
+ - name: {{ include "common.namespace" . }}-docker-registry-key
+ mongodbVersion: {{ $dot.Values.mongodbOperator.mongodbVersion }}
+ instances:
+ - name: {{ default "instance1" .Values.mongodbOperator.instanceName | quote }}
+ replicas: {{ default 2 .Values.mongodbOperator.instanceReplicas }}
+ dataVolumeClaimSpec:
+ {{- if .Values.instanceStorageClassName }}
+ storageClassName: {{ .Values.mongodbOperator.instanceStorageClassName | quote }}
+ {{- end }}
+ accessModes:
+ - "ReadWriteOnce"
+ resources:
+ requests:
+ storage: {{ default "1Gi" .Values.mongodbOperator.instanceSize | quote }}
+ {{- if or .Values.instanceMemory .Values.mongodbOperator.instanceCPU }}
+ resources:
+ limits:
+ cpu: {{ default "" .Values.mongodbOperator.instanceCPU | quote }}
+ memory: {{ default "" .Values.mongodbOperator.instanceMemory | quote }}
+ {{- end }}
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ topologyKey: kubernetes.io/hostname
+ labelSelector:
+ matchLabels:
+ mongodb-operator.crunchydata.com/cluster: {{ $dbinst }}
+ mongodb-operator.crunchydata.com/instance-set: {{ default "instance1" .Values.mongodbOperator.instanceName | quote }}
+ proxy:
+ pgBouncer:
+ metadata:
+ labels:
+ app: {{ $dbinst }}
+ version: "5.5"
+ {{- if .Values.mongodbOperator.imagePgBouncer }}
+ image: {{ .Values.mongodbOperator.imagePgBouncer | quote }}
+ {{- end }}
+ replicas: {{ default 2 .Values.mongodbOperator.bouncerReplicas }}
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ topologyKey: kubernetes.io/hostname
+ labelSelector:
+ matchLabels:
+ mongodb-operator.crunchydata.com/cluster: {{ $dbinst }}
+ mongodb-operator.crunchydata.com/role: pgbouncer
+ {{- if .Values.mongodbOperator.monitoring }}
+ monitoring:
+ pgmonitor:
+ exporter:
+ image: {{ default "" .Values.mongodbOperator.imageExporter | quote }}
+ {{- if .Values.mongodbOperator.monitoringConfig }}
+{{ toYaml .Values.monitoringConfig | indent 8 }}
+ {{- end }}
+ {{- end }}
+ users:
+ - name: mongodb
+{{- end -}}
diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl
index 810350bfa6..743e3db1df 100644
--- a/kubernetes/common/common/templates/_pod.tpl
+++ b/kubernetes/common/common/templates/_pod.tpl
@@ -53,20 +53,60 @@
{{/*
Generate securityContext for pod
+ required variables: user_id, group_id
+ optional variables: fsgroup_id, runAsNonRoot, seccompProfileType
+ Example in values.yaml
+ securityContext:
+ user_id: 70
+ group_id: 70
+ # fsgroup_id: 70
+ # runAsNonRoot: true
+ # seccompProfileType: "RuntimeDefault"
*/}}
{{- define "common.podSecurityContext" -}}
securityContext:
runAsUser: {{ .Values.securityContext.user_id }}
runAsGroup: {{ .Values.securityContext.group_id }}
- fsGroup: {{ .Values.securityContext.group_id }}
+ fsGroup: {{ default .Values.securityContext.group_id .Values.securityContext.fsgroup_id }}
+ runAsNonRoot: {{ hasKey .Values.securityContext "runAsNonRoot" | ternary .Values.securityContext.runAsNonRoot true }}
+ seccompProfile:
+ type: {{ default "RuntimeDefault" .Values.securityContext.seccompProfileType }}
{{- end }}
{{/*
- Generate securityContext for container
+ Generate securityContext for container (optional)
+ predefined variables: capabilities.drop
+ optional variables: readOnlyRootFilesystem, privileged, allowPrivilegeEscalation
+ Example in values.yaml
+ containerSecurityContext:
+ capabilities:
+ privileged: false
+ runAsUser: 1337
+ runAsGroup: 1337
+ runAsNonRoot: true
+ readOnlyRootFilesystem: true
+ allowPrivilegeEscalation: false
*/}}
{{- define "common.containerSecurityContext" -}}
securityContext:
+{{- if not .Values.containerSecurityContext }}
readOnlyRootFilesystem: true
privileged: false
allowPrivilegeEscalation: false
+{{- else }}
+ readOnlyRootFilesystem: {{ hasKey .Values.containerSecurityContext "readOnlyRootFilesystem" | ternary .Values.containerSecurityContext.readOnlyRootFilesystem false }}
+ privileged: {{ hasKey .Values.containerSecurityContext "privileged" | ternary .Values.containerSecurityContext.privileged false }}
+ allowPrivilegeEscalation: {{ hasKey .Values.containerSecurityContext "allowPrivilegeEscalation" | ternary .Values.containerSecurityContext.allowPrivilegeEscalation false }}
+ runAsNonRoot: {{ hasKey .Values.containerSecurityContext "runAsNonRoot" | ternary .Values.containerSecurityContext.runAsNonRoot true }}
+{{- if .Values.containerSecurityContext.runAsUser }}
+ runAsUser: {{ .Values.containerSecurityContext.runAsUser }}
+{{- end }}
+{{- if .Values.containerSecurityContext.runAsGroup }}
+ runAsGroup: {{ .Values.containerSecurityContext.runAsGroup }}
+{{ end }}
+{{- end }}
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
{{- end }}
diff --git a/kubernetes/common/common/templates/_serviceMesh.tpl b/kubernetes/common/common/templates/_serviceMesh.tpl
index de779f8db8..638db8cab1 100644
--- a/kubernetes/common/common/templates/_serviceMesh.tpl
+++ b/kubernetes/common/common/templates/_serviceMesh.tpl
@@ -27,14 +27,27 @@ true
{{- end -}}
{{/*
+ Calculate if we require a sidecar killer.
+*/}}
+{{- define "common.requireSidecarKiller" -}}
+{{- if (include "common.onServiceMesh" .) }}
+{{- if eq .Values.global.serviceMesh.engine "istio" }}
+{{- if not (default false .Values.global.serviceMesh.nativeSidecars) -}}
+true
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
Kills the sidecar proxy associated with a pod.
*/}}
{{- define "common.serviceMesh.killSidecar" -}}
-{{- if (include "common.onServiceMesh" .) }}
+{{- if (include "common.requireSidecarKiller" .) }}
RCODE="$?";
echo "*** script finished with exit code $RCODE" ;
echo "*** killing service mesh sidecar" ;
-curl -sf -X POST http://127.0.0.1:15020/quitquitquit ;
+wget --quiet --post-data '' --output-document=- http://127.0.0.1:15020/quitquitquit || exit $? ;
echo "" ;
echo "*** exiting with script exit code" ;
exit "$RCODE"
@@ -47,7 +60,7 @@ exit "$RCODE"
{{- define "common.waitForJobContainer" -}}
{{- $dot := default . .dot -}}
{{- $wait_for_job_container := default $dot.Values.wait_for_job_container .wait_for_job_container -}}
-{{- if (include "common.onServiceMesh" .) }}
+{{- if (include "common.requireSidecarKiller" .) }}
- name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $wait_for_job_container.name) (empty $wait_for_job_container.name) }}-service-mesh-wait-for-job-container
image: {{ include "repositoryGenerator.image.quitQuit" $dot }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
@@ -65,6 +78,23 @@ exit "$RCODE"
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ privileged: false
+ readOnlyRootFilesystem: true
+ allowPrivilegeEscalation: false
+ runAsUser: 100
+ runAsGroup: 65533
+ resources:
+ limits:
+ cpu: 100m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
{{- end }}
{{- end }}
diff --git a/kubernetes/common/elasticsearch/.helmignore b/kubernetes/common/elasticsearch/.helmignore
index 68ffb32406..0bab41b6b1 100644
--- a/kubernetes/common/elasticsearch/.helmignore
+++ b/kubernetes/common/elasticsearch/.helmignore
@@ -1 +1,32 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
components/
diff --git a/kubernetes/common/elasticsearch/Chart.yaml b/kubernetes/common/elasticsearch/Chart.yaml
index 82c8ccd056..48de2c0502 100644
--- a/kubernetes/common/elasticsearch/Chart.yaml
+++ b/kubernetes/common/elasticsearch/Chart.yaml
@@ -23,7 +23,10 @@ version: 13.0.0
dependencies:
- name: common
version: ~13.x-0
- repository: 'file://../common'
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
- name: master
version: ~13.x-0
repository: 'file://components/master'
@@ -35,6 +38,3 @@ dependencies:
version: ~13.x-0
repository: 'file://components/curator'
condition: elasticsearch.curator.enabled,curator.enabled
- - name: repositoryGenerator
- version: ~13.x-0
- repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/elasticsearch/components/curator/Chart.yaml b/kubernetes/common/elasticsearch/components/curator/Chart.yaml
index 39780f2e83..baceb1dadc 100644
--- a/kubernetes/common/elasticsearch/components/curator/Chart.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/Chart.yaml
@@ -23,7 +23,7 @@ version: 13.0.0
dependencies:
- name: common
version: ~13.x-0
- repository: 'file://../../../common'
+ repository: '@local'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../../../repositoryGenerator' \ No newline at end of file
+ repository: '@local'
diff --git a/kubernetes/common/elasticsearch/components/curator/values.yaml b/kubernetes/common/elasticsearch/components/curator/values.yaml
index 00f113b5bb..d02d017108 100644
--- a/kubernetes/common/elasticsearch/components/curator/values.yaml
+++ b/kubernetes/common/elasticsearch/components/curator/values.yaml
@@ -175,4 +175,3 @@ extraInitContainers: {}
# "storage_class": "${S3_STORAGE_CLASS}"
# }
# }
-
diff --git a/kubernetes/common/elasticsearch/components/data/Chart.yaml b/kubernetes/common/elasticsearch/components/data/Chart.yaml
index d49a21085b..30c925aba7 100644
--- a/kubernetes/common/elasticsearch/components/data/Chart.yaml
+++ b/kubernetes/common/elasticsearch/components/data/Chart.yaml
@@ -23,7 +23,7 @@ version: 13.0.0
dependencies:
- name: common
version: ~13.x-0
- repository: 'file://../../../common'
+ repository: '@local'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../../../repositoryGenerator'
+ repository: '@local'
diff --git a/kubernetes/common/elasticsearch/components/master/Chart.yaml b/kubernetes/common/elasticsearch/components/master/Chart.yaml
index 73d59075e3..e481c7cd4b 100644
--- a/kubernetes/common/elasticsearch/components/master/Chart.yaml
+++ b/kubernetes/common/elasticsearch/components/master/Chart.yaml
@@ -22,7 +22,7 @@ version: 13.0.0
dependencies:
- name: common
version: ~13.x-0
- repository: 'file://../../../common'
+ repository: '@local'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../../../repositoryGenerator'
+ repository: '@local'
diff --git a/kubernetes/common/elasticsearch/templates/_helpers.tpl b/kubernetes/common/elasticsearch/templates/_helpers.tpl
index 1de2599af9..34663e14f1 100644
--- a/kubernetes/common/elasticsearch/templates/_helpers.tpl
+++ b/kubernetes/common/elasticsearch/templates/_helpers.tpl
@@ -69,5 +69,3 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
-
-
diff --git a/kubernetes/common/etcd/.helmignore b/kubernetes/common/etcd/.helmignore
index f0c1319444..0bab41b6b1 100644
--- a/kubernetes/common/etcd/.helmignore
+++ b/kubernetes/common/etcd/.helmignore
@@ -19,3 +19,14 @@
.project
.idea/
*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/etcd/Chart.yaml b/kubernetes/common/etcd/Chart.yaml
index 02fc2c0603..465364b3da 100644
--- a/kubernetes/common/etcd/Chart.yaml
+++ b/kubernetes/common/etcd/Chart.yaml
@@ -28,7 +28,7 @@ sources:
dependencies:
- name: common
version: ~13.x-0
- repository: 'file://../common'
+ repository: '@local'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator'
+ repository: '@local'
diff --git a/kubernetes/common/etcd/templates/service.yaml b/kubernetes/common/etcd/templates/service.yaml
index 006378f631..72dea06832 100644
--- a/kubernetes/common/etcd/templates/service.yaml
+++ b/kubernetes/common/etcd/templates/service.yaml
@@ -35,4 +35,3 @@ spec:
selector:
app.kubernetes.io/name: {{ include "common.name" . }}
app.kubernetes.io/instance: {{ include "common.release" . }}
-
diff --git a/kubernetes/common/logConfiguration/.helmignore b/kubernetes/common/logConfiguration/.helmignore
new file mode 100644
index 0000000000..0bab41b6b1
--- /dev/null
+++ b/kubernetes/common/logConfiguration/.helmignore
@@ -0,0 +1,32 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/logConfiguration/Chart.yaml b/kubernetes/common/logConfiguration/Chart.yaml
index a5790a4d62..7908bfa405 100644
--- a/kubernetes/common/logConfiguration/Chart.yaml
+++ b/kubernetes/common/logConfiguration/Chart.yaml
@@ -22,4 +22,4 @@ version: 13.0.0
dependencies:
- name: common
version: ~13.x-0
- repository: 'file://../common'
+ repository: '@local'
diff --git a/kubernetes/common/mariadb-galera/.helmignore b/kubernetes/common/mariadb-galera/.helmignore
index f0c1319444..0bab41b6b1 100644
--- a/kubernetes/common/mariadb-galera/.helmignore
+++ b/kubernetes/common/mariadb-galera/.helmignore
@@ -19,3 +19,14 @@
.project
.idea/
*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/mariadb-galera/Chart.yaml b/kubernetes/common/mariadb-galera/Chart.yaml
index c5bb0aaf94..41d11a646e 100644
--- a/kubernetes/common/mariadb-galera/Chart.yaml
+++ b/kubernetes/common/mariadb-galera/Chart.yaml
@@ -18,7 +18,7 @@
apiVersion: v2
description: Chart for MariaDB Galera cluster
name: mariadb-galera
-version: 13.2.0
+version: 13.2.2
keywords:
- mariadb
- mysql
@@ -30,14 +30,14 @@ keywords:
dependencies:
- name: common
version: ~13.x-0
- repository: 'file://../common'
+ repository: '@local'
- name: readinessCheck
version: ~13.x-0
- repository: 'file://../readinessCheck'
+ repository: '@local'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator'
+ repository: '@local'
- name: serviceAccount
version: ~13.x-0
- repository: 'file://../serviceAccount'
+ repository: '@local'
condition: global.mariadbGalera.enableServiceAccount \ No newline at end of file
diff --git a/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml b/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml
index 4c2bfcd389..05aafb5cc9 100644
--- a/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml
+++ b/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml
@@ -47,4 +47,4 @@ spec:
{{- end -}}
{{- end -}}
{{- end -}}
-{{- end -}} \ No newline at end of file
+{{- end -}}
diff --git a/kubernetes/common/mariadb-galera/templates/configmap.yaml b/kubernetes/common/mariadb-galera/templates/configmap.yaml
index 0aa0a63f0a..152d39f4a5 100644
--- a/kubernetes/common/mariadb-galera/templates/configmap.yaml
+++ b/kubernetes/common/mariadb-galera/templates/configmap.yaml
@@ -39,4 +39,4 @@ data:
my.cnf: |
{{ .Values.mariadbConfiguration | indent 4 }}
{{- end }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/mariadb-galera/templates/mariadb.yaml b/kubernetes/common/mariadb-galera/templates/mariadb.yaml
index ce09c9ff06..d8ada6fbbb 100644
--- a/kubernetes/common/mariadb-galera/templates/mariadb.yaml
+++ b/kubernetes/common/mariadb-galera/templates/mariadb.yaml
@@ -16,4 +16,4 @@
{{- if .Values.global.mariadbGalera.useOperator }}
{{ include "common.mariadbOpInstance" . }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml b/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml
index d37aeb1751..e628deea15 100644
--- a/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml
+++ b/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml
@@ -34,4 +34,4 @@ spec:
targetPort: tcp-metrics
selector: {{- include "common.matchLabels" . | nindent 4 }}
{{- end }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/mariadb-galera/templates/pdb.yaml b/kubernetes/common/mariadb-galera/templates/pdb.yaml
index 734f03f237..da83abc993 100644
--- a/kubernetes/common/mariadb-galera/templates/pdb.yaml
+++ b/kubernetes/common/mariadb-galera/templates/pdb.yaml
@@ -29,4 +29,4 @@ spec:
selector:
matchLabels: {{- include "common.matchLabels" . | nindent 6 }}
{{- end }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/mariadb-galera/templates/prometheusrules.yaml b/kubernetes/common/mariadb-galera/templates/prometheusrules.yaml
index cf0ab566a4..ee9124f23b 100644
--- a/kubernetes/common/mariadb-galera/templates/prometheusrules.yaml
+++ b/kubernetes/common/mariadb-galera/templates/prometheusrules.yaml
@@ -28,4 +28,3 @@ spec:
rules:
{{- toYaml .Values.metrics.prometheusRules.rules | nindent 6 }}
{{- end }}
-
diff --git a/kubernetes/common/mariadb-galera/templates/pv.yaml b/kubernetes/common/mariadb-galera/templates/pv.yaml
index 129b5b26c7..267755259d 100644
--- a/kubernetes/common/mariadb-galera/templates/pv.yaml
+++ b/kubernetes/common/mariadb-galera/templates/pv.yaml
@@ -17,4 +17,4 @@
{{- if not .Values.global.mariadbGalera.useOperator }}
{{ include "common.replicaPV" . }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/mariadb-galera/templates/secrets.yaml b/kubernetes/common/mariadb-galera/templates/secrets.yaml
index 527f41266d..77a8e38e80 100644
--- a/kubernetes/common/mariadb-galera/templates/secrets.yaml
+++ b/kubernetes/common/mariadb-galera/templates/secrets.yaml
@@ -16,4 +16,4 @@
# limitations under the License.
*/}}
-{{ include "common.secretFast" . }} \ No newline at end of file
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml b/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml
index 4cbf7b394f..1bffb246f4 100644
--- a/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml
+++ b/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml
@@ -18,4 +18,4 @@
{{- if .Values.metrics.serviceMonitor.enabled }}
{{ include "common.serviceMonitor" . }}
{{- end }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
index 70cc0c34bd..66ce8abc6e 100644
--- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml
+++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml
@@ -55,7 +55,20 @@ spec:
image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ add:
+ - CHOWN
+ - SYS_CHROOT
+ runAsGroup: {{ .Values.securityContext.group_id }}
+ readOnlyRootFilesystem: false
runAsUser: 0
+ runAsNonRoot: false
+ seccompProfile:
+ type: RuntimeDefault
volumeMounts:
- name: previous-boot
mountPath: /bootstrap
@@ -169,6 +182,7 @@ spec:
successThreshold: {{ .Values.startupProbe.successThreshold }}
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
{{- end }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
resources: {{ include "common.resources" . | nindent 12 }}
volumeMounts:
- name: previous-boot
@@ -218,7 +232,7 @@ spec:
timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }}
- {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ securityContext: {{- toYaml .Values.metrics.securityContext | nindent 12 }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
@@ -266,4 +280,4 @@ spec:
volumeClaimTemplates:
- {{ include "common.PVCTemplate" (dict "dot" . "suffix" "data" "persistenceInfos" .Values.persistence) | indent 6 | trim }}
{{- end }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index 3d9725cb43..faab7af1b3 100644
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -63,9 +63,9 @@ mariadbOperator:
galera:
enabled: true
agentImage: mariadb-operator/mariadb-operator
- agentVersion: v0.0.27
+ agentVersion: v0.0.28
initImage: mariadb-operator/mariadb-operator
- initVersion: v0.0.27
+ initVersion: v0.0.28
## String to partially override common.names.fullname template (will maintain the release name)
##
@@ -217,10 +217,13 @@ serviceAccount:
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
##
securityContext:
- enabled: true
user_id: 10001
group_id: 10001
+# Old Bitnami Chart does not work without Filesystem access
+containerSecurityContext:
+ readOnlyFileSystem: false
+
## Database credentials for root (admin) user
##
rootUser:
@@ -659,6 +662,19 @@ metrics:
## - --collect.binlog_size
##
extraFlags: []
+ securityContext:
+ readOnlyRootFilesystem: true
+ privileged: false
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ runAsGroup: 10001
+ runAsNonRoot: true
+ runAsUser: 10001
+ seccompProfile:
+ type: RuntimeDefault
## MySQL Prometheus exporter containers' resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
diff --git a/kubernetes/common/mariadb-init/.helmignore b/kubernetes/common/mariadb-init/.helmignore
index dadf202953..f4d0b92f20 100644
--- a/kubernetes/common/mariadb-init/.helmignore
+++ b/kubernetes/common/mariadb-init/.helmignore
@@ -21,3 +21,14 @@
*.tmproj
tests
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/mariadb-init/Chart.yaml b/kubernetes/common/mariadb-init/Chart.yaml
index fa89a669d2..d1844916e0 100644
--- a/kubernetes/common/mariadb-init/Chart.yaml
+++ b/kubernetes/common/mariadb-init/Chart.yaml
@@ -1,6 +1,7 @@
# Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,19 +14,19 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
+---
apiVersion: v2
description: Chart for MariaDB Galera init job
name: mariadb-init
-version: 13.0.0
+version: 13.0.2
dependencies:
- name: common
version: ~13.x-0
- repository: 'file://../common'
+ repository: '@local'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator'
+ repository: '@local'
- name: serviceAccount
version: ~13.x-0
repository: '@local'
diff --git a/kubernetes/common/mariadb-init/templates/_configmap.tpl b/kubernetes/common/mariadb-init/templates/_configmap.tpl
index ea612a078d..8d111b5170 100644
--- a/kubernetes/common/mariadb-init/templates/_configmap.tpl
+++ b/kubernetes/common/mariadb-init/templates/_configmap.tpl
@@ -1,4 +1,4 @@
-{{/*
+{{- /*
# Copyright © 2019 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,7 +12,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
+*/ -}}
{{/*
Choose the name of the configmap to use.
diff --git a/kubernetes/common/mariadb-init/templates/_mariadb.tpl b/kubernetes/common/mariadb-init/templates/_mariadb.tpl
index 5563fe714d..fda93b52ef 100644
--- a/kubernetes/common/mariadb-init/templates/_mariadb.tpl
+++ b/kubernetes/common/mariadb-init/templates/_mariadb.tpl
@@ -1,4 +1,4 @@
-{{/*
+{{- /*
# Copyright © 2019 Orange
# Copyright © 2020 Samsung Electronics
#
@@ -13,7 +13,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
+*/ -}}
{{/*
Choose the name of the mariadb secret to use.
diff --git a/kubernetes/common/mariadb-init/templates/configmap.yaml b/kubernetes/common/mariadb-init/templates/configmap.yaml
index 6708efdb60..6df329e8a5 100644
--- a/kubernetes/common/mariadb-init/templates/configmap.yaml
+++ b/kubernetes/common/mariadb-init/templates/configmap.yaml
@@ -1,4 +1,3 @@
-{{/*
# Copyright © 2019 Orange
# Modifications Copyright © 2018 AT&T
#
@@ -13,8 +12,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
-
+---
apiVersion: v1
kind: ConfigMap
metadata:
diff --git a/kubernetes/common/mariadb-init/templates/job.yaml b/kubernetes/common/mariadb-init/templates/job.yaml
index 4bb142d001..d620bd2edc 100644
--- a/kubernetes/common/mariadb-init/templates/job.yaml
+++ b/kubernetes/common/mariadb-init/templates/job.yaml
@@ -1,4 +1,3 @@
-{{/*
# Copyright © 2019 Orange
# Copyright © 2020 Samsung Electronics
#
@@ -13,8 +12,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
-
+---
{{ include "mariadbInit._updateSecrets" . -}}
apiVersion: batch/v1
@@ -42,11 +40,13 @@ spec:
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.image.mariadb" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
command:
- /bin/sh
- -c
diff --git a/kubernetes/common/mariadb-init/templates/secret.yaml b/kubernetes/common/mariadb-init/templates/secret.yaml
index a9d9e0b704..b2876bcb82 100644
--- a/kubernetes/common/mariadb-init/templates/secret.yaml
+++ b/kubernetes/common/mariadb-init/templates/secret.yaml
@@ -1,4 +1,3 @@
-{{/*
# Copyright © 2017 Amdocs, Bell Canada, Orange
# Copyright © 2020 Samsung Electronics
#
@@ -13,8 +12,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-*/}}
-
+---
{{ include "mariadbInit._updateSecrets" . -}}
{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/mariadb-init/tests/job_test.yaml b/kubernetes/common/mariadb-init/tests/job_test.yaml
index cff8f947f8..33cd1c2dc3 100644
--- a/kubernetes/common/mariadb-init/tests/job_test.yaml
+++ b/kubernetes/common/mariadb-init/tests/job_test.yaml
@@ -98,11 +98,11 @@ tests:
- it: "should render with default value (volumes)"
asserts:
- contains:
- path: spec.template.spec.volumes
- content:
- name: mariadb-conf
- configMap:
- name: RELEASE-NAME-mariadb-init
+ path: spec.template.spec.volumes
+ content:
+ name: mariadb-conf
+ configMap:
+ name: RELEASE-NAME-mariadb-init
- it: "should render with nameOverride set"
set:
@@ -136,11 +136,11 @@ tests:
name: RELEASE-NAME-myJob-secret
key: db-user-password
- contains:
- path: spec.template.spec.volumes
- content:
- name: mariadb-conf
- configMap:
- name: RELEASE-NAME-myJob
+ path: spec.template.spec.volumes
+ content:
+ name: mariadb-conf
+ configMap:
+ name: RELEASE-NAME-myJob
- it: "should render with configmap set"
set:
@@ -158,8 +158,8 @@ tests:
set:
global:
mariadbGalera:
- nameOverride: myMaria
- servicePort: 545
+ nameOverride: myMaria
+ servicePort: 545
asserts:
- contains:
path: spec.template.spec.initContainers[0].args
@@ -187,10 +187,10 @@ tests:
set:
global:
mariadbGalera:
- nameOverride: myMaria
- servicePort: 545
- userRootSecret: galera-secret
- userRootSecretKey: root-password
+ nameOverride: myMaria
+ servicePort: 545
+ userRootSecret: galera-secret
+ userRootSecretKey: root-password
asserts:
- contains:
path: spec.template.spec.initContainers[0].args
@@ -230,11 +230,11 @@ tests:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- - key: kubernetes.io/e2e-az-name
- operator: In
- values:
- - e2e-az1
- - e2e-az2
+ - key: kubernetes.io/e2e-az-name
+ operator: In
+ values:
+ - e2e-az1
+ - e2e-az2
asserts:
- equal:
path: spec.template.spec.affinity
@@ -243,11 +243,11 @@ tests:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- - key: kubernetes.io/e2e-az-name
- operator: In
- values:
- - e2e-az1
- - e2e-az2
+ - key: kubernetes.io/e2e-az-name
+ operator: In
+ values:
+ - e2e-az1
+ - e2e-az2
- it: "should use large flavor"
set:
flavor: large
diff --git a/kubernetes/common/mariadb-init/values.yaml b/kubernetes/common/mariadb-init/values.yaml
index 57dfb400c4..591477c5cf 100644
--- a/kubernetes/common/mariadb-init/values.yaml
+++ b/kubernetes/common/mariadb-init/values.yaml
@@ -11,7 +11,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
+---
#################################################################
# Global configuration defaults.
#################################################################
@@ -106,21 +106,25 @@ config:
# externalSecret: some-secret-name
config_map: default
+securityContext:
+ user_id: 100
+ group_id: 65533
+
nodeSelector: {}
affinity: {}
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
+# resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
flavor: small
resources:
small:
@@ -139,7 +143,7 @@ resources:
memory: "20Mi"
unlimited: {}
-#Pods Service Account
+# Pods Service Account
serviceAccount:
nameOverride: mariadb-init
roles:
@@ -152,4 +156,4 @@ wait_for_job_container:
readinessCheck:
wait_for:
services:
- - '{{ include "common.mariadbService" . }}'
+ - '{{ include "common.mariadbService" . }}'
diff --git a/kubernetes/common/mongodb-init/.helmignore b/kubernetes/common/mongodb-init/.helmignore
new file mode 100644
index 0000000000..0bab41b6b1
--- /dev/null
+++ b/kubernetes/common/mongodb-init/.helmignore
@@ -0,0 +1,32 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/mongodb-init/Chart.yaml b/kubernetes/common/mongodb-init/Chart.yaml
new file mode 100644
index 0000000000..0cdeecf84b
--- /dev/null
+++ b/kubernetes/common/mongodb-init/Chart.yaml
@@ -0,0 +1,32 @@
+# Copyright © 2024 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+description: Chart for MongoDB init job
+name: mongodb-init
+version: 13.0.2
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
diff --git a/kubernetes/common/mongodb-init/README.md b/kubernetes/common/mongodb-init/README.md
new file mode 100644
index 0000000000..aa6c735744
--- /dev/null
+++ b/kubernetes/common/mongodb-init/README.md
@@ -0,0 +1,16 @@
+# mongodb-init
+
+## Introduction
+
+Initialization scripts for mongo database.
+
+- not part of ONAP OOM yet
+
+## Requirements
+
+mongodb-init needs the following ONAP projects to work:
+
+- common/common
+- common/repositoryGenerator
+- common/serviceAccount
+- common/readinessCheck
diff --git a/kubernetes/common/mongodb-init/resources/config/setup.sql b/kubernetes/common/mongodb-init/resources/config/setup.sql
new file mode 100644
index 0000000000..452ee187df
--- /dev/null
+++ b/kubernetes/common/mongodb-init/resources/config/setup.sql
@@ -0,0 +1,11 @@
+// Database Setup
+use ${MONGO_DATABASE}
+
+// UserCreation Setup
+db.createUser(
+ {
+ user: "${MONGODB_USER}",
+ pwd: "${MONGODB_PASSWORD}",
+ roles: [ { role: "readWrite", db: "${MONGO_DATABASE}" } ]
+ }
+)
diff --git a/kubernetes/common/mongodb-init/templates/configmap.yaml b/kubernetes/common/mongodb-init/templates/configmap.yaml
new file mode 100644
index 0000000000..bde790f205
--- /dev/null
+++ b/kubernetes/common/mongodb-init/templates/configmap.yaml
@@ -0,0 +1,29 @@
+{{/*
+# Copyright © 2024 Deutsche Telekom
+#
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/common/mongodb-init/templates/job.yaml b/kubernetes/common/mongodb-init/templates/job.yaml
new file mode 100644
index 0000000000..5e232e26d3
--- /dev/null
+++ b/kubernetes/common/mongodb-init/templates/job.yaml
@@ -0,0 +1,129 @@
+{{/*
+# Copyright © 2024 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-config-job
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-update-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ function prepare_password {
+ echo -n $1 | sed -e "s/'/''/g"
+ }
+ export MONGODB_PASSWORD=`prepare_password $MONGODB_PASSWORD_INPUT`;
+ export MONGODB_ROOT_PASSWORD=`prepare_password $MONGODB_ROOT_PASSWORD_INPUT`;
+ export MONGODB_USER=`prepare_password $MONGODB_USER_INPUT`;
+ export MONGODB_ROOT_USER=`prepare_password $MONGODB_ROOT_USER_INPUT`;
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;
+ {{- end }}
+ cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done;
+ env:
+ - name: MONGODB_HOST
+ value: "{{ .Values.global.mongodb.service.name }}"
+ - name: MONGODB_USER_INPUT
+ #value: "{{ .Values.config.mgUserName }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mgDatabase "key" "login") | indent 10 }}
+ - name: MONGODB_PASSWORD_INPUT
+ #value: "{{ .Values.config.mgUserPassword }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mgDatabase "key" "password") | indent 10 }}
+ - name: MONGO_DATABASE
+ value: "{{ .Values.config.mgDatabase }}"
+ - name: MONGODB_ROOT_USER_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mongodb.secret.rootPassUID" .) "key" .Values.config.mgRootUserKey) | indent 10 }}
+ - name: MONGODB_ROOT_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mongodb.secret.rootPassUID" .) "key" .Values.config.mgRootPasswordKey) | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input/setup.sql
+ name: config
+ subPath: setup.sql
+ - mountPath: /config
+ name: mgconf
+ containers:
+ - name: {{ include "common.name" . }}-setup-db
+ image: {{ include "repositoryGenerator.image.mongodbImage" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ function prepare_password {
+ echo -n $1 | sed -e "s/'/''/g"
+ }
+ export MONGODB_ROOT_USER=`prepare_password $MONGODB_ROOT_USER_INPUT`;
+ export MONGODB_ROOT_PASSWORD=`prepare_password $MONGODB_ROOT_PASSWORD_INPUT`;
+ mongosh "mongodb://${MONGODB_ROOT_USER}:${MONGODB_ROOT_PASSWORD}@$MONGODB_HOST" < /config/setup.sql
+ env:
+ - name: MONGODB_HOST
+ value: "{{ .Values.global.mongodb.service.name }}"
+ - name: MONGODB_ROOT_USER_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mongodb.secret.rootPassUID" .) "key" "MONGODB_DATABASE_ADMIN_USER") | indent 10 }}
+ - name: MONGODB_ROOT_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mongodb.secret.rootPassUID" .) "key" "MONGODB_DATABASE_ADMIN_PASSWORD") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input/setup.sql
+ name: config
+ subPath: setup.sql
+ - mountPath: /config
+ name: mgconf
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{ include "common.waitForJobContainer" . | indent 6 | trim }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: mgconf
+ emptyDir:
+ medium: Memory
+ sizeLimit: 64Mi
+ restartPolicy: Never
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/common/mongodb-init/templates/secrets.yaml b/kubernetes/common/mongodb-init/templates/secrets.yaml
new file mode 100644
index 0000000000..577d9d581e
--- /dev/null
+++ b/kubernetes/common/mongodb-init/templates/secrets.yaml
@@ -0,0 +1,15 @@
+{{/*
+# ## Copyright © 2024 Deutsche Telekom
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# # http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/mongodb-init/values.yaml b/kubernetes/common/mongodb-init/values.yaml
new file mode 100644
index 0000000000..478fab5cdd
--- /dev/null
+++ b/kubernetes/common/mongodb-init/values.yaml
@@ -0,0 +1,108 @@
+# Copyright © 2024 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ mongodb:
+ service:
+ name: mgset
+ container:
+ name: mongodb
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: '{{ include "common.mongodb.secret.rootPassUID" . }}'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.mgExternalSecret) . }}'
+ password: '{{ .Values.config.mgRootPasswordKey }}'
+ - uid: '{{ .Values.config.mgDatabase }}'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.mgUserExternalSecret) . }}'
+ login: '{{ .Values.config.mgUserName }}'
+ password: '{{ .Values.config.mgUserPassword }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+pullPolicy: Always
+
+# application configuration
+config:
+ mgUserName: testuser
+ mgUserPassword: testuser123
+ mgDatabase: testdb
+ mgDataPath: data
+ #mgRootPasswordExternalSecret: '{{ include "common.namespace" . }}-mongodb-db-root-password'
+ mgExternalSecret: '{{ include "common.name" . }}-mongo-secrets'
+ mgRootUserKey: MONGODB_DATABASE_ADMIN_USER
+ mgRootPasswordKey: MONGODB_DATABASE_ADMIN_PASSWORD
+ mgUserExternalSecret: '{{ include "common.release" . }}-{{ include "common.name" . }}-mg-secret'
+
+nodeSelector: {}
+
+affinity: {}
+
+flavor: small
+
+#resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: "100m"
+ memory: "0.3Gi"
+ requests:
+ cpu: "10m"
+ memory: "0.09Gi"
+ large:
+ limits:
+ cpu: "2"
+ memory: "4Gi"
+ requests:
+ cpu: "1"
+ memory: "2Gi"
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: mongodb-init
+ roles:
+ - read
+
+securityContext:
+ user_id: 100
+ group_id: 65533
+
+readinessCheck:
+ wait_for:
+ services:
+ - '{{ .Values.global.mongodb.service.name }}'
+
+wait_for_job_container:
+ containers:
+ - '{{ include "common.name" . }}-setup-db'
diff --git a/kubernetes/common/mongodb/Chart.yaml b/kubernetes/common/mongodb/Chart.yaml
index 2d6bf4bb4f..fc39ce3dee 100644
--- a/kubernetes/common/mongodb/Chart.yaml
+++ b/kubernetes/common/mongodb/Chart.yaml
@@ -40,4 +40,4 @@ maintainers:
name: mongodb
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/mongodb
-version: 14.12.3
+version: 14.12.4
diff --git a/kubernetes/common/mongodb/README.md b/kubernetes/common/mongodb/README.md
index 065e047fdc..a4d1803a9f 100644
--- a/kubernetes/common/mongodb/README.md
+++ b/kubernetes/common/mongodb/README.md
@@ -1117,4 +1117,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
-limitations under the License. \ No newline at end of file
+limitations under the License.
diff --git a/kubernetes/common/mongodb/common/templates/_images.tpl b/kubernetes/common/mongodb/common/templates/_images.tpl
index 1bcb779df5..e6acf9e3c6 100644
--- a/kubernetes/common/mongodb/common/templates/_images.tpl
+++ b/kubernetes/common/mongodb/common/templates/_images.tpl
@@ -114,4 +114,3 @@ Return the proper image version (ingores image revision/prerelease info & fallba
{{- print .chart.AppVersion -}}
{{- end -}}
{{- end -}}
-
diff --git a/kubernetes/common/mongodb/templates/arbiter/statefulset.yaml b/kubernetes/common/mongodb/templates/arbiter/statefulset.yaml
index 041b0cb51d..ee033e9437 100644
--- a/kubernetes/common/mongodb/templates/arbiter/statefulset.yaml
+++ b/kubernetes/common/mongodb/templates/arbiter/statefulset.yaml
@@ -274,7 +274,8 @@ spec:
{{- end }}
volumes:
- name: empty-dir
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.arbiter.emptyDir.sizeLimit }}
{{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumes .Values.tls.enabled }}
- name: common-scripts
configMap:
@@ -287,7 +288,8 @@ spec:
{{- end }}
{{- if and .Values.tls.enabled .Values.arbiter.enabled }}
- name: certs
- emptyDir: {}
+ emptyDir:
+ sizeLimit: 64Mi
{{- if (include "mongodb.autoGenerateCerts" .) }}
- name: certs-volume
secret:
diff --git a/kubernetes/common/mongodb/templates/backup/cronjob.yaml b/kubernetes/common/mongodb/templates/backup/cronjob.yaml
index 2e884b14b9..b1d0b589a9 100644
--- a/kubernetes/common/mongodb/templates/backup/cronjob.yaml
+++ b/kubernetes/common/mongodb/templates/backup/cronjob.yaml
@@ -167,7 +167,7 @@ spec:
volumes:
- name: empty-dir
emptyDir:
- sizeLimit: 64Mi
+ sizeLimit: {{ .Values.backup.emptyDir.sizeLimit }}
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
diff --git a/kubernetes/common/mongodb/templates/hidden/statefulset.yaml b/kubernetes/common/mongodb/templates/hidden/statefulset.yaml
index 08a55ebd06..493c2b2cfe 100644
--- a/kubernetes/common/mongodb/templates/hidden/statefulset.yaml
+++ b/kubernetes/common/mongodb/templates/hidden/statefulset.yaml
@@ -515,7 +515,7 @@ spec:
volumes:
- name: empty-dir
emptyDir:
- sizeLimit: 64Mi
+ sizeLimit: {{ .Values.hidden.emptyDir.sizeLimit }}
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
diff --git a/kubernetes/common/mongodb/templates/networkpolicy.yaml b/kubernetes/common/mongodb/templates/networkpolicy.yaml
index f6d62ca867..63c4d715d4 100644
--- a/kubernetes/common/mongodb/templates/networkpolicy.yaml
+++ b/kubernetes/common/mongodb/templates/networkpolicy.yaml
@@ -80,4 +80,4 @@ spec:
{{- if $extraIngress }}
{{- include "common.tplvalues.render" ( dict "value" $extraIngress "context" $ ) | nindent 4 }}
{{- end }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/mongodb/templates/replicaset/statefulset.yaml b/kubernetes/common/mongodb/templates/replicaset/statefulset.yaml
index b171eca005..7de00e7925 100644
--- a/kubernetes/common/mongodb/templates/replicaset/statefulset.yaml
+++ b/kubernetes/common/mongodb/templates/replicaset/statefulset.yaml
@@ -513,7 +513,7 @@ spec:
volumes:
- name: empty-dir
emptyDir:
- sizeLimit: 64Mi
+ sizeLimit: {{ .Values.replicaSet.emptyDir.sizeLimit }}
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
diff --git a/kubernetes/common/mongodb/templates/standalone/dep-sts.yaml b/kubernetes/common/mongodb/templates/standalone/dep-sts.yaml
index 6f63f0be5b..817698beed 100644
--- a/kubernetes/common/mongodb/templates/standalone/dep-sts.yaml
+++ b/kubernetes/common/mongodb/templates/standalone/dep-sts.yaml
@@ -438,7 +438,7 @@ spec:
volumes:
- name: empty-dir
emptyDir:
- sizeLimit: 64Mi
+ sizeLimit: {{ .Values.standalone.emptyDir.sizeLimit }}
- name: common-scripts
configMap:
name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
diff --git a/kubernetes/common/mongodb/values.yaml b/kubernetes/common/mongodb/values.yaml
index 9612859392..7628846a3e 100644
--- a/kubernetes/common/mongodb/values.yaml
+++ b/kubernetes/common/mongodb/values.yaml
@@ -307,6 +307,14 @@ hostAliases: []
## @param replicaSetName Name of the replica set (only when `architecture=replicaset`)
## Ignored when mongodb.architecture=standalone
##
+replicaSet:
+ emptyDir:
+ sizeLimit: 1Gi
+
+standalone:
+ emptyDir:
+ sizeLimit: 1Gi
+
replicaSetName: rs0
## @param replicaSetHostnames Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`)
## Ignored when mongodb.architecture=standalone
@@ -1166,6 +1174,8 @@ backup:
## @param backup.enabled Enable the logical dump of the database "regularly"
##
enabled: false
+ emptyDir:
+ sizeLimit: 1Gi
## Fine tuning cronjob's config
##
cronjob:
@@ -1438,6 +1448,8 @@ volumePermissions:
## @section Arbiter parameters
##
arbiter:
+ emptyDir:
+ sizeLimit: 1Gi
## @param arbiter.enabled Enable deploying the arbiter
## https://docs.mongodb.com/manual/tutorial/add-replica-set-arbiter/
##
@@ -1616,8 +1628,8 @@ arbiter:
allowPrivilegeEscalation: false
capabilities:
drop:
- - ALL
- - CAP_NET_RAW
+ - ALL
+ - CAP_NET_RAW
seccompProfile:
type: "RuntimeDefault"
## MongoDB(&reg;) Arbiter containers' resource requests and limits.
@@ -1783,6 +1795,8 @@ hidden:
## https://docs.mongodb.com/manual/tutorial/configure-a-hidden-replica-set-member/
##
enabled: false
+ emptyDir:
+ sizeLimit: 1Gi
## @param hidden.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: false
@@ -1960,9 +1974,7 @@ hidden:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
- drop:
- - ALL
- - CAP_NET_RAW
+ drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## MongoDB(&reg;) Hidden containers' resource requests and limits.
@@ -1971,7 +1983,7 @@ hidden:
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube. If you do want to specify resources, uncomment the following
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- ## @param hidden.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if hidden.resources is set (hidden.resources is recommended for production).
+ ## @param hidden.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if hidden.resources is set (hidden.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "none"
diff --git a/kubernetes/common/postgres-init/.helmignore b/kubernetes/common/postgres-init/.helmignore
index f0c1319444..0bab41b6b1 100644
--- a/kubernetes/common/postgres-init/.helmignore
+++ b/kubernetes/common/postgres-init/.helmignore
@@ -19,3 +19,14 @@
.project
.idea/
*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/postgres-init/Chart.yaml b/kubernetes/common/postgres-init/Chart.yaml
index 81f566f9e1..4951ed6359 100644
--- a/kubernetes/common/postgres-init/Chart.yaml
+++ b/kubernetes/common/postgres-init/Chart.yaml
@@ -1,5 +1,6 @@
# Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -16,19 +17,19 @@
apiVersion: v2
description: Chart for Postgres init job
name: postgres-init
-version: 13.0.1
+version: 13.0.3
dependencies:
- name: common
version: ~13.x-0
- repository: 'file://../common'
+ repository: '@local'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator'
+ repository: '@local'
- name: readinessCheck
version: ~13.x-0
repository: '@local'
- name: serviceAccount
version: ~13.x-0
- repository: '@local' \ No newline at end of file
+ repository: '@local'
diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml
index cc7d410eb2..a2f7e12274 100644
--- a/kubernetes/common/postgres-init/templates/job.yaml
+++ b/kubernetes/common/postgres-init/templates/job.yaml
@@ -39,6 +39,7 @@ spec:
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- command:
@@ -82,6 +83,7 @@ spec:
- mountPath: /config
name: pgconf
resources: {{ include "common.resources" . | nindent 10 }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
{{- if .Values.nodeSelector }}
nodeSelector:
@@ -98,6 +100,7 @@ spec:
name: {{ include "common.fullname" . }}
- name: pgconf
emptyDir:
+ sizeLimit: 64Mi
medium: Memory
restartPolicy: Never
{{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/common/postgres-init/values.yaml b/kubernetes/common/postgres-init/values.yaml
index 160e6720ed..99be8354be 100644
--- a/kubernetes/common/postgres-init/values.yaml
+++ b/kubernetes/common/postgres-init/values.yaml
@@ -97,6 +97,10 @@ serviceAccount:
roles:
- read
+securityContext:
+ user_id: 26
+ group_id: 26
+
readinessCheck:
wait_for:
services:
@@ -104,4 +108,4 @@ readinessCheck:
wait_for_job_container:
containers:
- - '{{ include "common.name" . }}-update-config' \ No newline at end of file
+ - '{{ include "common.name" . }}-update-config'
diff --git a/kubernetes/common/postgres/.helmignore b/kubernetes/common/postgres/.helmignore
index f0c1319444..0bab41b6b1 100644
--- a/kubernetes/common/postgres/.helmignore
+++ b/kubernetes/common/postgres/.helmignore
@@ -19,3 +19,14 @@
.project
.idea/
*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/postgres/Chart.yaml b/kubernetes/common/postgres/Chart.yaml
index 3920d8e73d..562b69fd0e 100644
--- a/kubernetes/common/postgres/Chart.yaml
+++ b/kubernetes/common/postgres/Chart.yaml
@@ -22,7 +22,7 @@ version: 13.1.0
dependencies:
- name: common
version: ~13.x-0
- repository: 'file://../common'
+ repository: '@local'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator' \ No newline at end of file
+ repository: '@local'
diff --git a/kubernetes/common/postgres/configs/pg_hba.conf b/kubernetes/common/postgres/configs/pg_hba.conf
index 580185c6f0..d8918409e8 100644
--- a/kubernetes/common/postgres/configs/pg_hba.conf
+++ b/kubernetes/common/postgres/configs/pg_hba.conf
@@ -65,4 +65,3 @@
#local all all trust
# IPv4 local connections:
host all all 0.0.0.0/0 md5
-
diff --git a/kubernetes/common/postgres/templates/deployment-primary.yaml b/kubernetes/common/postgres/templates/deployment-primary.yaml
index 535eefa8cf..7947559211 100644
--- a/kubernetes/common/postgres/templates/deployment-primary.yaml
+++ b/kubernetes/common/postgres/templates/deployment-primary.yaml
@@ -15,4 +15,4 @@
*/}}
{{- if not .Values.global.postgres.useOperator }}
{{ include "common.postgres.deployment" (dict "dot" . "pgMode" "primary") }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/postgres/templates/deployment-replica.yaml b/kubernetes/common/postgres/templates/deployment-replica.yaml
index 97c7e11053..246e1e9a07 100644
--- a/kubernetes/common/postgres/templates/deployment-replica.yaml
+++ b/kubernetes/common/postgres/templates/deployment-replica.yaml
@@ -15,4 +15,4 @@
*/}}
{{- if not .Values.global.postgres.useOperator }}
{{ include "common.postgres.deployment" (dict "dot" . "pgMode" "replica") }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/postgres/templates/metrics-svc-primary.yaml b/kubernetes/common/postgres/templates/metrics-svc-primary.yaml
index 00a5182eb1..b8d7912210 100644
--- a/kubernetes/common/postgres/templates/metrics-svc-primary.yaml
+++ b/kubernetes/common/postgres/templates/metrics-svc-primary.yaml
@@ -35,4 +35,4 @@ spec:
name: {{ .Values.container.name.primary }}
release: {{ include "common.release" . }}
{{- end }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/postgres/templates/metrics-svc-replica.yaml b/kubernetes/common/postgres/templates/metrics-svc-replica.yaml
index b8b9e793e8..6d9990a7bc 100644
--- a/kubernetes/common/postgres/templates/metrics-svc-replica.yaml
+++ b/kubernetes/common/postgres/templates/metrics-svc-replica.yaml
@@ -35,4 +35,4 @@ spec:
name: {{ .Values.container.name.replica }}
release: {{ include "common.release" . }}
{{- end }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/postgres/templates/postgres.yaml b/kubernetes/common/postgres/templates/postgres.yaml
index aca6aa260f..0dad7f5886 100644
--- a/kubernetes/common/postgres/templates/postgres.yaml
+++ b/kubernetes/common/postgres/templates/postgres.yaml
@@ -16,4 +16,4 @@
{{- if .Values.global.postgres.useOperator }}
{{ include "common.postgresOpInstance" . }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/postgres/templates/pv-primary.yaml b/kubernetes/common/postgres/templates/pv-primary.yaml
index 8db79d665e..9e73ceb8e3 100644
--- a/kubernetes/common/postgres/templates/pv-primary.yaml
+++ b/kubernetes/common/postgres/templates/pv-primary.yaml
@@ -38,4 +38,4 @@ spec:
path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}/primary
{{- end -}}
{{- end -}}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/postgres/templates/pvc-replica.yaml b/kubernetes/common/postgres/templates/pvc-replica.yaml
index f59adf736a..e71284fcec 100644
--- a/kubernetes/common/postgres/templates/pvc-replica.yaml
+++ b/kubernetes/common/postgres/templates/pvc-replica.yaml
@@ -43,4 +43,4 @@ spec:
storageClassName: {{ include "common.storageClass" . }}
{{- end }}
{{- end }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/postgres/templates/service-replica.yaml b/kubernetes/common/postgres/templates/service-replica.yaml
index 68694561bd..878a02ef66 100644
--- a/kubernetes/common/postgres/templates/service-replica.yaml
+++ b/kubernetes/common/postgres/templates/service-replica.yaml
@@ -40,4 +40,4 @@ spec:
selector:
name: "{{.Values.container.name.replica}}"
release: {{ include "common.release" . }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/postgres/templates/servicemonitor.yaml b/kubernetes/common/postgres/templates/servicemonitor.yaml
index 522e515545..3fb716b133 100644
--- a/kubernetes/common/postgres/templates/servicemonitor.yaml
+++ b/kubernetes/common/postgres/templates/servicemonitor.yaml
@@ -17,4 +17,4 @@
{{- if .Values.metrics.serviceMonitor.enabled }}
{{ include "common.serviceMonitor" . }}
{{- end }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/readinessCheck/.helmignore b/kubernetes/common/readinessCheck/.helmignore
new file mode 100644
index 0000000000..0bab41b6b1
--- /dev/null
+++ b/kubernetes/common/readinessCheck/.helmignore
@@ -0,0 +1,32 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/readinessCheck/Chart.yaml b/kubernetes/common/readinessCheck/Chart.yaml
index bb2986a9fb..c9134177c2 100644
--- a/kubernetes/common/readinessCheck/Chart.yaml
+++ b/kubernetes/common/readinessCheck/Chart.yaml
@@ -17,12 +17,12 @@
apiVersion: v2
description: Template used to wait for other deployment/sts/jobs in onap
name: readinessCheck
-version: 13.1.0
+version: 13.1.1
dependencies:
- name: common
version: ~13.x-0
- repository: 'file://../common'
+ repository: '@local'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator' \ No newline at end of file
+ repository: '@local'
diff --git a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
index 51791fec13..42f526148a 100644
--- a/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
+++ b/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl
@@ -95,6 +95,13 @@
securityContext:
runAsUser: {{ $subchartDot.Values.user }}
runAsGroup: {{ $subchartDot.Values.group }}
+ readOnlyRootFilesystem: true
+ privileged: false
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
command:
- /app/ready.py
args:
diff --git a/kubernetes/common/repositoryGenerator/.helmignore b/kubernetes/common/repositoryGenerator/.helmignore
new file mode 100644
index 0000000000..0bab41b6b1
--- /dev/null
+++ b/kubernetes/common/repositoryGenerator/.helmignore
@@ -0,0 +1,32 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl
index 1da838a5b9..e708926049 100644
--- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl
+++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl
@@ -2,6 +2,7 @@
# Copyright © 2017 Amdocs, Bell Canada
# Copyright © 2021 AT&T
# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -139,6 +140,10 @@
{{- include "repositoryGenerator.image._helper" (merge (dict "image" "nginxImage") .) }}
{{- end -}}
+{{- define "repositoryGenerator.image.mongodbImage" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "mongodbImage") .) }}
+{{- end -}}
+
{{- define "repositoryGenerator.image.postgres" -}}
{{- include "repositoryGenerator.image._helper" (merge (dict "image" "postgresImage") .) }}
{{- end -}}
diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml
index da10d82035..1c0909fce1 100644
--- a/kubernetes/common/repositoryGenerator/values.yaml
+++ b/kubernetes/common/repositoryGenerator/values.yaml
@@ -37,6 +37,7 @@ global:
kubectlImage: bitnami/kubectl:1.22.4
loggingImage: beats/filebeat:5.5.0
mariadbImage: bitnami/mariadb:10.5.8
+ mongodbImage: percona/percona-server-mongodb:7.0.5-3
nginxImage: bitnami/nginx:1.21.4
postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
readinessImage: onap/oom/readiness:6.0.3
@@ -71,6 +72,7 @@ imageRepoMapping:
kubectlImage: dockerHubRepository
loggingImage: elasticRepository
mariadbImage: dockerHubRepository
+ mongodbImage: dockerHubRepository
nginxImage: dockerHubRepository
postgresImage: dockerHubRepository
readinessImage: repository
diff --git a/kubernetes/common/serviceAccount/.helmignore b/kubernetes/common/serviceAccount/.helmignore
new file mode 100644
index 0000000000..0bab41b6b1
--- /dev/null
+++ b/kubernetes/common/serviceAccount/.helmignore
@@ -0,0 +1,32 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/serviceAccount/Chart.yaml b/kubernetes/common/serviceAccount/Chart.yaml
index 7afd31f4d9..b691c40903 100644
--- a/kubernetes/common/serviceAccount/Chart.yaml
+++ b/kubernetes/common/serviceAccount/Chart.yaml
@@ -23,4 +23,4 @@ version: 13.0.1
dependencies:
- name: common
version: ~13.x-0
- repository: 'file://../common' \ No newline at end of file
+ repository: '@local'
diff --git a/kubernetes/common/serviceAccount/templates/role.yaml b/kubernetes/common/serviceAccount/templates/role.yaml
index 83cb945ba9..d6d041f916 100644
--- a/kubernetes/common/serviceAccount/templates/role.yaml
+++ b/kubernetes/common/serviceAccount/templates/role.yaml
@@ -128,6 +128,7 @@ rules:
- pods/exec
verbs:
- create
+ - get
- apiGroups:
- cert-manager.io
resources:
diff --git a/kubernetes/common/serviceAccount/templates/service-account.yaml b/kubernetes/common/serviceAccount/templates/service-account.yaml
index 20bd94f49a..683d5d2984 100644
--- a/kubernetes/common/serviceAccount/templates/service-account.yaml
+++ b/kubernetes/common/serviceAccount/templates/service-account.yaml
@@ -21,4 +21,4 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot ) }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/common/timescaledb/.helmignore b/kubernetes/common/timescaledb/.helmignore
index 50af031725..0bab41b6b1 100644
--- a/kubernetes/common/timescaledb/.helmignore
+++ b/kubernetes/common/timescaledb/.helmignore
@@ -19,4 +19,14 @@
.project
.idea/
*.tmproj
-.vscode/
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
diff --git a/kubernetes/common/timescaledb/Chart.yaml b/kubernetes/common/timescaledb/Chart.yaml
index d8b9869817..8ce460061d 100644
--- a/kubernetes/common/timescaledb/Chart.yaml
+++ b/kubernetes/common/timescaledb/Chart.yaml
@@ -22,7 +22,7 @@ apiVersion: v2
appVersion: "1.0"
description: ONAP timescaledb
name: timescaledb
-version: 13.0.0
+version: 13.0.1
dependencies:
- name: common
@@ -33,4 +33,4 @@ dependencies:
repository: '@local'
- name: repositoryGenerator
version: ~13.x-0
- repository: 'file://../repositoryGenerator' \ No newline at end of file
+ repository: '@local'
diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml
index 653326be5f..031241dbaf 100644
--- a/kubernetes/common/timescaledb/templates/statefulset.yaml
+++ b/kubernetes/common/timescaledb/templates/statefulset.yaml
@@ -29,27 +29,12 @@ spec:
metadata: {{- include "common.templateMetadata" (dict "ignoreHelmChart" true "dot" . ) | nindent 6 }}
spec:
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
- {{ include "common.podSecurityContext" . | indent 10 | trim}}
- initContainers:
- # we shouldn't need this but for unknown reason, it's fsGroup is not
- # applied
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /var/lib/postgresql/data
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- runAsUser: 0
- volumeMounts:
- - mountPath: /var/lib/postgresql/data
- name: {{ include "common.fullname" . }}
+ {{ include "common.podSecurityContext" . | indent 6 | trim}}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim}}
ports: {{ include "common.containerPorts" . | nindent 12 }}
livenessProbe:
exec:
@@ -80,10 +65,15 @@ spec:
mountPath: /docker-entrypoint-initdb.d
- name: {{ include "common.fullname" . }}
mountPath: /var/lib/postgresql/data
+ - name: var-run
+ mountPath: /var/run/postgresql
volumes:
- name: {{ include "common.fullname" . }}-init
configMap:
name: {{ include "common.fullname" . }}-init
+ - name: var-run
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.varDir.sizeLimit }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
@@ -94,9 +84,9 @@ spec:
{{- end }}
{{- with .Values.tolerations }}
tolerations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
volumeClaimTemplates:
- {{ include "common.PVCTemplate" (dict "dot" . "suffix" "data" "persistenceInfos" .Values.persistence "ignoreHelmChart" true) | indent 6 | trim }}
-{{- end }}
+ {{- end }}
diff --git a/kubernetes/common/timescaledb/values.yaml b/kubernetes/common/timescaledb/values.yaml
index 2643f55062..35beab7ea1 100644
--- a/kubernetes/common/timescaledb/values.yaml
+++ b/kubernetes/common/timescaledb/values.yaml
@@ -21,9 +21,9 @@ global:
persistence: {}
#################################################################
-# Secrets.
+# Image
##############################################################
-image: timescale/timescaledb:2.5.1-pg14
+image: timescale/timescaledb:2.16.1-pg14
pullPolicy: Always
containerPorts: 5432
@@ -41,11 +41,6 @@ securityContext:
# Uid and gid to run the entrypoint of the container process (uid 70 is postgres user and gid 70 is postgres group)
user_id: 70
group_id: 70
- # capabilities:
- # drop:
- # - ALL
- # readOnlyRootFilesystem: true
- # runAsNonRoot: true
flavor: small
@@ -114,6 +109,10 @@ config:
pgRootUserName: postgres
pgDatabase: timescaledb
+dirSizes:
+ varDir:
+ sizeLimit: 64Mi
+
secrets:
- uid: root-creds
type: basicAuth
diff --git a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
index 980be74367..e9d4df5fe3 100644
--- a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
@@ -3,6 +3,7 @@
# Modifications Copyright (C) 2020 Bell Canada.
# Modifications Copyright (C) 2021-2023 Nordix Foundation.
# Modifications Copyright (C) 2021 Orange
+# Modifications Copyright (C) 2024 TechMahindra Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -43,6 +44,12 @@ security:
username: ${CPS_USERNAME}
password: ${CPS_PASSWORD}
+# Actuator
+management:
+ tracing:
+ propagation:
+ produce: {{ .Values.management.tracing.propagation.produce }}
+
logging:
level:
org:
@@ -71,12 +78,24 @@ spring.kafka.properties.sasl.jaas.config: ${SASL_JAAS_CONFIG}
{{ toYaml .Values.config.additional | nindent 2 }}
{{- end }}
+# cps tracing
+{{- if .Values.tracing }}
+ {{ toYaml .Values.tracing | nindent 2 }}
+{{- end }}
+
# Custom Hazelcast config.
hazelcast:
+ cluster-name: {{ .Values.hazelcast.config.clusterName }}
mode:
kubernetes:
enabled: {{ .Values.hazelcast.config.kubernetesDiscovery }}
service-name: {{ .Values.hazelcast.config.kubernetesServiceName }}
+otel:
+ exporter:
+ otlp:
+ traces:
+ protocol: {{ .Values.otel.config.otlp.traces.protocol }}
+
# Last empty line is required otherwise the last property will be missing from application.yml file in the pod.
diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml
index a5cc7e0dcd..94aa67efd3 100644
--- a/kubernetes/cps/components/cps-core/values.yaml
+++ b/kubernetes/cps/components/cps-core/values.yaml
@@ -1,6 +1,7 @@
# Copyright (C) 2021 Pantheon.tech, Orange, Bell Canada.
# Modifications Copyright (C) 2022 Bell Canada
# Modifications Copyright © 2022-2023 Nordix Foundation
+# Modifications Copyright © 2024 TechMahindra Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -183,7 +184,6 @@ config:
additional:
notification.enabled: true
- notification.data-updated.topic: &dataUpdatedTopic cps.data-updated-events
notification.data-updated.filters.enabled-dataspaces: ""
notification.async.enabled: false
notification.async.executor.core-pool-size: 2
@@ -191,12 +191,16 @@ config:
notification.async.executor.queue-capacity: 500
notification.async.executor.wait-for-tasks-to-complete-on-shutdown: true
notification.async.executor.thread-name-prefix: Async-
+ app.cps.data-updated.change-event-notifications-enabled: true
# Strimzi KafkaUser and Topic config
kafkaTopic:
- name: &dmiCmEventsTopic dmi-cm-events
retentionMs: 7200000
segmentBytes: 1073741824
+ - name: &dataUpdatedTopic cps-data-updated-events
+ retentionMs: 7200000
+ segmentBytes: 1073741824
kafkaUser:
authenticationType: scram-sha-512
@@ -216,17 +220,62 @@ kafkaUser:
- name: &cmAvcSubscriptionTopic cm-avc-subscription
type: topic
operations: [Read]
+ - name: &ncmpCmSubscriptionIn subscription
+ type: topic
+ operations: [Read]
+ - name: &ncmpCmSubscriptionDmiIn ncmp-dmi-cm-avc-subscription
+ type: topic
+ operations: [Read]
+ - name: &ncmpCmSubscriptionDmiOut dmi-ncmp-cm-avc-subscription
+ type: topic
+ operations: [Read]
+ - name: &ncmpCmSubscriptionOut subscription-response
+ type: topic
+ operations: [Read]
+ - name: &ncmpCmEventsTopic cm-events
+ type: topic
+ operations: [Read]
+ - name: &dmiDeviceHeartbeatTopic dmi-device-heartbeat
+ type: topic
+ operations: [Read]
+ - name: &lcmEventsTopic ncmp-events
+ type: topic
+ operations: [Read]
topics:
config:
app.ncmp.async-m2m.topic: *ncmpAsyncM2MTopic
- app.ncmp.avc.subscription-topic: *cmAvcSubscriptionTopic
+ app.ncmp.avc.cm-subscription-ncmp-in: *ncmpCmSubscriptionIn
+ app.ncmp.avc.cm-subscription-dmi-in: *ncmpCmSubscriptionDmiIn
+ app.ncmp.avc.cm-subscription-dmi-out: *ncmpCmSubscriptionDmiOut
+ app.ncmp.avc.cm-subscription-ncmp-out: *ncmpCmSubscriptionOut
+ app.ncmp.avc.cm-events-topic: *ncmpCmEventsTopic
+ app.lcm.events.topic: *lcmEventsTopic
app.dmi.cm-events.topic: *dmiCmEventsTopic
+ app.dmi.device-heartbeat.topic: *dmiDeviceHeartbeatTopic
+ app.cps.data-updated.topic: *dataUpdatedTopic
logging:
level: INFO
path: /tmp
+management:
+ tracing:
+ propagation:
+ produce: [W3C]
+
+tracing:
+ cps:
+ tracing:
+ sampler:
+ jaeger_remote:
+ endpoint: http://onap-otel-collector:14250
+ exporter:
+ endpoint: http://onap-otel-collector:4317
+ protocol: grpc
+ enabled: false
+ excluded-observation-names: tasks.scheduled.execution
+
#################################################################
# Postgres overriding defaults in the postgres
#################################################################
@@ -283,5 +332,11 @@ hazelcast:
config:
kubernetesDiscovery: true
kubernetesServiceName: cps-core-headless
+ clusterName: cps-and-ncmp-common-cache-cluster
+otel:
+ config:
+ otlp:
+ traces:
+ protocol: grpc
diff --git a/kubernetes/dcaegen2-services/Chart.yaml b/kubernetes/dcaegen2-services/Chart.yaml
index ade33b4c3f..83b344b303 100644
--- a/kubernetes/dcaegen2-services/Chart.yaml
+++ b/kubernetes/dcaegen2-services/Chart.yaml
@@ -19,19 +19,15 @@
# ============LICENSE_END=========================================================
apiVersion: v2
-appVersion: "NewDelhi"
+appVersion: "Oslo"
description: DCAE Microservices
name: dcaegen2-services
-version: 13.1.0
+version: 15.0.0
dependencies:
- name: common
version: ~13.x-0
repository: '@local'
- - name: dcae-datafile-collector
- version: ~13.x-0
- repository: '@local'
- condition: dcae-datafile-collector.enabled
- name: dcae-datalake-admin-ui
version: ~13.x-0
repository: '@local'
@@ -44,62 +40,22 @@ dependencies:
version: ~13.x-0
repository: '@local'
condition: dcae-datalake-feeder.enabled
- - name: dcae-heartbeat
- version: ~13.x-0
- repository: '@local'
- condition: dcae-heartbeat.enabled
- name: dcae-hv-ves-collector
version: ~13.x-0
repository: '@local'
condition: dcae-hv-ves-collector.enabled
- - name: dcae-kpi-ms
- version: ~13.x-0
- repository: '@local'
- condition: dcae-kpi-ms.enabled
- name: dcae-ms-healthcheck
version: ~13.x-0
repository: '@local'
condition: dcae-ms-healthcheck.enabled
- - name: dcae-pm-mapper
- version: ~13.x-0
- repository: '@local'
- condition: dcae-pm-mapper.enabled
- - name: dcae-pmsh
- version: ~13.x-0
- repository: '@local'
- condition: dcae-pmsh.enabled
- name: dcae-prh
version: ~13.x-0
repository: '@local'
condition: dcae-prh.enabled
- - name: dcae-restconf-collector
- version: ~13.x-0
- repository: '@local'
- condition: dcae-restconf-collector.enabled
- - name: dcae-slice-analysis-ms
- version: ~13.x-0
- repository: '@local'
- condition: dcae-slice-analysis-ms.enabled
- - name: dcae-snmptrap-collector
- version: ~13.x-0
- repository: '@local'
- condition: dcae-snmptrap-collector.enabled
- - name: dcae-son-handler
- version: ~13.x-0
- repository: '@local'
- condition: dcae-son-handler.enabled
- - name: dcae-tcagen2
- version: ~13.x-0
- repository: '@local'
- condition: dcae-tcagen2.enabled
- name: dcae-ves-collector
version: ~13.x-0
repository: '@local'
condition: dcae-ves-collector.enabled
- - name: dcae-ves-mapper
- version: ~13.x-0
- repository: '@local'
- condition: dcae-ves-mapper.enabled
- name: dcae-ves-openapi-manager
version: ~13.x-0
repository: 'file://components/dcae-ves-openapi-manager'
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index c841d6df50..5e39d51844 100644
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -313,6 +313,8 @@ spec:
name: {{ ternary "app-config-input" "app-config" (not $drNeedProvisioning) }}
- mountPath: /app-config-input
name: app-config-input
+ - mountPath: /tmp
+ name: tmp-volume
{{- if $logDir }}
- mountPath: {{ $logDir}}
name: logs
@@ -385,6 +387,9 @@ spec:
- emptyDir:
medium: Memory
name: app-config
+ - name: tmp-volume
+ emptyDir:
+ sizeLimit: 128Mi
{{- if $logDir }}
- emptyDir: {}
name: logs
diff --git a/kubernetes/dcaegen2-services/resources/expected-components.json b/kubernetes/dcaegen2-services/resources/expected-components.json
index 7c4c3fba4c..c91552ed43 100644
--- a/kubernetes/dcaegen2-services/resources/expected-components.json
+++ b/kubernetes/dcaegen2-services/resources/expected-components.json
@@ -40,7 +40,7 @@
*/}}
{{- $ctx := . -}}
-{{- $components := list "dcae-hv-ves-collector" "dcae-prh" "dcae-tcagen2" "dcae-ves-collector" "dcae-ves-openapi-manager" -}}
+{{- $components := list "dcae-hv-ves-collector" "dcae-prh" "dcae-ves-collector" "dcae-ves-openapi-manager" -}}
{{- $enabled := dict "enabled" list -}}
{{- range $components -}}
{{- if index $ctx.Values . "enabled" -}}
diff --git a/kubernetes/dcaegen2-services/values.yaml b/kubernetes/dcaegen2-services/values.yaml
index ba3607f047..6efbf36c66 100644
--- a/kubernetes/dcaegen2-services/values.yaml
+++ b/kubernetes/dcaegen2-services/values.yaml
@@ -28,9 +28,6 @@ filebeatConfig:
# Control deployment of DCAE microservices at ONAP installation time
dcae-ves-openapi-manager:
enabled: true
-dcae-datafile-collector:
- enabled: false
- logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
dcae-datalake-admin-ui:
enabled: false
logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
@@ -40,45 +37,15 @@ dcae-datalake-des:
dcae-datalake-feeder:
enabled: false
logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
-dcae-heartbeat:
- enabled: false
- logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
dcae-hv-ves-collector:
enabled: true
logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
-dcae-kpi-ms:
- enabled: false
- logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
dcae-ms-healthcheck:
enabled: true
logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
-dcae-pm-mapper:
- enabled: false
- logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
-dcae-pmsh:
- enabled: false
- logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
dcae-prh:
enabled: true
logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
-dcae-restconf-collector:
- enabled: false
- logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
-dcae-slice-analysis-ms:
- enabled: false
- logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
-dcae-snmptrap-collector:
- enabled: false
- logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
-dcae-son-handler:
- enabled: false
- logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
-dcae-tcagen2:
- enabled: true
- logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
dcae-ves-collector:
enabled: true
logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
-dcae-ves-mapper:
- enabled: false
- logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
diff --git a/kubernetes/helm/plugins/deploy/deploy.sh b/kubernetes/helm/plugins/deploy/deploy.sh
index f60a2d35d0..08ced6e879 100755
--- a/kubernetes/helm/plugins/deploy/deploy.sh
+++ b/kubernetes/helm/plugins/deploy/deploy.sh
@@ -271,7 +271,7 @@ deploy() {
#So cache the results to prevent repeated execution.
ALL_HELM_RELEASES=$(helm ls -q)
- for subchart in strimzi roles-wrapper repository-wrapper cassandra mariadb-galera postgres ; do
+ for subchart in roles-wrapper repository-wrapper strimzi cassandra mariadb-galera postgres ; do
SUBCHART_OVERRIDES=$CACHE_SUBCHART_DIR/$subchart/subchart-overrides.yaml
SUBCHART_ENABLED=0
diff --git a/kubernetes/multicloud/Chart.yaml b/kubernetes/multicloud/Chart.yaml
index 48a3b9631a..cecef8c2e2 100644
--- a/kubernetes/multicloud/Chart.yaml
+++ b/kubernetes/multicloud/Chart.yaml
@@ -18,7 +18,7 @@
apiVersion: v2
description: ONAP multicloud broker
name: multicloud
-version: 13.1.0
+version: 15.0.0
dependencies:
- name: common
@@ -35,26 +35,6 @@ dependencies:
version: ~13.x-0
repository: 'file://components/multicloud-k8s'
condition: multicloud-k8s.enabled
- - name: multicloud-pike
- version: ~13.x-0
- repository: 'file://components/multicloud-pike'
- condition: multicloud-pike.enabled
- - name: multicloud-prometheus
- version: ~13.x-0
- repository: 'file://components/multicloud-prometheus'
- condition: multicloud-prometheus.enabled
- - name: multicloud-starlingx
- version: ~13.x-0
- repository: 'file://components/multicloud-starlingx'
- condition: multicloud-starlingx.enabled
- - name: multicloud-vio
- version: ~13.x-0
- repository: 'file://components/multicloud-vio'
- condition: multicloud-vio.enabled
- - name: multicloud-windriver
- version: ~13.x-0
- repository: 'file://components/multicloud-windriver'
- condition: multicloud-windriver.enabled
- name: serviceAccount
version: ~13.x-0
repository: '@local'
diff --git a/kubernetes/multicloud/components/multicloud-k8s/Chart.yaml b/kubernetes/multicloud/components/multicloud-k8s/Chart.yaml
index 8d50814fd0..5dc375290a 100644
--- a/kubernetes/multicloud/components/multicloud-k8s/Chart.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/Chart.yaml
@@ -27,7 +27,7 @@ dependencies:
# be published independently to a repo (at this point)
repository: '@local'
- name: mongodb
- version: 14.12.3
+ version: ~14.12.x-0
repository: '@local'
- name: etcd
version: ~13.x-0
diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml
index 033826f0e6..69063906ba 100644
--- a/kubernetes/multicloud/values.yaml
+++ b/kubernetes/multicloud/values.yaml
@@ -39,27 +39,11 @@ multicloud-fcaps:
logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud'
multicloud-k8s:
enabled: true
-multicloud-pike:
- enabled: true
- logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud'
-multicloud-prometheus:
- enabled: false
-multicloud-starlingx:
- enabled: false
- logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud'
-multicloud-vio:
- enabled: false
- logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud'
-multicloud-windriver:
- enabled: false
- logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud'
# application configuration
config:
- msbgateway: msb-iag
logstashServiceName: log-ls
logstashPort: 5044
- msbPort: 80
aai:
aaiPort: 80
schemaVersion: v13
@@ -89,28 +73,6 @@ service:
- name: http
port: 9001
nodePort: '91'
- annotations:
- msb.onap.org/service-info: |
- {{ if .Values.global.msbEnabled -}}[
- {
- "serviceName": "multicloud",
- "version": "v0",
- "url": "/api/multicloud/v0",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "enable_ssl": false,
- "visualRange": "1"
- },
- {
- "serviceName": "multicloud",
- "version": "v1",
- "url": "/api/multicloud/v1",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "enable_ssl": false,
- "visualRange": "1"
- }
- ]{{ end }}
ingress:
enabled: false
diff --git a/kubernetes/onap/Chart.yaml b/kubernetes/onap/Chart.yaml
index 45d8da170b..a035097004 100644
--- a/kubernetes/onap/Chart.yaml
+++ b/kubernetes/onap/Chart.yaml
@@ -15,8 +15,8 @@
apiVersion: v2
name: onap
-version: 14.0.0
-appVersion: NewDelhi
+version: 15.0.0
+appVersion: Oslo
description: Open Network Automation Platform (ONAP)
home: https://www.onap.org/
sources:
@@ -25,8 +25,12 @@ icon: https://wiki.onap.org/download/thumbnails/1015829/onap_704x271%20copy.png?
kubeVersion: ">=1.19.11-0"
dependencies:
+ - name: authentication
+ version: ~14.x-0
+ repository: '@local'
+ condition: authentication:enabled
- name: aai
- version: ~13.x-0
+ version: ~14.x-0
repository: '@local'
condition: aai.enabled
- name: cassandra
@@ -37,10 +41,6 @@ dependencies:
version: ~13.x-0
repository: '@local'
condition: cds.enabled
- - name: cli
- version: ~13.x-0
- repository: '@local'
- condition: cli.enabled
- name: common
version: ~13.x-0
repository: '@local'
@@ -49,33 +49,17 @@ dependencies:
repository: '@local'
condition: cps.enabled
- name: dcaegen2-services
- version: ~13.x-0
+ version: ~15.x-0
repository: '@local'
condition: dcaegen2-services.enabled
- - name: holmes
- version: ~13.x-0
- repository: '@local'
- condition: holmes.enabled
- - name: dmaap
- version: ~13.x-0
- repository: '@local'
- condition: dmaap.enabled
- name: mariadb-galera
version: ~13.x-0
repository: '@local'
condition: mariadb-galera.enabled
- - name: msb
- version: ~13.x-0
- repository: '@local'
- condition: msb.enabled
- name: multicloud
- version: ~13.x-0
+ version: ~15.x-0
repository: '@local'
condition: multicloud.enabled
- - name: nbi
- version: ~13.x-0
- repository: '@local'
- condition: nbi.enabled
- name: policy
version: ~14.x-0
repository: '@local'
@@ -88,10 +72,6 @@ dependencies:
version: ~13.x-0
repository: '@local'
condition: postgres.enabled
- - name: oof
- version: ~13.x-0
- repository: '@local'
- condition: oof.enabled
- name: repository-wrapper
version: ~13.x-0
repository: '@local'
@@ -104,7 +84,7 @@ dependencies:
repository: '@local'
condition: sdc.enabled
- name: sdnc
- version: ~13.x-0
+ version: ~15.x-0
repository: '@local'
condition: sdnc.enabled
- name: so
@@ -119,18 +99,6 @@ dependencies:
version: ~13.x-0
repository: '@local'
condition: uui.enabled
- - name: vfc
- version: ~13.x-0
- repository: '@local'
- condition: vfc.enabled
- - name: vnfsdk
- version: ~13.x-0
- repository: '@local'
- condition: vnfsdk.enabled
- - name: modeling
- version: ~13.x-0
- repository: '@local'
- condition: modeling.enabled
- name: platform
version: ~13.x-0
repository: '@local'
diff --git a/kubernetes/onap/resources/overrides/environment.yaml b/kubernetes/onap/resources/overrides/environment.yaml
index 468aab8c18..554bacd51f 100644
--- a/kubernetes/onap/resources/overrides/environment.yaml
+++ b/kubernetes/onap/resources/overrides/environment.yaml
@@ -61,37 +61,6 @@ cassandra:
readiness:
timeoutSeconds: 30
periodSeconds: 60
-holmes:
- holmes-rule-mgmt:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
- holmes-engine-mgmt:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
-dmaap:
- dmaap-bus-controller:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
- dmaap-dr-prov:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
- mariadb:
- liveness:
- initialDelaySeconds: 180
- periodSeconds: 60
- dmaap-dr-node:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
mariadb-galera:
liveness:
initialDelaySeconds: 30
@@ -101,19 +70,6 @@ mariadb-galera:
initialDelaySeconds: 120
readiness:
initialDelaySeconds: 120
-modeling:
- mariadb-galera:
- liveness:
- initialDelaySeconds: 180
- periodSeconds: 60
-oof:
- oof-has:
- music:
- music-cassandra:
- liveness:
- periodSeconds: 120
- readiness:
- periodSeconds: 60
sdc:
sdc-fe:
liveness:
@@ -159,11 +115,6 @@ sdnc:
initialDelaySeconds: 60
readiness:
initialDelaySeconds: 60
- dmaap-listener:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
mariadb-galera:
liveness:
initialDelaySeconds: 180
@@ -190,8 +141,3 @@ uui:
initialDelaySeconds: 120
readiness:
initialDelaySeconds: 120
-vfc:
- mariadb-galera:
- liveness:
- initialDelaySeconds: 180
- periodSeconds: 60
diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
index 4c1a418777..159c800d4f 100644
--- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
+++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
@@ -74,36 +74,16 @@ cassandra:
enabled: true
cds:
enabled: true
-cli:
- enabled: false
cps:
enabled: false
dcaegen2-services:
enabled: false
-holmes:
- enabled: false
-dmaap:
- enabled: true
- message-router:
- enabled: true
- dmaap-dr-prov:
- enabled: false
- dmaap-dr-node:
- enabled: false
-oof:
- enabled: true
mariadb-galera:
enabled: true
msb:
enabled: true
multicloud:
enabled: false
-nbi:
- enabled: true
- config:
- # openstack configuration
- openStackRegion: "Yolo"
- openStackVNFTenantId: "1234"
policy:
enabled: true
portal-ng:
@@ -117,21 +97,16 @@ sdc:
enabled: true
sdnc:
enabled: false
-
replicaCount: 1
-
mysql:
replicaCount: 1
so:
enabled: true
-
replicaCount: 1
-
liveness:
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: false
-
# so server configuration
config:
# message router configuration
@@ -149,9 +124,3 @@ strimzi:
enabled: false
uui:
enabled: true
-vfc:
- enabled: false
-vnfsdk:
- enabled: false
-modeling:
- enabled: false
diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-gatewayapi.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-gatewayapi.yaml
index ba7b50e53c..b4b7741be3 100644
--- a/kubernetes/onap/resources/overrides/onap-all-ingress-gatewayapi.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all-ingress-gatewayapi.yaml
@@ -62,84 +62,40 @@ mariadb-galera:
enabled: true
postgres:
enabled: true
+authentication:
+ enabled: true
aai:
enabled: true
cds:
enabled: true
-cli:
- enabled: true
cps:
enabled: true
-dcaegen2:
- enabled: true
dcaegen2-services:
enabled: true
- dcae-datafile-collector:
- enabled: true
dcae-datalake-admin-ui:
enabled: true
dcae-datalake-des:
enabled: true
dcae-datalake-feeder:
enabled: true
- dcae-heartbeat:
- enabled: true
dcae-hv-ves-collector:
enabled: true
- dcae-kpi-ms:
- enabled: true
dcae-ms-healthcheck:
enabled: true
- dcae-pm-mapper:
- enabled: true
- dcae-pmsh:
- enabled: true
dcae-prh:
enabled: true
- dcae-restconf-collector:
- enabled: true
- dcae-slice-analysis-ms:
- enabled: true
- dcae-snmptrap-collector:
- enabled: true
- dcae-son-handler:
- enabled: true
- dcae-tcagen2:
- enabled: true
dcae-ves-collector:
enabled: true
applicationConfig:
auth.method: "noAuth"
- dcae-ves-mapper:
- enabled: true
dcae-ves-openapi-manager:
enabled: true
-holmes:
- enabled: true
-dmaap:
- enabled: true
- message-router:
- enabled: true
- dmaap-dr-prov:
- enabled: true
- dmaap-dr-node:
- enabled: true
-oof:
- enabled: true
-msb:
- enabled: true
multicloud:
enabled: true
-nbi:
- enabled: true
platform:
enabled: true
cmpv2-cert-service:
enabled: false
- keycloak-init:
- enabled: true
- oauth2-proxy:
- enabled: true
policy:
enabled: true
portal-ng:
@@ -150,6 +106,16 @@ sdc:
enabled: true
sdnc:
enabled: true
+ network-name-gen:
+ enabled: true
+ dgbuilder:
+ enabled: true
+ ueb-listener:
+ enabled: true
+ sdnc-ansible-server:
+ enabled: true
+ sdnc-web:
+ enabled: true
so:
enabled: true
strimzi:
@@ -158,11 +124,5 @@ strimzi:
enabled: true
uui:
enabled: true
-vfc:
- enabled: true
-vnfsdk:
- enabled: true
-modeling:
- enabled: true
a1policymanagement:
enabled: true
diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
index cc830424e2..c4b5e0969f 100644
--- a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml
@@ -63,84 +63,40 @@ mariadb-galera:
enabled: true
postgres:
enabled: true
+authentication:
+ enabled: true
aai:
enabled: true
cds:
enabled: true
-cli:
- enabled: true
cps:
enabled: true
-dcaegen2:
- enabled: true
dcaegen2-services:
enabled: true
- dcae-datafile-collector:
- enabled: true
dcae-datalake-admin-ui:
enabled: true
dcae-datalake-des:
enabled: true
dcae-datalake-feeder:
enabled: true
- dcae-heartbeat:
- enabled: true
dcae-hv-ves-collector:
enabled: true
- dcae-kpi-ms:
- enabled: true
dcae-ms-healthcheck:
enabled: true
- dcae-pm-mapper:
- enabled: true
- dcae-pmsh:
- enabled: true
dcae-prh:
enabled: true
- dcae-restconf-collector:
- enabled: true
- dcae-slice-analysis-ms:
- enabled: true
- dcae-snmptrap-collector:
- enabled: true
- dcae-son-handler:
- enabled: true
- dcae-tcagen2:
- enabled: true
dcae-ves-collector:
enabled: true
applicationConfig:
auth.method: "noAuth"
- dcae-ves-mapper:
- enabled: true
dcae-ves-openapi-manager:
enabled: true
-holmes:
- enabled: true
-dmaap:
- enabled: true
- message-router:
- enabled: true
- dmaap-dr-prov:
- enabled: true
- dmaap-dr-node:
- enabled: true
-oof:
- enabled: true
-msb:
- enabled: true
multicloud:
enabled: true
-nbi:
- enabled: true
platform:
enabled: true
cmpv2-cert-service:
enabled: false
- keycloak-init:
- enabled: true
- oauth2-proxy:
- enabled: true
policy:
enabled: true
portal-ng:
@@ -151,6 +107,16 @@ sdc:
enabled: true
sdnc:
enabled: true
+ network-name-gen:
+ enabled: true
+ dgbuilder:
+ enabled: true
+ ueb-listener:
+ enabled: true
+ sdnc-ansible-server:
+ enabled: true
+ sdnc-web:
+ enabled: true
so:
enabled: true
strimzi:
@@ -159,11 +125,5 @@ strimzi:
enabled: true
uui:
enabled: true
-vfc:
- enabled: true
-vnfsdk:
- enabled: true
-modeling:
- enabled: true
a1policymanagement:
enabled: true
diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
index e5fd78e9ef..c90614b650 100644
--- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
@@ -39,35 +39,42 @@ mariadb-galera:
enabled: true
postgres:
enabled: true
-
+authentication:
+ enabled: true
aai:
enabled: true
cds:
enabled: true
-cli:
- enabled: true
cps:
enabled: true
dcaegen2-services:
enabled: true
-holmes:
- enabled: true
-dmaap:
- enabled: true
- message-router:
+ dcae-datalake-admin-ui:
enabled: true
- dmaap-dr-prov:
+ dcae-datalake-des:
enabled: true
- dmaap-dr-node:
+ dcae-datalake-feeder:
+ enabled: true
+ dcae-hv-ves-collector:
+ enabled: true
+ dcae-ms-healthcheck:
+ enabled: true
+ dcae-prh:
+ enabled: true
+ dcae-restconf-collector:
+ enabled: false
+ dcae-ves-collector:
+ enabled: true
+ applicationConfig:
+ auth.method: "noAuth"
+ dcae-ves-openapi-manager:
enabled: true
-oof:
- enabled: true
-msb:
- enabled: true
multicloud:
enabled: true
-nbi:
+platform:
enabled: true
+ cmpv2-cert-service:
+ enabled: false
policy:
enabled: true
portal-ng:
@@ -78,6 +85,16 @@ sdc:
enabled: true
sdnc:
enabled: true
+ network-name-gen:
+ enabled: true
+ dgbuilder:
+ enabled: true
+ ueb-listener:
+ enabled: true
+ sdnc-ansible-server:
+ enabled: true
+ sdnc-web:
+ enabled: true
so:
enabled: true
strimzi:
@@ -86,8 +103,6 @@ strimzi:
enabled: true
uui:
enabled: true
-vfc:
+a1policymanagement:
enabled: true
-vnfsdk:
- enabled: true
-
+ 55,15 39%
diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml
index 027f8b3225..444d904453 100644
--- a/kubernetes/onap/resources/overrides/onap-all.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all.yaml
@@ -25,72 +25,34 @@ mariadb-galera:
enabled: true
postgres:
enabled: true
+authentication:
+ enabled: true
aai:
enabled: true
cds:
enabled: true
-cli:
- enabled: true
cps:
enabled: true
dcaegen2-services:
enabled: true
- dcae-datafile-collector:
- enabled: true
dcae-datalake-admin-ui:
enabled: true
dcae-datalake-des:
enabled: true
dcae-datalake-feeder:
enabled: true
- dcae-heartbeat:
- enabled: true
dcae-hv-ves-collector:
enabled: true
- dcae-kpi-ms:
- enabled: true
dcae-ms-healthcheck:
enabled: true
- dcae-pm-mapper:
- enabled: true
- dcae-pmsh:
- enabled: true
dcae-prh:
enabled: true
- dcae-restconf-collector:
- enabled: true
- dcae-slice-analysis-ms:
- enabled: true
- dcae-snmptrap-collector:
- enabled: true
- dcae-son-handler:
- enabled: true
- dcae-tcagen2:
- enabled: true
dcae-ves-collector:
enabled: true
- dcae-ves-mapper:
- enabled: true
dcae-ves-openapi-manager:
enabled: true
-holmes:
- enabled: true
-dmaap:
- enabled: true
- message-router:
- enabled: true
- dmaap-dr-prov:
- enabled: true
- dmaap-dr-node:
- enabled: true
-oof:
- enabled: true
-msb:
- enabled: true
multicloud:
enabled: true
-nbi:
- enabled: true
policy:
enabled: true
portal-ng:
@@ -101,6 +63,16 @@ sdc:
enabled: true
sdnc:
enabled: true
+ network-name-gen:
+ enabled: true
+ dgbuilder:
+ enabled: true
+ ueb-listener:
+ enabled: true
+ sdnc-ansible-server:
+ enabled: true
+ sdnc-web:
+ enabled: true
so:
enabled: true
strimzi:
@@ -109,12 +81,6 @@ strimzi:
enabled: true
uui:
enabled: true
-vfc:
- enabled: true
-vnfsdk:
- enabled: true
-modeling:
- enabled: true
platform:
enabled: true
a1policymanagement:
diff --git a/kubernetes/onap/resources/overrides/onap-vfw.yaml b/kubernetes/onap/resources/overrides/onap-vfw.yaml
index 14748ddb2e..5ce3a97488 100644
--- a/kubernetes/onap/resources/overrides/onap-vfw.yaml
+++ b/kubernetes/onap/resources/overrides/onap-vfw.yaml
@@ -25,20 +25,6 @@ aai:
enabled: true
dcaegen2-services:
enabled: true
-holmes:
- enabled: true
-dmaap:
- enabled: true
- message-router:
- enabled: true
- dmaap-dr-prov:
- enabled: false
- dmaap-dr-node:
- enabled: false
-oof:
- enabled: true
-msb:
- enabled: true
policy:
enabled: true
portal-ng:
diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml
index dc5da35113..6877e33875 100644
--- a/kubernetes/onap/resources/overrides/sm-onap.yaml
+++ b/kubernetes/onap/resources/overrides/sm-onap.yaml
@@ -63,32 +63,14 @@ aai:
cassandra:
enabled: true
replicaCount: 3
-cli:
- enabled: false
cps:
enabled: false
dcaegen2-services:
enabled: false
-dmaap:
- enabled: true
- message-router:
- enabled: true
- dmaap-dr-prov:
- enabled: true
- dmaap-dr-node:
- enabled: true
-holmes:
- enabled: false
mariadb-galera:
enabled: true
-msb:
- enabled: false
multicloud:
enabled: false
-nbi:
- enabled: false
-oof:
- enabled: false
policy:
enabled: false
portal-ng:
@@ -130,10 +112,5 @@ strimzi:
enabled: true
uui:
enabled: false
-vfc:
- enabled: false
-vnfsdk:
- enabled: false
cds:
enabled: true
-
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 5f48a5e2ed..6ca0e26b1e 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -96,6 +96,9 @@ global:
# mariadb client image
mariadbImage: bitnami/mariadb:10.5.8
+ # mongodb server image
+ mongodbImage: percona/percona-server-mongodb:7.0.5-3
+
# nginx server image
nginxImage: bitnami/nginx:1.21.4
@@ -199,6 +202,9 @@ global:
tls: true
# be aware that linkerd is not well tested
engine: "istio" # valid value: istio or linkerd
+ # if nativeSidecars are enabled in Istio, this value can be set to "true"
+ # and will disable the deployment of sidecar killer containers in jobs
+ nativeSidecars: false
# Global Istio Authorization Policy configuration
authorizationPolicies:
@@ -297,6 +303,8 @@ global:
# to customize the ONAP deployment.
#################################################################
+authentication:
+ enabled: false
aai:
enabled: false
cassandra:
diff --git a/kubernetes/platform/Chart.yaml b/kubernetes/platform/Chart.yaml
index aec56cf9a1..c3f776803e 100644
--- a/kubernetes/platform/Chart.yaml
+++ b/kubernetes/platform/Chart.yaml
@@ -3,6 +3,7 @@
# Modifications Copyright © 2020 Nokia
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom AG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -34,11 +35,3 @@ dependencies:
version: ~13.x-0
repository: '@local'
condition: chartmuseum.enabled
- - name: keycloak-init
- version: ~13.x-0
- repository: '@local'
- condition: keycloak-init.enabled
- - name: oauth2-proxy
- version: ~13.x-0
- repository: '@local'
- condition: oauth2-proxy.enabled
diff --git a/kubernetes/platform/components/chartmuseum/templates/deployment.yaml b/kubernetes/platform/components/chartmuseum/templates/deployment.yaml
index 3956255fb2..fea1a1a614 100644
--- a/kubernetes/platform/components/chartmuseum/templates/deployment.yaml
+++ b/kubernetes/platform/components/chartmuseum/templates/deployment.yaml
@@ -27,21 +27,6 @@ spec:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
{{ include "common.podSecurityContext" . | indent 7 | trim}}
- initContainers:
- - name: volume-permissions
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - "-c"
- - |
- chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} //chartmuseum-persist
- securityContext:
- runAsUser: 0
- volumeMounts:
- - name: chart-persistent
- mountPath: "/chartmuseum-persist"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ .Values.image }}
diff --git a/kubernetes/platform/components/keycloak-init/resources/realms/onap-realm.json b/kubernetes/platform/components/keycloak-init/resources/realms/onap-realm.json
deleted file mode 100644
index d845c60cfb..0000000000
--- a/kubernetes/platform/components/keycloak-init/resources/realms/onap-realm.json
+++ /dev/null
@@ -1,426 +0,0 @@
-{
- "id": "ONAP",
- "realm": "ONAP",
- "enabled": true,
- "roles": {
- "realm": [
- {
- "name": "onap_admin",
- "description": "User role for administration tasks in the portal.",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "user",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "admin",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "onap_designer",
- "description": "User role for designer tasks in the portal.",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "offline_access",
- "description": "${role_offline-access}",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "onap_operator",
- "description": "User role for operator tasks in the portal.",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "uma_authorization",
- "description": "${role_uma_authorization}",
- "composite": false,
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- },
- {
- "name": "default-roles-onap",
- "description": "${role_default-roles}",
- "composite": true,
- "composites": {
- "realm": [
- "offline_access",
- "uma_authorization"
- ],
- "client": {
- "account": [
- "view-profile",
- "manage-account"
- ]
- }
- },
- "clientRole": false,
- "containerId": "onap",
- "attributes": {}
- }
- ]
- },
- "groups": [
- {
- "name": "admins",
- "path": "/admins",
- "attributes": {},
- "realmRoles": [],
- "clientRoles": {},
- "subGroups": []
- }
- ],
- "clients": [
- {
- "clientId": "oauth2-proxy",
- "name": "Oauth2 Proxy",
- "description": "",
- "rootUrl": "",
- "adminUrl": "",
- "baseUrl": "",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "secret": "5YSOkJz99WHv8enDZPknzJuGqVSerELp",
- "redirectUris": [
- "*"
- ],
- "webOrigins": [],
- "notBefore": 0,
- "bearerOnly": false,
- "consentRequired": false,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": false,
- "directAccessGrantsEnabled": true,
- "serviceAccountsEnabled": false,
- "publicClient": false,
- "frontchannelLogout": true,
- "protocol": "openid-connect",
- "attributes": {
- "tls-client-certificate-bound-access-tokens": "false",
- "oidc.ciba.grant.enabled": "false",
- "backchannel.logout.session.required": "true",
- "client_credentials.use_refresh_token": "false",
- "acr.loa.map": "{}",
- "require.pushed.authorization.requests": "false",
- "oauth2.device.authorization.grant.enabled": "false",
- "display.on.consent.screen": "false",
- "backchannel.logout.revoke.offline.tokens": "false",
- "token.response.type.bearer.lower-case": "false",
- "use.refresh.tokens": "true"
- },
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": true,
- "nodeReRegistrationTimeout": -1,
- "protocolMappers": [
- {
- "name": "SDC-User",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "multivalued": "false",
- "userinfo.token.claim": "true",
- "user.attribute": "sdc_user",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "sdc_user",
- "jsonType.label": "String"
- }
- }
- ],
- "defaultClientScopes": [
- "web-origins",
- "acr",
- "profile",
- "roles",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "groups",
- "microprofile-jwt"
- ]
- },
- {
- "clientId": "portal-app",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "redirectUris": [
- "{{ .Values.portalUrl }}/*",
- "http://localhost/*"
- ],
- "webOrigins": [
- "*"
- ],
- "notBefore": 0,
- "bearerOnly": false,
- "consentRequired": false,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": false,
- "directAccessGrantsEnabled": true,
- "serviceAccountsEnabled": false,
- "publicClient": true,
- "frontchannelLogout": false,
- "protocol": "openid-connect",
- "attributes": {
- "oidc.ciba.grant.enabled": "false",
- "backchannel.logout.session.required": "true",
- "post.logout.redirect.uris": "{{ .Values.portalUrl }}/*",
- "oauth2.device.authorization.grant.enabled": "false",
- "display.on.consent.screen": "false",
- "backchannel.logout.revoke.offline.tokens": "false"
- },
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": true,
- "nodeReRegistrationTimeout": -1,
- "protocolMappers": [
- {
- "name": "User-Roles",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-realm-role-mapper",
- "consentRequired": false,
- "config": {
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "roles",
- "multivalued": "true",
- "userinfo.token.claim": "true"
- }
- },
- {
- "name": "SDC-User",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "sdc_user",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "sdc_user",
- "jsonType.label": "String"
- }
- }
- ],
- "defaultClientScopes": [
- "web-origins",
- "acr",
- "profile",
- "roles",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "microprofile-jwt"
- ]
- },
- {
- "clientId" : "portal-bff",
- "surrogateAuthRequired" : false,
- "enabled" : true,
- "alwaysDisplayInConsole" : false,
- "clientAuthenticatorType" : "client-secret",
- "secret" : "pKOuVH1bwRZoNzp5P5t4GV8CqcCJYVtr",
- "redirectUris" : [ ],
- "webOrigins" : [ ],
- "notBefore" : 0,
- "bearerOnly" : false,
- "consentRequired" : false,
- "standardFlowEnabled" : false,
- "implicitFlowEnabled" : false,
- "directAccessGrantsEnabled" : false,
- "serviceAccountsEnabled" : true,
- "publicClient" : false,
- "frontchannelLogout" : false,
- "protocol" : "openid-connect",
- "attributes" : {
- "saml.force.post.binding" : "false",
- "saml.multivalued.roles" : "false",
- "frontchannel.logout.session.required" : "false",
- "oauth2.device.authorization.grant.enabled" : "false",
- "backchannel.logout.revoke.offline.tokens" : "false",
- "saml.server.signature.keyinfo.ext" : "false",
- "use.refresh.tokens" : "true",
- "oidc.ciba.grant.enabled" : "false",
- "backchannel.logout.session.required" : "true",
- "client_credentials.use_refresh_token" : "false",
- "require.pushed.authorization.requests" : "false",
- "saml.client.signature" : "false",
- "saml.allow.ecp.flow" : "false",
- "id.token.as.detached.signature" : "false",
- "saml.assertion.signature" : "false",
- "client.secret.creation.time" : "1665048112",
- "saml.encrypt" : "false",
- "saml.server.signature" : "false",
- "exclude.session.state.from.auth.response" : "false",
- "saml.artifact.binding" : "false",
- "saml_force_name_id_format" : "false",
- "acr.loa.map" : "{}",
- "tls.client.certificate.bound.access.tokens" : "false",
- "saml.authnstatement" : "false",
- "display.on.consent.screen" : "false",
- "token.response.type.bearer.lower-case" : "false",
- "saml.onetimeuse.condition" : "false"
- },
- "authenticationFlowBindingOverrides" : { },
- "fullScopeAllowed" : true,
- "nodeReRegistrationTimeout" : -1,
- "protocolMappers" : [ {
- "name" : "Client Host",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usersessionmodel-note-mapper",
- "consentRequired" : false,
- "config" : {
- "user.session.note" : "clientHost",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "clientHost",
- "jsonType.label" : "String"
- }
- }, {
- "name" : "Client IP Address",
- "protocol" : "openid-connect",
- "protocolMapper" : "oidc-usersessionmodel-note-mapper",
- "consentRequired" : false,
- "config" : {
- "user.session.note" : "clientAddress",
- "id.token.claim" : "true",
- "access.token.claim" : "true",
- "claim.name" : "clientAddress",
- "jsonType.label" : "String"
- }
- } ],
- "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
- "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
- }
- ],
- "users": [
- {
- "createdTimestamp" : 1664965113698,
- "username" : "onap-admin",
- "enabled" : true,
- "totp" : false,
- "emailVerified" : false,
- "attributes" : {
- "sdc_user" : [ "cs0008" ]
- },
- "credentials" : [ {
- "type" : "password",
- "createdDate" : 1664965134586,
- "secretData" : "{\"value\":\"nD4K4x8HEgk6xlWIAgzZOE+EOjdbovJfEa7N3WXwIMCWCfdXpn7Riys7hZhI1NbKcc9QPI9j8LQB/JSuZVcXKA==\",\"salt\":\"T8X9A9tT2cyLvEjHFo+zuQ==\",\"additionalParameters\":{}}",
- "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
- } ],
- "disableableCredentialTypes" : [ ],
- "requiredActions" : [ ],
- "realmRoles" : [ "default-roles-onap", "onap_admin" ],
- "notBefore" : 0,
- "groups" : [ ]
- }, {
- "createdTimestamp" : 1665048354760,
- "username" : "onap-designer",
- "enabled" : true,
- "totp" : false,
- "emailVerified" : false,
- "attributes" : {
- "sec_user" : [ "cs0008" ]
- },
- "credentials" : [ ],
- "disableableCredentialTypes" : [ ],
- "requiredActions" : [ ],
- "realmRoles" : [ "default-roles-onap", "onap_designer" ],
- "notBefore" : 0,
- "groups" : [ ]
- }, {
- "createdTimestamp" : 1665048547054,
- "username" : "onap-operator",
- "enabled" : true,
- "totp" : false,
- "emailVerified" : false,
- "attributes" : {
- "sdc_user" : [ "cs0008" ]
- },
- "credentials" : [ ],
- "disableableCredentialTypes" : [ ],
- "requiredActions" : [ ],
- "realmRoles" : [ "default-roles-onap", "onap_operator" ],
- "notBefore" : 0,
- "groups" : [ ]
- }, {
- "createdTimestamp" : 1665048112458,
- "username" : "service-account-portal-bff",
- "enabled" : true,
- "totp" : false,
- "emailVerified" : false,
- "serviceAccountClientId" : "portal-bff",
- "credentials" : [ ],
- "disableableCredentialTypes" : [ ],
- "requiredActions" : [ ],
- "realmRoles" : [ "default-roles-onap" ],
- "clientRoles" : {
- "realm-management" : [ "manage-realm", "manage-users" ]
- },
- "notBefore" : 0,
- "groups" : [ ]
- }
- ],
- "clientScopes": [
- {
- "name": "groups",
- "description": "Membership to a group",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "true",
- "display.on.consent.screen": "true",
- "gui.order": "",
- "consent.screen.text": ""
- },
- "protocolMappers": [
- {
- "name": "groups",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-group-membership-mapper",
- "consentRequired": false,
- "config": {
- "full.path": "false",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "groups",
- "userinfo.token.claim": "true"
- }
- }
- ]
- }
- ],
- "attributes": {
- "frontendUrl": "{{ .Values.KEYCLOAK_URL }}",
- "acr.loa.map": "{\"ABC\":\"5\"}"
- }
-}
diff --git a/kubernetes/platform/components/keycloak-init/values.yaml b/kubernetes/platform/components/keycloak-init/values.yaml
deleted file mode 100644
index a33ef2c932..0000000000
--- a/kubernetes/platform/components/keycloak-init/values.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-# Copyright © 2022, Deutsche Telekom
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-global:
- # Global ingress configuration
- ingress:
- enabled: false
- virtualhost:
- baseurl: "simpledemo.onap.org"
-
-KEYCLOAK_URL: &kc-url "https://keycloak-ui.simpledemo.onap.org/auth/"
-PORTAL_URL: "https://portal-ui.simpledemo.onap.org"
-
-onap-keycloak-config-cli:
- image:
- pullSecrets:
- - name: onap-docker-registry-key
- #existingSecret: "keycloak-keycloakx-admin-creds"
- env:
- KEYCLOAK_URL: http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/
- KEYCLOAK_SSLVERIFY: "false"
- KEYCLOAK_AVAILABILITYCHECK_ENABLED: "true"
- secrets:
- KEYCLOAK_PASSWORD: secret
- existingConfigSecret: "keycloak-config-cli-config-realms"
-
-serviceAccount:
- nameOverride: keycloak-init
- roles:
- - read
diff --git a/kubernetes/platform/components/oauth2-proxy/Chart.yaml b/kubernetes/platform/components/oauth2-proxy/Chart.yaml
deleted file mode 100644
index 13da57793c..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/Chart.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright © 2022 Deutsche Telekom
-# ================================================================================
-# Original licence (https://github.com/codecentric/helm-charts/blob/master/LICENSE)
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-apiVersion: v2
-version: 13.0.0
-description: ONAP Oauth2-proxy
-name: oauth2-proxy
-sources:
-- https://github.com/oauth2-proxy/manifests
-
-dependencies:
- - name: common
- version: ~13.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~13.x-0
- repository: '@local'
- - name: onap-oauth2-proxy
- version: 6.10.1
- repository: 'file://components/oauth2-proxy' \ No newline at end of file
diff --git a/kubernetes/platform/components/oauth2-proxy/Makefile b/kubernetes/platform/components/oauth2-proxy/Makefile
deleted file mode 100644
index 5970a97115..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/Makefile
+++ /dev/null
@@ -1,60 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-# Modifications Copyright © 2020 Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES :=
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/servicemonitor-values.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/servicemonitor-values.yaml
deleted file mode 100644
index 9d31c28541..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/ci/servicemonitor-values.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-metrics:
- enabled: true
- serviceMonitor:
- enabled: true
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/NOTES.txt b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/NOTES.txt
deleted file mode 100644
index aa749e0b9d..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/NOTES.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-To verify that oauth2-proxy has started, run:
-
- kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "oauth2-proxy.name" . }}"
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap-alpha.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap-alpha.yaml
deleted file mode 100644
index 7ba0273ab2..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/configmap-alpha.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-{{- if .Values.alphaConfig.enabled }}
-{{- if not .Values.alphaConfig.existingConfig }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-{{- if .Values.alphaConfig.annotations }}
- annotations: {{- toYaml .Values.alphaConfig.annotations | nindent 4 }}
-{{- end }}
- labels:
- app: {{ template "oauth2-proxy.name" . }}
- {{- include "oauth2-proxy.labels" . | indent 4 }}
- name: {{ template "oauth2-proxy.fullname" . }}-alpha
-data:
- oauth2_proxy.yml: |
- ---
- server:
- BindAddress: '0.0.0.0:4180'
- {{- if .Values.alphaConfig.serverConfigData }}
- {{- toYaml .Values.alphaConfig.serverConfigData | nindent 6 }}
- {{- end }}
- {{- if .Values.metrics.enabled }}
- metricsServer:
- BindAddress: '0.0.0.0:44180'
- {{- if .Values.alphaConfig.metricsConfigData }}
- {{- toYaml .Values.alphaConfig.metricsConfigData | nindent 6 }}
- {{- end }}
- {{- end }}
- {{- if .Values.alphaConfig.configData }}
- {{- toYaml .Values.alphaConfig.configData | nindent 4 }}
- {{- end }}
-{{- end }}
-{{- end }}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/serviceaccount.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/serviceaccount.yaml
deleted file mode 100644
index 6d0a9d7c59..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/serviceaccount.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-{{- if or .Values.serviceAccount.enabled -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- {{- with .Values.serviceAccount.annotations }}
- annotations:
- {{- toYaml . | nindent 4 }}
- {{- end }}
- labels:
- app: {{ template "oauth2-proxy.name" . }}
-{{- include "oauth2-proxy.labels" . | indent 4 }}
- name: {{ template "oauth2-proxy.serviceAccountName" . }}
-automountServiceAccountToken : {{ .Values.serviceAccount.automountServiceAccountToken }}
-{{- end -}}
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/servicemonitor.yaml b/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/servicemonitor.yaml
deleted file mode 100644
index 9c29d1bfd1..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/templates/servicemonitor.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-{{- if and .Values.metrics.enabled .Values.metrics.servicemonitor.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
- name: {{ template "oauth2-proxy.fullname" . }}
-{{- if .Values.metrics.servicemonitor.namespace }}
- namespace: {{ .Values.metrics.servicemonitor.namespace }}
-{{- else }}
- namespace: {{ .Release.Namespace | quote }}
-{{- end }}
- labels:
- prometheus: {{ .Values.metrics.servicemonitor.prometheusInstance }}
- app: {{ template "oauth2-proxy.name" . }}
-{{- include "oauth2-proxy.labels" . | indent 4 }}
-{{- if .Values.metrics.servicemonitor.labels }}
-{{ toYaml .Values.metrics.servicemonitor.labels | indent 4}}
-{{- end }}
-spec:
- jobLabel: {{ template "oauth2-proxy.fullname" . }}
- selector:
- matchLabels:
- {{- include "oauth2-proxy.selectorLabels" . | indent 6 }}
- namespaceSelector:
- matchNames:
- - {{ .Release.Namespace }}
- endpoints:
- - port: metrics
- path: "/metrics"
- interval: {{ .Values.metrics.servicemonitor.interval }}
- scrapeTimeout: {{ .Values.metrics.servicemonitor.scrapeTimeout }}
-{{- end }}
diff --git a/kubernetes/platform/components/oauth2-proxy/values.yaml b/kubernetes/platform/components/oauth2-proxy/values.yaml
deleted file mode 100644
index 81a9986d3d..0000000000
--- a/kubernetes/platform/components/oauth2-proxy/values.yaml
+++ /dev/null
@@ -1,74 +0,0 @@
-onap-oauth2-proxy:
- # Oauth client configuration specifics
- config:
- cookieSecret: "CbgXFXDJ16laaCfChtFBpKy1trNEmJZDIjaiaIMLyRA="
- configFile: |-
- email_domains = [ "*" ] # Restrict to these E-Mail Domains, a wildcard "*" allows any email
-
- alphaConfig:
- enabled: true
- configData:
- providers:
- - clientID: "oauth2-proxy"
- clientSecret: "5YSOkJz99WHv8enDZPknzJuGqVSerELp"
- id: oidc-istio
- provider: oidc # We use the generic 'oidc' provider
- loginURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP/protocol/openid-connect/auth
- #redeemURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP/protocol/openid-connect/token
- redeemURL: http://keycloak-http.keycloak/auth/realms/ONAP/protocol/openid-connect/token
- profileURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP/protocol/openid-connect/userinfo
- validateURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP/protocol/openid-connect/userinfo
- scope: "openid email profile groups"
- #allowedGroups:
- # - admins # List all groups managed at our your IdP which should be allowed access
- # - infrateam
- # - anothergroup
- oidcConfig:
- emailClaim: email # Name of the clain in JWT containing the E-Mail
- groupsClaim: groups # Name of the claim in JWT containing the Groups
- userIDClaim: email # Name of the claim in JWT containing the User ID
- audienceClaims: ["aud"]
- insecureAllowUnverifiedEmail: true
- insecureSkipIssuerVerification: true
- skipDiscovery: true # You can try using the well-knwon endpoint directly for auto discovery, here we won't use it
- issuerURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP
- jwksURL: http://keycloak-http.keycloak/auth/realms/ONAP/protocol/openid-connect/certs
- upstreamConfig:
- upstreams:
- - id: static_200
- path: /
- static: true
- staticCode: 200
- # Headers that should be added to responses from the proxy
- injectResponseHeaders: # Send this headers in responses from oauth2-proxy
- - name: X-Auth-Request-Preferred-Username
- values:
- - claim: preferred_username
- - name: X-Auth-Request-Email
- values:
- - claim: email
-
- extraArgs:
- cookie-secure: "false"
- cookie-domain: ".simpledemo.onap.org" # Replace with your base domain
- cookie-samesite: lax
- cookie-expire: 12h # How long our Cookie is valid
- auth-logging: true # Enable / Disable auth logs
- request-logging: true # Enable / Disable request logs
- standard-logging: true # Enable / Disable the standart logs
- show-debug-on-error: true # Disable in production setups
- skip-provider-button: true # We only have one provider configured (Keycloak)
- silence-ping-logging: true # Keeps our logs clean
- whitelist-domain: ".simpledemo.onap.org" # Replace with your base domain
-
- # Enables and configure the automatic deployment of the redis subchart
- redis:
- # provision an instance of the redis sub-chart
- enabled: false
-
-
-serviceAccount:
- nameOverride: oauth2-proxy
- roles:
- - read
-
diff --git a/kubernetes/platform/values.yaml b/kubernetes/platform/values.yaml
index 5cc7612473..95c98f6eb4 100644
--- a/kubernetes/platform/values.yaml
+++ b/kubernetes/platform/values.yaml
@@ -34,15 +34,11 @@ global:
# Control deployment of Platform services at ONAP installation time
chartmuseum:
- enabled: true
+ enabled: false
cmpv2-cert-provider:
enabled: true
oom-cert-service:
enabled: true
-keycloak-init:
- enabled: false
-oauth2-proxy:
- enabled: false
flavor: small
# default number of instances
diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml
index b305ef48e1..9b631c7af5 100755
--- a/kubernetes/policy/Chart.yaml
+++ b/kubernetes/policy/Chart.yaml
@@ -1,7 +1,8 @@
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018, 2020 AT&T
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021, 2022, 2023, 2024 Nordix Foundation
+# Modifications Copyright © 2021-2024 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,7 +19,7 @@
apiVersion: v2
description: ONAP Policy
name: policy
-version: 14.0.0
+version: 14.0.5
dependencies:
- name: common
@@ -27,7 +28,7 @@ dependencies:
- name: mariadb-galera
version: ~13.x-0
repository: '@local'
- condition: global.mariadbGalera.localCluster
+ condition: global.mariadbGalera.useInPolicy,global.mariadbGalera.localCluster
- name: policy-nexus
version: ~14.x-0
repository: 'file://components/policy-nexus'
@@ -80,10 +81,6 @@ dependencies:
version: ~14.x-0
repository: 'file://components/policy-clamp-runtime-acm'
condition: policy-clamp-runtime-acm.enabled
- - name: policy-gui
- version: ~14.x-0
- repository: 'file://components/policy-gui'
- condition: policy-gui.enabled
- name: repositoryGenerator
version: ~13.x-0
repository: '@local'
@@ -96,4 +93,4 @@ dependencies:
- name: postgres
version: ~13.x-0
repository: '@local'
- condition: global.postgres.localCluster
+ condition: global.postgres.useInPolicy,global.postgres.localCluster
diff --git a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml
index c8a2862326..4ec4725860 100755
--- a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml
@@ -2,7 +2,7 @@
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021, 2024 Nordix Foundation
-# Modification (C) 2023 Deutsche Telekom. All rights reserved.
+# Modification (C) 2023-2024 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -22,7 +22,7 @@
apiVersion: v2
description: ONAP Policy APEX PDP
name: policy-apex-pdp
-version: 14.0.0
+version: 14.0.1
dependencies:
- name: common
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/authorizationpolicy.yaml
index 7158c0263f..5a9baa822f 100644
--- a/kubernetes/policy/components/policy-apex-pdp/templates/authorizationpolicy.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/authorizationpolicy.yaml
@@ -14,4 +14,4 @@
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }} \ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml
index de3e6d1004..3b25dc55a3 100755
--- a/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/deployment.yaml
@@ -3,7 +3,7 @@
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# Modifications Copyright © 2022 Nordix Foundation
-# Modification (C) 2023 Deutsche Telekom. All rights reserved.
+# Modification (C) 2023-2024 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -30,6 +30,7 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command: ["/bin/sh", "-cx"]
args:
@@ -62,8 +63,10 @@ spec:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: [ "/bin/sh", "-cx" ]
@@ -104,7 +107,8 @@ spec:
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: policy-logs
- emptyDir: {}
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
- name: apexconfig-input
configMap:
name: {{ include "common.fullname" . }}-configmap
@@ -112,4 +116,5 @@ spec:
- name: apexconfig
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
{{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml
index 4259381afe..6fc37c3d01 100644
--- a/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/kafkauser.yaml
@@ -14,4 +14,3 @@
# limitations under the License.
*/}}
{{ include "common.kafkauser" . }}
-
diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
index 3fd1a26f36..0c83a55651 100755
--- a/kubernetes/policy/components/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -2,7 +2,7 @@
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
# Modifications Copyright © 2022 Nordix Foundation
-# Modification (C) 2023 Deutsche Telekom. All rights reserved.
+# Modification (C) 2023-2024 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -47,7 +47,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-apex-pdp:3.1.2
+image: onap/policy-apex-pdp:3.1.3
pullPolicy: Always
# flag to enable debugging - application support required
@@ -114,12 +114,20 @@ resources:
memory: "2Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
#Pods Service Account
serviceAccount:
nameOverride: policy-apex-pdp
roles:
- read
+dirSizes:
+ logDir:
+ sizeLimit: 500Mi
+
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
diff --git a/kubernetes/policy/components/policy-api/Chart.yaml b/kubernetes/policy/components/policy-api/Chart.yaml
index 32c22cbe6c..f5c876646b 100755
--- a/kubernetes/policy/components/policy-api/Chart.yaml
+++ b/kubernetes/policy/components/policy-api/Chart.yaml
@@ -2,7 +2,7 @@
# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021, 2024 Nordix Foundation
-# Modification (C) 2023 Deutsche Telekom. All rights reserved.
+# Modification (C) 2023-2024 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -22,7 +22,7 @@
apiVersion: v2
description: ONAP Policy Design API
name: policy-api
-version: 14.0.0
+version: 14.0.2
dependencies:
- name: common
diff --git a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
index 4e73dc0b5b..c39a27bdeb 100644
--- a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
+++ b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
@@ -2,6 +2,7 @@
# Copyright (C) 2022 Bell Canada. All rights reserved.
# Modifications Copyright (C) 2022 AT&T Intellectual Property.
# Modification (C) 2023 Deutsche Telekom. All rights reserved.
+# Modifications Copyright © 2024 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -31,7 +32,7 @@ spring:
password: "${RESTSERVER_PASSWORD}"
mvc.converters.preferred-json-mapper: gson
datasource:
-{{ if not .Values.global.postgres.localCluster }}
+{{ if .Values.global.mariadbGalera.useInPolicy }}
url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
diff --git a/kubernetes/policy/components/policy-api/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-api/templates/authorizationpolicy.yaml
index 7158c0263f..5a9baa822f 100644
--- a/kubernetes/policy/components/policy-api/templates/authorizationpolicy.yaml
+++ b/kubernetes/policy/components/policy-api/templates/authorizationpolicy.yaml
@@ -14,4 +14,4 @@
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }} \ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
diff --git a/kubernetes/policy/components/policy-api/templates/configmap.yaml b/kubernetes/policy/components/policy-api/templates/configmap.yaml
index 9ab25fe2ac..6bb96fc1e5 100755
--- a/kubernetes/policy/components/policy-api/templates/configmap.yaml
+++ b/kubernetes/policy/components/policy-api/templates/configmap.yaml
@@ -37,4 +37,4 @@ binaryData:
{{- end }}
{{- end }}
data:
-{{ tpl (.Files.Glob "resources/config/*.{yaml,xml}").AsConfig . | indent 2 }} \ No newline at end of file
+{{ tpl (.Files.Glob "resources/config/*.{yaml,xml}").AsConfig . | indent 2 }}
diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml
index 8de035e5d1..f89945f90e 100755
--- a/kubernetes/policy/components/policy-api/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml
@@ -1,3 +1,23 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021-2024 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
apiVersion: apps/v1
kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
@@ -7,15 +27,16 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- /app/ready.py
args:
- --job-name
-{{ if not .Values.global.postgres.localCluster }}
- - {{ include "common.release" . }}-policy-galera-config
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+ - {{ include "common.release" . }}-policy-galera-migrator-config
{{ else }}
- - {{ include "common.release" . }}-policy-pg-config
+ - {{ include "common.release" . }}-policy-pg-migrator-config
{{ end }}
env:
- name: NAMESPACE
@@ -25,6 +46,7 @@ spec:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
name: {{ include "common.name" . }}-readiness
resources:
limits:
@@ -54,9 +76,11 @@ spec:
name: apiconfig-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/api/bin/policy-api.sh"]
@@ -85,6 +109,14 @@ spec:
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeout }}
volumeMounts:
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/api/etc/logback.xml
+ subPath: logback.xml
+ name: apiconfig-processed
- mountPath: /opt/app/policy/api/etc/mounted
name: apiconfig-processed
resources: {{ include "common.resources" . | nindent 12 }}
@@ -105,4 +137,11 @@ spec:
- name: apiconfig-processed
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml
index c76be2fb23..902268f41a 100755
--- a/kubernetes/policy/components/policy-api/values.yaml
+++ b/kubernetes/policy/components/policy-api/values.yaml
@@ -1,7 +1,8 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright (C) 2022 Bell Canada. All rights reserved.
-# Modification (C) 2023 Deutsche Telekom. All rights reserved.
+# Modification (C) 2023-2024 Deutsche Telekom. All rights reserved.
+# Modifications Copyright © 2024 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -25,7 +26,9 @@ global:
nodePortPrefix: 304
persistence: {}
postgres:
- localCluster: false
+ useInPolicy: false
+ mariadbGalera:
+ useInPolicy: true
#################################################################
# Secrets metaconfig
@@ -48,7 +51,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-api:3.1.2
+image: onap/policy-api:3.1.3
pullPolicy: Always
# flag to enable debugging - application support required
@@ -77,7 +80,7 @@ affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 60
+ initialDelaySeconds: 120
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
@@ -89,7 +92,7 @@ readiness:
api: /policy/api/v1/healthcheck
successThreshold: 1
failureThreshold: 3
- timeout: 60
+ timeout: 120
service:
type: ClusterIP
@@ -125,6 +128,16 @@ resources:
memory: "2Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+
#Pods Service Account
serviceAccount:
nameOverride: policy-api
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml
index e35dd3d6f0..a9d27d60a8 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/Chart.yaml
@@ -1,5 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2022-2024 Nordix Foundation. All rights reserved.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -19,7 +20,7 @@
apiVersion: v2
description: ONAP Policy Clamp A1PMS Participant
name: policy-clamp-ac-a1pms-ppnt
-version: 14.0.0
+version: 14.0.1
dependencies:
- name: common
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml
index 31aa1b746a..5bfa825e18 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/resources/config/A1pmsParticipantParameters.yaml
@@ -81,5 +81,3 @@ server:
context-path: /onap/policy/clamp/acm/a1pmsparticipant
ssl:
enabled: false
-
-
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/authorizationpolicy.yaml
index 7158c0263f..5a9baa822f 100644
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/authorizationpolicy.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/authorizationpolicy.yaml
@@ -14,4 +14,4 @@
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }} \ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml
index d34da146a5..b9eb83b3c5 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml
@@ -1,6 +1,7 @@
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2022-2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,6 +28,7 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- sh
@@ -50,9 +52,11 @@ spec:
name: ac-a1pms-ppnt-config-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/clamp/bin/a1pms-participant.sh"]
@@ -75,6 +79,14 @@ spec:
volumeMounts:
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-a1pms-ppnt-config-processed
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/clamp/etc/logback.xml
+ subPath: logback.xml
+ name: ac-a1pms-ppnt-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
@@ -93,4 +105,11 @@ spec:
- name: ac-a1pms-ppnt-config-processed
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service.yaml
index 19f522a71e..66aadf12c7 100644
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/service.yaml
@@ -1,21 +1,21 @@
-{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2022 Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ include "common.service" . }}
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
index 3f5e7dfc0d..a23e732c8b 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
@@ -1,5 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2022-2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -40,7 +41,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-a1pms-ppnt:7.1.2
+image: onap/policy-clamp-ac-a1pms-ppnt:7.1.3
pullPolicy: Always
componentName: &componentName policy-clamp-ac-a1pms-ppnt
@@ -115,6 +116,17 @@ resources:
cpu: "1"
memory: "2Gi"
unlimited: {}
+
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+
#Pods Service Account
serviceAccount:
nameOverride: *componentName
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml
index faa7014a79..979aa4f598 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml
@@ -1,5 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2021-2022, 2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -19,7 +20,7 @@
apiVersion: v2
description: ONAP Policy Clamp Controlloop Http Participant
name: policy-clamp-ac-http-ppnt
-version: 14.0.0
+version: 14.0.1
dependencies:
- name: common
@@ -31,4 +32,3 @@ dependencies:
- name: serviceAccount
version: ~13.x-0
repository: '@local'
-
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
index a04c37fe3d..d447360dd9 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
@@ -80,4 +80,3 @@ server:
context-path: /onap/httpparticipant
ssl:
enabled: false
-
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/authorizationpolicy.yaml
index 7158c0263f..5a9baa822f 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/authorizationpolicy.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/authorizationpolicy.yaml
@@ -14,4 +14,4 @@
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }} \ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml
index e502c1a091..dd7db7acee 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml
@@ -1,6 +1,7 @@
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2021-2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,6 +28,7 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- sh
@@ -50,9 +52,11 @@ spec:
name: ac-http-ppnt-config-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/clamp/bin/http-participant.sh"]
@@ -75,6 +79,14 @@ spec:
volumeMounts:
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-http-ppnt-config-processed
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/clamp/etc/logback.xml
+ subPath: logback.xml
+ name: ac-http-ppnt-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
@@ -93,4 +105,11 @@ spec:
- name: ac-http-ppnt-config-processed
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml
index e676ff13d7..be2449f890 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml
@@ -1,21 +1,21 @@
-{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ include "common.service" . }}
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
index 0bcc66e4e1..8593a3d316 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
@@ -1,5 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2021-2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -41,7 +42,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-http-ppnt:7.1.2
+image: onap/policy-clamp-ac-http-ppnt:7.1.3
pullPolicy: Always
componentName: &componentName policy-clamp-ac-http-ppnt
@@ -106,6 +107,17 @@ resources:
cpu: "1"
memory: "2Gi"
unlimited: {}
+
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+
#Pods Service Account
serviceAccount:
nameOverride: *componentName
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml
index aa6d08a3de..5a1cb6e80b 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml
@@ -2,6 +2,7 @@
# Copyright (C) 2021 Nordix Foundation. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021-2022, 2024 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -21,7 +22,7 @@
apiVersion: v2
description: ONAP Policy Clamp Controlloop K8s Participant
name: policy-clamp-ac-k8s-ppnt
-version: 14.0.0
+version: 14.0.1
dependencies:
- name: common
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/authorizationpolicy.yaml
index 7158c0263f..5a9baa822f 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/authorizationpolicy.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/authorizationpolicy.yaml
@@ -14,4 +14,4 @@
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }} \ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/configmap.yaml
index 8a6cf830ca..efd5a6cd53 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/configmap.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/configmap.yaml
@@ -33,4 +33,4 @@ data:
{{ tpl (.Files.Glob "resources/config/KubernetesParticipantParameters.yaml").AsConfig . | indent 2 }}
{{ toYaml .Values.repoList | indent 4 }}
{{- end }}
-{{ tpl (.Files.Glob "resources/config/*.{json,xml,sh}").AsConfig . | indent 2 }} \ No newline at end of file
+{{ tpl (.Files.Glob "resources/config/*.{json,xml,sh}").AsConfig . | indent 2 }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml
index cfc2fc7fac..a97ab22577 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml
@@ -1,6 +1,7 @@
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2021-2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,6 +28,7 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- sh
@@ -50,9 +52,11 @@ spec:
name: ac-k8s-ppnt-config-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/clamp/bin/kubernetes-participant.sh"]
@@ -75,6 +79,14 @@ spec:
volumeMounts:
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-k8s-ppnt-config-processed
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/clamp/etc/logback.xml
+ subPath: logback.xml
+ name: ac-k8s-ppnt-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
@@ -93,4 +105,11 @@ spec:
- name: ac-k8s-ppnt-config-processed
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/service.yaml
index 2439223192..02a6292df7 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/service.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/service.yaml
@@ -36,4 +36,3 @@ subjects:
- kind: ServiceAccount
name: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
namespace: {{ include "common.namespace" . }}
-
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
index 35530405bd..5e43b94965 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
@@ -1,5 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2021-2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -42,7 +43,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-k8s-ppnt:7.1.2
+image: onap/policy-clamp-ac-k8s-ppnt:7.1.3
pullPolicy: Always
componentName: &componentName policy-clamp-ac-k8s-ppnt
@@ -108,6 +109,16 @@ resources:
memory: "2Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+
#Pods Service Account
serviceAccount:
nameOverride: *componentName
@@ -145,4 +156,3 @@ kafkaUser:
- name: *acRuntimeTopic
type: topic
operations: [Read, Write]
-
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml
index 44c80ff879..863d07952f 100755
--- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml
@@ -1,5 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2023-2024 Nordix Foundation. All rights reserved.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -19,7 +20,7 @@
apiVersion: v2
description: ONAP Policy Clamp Kserve Participant
name: policy-clamp-ac-kserve-ppnt
-version: 14.0.0
+version: 14.0.1
dependencies:
- name: common
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml
index 89cf9494a3..6613235050 100755
--- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml
@@ -96,5 +96,3 @@ server:
context-path: /onap/policy/clamp/acm/kserveparticipant
ssl:
enabled: false
-
-
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml
index 7158c0263f..5a9baa822f 100644
--- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/authorizationpolicy.yaml
@@ -14,4 +14,4 @@
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }} \ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml
index 8574979cbc..3d1f4f8ca3 100755
--- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml
@@ -1,6 +1,7 @@
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,6 +28,7 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- sh
@@ -50,9 +52,11 @@ spec:
name: ac-kserve-ppnt-config-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/clamp/bin/kserve-participant.sh"]
@@ -75,6 +79,14 @@ spec:
volumeMounts:
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-kserve-ppnt-config-processed
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/clamp/etc/logback.xml
+ subPath: logback.xml
+ name: ac-kserve-ppnt-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
@@ -93,4 +105,11 @@ spec:
- name: ac-kserve-ppnt-config-processed
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml
index b7e7364eab..6fc37c3d01 100755
--- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml
@@ -1,16 +1,16 @@
-{{/*
-# Copyright © 2023 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{ include "common.kafkauser" . }}
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml
index ac5ee0b72f..073ffe9618 100644
--- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml
@@ -1,38 +1,38 @@
-{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2023 Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: {{ include "common.namespace" . }}-policy-clamp-ac-kserve-ppnt-binding
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
-subjects:
- - kind: ServiceAccount
- name: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
- namespace: {{ include "common.namespace" . }}
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "common.namespace" . }}-policy-clamp-ac-kserve-ppnt-binding
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
+ namespace: {{ include "common.namespace" . }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
index f19ebf0cb5..6f9868bc0d 100755
--- a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
@@ -1,5 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -41,7 +42,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-kserve-ppnt:7.1.2
+image: onap/policy-clamp-ac-kserve-ppnt:7.1.3
pullPolicy: Always
componentName: &componentName policy-clamp-ac-kserve-ppnt
@@ -106,6 +107,17 @@ resources:
cpu: "1"
memory: "1.4Gi"
unlimited: {}
+
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+
#Pods Service Account
serviceAccount:
nameOverride: *componentName
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml
index f860393f43..4460c18fcd 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml
@@ -1,5 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2021-2022, 2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -19,7 +20,7 @@
apiVersion: v2
description: ONAP Policy Clamp Controlloop Policy Participant
name: policy-clamp-ac-pf-ppnt
-version: 14.0.0
+version: 14.0.1
dependencies:
- name: common
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
index 1cd4ba318c..729a455d07 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
@@ -98,4 +98,3 @@ server:
context-path: /onap/policyparticipant
ssl:
enabled: false
-
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/authorizationpolicy.yaml
index 7158c0263f..5a9baa822f 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/authorizationpolicy.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/authorizationpolicy.yaml
@@ -14,4 +14,4 @@
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }} \ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml
index 9026309fa1..c29dca9c7d 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml
@@ -1,6 +1,7 @@
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2021-2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,6 +28,7 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- sh
@@ -58,9 +60,11 @@ spec:
name: ac-pf-ppnt-config-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/clamp/bin/policy-participant.sh"]
@@ -83,6 +87,14 @@ spec:
volumeMounts:
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-pf-ppnt-config-processed
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/clamp/etc/logback.xml
+ subPath: logback.xml
+ name: ac-pf-ppnt-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
@@ -101,4 +113,11 @@ spec:
- name: ac-pf-ppnt-config-processed
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml
index e676ff13d7..be2449f890 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml
@@ -1,21 +1,21 @@
-{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ include "common.service" . }}
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
index 7fc4f71eeb..97bebd00d2 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
@@ -1,5 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2021-2023 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -53,7 +54,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-pf-ppnt:7.1.2
+image: onap/policy-clamp-ac-pf-ppnt:7.1.3
pullPolicy: Always
componentName: &componentName policy-clamp-ac-pf-ppnt
@@ -127,6 +128,17 @@ resources:
cpu: "1"
memory: "2Gi"
unlimited: {}
+
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+
#Pods Service Account
serviceAccount:
nameOverride: *componentName
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml
index bdd6c99c53..ef9a7494ec 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml
@@ -1,7 +1,8 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2021, 2024 Nordix Foundation. All rights reserved.
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021-2022 Nordix Foundation
+# Modifications Copyright © 2021-2024 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -21,7 +22,7 @@
apiVersion: v2
description: ONAP Policy Clamp Controlloop Runtime
name: policy-clamp-runtime-acm
-version: 14.0.0
+version: 14.0.2
dependencies:
- name: common
@@ -32,5 +33,4 @@ dependencies:
repository: '@local'
- name: serviceAccount
version: ~13.x-0
- repository: '@local'
-
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
index 35e42c589d..2e09397806 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
@@ -1,5 +1,5 @@
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2023 Nordix Foundation.
+# Copyright (C) 2021-2024 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -25,8 +25,13 @@ spring:
converters:
preferred-json-mapper: gson
datasource:
- url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/clampacm
+ {{ if .Values.global.mariadbGalera.useInPolicy }}
+ url: jdbc:mariadb://{{ .Values.db.service.mariadbName }}:{{ .Values.db.service.mariadbPort }}/clampacm
driverClassName: org.mariadb.jdbc.Driver
+ {{ else }}
+ url: jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.pgPort }}/clampacm
+ driverClassName: org.postgresql.Driver
+ {{ end }}
username: ${SQL_USER}
password: ${SQL_PASSWORD}
hikari:
@@ -42,7 +47,11 @@ spring:
implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
properties:
hibernate:
- dialect: org.hibernate.dialect.MariaDB103Dialect
+ {{ if .Values.global.mariadbGalera.useInPolicy }}
+ dialect: org.hibernate.dialect.MariaDBDialect
+ {{ else }}
+ dialect: org.hibernate.dialect.PostgreSQLDialect
+ {{ end }}
format_sql: true
metrics:
@@ -105,4 +114,4 @@ management:
endpoints:
web:
exposure:
- include: health, metrics, prometheus
+ include: health, metrics, prometheus \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/authorizationpolicy.yaml
index 7158c0263f..5a9baa822f 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/authorizationpolicy.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/authorizationpolicy.yaml
@@ -14,4 +14,4 @@
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }} \ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml
index b0ea909e55..5a206b996e 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml
@@ -1,6 +1,7 @@
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2023 Nordix Foundation.
+# Copyright (C) 2021-2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,12 +28,17 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- - /app/ready.py
+ - /app/ready.py
args:
- - --job-name
- - {{ include "common.release" . }}-policy-galera-config
+ - --job-name
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+ - {{ include "common.release" . }}-policy-galera-migrator-config
+{{ else }}
+ - {{ include "common.release" . }}-policy-pg-migrator-config
+{{ end }}
env:
- name: NAMESPACE
valueFrom:
@@ -41,7 +47,8 @@ spec:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-galera-config-readiness
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ name: {{ include "common.name" . }}-db-config-readiness
resources:
limits:
cpu: "100m"
@@ -60,14 +67,16 @@ spec:
- name: SQL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- name: RUNTIME_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }}
- name: RUNTIME_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }}
+{{- if .Values.global.useStrimziKafka }}
- name: SASL_JAAS_CONFIG
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
+{{- end }}
volumeMounts:
- mountPath: /config-input
name: ac-runtime-config
@@ -75,9 +84,11 @@ spec:
name: ac-runtime-config-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/clamp/bin/acm-runtime.sh"]
@@ -98,19 +109,39 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - mountPath: /opt/app/policy/clamp/etc/mounted
- name: ac-runtime-config-processed
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/clamp/etc/logback.xml
+ subPath: logback.xml
+ name: ac-runtime-config-processed
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: ac-runtime-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
- name: ac-runtime-config
configMap:
name: {{ include "common.fullname" . }}-configmap
@@ -118,4 +149,5 @@ spec:
- name: ac-runtime-config-processed
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
{{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
index 6f2f230d3b..eb974d6ed2 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
@@ -1,5 +1,6 @@
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2023 Nordix Foundation.
+# Copyright (C) 2021-2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -22,6 +23,10 @@
global:
nodePortPrefixExt: 304
persistence: {}
+ postgres:
+ useInPolicy: false
+ mariadbGalera:
+ useInPolicy: true
#Strimzi Kafka properties
kafkaTopics:
acRuntimeTopic:
@@ -48,7 +53,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-runtime-acm:7.1.2
+image: onap/policy-clamp-runtime-acm:7.1.3
pullPolicy: Always
componentName: &componentName policy-clamp-runtime-acm
@@ -84,8 +89,10 @@ db:
user: policy-user
password: policy_user
service:
- name: policy-mariadb
- internalPort: 3306
+ mariadbName: policy-mariadb
+ mariadbPort: 3306
+ pgName: policy-pg-primary
+ pgPort: 5432
# default number of instances
replicaCount: 1
@@ -96,7 +103,7 @@ affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 60
+ initialDelaySeconds: 120
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
@@ -122,7 +129,6 @@ serviceMesh:
authorizationPolicy:
authorizedPrincipals:
- serviceAccount: strimzi-kafka-read
- - serviceAccount: policy-gui-read
flavor: small
resources:
@@ -142,6 +148,16 @@ resources:
memory: "2Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+
#Pods Service Account
serviceAccount:
nameOverride: *componentName
@@ -150,8 +166,8 @@ serviceAccount:
wait_for_job_container:
containers:
- - '{{ include "common.release" . }}-policy-galera-config'
+ - '{{ include "common.release" . }}-galera-migrator-config'
customNaming:
toscaElementName: org.onap.policy.clamp.acm.AutomationCompositionElement
- toscaCompositionName: org.onap.policy.clamp.acm.AutomationComposition \ No newline at end of file
+ toscaCompositionName: org.onap.policy.clamp.acm.AutomationComposition
diff --git a/kubernetes/policy/components/policy-distribution/Chart.yaml b/kubernetes/policy/components/policy-distribution/Chart.yaml
index 3de47d06e9..b2d1cde724 100755
--- a/kubernetes/policy/components/policy-distribution/Chart.yaml
+++ b/kubernetes/policy/components/policy-distribution/Chart.yaml
@@ -2,6 +2,7 @@
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021, 2024 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -21,7 +22,7 @@
apiVersion: v2
description: ONAP Policy Distribution
name: policy-distribution
-version: 14.0.0
+version: 14.0.1
dependencies:
- name: common
diff --git a/kubernetes/policy/components/policy-distribution/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-distribution/templates/authorizationpolicy.yaml
index 7158c0263f..5a9baa822f 100644
--- a/kubernetes/policy/components/policy-distribution/templates/authorizationpolicy.yaml
+++ b/kubernetes/policy/components/policy-distribution/templates/authorizationpolicy.yaml
@@ -14,4 +14,4 @@
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }} \ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
diff --git a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml
index 62a3bfc98e..fe08271288 100755
--- a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml
@@ -1,6 +1,7 @@
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2020 AT&T Intellectual Property.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,6 +28,7 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- sh
@@ -57,9 +59,11 @@ spec:
name: distributionconfig
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
@@ -86,6 +90,14 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/distribution/etc/logback.xml
+ subPath: logback.xml
+ name: distributionconfig
- mountPath: /opt/app/policy/distribution/etc/mounted
name: distributionconfig
resources: {{ include "common.resources" . | nindent 12 }}
@@ -106,4 +118,11 @@ spec:
- name: distributionconfig
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index ba160c86b2..f93dffe1ee 100755
--- a/kubernetes/policy/components/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -2,6 +2,7 @@
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
# Modifications Copyright (C) 2023 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -58,7 +59,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-distribution:3.1.2
+image: onap/policy-distribution:3.1.3
pullPolicy: Always
# flag to enable debugging - application support required
@@ -141,6 +142,16 @@ resources:
memory: "1Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+
#Pods Service Account
serviceAccount:
nameOverride: policy-distribution
diff --git a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml
index 63c4984ac9..25060ae593 100755
--- a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml
@@ -2,6 +2,7 @@
# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021, 2024 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,7 +19,7 @@
apiVersion: v2
description: ONAP Drools Policy Engine (PDP-D)
name: policy-drools-pdp
-version: 14.0.0
+version: 14.0.2
dependencies:
- name: common
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
index 2e6efae345..dc7f788405 100755..100644
--- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
@@ -2,6 +2,7 @@
# Copyright © 2017-2018 Amdocs, Bell Canada.
# Modifications Copyright (C) 2018-2020, 2022 AT&T Intellectual Property.
# Modifications Copyright (C) 2021 Bell Canada. All rights reserved.
+# Modifications Copyright (C) 2024 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,7 +19,7 @@
# JVM options
-JVM_OPTIONS={{.Values.server.jvmOpts}}
+JVM_OPTIONS={{ .Values.server.jvmOpts | quote }}
# SYSTEM software configuration
@@ -40,11 +41,21 @@ REPOSITORY_OFFLINE={{.Values.nexus.offline}}
# Relational (SQL) DB access
-SQL_HOST={{ .Values.db.name }}
-SQL_PORT=3306
-JDBC_URL=jdbc:mariadb://{{ .Values.db.name }}:3306/
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+SQL_HOST={{ .Values.db.mariadbName }}
+SQL_PORT={{ .Values.db.mariadbPort }}
+JDBC_URL=jdbc:mariadb://{{ .Values.db.mariadbName }}:{{ .Values.db.mariadbPort }}/
JDBC_OPTS=
+JDBC_DRIVER=org.mariadb.jdbc.Driver
MYSQL_CMD=
+{{ else }}
+SQL_HOST={{ .Values.db.pgName }}
+SQL_PORT={{ .Values.db.pgPort }}
+JDBC_URL=jdbc:postgresql://{{ .Values.db.pgName }}:{{ .Values.db.pgPort }}/
+JDBC_OPTS=
+JDBC_DRIVER=org.postgresql.Driver
+MYSQL_CMD=
+{{ end }}
# Liveness
LIVENESS_CONTROLLERS=*
@@ -92,7 +103,15 @@ DCAE_CONSUMER_GROUP=dcae.policy.shared
# Open DMaaP
KAFKA_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+KAFKA_ADDITIONAL_PROPS="{
+ \"group.id\": \"${GROUP_ID}\",
+ \"security.protocol\": \"SASL_PLAINTEXT\",
+ \"sasl.mechanism\": \"${SASL}\",
+ \"sasl.jaas.config\": \"${JAASLOGIN}\"
+ }"
+
DMAAP_HTTPS="false"
+KAFKA_HTTPS="false"
# AAI
@@ -122,4 +141,4 @@ SDNC_CONTEXT_URI=restconf/operations/
# CDS
CDS_GRPC_HOST={{.Values.cds.grpc.svcName}}
-CDS_GRPC_PORT={{.Values.cds.grpc.svcPort}}
+CDS_GRPC_PORT={{.Values.cds.grpc.svcPort}} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-distributed-locking.properties b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-distributed-locking.properties
new file mode 100644
index 0000000000..d4577b577a
--- /dev/null
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-distributed-locking.properties
@@ -0,0 +1,37 @@
+###
+# ============LICENSE_START=======================================================
+# ONAP
+# ================================================================================
+# Copyright (C) 2024 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+#Database properties
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+jakarta.persistence.jdbc.driver=org.mariadb.jdbc.Driver
+jakarta.persistence.jdbc.url=${envd:JDBC_URL}pooling${envd:JDBC_OPTS}
+jakarta.persistence.jdbc.user=${envd:SQL_USER}
+jakarta.persistence.jdbc.password=${envd:SQL_PASSWORD}
+{{ else }}
+jakarta.persistence.jdbc.driver=org.postgresql.Driver
+jakarta.persistence.jdbc.url=${envd:JDBC_URL}pooling${envd:JDBC_OPTS}
+jakarta.persistence.jdbc.user=${envd:SQL_USER}
+jakarta.persistence.jdbc.password=${envd:SQL_PASSWORD}
+{{ end }}
+
+# default property values are commented out
+#distributed.locking.expire.check.seconds=900
+#distributed.locking.retry.seconds=60
+#distributed.locking.max.retries=2 \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-lifecycle.properties b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-lifecycle.properties
new file mode 100644
index 0000000000..26e10122da
--- /dev/null
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-lifecycle.properties
@@ -0,0 +1,41 @@
+# ============LICENSE_START=======================================================
+# ONAP
+# ================================================================================
+# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright (C) 2024 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+lifecycle.pdp.group=${envd:POLICY_PDP_PAP_GROUP:defaultGroup}
+lifecycle.pdp.type=${envd:POLICY_PDP_PAP_TYPE:drools}
+
+# Mandatory policy types that this PDP-D must support at a minimum
+lifecycle.pdp.policytypes=${envd:POLICY_PDP_PAP_POLICYTYPES}
+
+kafka.source.topics=${envd:POLICY_PDP_PAP_TOPIC}
+kafka.sink.topics=${envd:POLICY_PDP_PAP_TOPIC}
+
+kafka.source.topics.policy-pdp-pap.servers=${envd:KAFKA_SERVERS}
+kafka.source.topics.policy-pdp-pap.effectiveTopic=${envd:POLICY_PDP_PAP_TOPIC}
+kafka.source.topics.policy-pdp-pap.apiKey=${envd:POLICY_PDP_PAP_API_KEY}
+kafka.source.topics.policy-pdp-pap.apiSecret=${envd:POLICY_PDP_PAP_API_SECRET}
+kafka.source.topics.policy-pdp-pap.https=${envd:KAFKA_HTTPS:false}
+kafka.source.topics.policy-pdp-pap.additionalProps=${envd:KAFKA_ADDITIONAL_PROPS}
+
+kafka.sink.topics.policy-pdp-pap.servers=${envd:KAFKA_SERVERS}
+kafka.sink.topics.policy-pdp-pap.effectiveTopic=${envd:POLICY_PDP_PAP_TOPIC}
+kafka.sink.topics.policy-pdp-pap.apiKey=${envd:POLICY_PDP_PAP_API_KEY}
+kafka.sink.topics.policy-pdp-pap.apiSecret=${envd:POLICY_PDP_PAP_API_SECRET}
+kafka.sink.topics.policy-pdp-pap.https=${envd:KAFKA_HTTPS:false}
+kafka.sink.topics.policy-pdp-pap.additionalProps=${envd:KAFKA_ADDITIONAL_PROPS}
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-messages.conf
index 006388af61..c9277b69d3 100755
--- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-messages.conf
@@ -1,6 +1,7 @@
{{/*
# Copyright 2018-2019 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada.
+# Modifications Copyright © 2024 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -15,4 +16,4 @@
# limitations under the License.
*/}}
-POOLING_TOPIC=pooling
+POOLING_TOPIC=policy-pdp-pooling
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/authorizationpolicy.yaml
index 7158c0263f..5a9baa822f 100644
--- a/kubernetes/policy/components/policy-drools-pdp/templates/authorizationpolicy.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/authorizationpolicy.yaml
@@ -14,4 +14,4 @@
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }} \ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml
index c7322b1f94..3f45b2f6e0 100755
--- a/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml
@@ -16,4 +16,3 @@
*/}}
{{ include "common.service" . }}
-
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
index ba0e2d1a41..a24476cc74 100755..100644
--- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
@@ -1,6 +1,8 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020, 2022 AT&T Intellectual Property
+# Modifications Copyright (C) 2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -25,12 +27,17 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- /app/ready.py
args:
- --job-name
- - {{ include "common.release" . }}-policy-galera-config
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+ - {{ include "common.release" . }}-policy-galera-migrator-config
+{{ else }}
+ - {{ include "common.release" . }}-policy-pg-migrator-config
+{{ end }}
env:
- name: NAMESPACE
valueFrom:
@@ -39,6 +46,7 @@ spec:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-db-readiness
resources:
limits:
@@ -69,6 +77,7 @@ spec:
value: {{ .Values.config.app.listener.policyPdpPapTopic }}
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-readiness
resources:
limits:
@@ -78,12 +87,43 @@ spec:
cpu: "3m"
memory: "20Mi"
{{- end }}
+ - command:
+ - sh
+ args:
+ - -c
+ - JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done
+ env:
+ - name: KAFKA_URL
+ value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ - name: SASL
+ value: {{ .Values.kafkaUser.authenticationType | upper }}
+ - name: GROUP_ID
+ value: {{ .Values.config.kafka.consumer.groupId }}
+ {{- if .Values.global.useStrimziKafka }}
+ - name: JAASLOGIN
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+ {{- end }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: drools-config
+ - mountPath: /config
+ name: drools-config-processed
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["sh","-c"]
- args: ["/opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"]
+ args:
+ - ls /tmp/policy-install;
+ /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot
ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
@@ -107,27 +147,58 @@ spec:
- name: SQL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
volumeMounts:
- {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
- - mountPath: /tmp/policy-install/config/{{ base $path }}
- name: drools-secret
- subPath: {{ base $path }}
- {{- end }}
- {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }}
- - mountPath: /tmp/policy-install/config/{{ base $path }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/etc/profile.d/base.conf
+ subPath: base.conf
+ name: drools-config-processed
+ - mountPath: /opt/app/policy/etc/profile.d/credentials.conf
+ subPath: credentials.conf
+ name: drools-config-processed
+ - mountPath: /opt/app/policy/etc/profile.d/feature-pooling-messages.conf
+ subPath: feature-pooling-messages.conf
+ name: drools-config-processed
+ - mountPath: /opt/app/policy/config/feature-lifecycle.properties
+ subPath: feature-lifecycle.properties
+ name: drools-config-processed
+ - mountPath: /opt/app/policy/config/engine-system.properties
+ subPath: engine-system.properties
+ name: drools-config-processed
+ - mountPath: /opt/app/policy/config/feature-distributed-locking.properties
+ subPath: feature-distributed-locking.properties
+ name: drools-config-processed
+ - mountPath: /opt/app/policy/config/logback.xml
+ subPath: logback.xml
name: drools-config
- subPath: {{ base $path }}
- {{- end }}
+ - mountPath: /opt/app/policy/config/settings.xml
+ subPath: settings.xml
+ name: drools-config-processed
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
- name: drools-config
configMap:
name: {{ include "common.fullname" . }}-configmap
@@ -137,6 +208,10 @@ spec:
path: {{ base $path }}
mode: 0755
{{- end }}
+ - name: drools-config-processed
+ emptyDir:
+ medium: Memory
+ sizeLimit: 64Mi
- name: drools-secret
secret:
secretName: {{ include "common.fullname" . }}-secret
diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml
index 992cf01938..f22d642e95 100755..100644
--- a/kubernetes/policy/components/policy-drools-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml
@@ -1,6 +1,8 @@
# Copyright © 2017 Amdocs
# Copyright © 2017, 2021 Bell Canada
# Modifications Copyright © 2018-2022 AT&T Intellectual Property
+# Modifications Copyright (C) 2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -19,7 +21,10 @@
#################################################################
global:
nodePortPrefix: 302
-
+ postgres:
+ useInPolicy: false
+ mariadbGalera:
+ useInPolicy: true
#################################################################
# Secrets metaconfig
#################################################################
@@ -41,7 +46,9 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:2.1.2
+# The newest images have been tested with SASL and Postgres. The images released next will have the relevant fixes
+image: onap/policy-pdpd-cl:2.1.3
+
pullPolicy: Always
# flag to enable debugging - application support required
@@ -86,7 +93,7 @@ serviceMesh:
- serviceAccount: strimzi-kafka-read
server:
- jvmOpts: -server -XshowSettings:vm
+ jvmOpts: "-server -XshowSettings:vm"
telemetry:
user: demo@people.osaaf.org
@@ -100,7 +107,10 @@ nexus:
offline: true
db:
- name: policy-mariadb
+ mariadbName: policy-mariadb
+ pgName: policy-pg-primary
+ mariadbPort: 3306
+ pgPort: 5432
user: policy-user
password: policy_user
@@ -171,6 +181,16 @@ resources:
memory: "1.6Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+
#Pods Service Account
serviceAccount:
nameOverride: policy-drools-pdp
@@ -218,3 +238,47 @@ kafkaUser:
type: topic
patternType: prefix
operations: [ Create, Describe, Read, Write ]
+ - name: a1-p-rsp
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: a1-p
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: appc-cl
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: appc-lcm-read
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: appc-lcm-write
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: dcae_cl_rsp
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: unauthenticated.dcae_cl_output
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: dcae_topic
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: policy-cl-mgt
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: sdnr-cl-rsp
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+ - name: sdnr-cl
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
diff --git a/kubernetes/policy/components/policy-nexus/Chart.yaml b/kubernetes/policy/components/policy-nexus/Chart.yaml
index 8d04647a75..dcb3c3ac72 100755
--- a/kubernetes/policy/components/policy-nexus/Chart.yaml
+++ b/kubernetes/policy/components/policy-nexus/Chart.yaml
@@ -2,6 +2,7 @@
# Modifications Copyright © 2018-2020 AT&T
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021, 2024 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,7 +19,7 @@
apiVersion: v2
description: ONAP Policy Nexus
name: policy-nexus
-version: 14.0.0
+version: 14.0.2
dependencies:
- name: common
diff --git a/kubernetes/policy/components/policy-nexus/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-nexus/templates/authorizationpolicy.yaml
index 7158c0263f..5a9baa822f 100644
--- a/kubernetes/policy/components/policy-nexus/templates/authorizationpolicy.yaml
+++ b/kubernetes/policy/components/policy-nexus/templates/authorizationpolicy.yaml
@@ -14,4 +14,4 @@
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }} \ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
diff --git a/kubernetes/policy/components/policy-nexus/templates/deployment.yaml b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml
index 3d03338836..fe183cfa24 100755
--- a/kubernetes/policy/components/policy-nexus/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -24,16 +25,19 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command: ["sh", "-c", "chown -R 200:200 /share"]
image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-init
volumeMounts:
- mountPath: /share
name: nexus-data
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
diff --git a/kubernetes/policy/components/policy-nexus/templates/service.yaml b/kubernetes/policy/components/policy-nexus/templates/service.yaml
index 6aee4ca230..8d13879023 100755
--- a/kubernetes/policy/components/policy-nexus/templates/service.yaml
+++ b/kubernetes/policy/components/policy-nexus/templates/service.yaml
@@ -15,4 +15,4 @@
# limitations under the License.
*/}}
-{{ include "common.service" . }} \ No newline at end of file
+{{ include "common.service" . }}
diff --git a/kubernetes/policy/components/policy-nexus/values.yaml b/kubernetes/policy/components/policy-nexus/values.yaml
index f10d55dcee..cc75a9fe15 100755
--- a/kubernetes/policy/components/policy-nexus/values.yaml
+++ b/kubernetes/policy/components/policy-nexus/values.yaml
@@ -1,5 +1,7 @@
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
+# Modifications Copyright © 2024 Deutsche Telekom
+# Modifications Copyright (C) 2024 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -19,6 +21,10 @@
global:
nodePortPrefix: 302
persistence: {}
+ postgres:
+ useInPolicy: false
+ mariadbGalera:
+ useInPolicy: true
#################################################################
# Application configuration defaults.
@@ -97,6 +103,10 @@ resources:
memory: "1Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
#Pods Service Account
serviceAccount:
nameOverride: policy-nexus
diff --git a/kubernetes/policy/components/policy-pap/Chart.yaml b/kubernetes/policy/components/policy-pap/Chart.yaml
index 0634118a4f..2122e6fb3f 100755
--- a/kubernetes/policy/components/policy-pap/Chart.yaml
+++ b/kubernetes/policy/components/policy-pap/Chart.yaml
@@ -3,6 +3,7 @@
# Modified Copyright (C) 2020 AT&T Intellectual Property.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021, 2024 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -22,7 +23,7 @@
apiVersion: v2
description: ONAP Policy Administration (PAP)
name: policy-pap
-version: 14.0.0
+version: 14.0.2
dependencies:
- name: common
@@ -33,4 +34,4 @@ dependencies:
repository: '@local'
- name: serviceAccount
version: ~13.x-0
- repository: '@local'
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
index 614116ae23..58dfc9f497 100644
--- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
+++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
@@ -1,6 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2022 Bell Canada. All rights reserved.
-# Modifications Copyright © 2022 Nordix Foundation
+# Modifications Copyright © 2022-2024 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -26,7 +26,7 @@ spring:
converters:
preferred-json-mapper: gson
datasource:
-{{ if not .Values.global.postgres.localCluster }}
+{{ if .Values.global.mariadbGalera.useInPolicy }}
url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
@@ -34,9 +34,6 @@ spring:
hikari:
maximumPoolSize: 20
jpa:
- properties:
- hibernate:
- dialect: org.hibernate.dialect.MariaDB103Dialect
hibernate:
ddl-auto: none
naming:
@@ -58,10 +55,6 @@ spring:
naming:
physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
- properties:
- hibernate:
- dialect: org.hibernate.dialect.PostgreSQLDialect
- format_sql: true
{{ end }}
server:
@@ -73,7 +66,6 @@ server:
pap:
name: PapGroup
- aaf: false
topic:
pdp-pap.name: {{ .Values.config.kafka.topics.policyPdpPap }}
notification.name: {{ .Values.config.kafka.topics.policyNotification }}
@@ -151,13 +143,6 @@ pap:
password: "${API_PASSWORD}"
useHttps: false
basePath: policy/api/v1/healthcheck
- - clientName: distribution
- hostname: policy-distribution
- port: 6969
- userName: "${DISTRIBUTION_USER}"
- password: "${DISTRIBUTION_PASSWORD}"
- useHttps: false
- basePath: healthcheck
management:
endpoints:
diff --git a/kubernetes/policy/components/policy-pap/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-pap/templates/authorizationpolicy.yaml
index 7158c0263f..5a9baa822f 100644
--- a/kubernetes/policy/components/policy-pap/templates/authorizationpolicy.yaml
+++ b/kubernetes/policy/components/policy-pap/templates/authorizationpolicy.yaml
@@ -14,4 +14,4 @@
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }} \ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
index 9ca8b84a47..f7c400865f 100755..100644
--- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
@@ -2,6 +2,8 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2020 AT&T Intellectual Property.
# Modifications Copyright (C) 2022 Bell Canada. All rights reserved.
+# Modifications Copyright (C) 2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -28,23 +30,26 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- - /app/ready.py
+ - /app/ready.py
args:
- - --job-name
-{{ if not .Values.global.postgres.localCluster }}
- - {{ include "common.release" . }}-policy-galera-config
+ - --job-name
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+ - {{ include "common.release" . }}-policy-galera-migrator-config
{{ else }}
- - {{ include "common.release" . }}-policy-pg-config
-{{ end }} env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
+ - {{ include "common.release" . }}-policy-pg-migrator-config
+{{ end }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-db-readiness
resources:
limits:
@@ -75,11 +80,13 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }}
- name: DISTRIBUTION_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }}
+{{- if .Values.global.useStrimziKafka }}
- name: JAASLOGIN
valueFrom:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
+{{- end }}
volumeMounts:
- mountPath: /config-input
name: papconfig
@@ -87,9 +94,11 @@ spec:
name: papconfig-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -121,19 +130,39 @@ spec:
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeout }}
volumeMounts:
- - mountPath: /opt/app/policy/pap/etc/mounted
- name: papconfig-processed
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/pap/etc/logback.xml
+ subPath: logback.xml
+ name: papconfig-processed
+ - name: papconfig-processed
+ mountPath: /opt/app/policy/pap/etc/mounted
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
- name: papconfig
configMap:
name: {{ include "common.fullname" . }}-configmap
@@ -141,4 +170,5 @@ spec:
- name: papconfig-processed
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
{{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index 4b8ed70fcc..4c6f5355e0 100755
--- a/kubernetes/policy/components/policy-pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -2,7 +2,8 @@
# Copyright (C) 2019 Nordix Foundation.
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
# Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved.
-# Modifications Copyright © 2022 Nordix Foundation
+# Modifications Copyright © 2022-2024 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -26,7 +27,9 @@ global:
nodePortPrefixExt: 304
persistence: {}
postgres:
- localCluster: false
+ useInPolicy: false
+ mariadbGalera:
+ useInPolicy: true
#################################################################
# Secrets metaconfig
@@ -68,7 +71,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pap:3.1.2
+image: onap/policy-pap:3.1.3
pullPolicy: Always
# flag to enable debugging - application support required
@@ -159,6 +162,16 @@ resources:
memory: "2Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+
#Pods Service Account
serviceAccount:
nameOverride: policy-pap
@@ -224,4 +237,3 @@ kafkaUser:
type: topic
patternType: prefix
operations: [Create, Describe, Read, Write]
-
diff --git a/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml
index a46d6128e8..a02171ef31 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml
@@ -2,6 +2,7 @@
# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021, 2024 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -21,7 +22,7 @@
apiVersion: v2
description: ONAP Policy XACML PDP (PDP-X)
name: policy-xacml-pdp
-version: 14.0.0
+version: 14.0.3
dependencies:
- name: common
diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties
index d2e9c62edf..3df3578fd2 100755..100644
--- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties
+++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties
@@ -1,4 +1,22 @@
{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2024 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
#
# Properties that the embedded PDP engine uses to configure and load
#
@@ -49,8 +67,14 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome
#
# JPA Properties
#
+{{ if .Values.global.mariadbGalera.useInPolicy }}
eclipselink.target-database=MySQL
-javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
-javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory
-javax.persistence.jdbc.user=${SQL_USER}
-javax.persistence.jdbc.password=${SQL_PASSWORD}
+jakarta.persistence.jdbc.driver=org.mariadb.jdbc.Driver
+jakarta.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.mariadbName }}:{{ .Values.db.service.mariadbPort }}/operationshistory
+{{ else }}
+eclipselink.target-database=PostgreSQL
+jakarta.persistence.jdbc.driver=org.postgresql.Driver
+jakarta.persistence.jdbc.url=jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.pgPort }}/operationhistory
+{{ end }}
+jakarta.persistence.jdbc.user=${SQL_USER}
+jakarta.persistence.jdbc.password=${SQL_PASSWORD} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml
index 7158c0263f..5a9baa822f 100644
--- a/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/authorizationpolicy.yaml
@@ -14,4 +14,4 @@
# limitations under the License.
*/}}
-{{ include "common.authorizationPolicy" . }} \ No newline at end of file
+{{ include "common.authorizationPolicy" . }}
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
index cda1aa4bae..828f6ec2c7 100755..100644
--- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
@@ -1,6 +1,8 @@
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2020 AT&T Intellectual Property.
+# Modifications Copyright (C) 2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,12 +29,17 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
initContainers:
- command:
- /app/ready.py
args:
- --job-name
- - {{ include "common.release" . }}-policy-galera-config
+{{ if .Values.global.mariadbGalera.useInPolicy }}
+ - {{ include "common.release" . }}-policy-galera-migrator-config
+{{ else }}
+ - {{ include "common.release" . }}-policy-pg-migrator-config
+{{ end }}
env:
- name: NAMESPACE
valueFrom:
@@ -41,6 +48,7 @@ spec:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-readiness
resources:
limits:
@@ -87,9 +95,11 @@ spec:
name: pdpxconfig-processed
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
name: {{ include "common.name" . }}-update-config
containers:
- name: {{ include "common.name" . }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
@@ -110,19 +120,87 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+ - name: policy-guard
+ mountPath: /opt/app/policy/pdpx/apps/guard
+ - name: pdpxconfig-processed
+ mountPath: /opt/app/policy/pdpx/apps/guard/xacml.properties
+ subPath: xacml.properties
+ - name: policy-match
+ mountPath: /opt/app/policy/pdpx/apps/match
+ - name: pdpxconfig-processed
+ mountPath: /opt/app/policy/pdpx/apps/match/xacml.properties
+ subPath: xacml.properties
+ - name: policy-monitoring
+ mountPath: /opt/app/policy/pdpx/apps/monitoring
+ - name: pdpxconfig-processed
+ mountPath: /opt/app/policy/pdpx/apps/monitoring/xacml.properties
+ subPath: xacml.properties
+ - name: policy-naming
+ mountPath: /opt/app/policy/pdpx/apps/naming
+ - name: pdpxconfig-processed
+ mountPath: /opt/app/policy/pdpx/apps/naming/xacml.properties
+ subPath: xacml.properties
+ - name: policy-native
+ mountPath: /opt/app/policy/pdpx/apps/native
+ - name: pdpxconfig-processed
+ mountPath: /opt/app/policy/pdpx/apps/native/xacml.properties
+ subPath: xacml.properties
+ - name: policy-optimization
+ mountPath: /opt/app/policy/pdpx/apps/optimization
+ - name: pdpxconfig-processed
+ mountPath: /opt/app/policy/pdpx/apps/optimization/xacml.properties
+ subPath: xacml.properties
+ - name: logs
+ mountPath: /var/log/onap
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - mountPath: /opt/app/policy/pdpx/etc/logback.xml
+ subPath: logback.xml
+ name: pdpxconfig-processed
- mountPath: /opt/app/policy/pdpx/etc/mounted
name: pdpxconfig-processed
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: policy-guard
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }}
+ - name: policy-match
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }}
+ - name: policy-monitoring
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }}
+ - name: policy-naming
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }}
+ - name: policy-native
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }}
+ - name: policy-optimization
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.policyDir.sizeLimit }}
+ - name: empty-dir
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.emptyDir.sizeLimit }}
+ - name: logs
+ emptyDir:
+ sizeLimit: {{ .Values.dirSizes.logDir.sizeLimit }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
- name: pdpxconfig
configMap:
name: {{ include "common.fullname" . }}-configmap
@@ -130,4 +208,5 @@ spec:
- name: pdpxconfig-processed
emptyDir:
medium: Memory
+ sizeLimit: 64Mi
{{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml
index 3e76c2ba36..6dabd951b9 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml
@@ -18,4 +18,4 @@
# ============LICENSE_END=========================================================
*/}}
-{{ include "common.service" . }} \ No newline at end of file
+{{ include "common.service" . }}
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index c9a5a068fb..b20ab89370 100755..100644
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -1,5 +1,7 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright (C) 2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -21,7 +23,10 @@
#################################################################
global:
persistence: {}
-
+ postgres:
+ useInPolicy: false
+ mariadbGalera:
+ useInPolicy: true
#################################################################
# Secrets metaconfig
#################################################################
@@ -49,7 +54,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:3.1.2
+image: onap/policy-xacml-pdp:3.1.3
pullPolicy: Always
componentName: &componentName policy-xacml-pdp
@@ -63,8 +68,10 @@ db:
user: policy-user
password: policy_user
service:
- name: policy-mariadb
- internalPort: 3306
+ mariadbName: policy-mariadb
+ mariadbPort: 3306
+ pgName: policy-pg-primary
+ pgPort: 5432
restServer:
user: healthcheck
@@ -147,6 +154,18 @@ resources:
memory: "2Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 102
+
+dirSizes:
+ emptyDir:
+ sizeLimit: 1Gi
+ logDir:
+ sizeLimit: 500Mi
+ policyDir:
+ sizeLimit: 100Mi
+
#Pods Service Account
serviceAccount:
nameOverride: *componentName
@@ -194,5 +213,3 @@ kafkaUser:
type: topic
patternType: prefix
operations: [ Create, Describe, Read, Write ]
-
-
diff --git a/kubernetes/policy/resources/config/db-pg.sh b/kubernetes/policy/resources/config/db-pg.sh
index f26a80fad7..913ccc7728 100644
--- a/kubernetes/policy/resources/config/db-pg.sh
+++ b/kubernetes/policy/resources/config/db-pg.sh
@@ -1,7 +1,7 @@
#!/bin/sh
#
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2024 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -20,10 +20,10 @@
export PGPASSWORD=${PG_ADMIN_PASSWORD};
-psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE USER ${PG_USER} WITH PASSWORD '${PG_USER_PASSWORD}'"
+psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE USER \"${PG_USER}\" WITH PASSWORD '${PG_USER_PASSWORD}'"
for db in migration pooling policyadmin policyclamp operationshistory clampacm
do
psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE DATABASE ${db};"
- psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "GRANT ALL PRIVILEGES ON DATABASE ${db} TO ${PG_USER};"
-done
+ psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "GRANT ALL PRIVILEGES ON DATABASE ${db} TO \"${PG_USER}\";"
+done \ No newline at end of file
diff --git a/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh b/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh
index 53921ab751..15a6e3224f 100644
--- a/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh
+++ b/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh
@@ -1,6 +1,6 @@
#!/bin/sh
{{/*
-# Copyright (C) 2022 Nordix Foundation.
+# Copyright (C) 2022, 2024 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,8 +14,19 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB}
-/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o upgrade
-rc=$?
-/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o report
-exit $rc
+
+for schema in ${SQL_DB}; do
+ echo "Initializing $schema..."
+ /opt/app/policy/bin/prepare_upgrade.sh ${schema}
+
+ /opt/app/policy/bin/db-migrator-pg -s ${schema} -o report
+
+ /opt/app/policy/bin/db-migrator-pg -s ${schema} -o upgrade
+ rc=$?
+
+ /opt/app/policy/bin/db-migrator-pg -s ${schema} -o report
+
+ if [ "$rc" != 0 ]; then
+ break
+ fi
+done
diff --git a/kubernetes/policy/resources/config/db_migrator_policy_init.sh b/kubernetes/policy/resources/config/db_migrator_policy_init.sh
index d1cc108fec..a1d8fd89ea 100644
--- a/kubernetes/policy/resources/config/db_migrator_policy_init.sh
+++ b/kubernetes/policy/resources/config/db_migrator_policy_init.sh
@@ -1,6 +1,6 @@
#!/bin/sh
{{/*
-# Copyright (C) 2021 Nordix Foundation.
+# Copyright (C) 2021, 2024 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -14,8 +14,21 @@
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB}
-/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o upgrade
-rc=$?
-/opt/app/policy/bin/db-migrator -s ${SQL_DB} -o report
-exit $rc
+
+for schema in ${SQL_DB}; do
+ echo "Initializing $schema..."
+ /opt/app/policy/bin/prepare_upgrade.sh ${schema}
+
+ /opt/app/policy/bin/db-migrator -s ${schema} -o report
+
+ /opt/app/policy/bin/db-migrator -s ${schema} -o upgrade
+ rc=$?
+
+ /opt/app/policy/bin/db-migrator -s ${schema} -o report
+
+ if [ "$rc" != 0 ]; then
+ break
+ fi
+done
+
+exit $rc \ No newline at end of file
diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml
index 3880d2383c..3886a85d11 100755
--- a/kubernetes/policy/templates/job.yaml
+++ b/kubernetes/policy/templates/job.yaml
@@ -1,7 +1,8 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2022 Nordix Foundation.
+# Modifications Copyright (C) 2022-2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -16,7 +17,7 @@
# limitations under the License.
*/}}
-{{ if not .Values.global.postgres.localCluster }}
+{{ if .Values.global.mariadbGalera.useInPolicy }}
apiVersion: batch/v1
kind: Job
metadata:
@@ -33,6 +34,7 @@ spec:
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}-galera-init
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
{{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_mariadb ) | indent 6 | trim }}
@@ -40,6 +42,7 @@ spec:
- name: {{ include "common.name" . }}-galera-config
image: {{ include "repositoryGenerator.image.mariadb" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
volumeMounts:
- mountPath: /dbcmd-config/db.sh
name: {{ include "common.fullname" . }}-config
@@ -48,7 +51,7 @@ spec:
- /bin/sh
- -cx
- |
- {{- if include "common.onServiceMesh" . }}
+ {{- if include "common.requireSidecarKiller" . }}
echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
/dbcmd-config/db.sh
env:
@@ -61,10 +64,11 @@ spec:
- name: MYSQL_PORT
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if (include "common.onServiceMesh" .) }}
+ {{- if (include "common.requireSidecarKiller" .) }}
- name: policy-service-mesh-wait-for-job-container
image: {{ include "repositoryGenerator.image.quitQuit" . }}
imagePullPolicy: Always
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
command:
- /bin/sh
- "-c"
@@ -77,6 +81,14 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
{{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
@@ -90,7 +102,7 @@ spec:
path: db.sh
{{ end }}
-{{ if .Values.global.postgres.localCluster }}
+{{ if .Values.global.postgres.useInPolicy }}
---
apiVersion: batch/v1
kind: Job
@@ -108,6 +120,7 @@ spec:
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}-pg-init
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
{{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_postgres ) | indent 6 | trim }}
@@ -115,6 +128,7 @@ spec:
- name: {{ include "common.name" . }}-pg-config
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.postgresImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
volumeMounts:
- mountPath: /docker-entrypoint-initdb.d/db-pg.sh
name: {{ include "common.fullname" . }}-config
@@ -123,7 +137,7 @@ spec:
- /bin/sh
- -cx
- |
- {{- if include "common.onServiceMesh" . }}
+ {{- if include "common.requireSidecarKiller" . }}
echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
/docker-entrypoint-initdb.d/db-pg.sh
env:
@@ -138,8 +152,9 @@ spec:
- name: PG_PORT
value: "{{ .Values.postgres.service.internalPort }}"
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if (include "common.onServiceMesh" .) }}
+ {{- if (include "common.requireSidecarKiller" .) }}
- name: policy-service-mesh-wait-for-job-container
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
image: {{ include "repositoryGenerator.image.quitQuit" . }}
imagePullPolicy: Always
command:
@@ -154,6 +169,14 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{ include "common.containerSecurityContext" . | indent 8 | trim }}
+ resources:
+ limits:
+ cpu: 100m
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 10Mi
{{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
@@ -166,97 +189,104 @@ spec:
- key: db-pg.sh
path: db-pg.sh
{{ end }}
-
---
-{{ if not .Values.global.postgres.localCluster }}
+{{ if .Values.global.mariadbGalera.useInPolicy }}
apiVersion: batch/v1
kind: Job
metadata:
- name: {{ include "common.fullname" . }}-galera-config
+ name: {{ include "common.fullname" . }}-galera-migrator-config
namespace: {{ include "common.namespace" . }}
labels:
- app: {{ include "common.name" . }}-galera-config
+ app: {{ include "common.name" . }}-galera-migrator-config
release: {{ include "common.release" . }}
spec:
template:
metadata:
labels:
- app: {{ include "common.name" . }}-galera-config
+ app: {{ include "common.name" . }}-galera-migrator-config
release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}-galera-config
+ name: {{ include "common.name" . }}-galera-migrator-config
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.fullname" . }}-galera-init
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ - name: {{ include "common.name" . }}-init-readiness
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.fullname" . }}-galera-init
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- - name: {{ include "common.name" . }}-galera-db-migrator
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /dbcmd-config/db_migrator_policy_init.sh
- name: {{ include "common.fullname" . }}-config
- subPath: db_migrator_policy_init.sh
- command:
- - /bin/sh
- - -cx
- - |
- {{- if include "common.onServiceMesh" . }}
- echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
- /dbcmd-config/db_migrator_policy_init.sh
- env:
- - name: SQL_HOST
- value: "{{ index .Values "mariadb-galera" "service" "name" }}"
- - name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: SQL_DB
- value: {{ .Values.dbmigrator.schema }}
- - name: POLICY_HOME
- value: {{ .Values.dbmigrator.policy_home }}
- - name: SCRIPT_DIRECTORY
- value: "sql"
- resources: {{ include "common.resources" . | nindent 10 }}
- {{- if (include "common.onServiceMesh" .) }}
- - name: policy-service-mesh-wait-for-job-container
- image: {{ include "repositoryGenerator.image.quitQuit" . }}
- imagePullPolicy: Always
- command:
- - /bin/sh
- - "-c"
- args:
- - echo "waiting 10s for istio side cars to be up"; sleep 10s;
- /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-db-migrator -t 45;
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-galera-db-migrator
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /opt/app/policy/etc/db/
+ name: {{ include "common.fullname" . }}-migration-writable
+ - mountPath: /dbcmd-config/db_migrator_policy_init.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db_migrator_policy_init.sh
+ command:
+ - /bin/sh
+ - -cx
+ - |
+ {{- if include "common.requireSidecarKiller" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ /dbcmd-config/db_migrator_policy_init.sh
+ env:
+ - name: SQL_HOST
+ value: "{{ index .Values "mariadb-galera" "service" "name" }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: SQL_DB
+ value: {{ .Values.dbmigrator.schemas }}
+ - name: POLICY_HOME
+ value: {{ .Values.dbmigrator.policy_home }}
+ - name: SCRIPT_DIRECTORY
+ value: "sql"
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if (include "common.requireSidecarKiller" .) }}
+ - name: policy-service-mesh-wait-for-job-container
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ image: {{ include "repositoryGenerator.image.quitQuit" . }}
+ imagePullPolicy: Always
+ command:
+ - /bin/sh
+ - "-c"
+ args:
+ - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+ /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-db-migrator -t 45;
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
{{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: {{ include "common.fullname" . }}-migration-writable
+ emptyDir: {}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-db-configmap
@@ -265,98 +295,106 @@ spec:
- key: db_migrator_policy_init.sh
path: db_migrator_policy_init.sh
{{ end }}
-{{ if .Values.global.postgres.localCluster }}
+{{ if .Values.global.postgres.useInPolicy }}
---
apiVersion: batch/v1
kind: Job
metadata:
- name: {{ include "common.fullname" . }}-pg-config
+ name: {{ include "common.fullname" . }}-pg-migrator-config
namespace: {{ include "common.namespace" . }}
labels:
- app: {{ include "common.name" . }}-pg-config
+ app: {{ include "common.name" . }}-pg-migrator-config
release: {{ include "common.release" . }}
spec:
template:
metadata:
labels:
- app: {{ include "common.name" . }}-pg-config
+ app: {{ include "common.name" . }}-pg-migrator-config
release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}-pg-config
+ name: {{ include "common.name" . }}-pg-migrator-config
spec:
+ {{ include "common.podSecurityContext" . | indent 6 | trim }}
{{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.fullname" . }}-pg-init
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: "100m"
- memory: "500Mi"
- requests:
- cpu: "3m"
- memory: "20Mi"
+ - name: {{ include "common.name" . }}-init-readiness
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.fullname" . }}-pg-init
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- - name: {{ include "common.name" . }}-pg-db-migrator
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh
- name: {{ include "common.fullname" . }}-config
- subPath: db_migrator_pg_policy_init.sh
- command:
- - /bin/sh
- - -cx
- - |
- {{- if include "common.onServiceMesh" . }}
- echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
- /dbcmd-config/db_migrator_pg_policy_init.sh
- env:
- - name: SQL_HOST
- value: "{{ .Values.postgres.service.name2 }}"
- - name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- - name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- - name: SQL_DB
- value: {{ .Values.dbmigrator.schema }}
- - name: POLICY_HOME
- value: {{ .Values.dbmigrator.policy_home }}
- - name: SCRIPT_DIRECTORY
- value: "postgres"
- - name: PGPASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- resources: {{ include "common.resources" . | nindent 10 }}
- {{- if (include "common.onServiceMesh" .) }}
- - name: policy-service-mesh-wait-for-job-container
- image: {{ include "repositoryGenerator.image.quitQuit" . }}
- imagePullPolicy: Always
- command:
- - /bin/sh
- - "-c"
- args:
- - echo "waiting 10s for istio side cars to be up"; sleep 10s;
- /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45;
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-pg-db-migrator
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ volumeMounts:
+ - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db_migrator_pg_policy_init.sh
+ - mountPath: /opt/app/policy/etc/db/
+ name: {{ include "common.fullname" . }}-migration-writable
+ command:
+ - /bin/sh
+ - -cx
+ - |
+ {{- if include "common.requireSidecarKiller" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ /dbcmd-config/db_migrator_pg_policy_init.sh
+ env:
+ - name: SQL_HOST
+ value: "{{ .Values.postgres.service.name2 }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: SQL_DB
+ value: {{ .Values.dbmigrator.schemas }}
+ - name: POLICY_HOME
+ value: {{ .Values.dbmigrator.policy_home }}
+ - name: SCRIPT_DIRECTORY
+ value: "postgres"
+ - name: PGPASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if (include "common.requireSidecarKiller" .) }}
+ - name: policy-service-mesh-wait-for-job-container
+ image: {{ include "repositoryGenerator.image.quitQuit" . }}
+ imagePullPolicy: Always
+ {{ include "common.containerSecurityContext" . | indent 10 | trim }}
+ command:
+ - /bin/sh
+ - "-c"
+ args:
+ - echo "waiting 10s for istio side cars to be up"; sleep 10s;
+ /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45;
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
{{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
+ - name: {{ include "common.fullname" . }}-migration-writable
+ emptyDir: {}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-db-configmap
@@ -364,4 +402,4 @@ spec:
items:
- key: db_migrator_pg_policy_init.sh
path: db_migrator_pg_policy_init.sh
-{{ end }}
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/policy/templates/policy-kafka-user.yaml b/kubernetes/policy/templates/policy-kafka-user.yaml
index ed399ed9c7..d004cbe116 100644
--- a/kubernetes/policy/templates/policy-kafka-user.yaml
+++ b/kubernetes/policy/templates/policy-kafka-user.yaml
@@ -1,5 +1,6 @@
{{/*
# Copyright © 2022-2023 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -29,16 +30,20 @@ spec:
- resource:
type: group
name: {{ .Values.config.policyPdpPapTopic.consumer.groupId }}
- operation: All
+ operations:
+ - All
- resource:
type: topic
name: {{ .Values.config.policyPdpPapTopic.name }}
- operation: All
+ operations:
+ - All
- resource:
type: topic
name: {{ .Values.config.policyHeartbeatTopic.name }}
- operation: All
+ operations:
+ - All
- resource:
type: topic
name: {{ .Values.config.policyNotificationTopic.name }}
- operation: All
+ operations:
+ - All
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 0291a0652d..67f4dbd1e5 100755..100644
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -1,6 +1,7 @@
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021-2023 Nordix Foundation.
+# Modifications Copyright (C) 2021-2024 Nordix Foundation.
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -34,6 +35,7 @@ global:
nameOverride: *mariadbService
# (optional) if localCluster=false and an external secret is used set this variable
#userRootSecret: <secretName>
+ useInPolicy: true
prometheusEnabled: false
postgres:
localCluster: false
@@ -43,8 +45,10 @@ global:
name3: tcp-pgset-replica
container:
name: postgres
+ useInPolicy: false
kafkaBootstrap: strimzi-kafka-bootstrap:9092
policyKafkaUser: policy-kafka-user
+ useStrimziKafka: true
kafkaTopics:
acRuntimeTopic:
name: policy.clamp-runtime-acm
@@ -55,8 +59,8 @@ secrets:
- uid: db-root-password
name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
type: password
- externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
- ternary (( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
+ externalSecret: '{{ or .Values.global.postgres.useInPolicy .Values.global.mariadbGalera.useInPolicy | ternary (
+ ( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
ternary
""
(tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
@@ -157,18 +161,17 @@ policy-nexus:
enabled: false
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
-policy-gui:
- enabled: false
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
#################################################################
# DB configuration defaults.
#################################################################
dbmigrator:
- image: onap/policy-db-migrator:3.1.2
- schema: policyadmin
+ # New released image will allow full SASL and Postgres (drools included). Tested with snapshot. Release to come later.
+ image: onap/policy-db-migrator:3.1.3
+ # These schemas will be required with the new version of db-migrator
+ # schemas: "policyadmin clampacm pooling operationshistory"
+ schemas: "policyadmin"
policy_home: "/opt/app/policy"
subChartsOnly:
@@ -300,8 +303,12 @@ resources:
memory: "2Gi"
unlimited: {}
+securityContext:
+ user_id: 100
+ group_id: 65533
+
#Pods Service Account
serviceAccount:
nameOverride: policy
roles:
- - read
+ - read \ No newline at end of file
diff --git a/kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml
index ec9769d819..d925060b81 100644
--- a/kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-bff/Chart.yaml
@@ -34,7 +34,7 @@ version: 13.0.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: latest
+appVersion: 0.1.0
dependencies:
- name: common
diff --git a/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml
index 14a0f941d1..4b62b5def2 100644
--- a/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-history/Chart.yaml
@@ -34,7 +34,7 @@ version: 13.0.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: latest
+appVersion: 0.1.1
dependencies:
- name: common
@@ -47,5 +47,5 @@ dependencies:
version: ~13.x-0
repository: '@local'
- name: mongodb
- version: 14.12.3
+ version: ~14.12.x-0
repository: '@local'
diff --git a/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml
index 30b0944702..96088586fc 100644
--- a/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-preferences/Chart.yaml
@@ -34,7 +34,7 @@ version: 13.0.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: latest
+appVersion: 0.1.1
dependencies:
- name: common
@@ -47,7 +47,7 @@ dependencies:
version: ~13.x-0
repository: '@local'
- name: mongodb
- version: 14.12.3
+ version: ~14.12.x-0
repository: '@local'
diff --git a/kubernetes/portal-ng/components/portal-ng-ui/Chart.yaml b/kubernetes/portal-ng/components/portal-ng-ui/Chart.yaml
index 4dcb25cc3a..09178d9694 100644
--- a/kubernetes/portal-ng/components/portal-ng-ui/Chart.yaml
+++ b/kubernetes/portal-ng/components/portal-ng-ui/Chart.yaml
@@ -34,7 +34,7 @@ version: 13.0.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: latest
+appVersion: 0.1.0
dependencies:
- name: common
diff --git a/kubernetes/sdc/components/sdc-be/templates/servicemonitor.yaml b/kubernetes/sdc/components/sdc-be/templates/servicemonitor.yaml
new file mode 100644
index 0000000000..c0d9f212b4
--- /dev/null
+++ b/kubernetes/sdc/components/sdc-be/templates/servicemonitor.yaml
@@ -0,0 +1,3 @@
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml
index 7f914d4bdf..752fc2cc15 100644
--- a/kubernetes/sdc/components/sdc-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-be/values.yaml
@@ -169,6 +169,14 @@ resources:
memory: "6Gi"
unlimited: {}
+metrics:
+ serviceMonitor:
+ enabled: true
+ targetPort: 8080
+ path: /sdc2/rest/actuator/prometheus
+ basicAuth:
+ enabled: false
+
#Pods Service Account
serviceAccount:
nameOverride: sdc-be
diff --git a/kubernetes/sdnc/Chart.yaml b/kubernetes/sdnc/Chart.yaml
index f98bc4e12d..5916455c73 100644
--- a/kubernetes/sdnc/Chart.yaml
+++ b/kubernetes/sdnc/Chart.yaml
@@ -18,7 +18,7 @@
apiVersion: v2
description: SDN Controller
name: sdnc
-version: 13.0.2
+version: 15.0.0
dependencies:
- name: common
@@ -35,7 +35,7 @@ dependencies:
repository: '@local'
condition: network-name-gen.enabled
- name: dgbuilder
- version: ~13.x-0
+ version: ~14.x-0
repository: '@local'
condition: dgbuilder.enabled
- name: sdnc-prom
@@ -51,20 +51,16 @@ dependencies:
repository: '@local'
condition: sdnc.elasticsearch.enabled,elasticsearch.enabled
# conditions for sdnc-subcharts
- - name: dmaap-listener
- version: ~13.x-0
- repository: '@local'
- condition: sdnc.dmaap-listener.enabled,dmaap-listener.enabled
- name: ueb-listener
- version: ~13.x-0
+ version: ~14.x-0
repository: '@local'
condition: sdnc.ueb-listener.enabled,ueb-listener.enabled
- name: sdnc-ansible-server
- version: ~13.x-0
+ version: ~14.x-0
repository: '@local'
condition: sdnc.sdnc-ansible-server.enabled,sdnc-ansible-server.enabled
- name: sdnc-web
- version: ~13.x-0
+ version: ~14.x-0
repository: '@local'
condition: sdnc.sdnc-web.enabled,sdnc-web.enabled
- name: repositoryGenerator
diff --git a/kubernetes/sdnc/components/dgbuilder/Chart.yaml b/kubernetes/sdnc/components/dgbuilder/Chart.yaml
index ff32f4e8a2..517bc393e5 100644
--- a/kubernetes/sdnc/components/dgbuilder/Chart.yaml
+++ b/kubernetes/sdnc/components/dgbuilder/Chart.yaml
@@ -17,7 +17,7 @@
apiVersion: v2
description: D.G. Builder application
name: dgbuilder
-version: 13.0.0
+version: 14.0.0
dependencies:
- name: common
diff --git a/kubernetes/sdnc/components/dgbuilder/values.yaml b/kubernetes/sdnc/components/dgbuilder/values.yaml
index 68cb86bd7e..d22b25e5b2 100644
--- a/kubernetes/sdnc/components/dgbuilder/values.yaml
+++ b/kubernetes/sdnc/components/dgbuilder/values.yaml
@@ -69,7 +69,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-dgbuilder-image:1.5.1
+image: onap/ccsdk-dgbuilder-image:1.6.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/Chart.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/Chart.yaml
index e7342b10e0..12fbd85c15 100644
--- a/kubernetes/sdnc/components/sdnc-ansible-server/Chart.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/Chart.yaml
@@ -17,7 +17,7 @@
apiVersion: v2
description: SDN-C Ansible Server
name: sdnc-ansible-server
-version: 13.0.0
+version: 14.0.0
dependencies:
- name: common
diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
index a1c90071b0..13e7023808 100644
--- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
@@ -51,7 +51,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ansible-server-image:2.5.5
+image: onap/sdnc-ansible-server-image:2.6.1
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/components/sdnc-web/Chart.yaml b/kubernetes/sdnc/components/sdnc-web/Chart.yaml
index db331e19f5..6ffc9768a2 100644
--- a/kubernetes/sdnc/components/sdnc-web/Chart.yaml
+++ b/kubernetes/sdnc/components/sdnc-web/Chart.yaml
@@ -16,7 +16,7 @@
apiVersion: v2
description: SDN-C Web Server
name: sdnc-web
-version: 13.0.0
+version: 14.0.0
dependencies:
- name: common
diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml
index 98e44d02ab..79de4c235e 100644
--- a/kubernetes/sdnc/components/sdnc-web/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-web/values.yaml
@@ -22,7 +22,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: "onap/sdnc-web-image:2.5.5"
+image: "onap/sdnc-web-image:2.6.1"
pullPolicy: Always
config:
diff --git a/kubernetes/sdnc/components/ueb-listener/Chart.yaml b/kubernetes/sdnc/components/ueb-listener/Chart.yaml
index a7dff1364b..58cc32a4e7 100644
--- a/kubernetes/sdnc/components/ueb-listener/Chart.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/Chart.yaml
@@ -17,7 +17,7 @@
apiVersion: v2
description: SDNC UEB Listener
name: ueb-listener
-version: 13.0.0
+version: 14.0.0
dependencies:
- name: common
diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml
index bccb1d7af6..d38f18639c 100644
--- a/kubernetes/sdnc/components/ueb-listener/values.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/values.yaml
@@ -57,7 +57,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ueb-listener-image:2.5.5
+image: onap/sdnc-ueb-listener-image:2.6.1
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index dc5fe7469c..3708bd1cdd 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -216,7 +216,7 @@ certificates:
# application images
pullPolicy: Always
-image: onap/sdnc-image:2.5.5
+image: onap/sdnc-image:2.6.1
# flag to enable debugging - application support required
debugEnabled: false
@@ -445,21 +445,6 @@ mariadb-galera: &mariadbGalera
cds:
enabled: false
-dmaap-listener:
- enabled: true
- nameOverride: sdnc-dmaap-listener
- mariadb-galera:
- <<: *mariadbGalera
- config:
- <<: *mariadbGaleraConfig
- mysqlDatabase: *sdncDbName
- config:
- sdncChartName: sdnc
- dmaapPort: 3904
- sdncPort: 8282
- configDir: /opt/onap/sdnc/data/properties
- odlCredsExternalSecret: *odlCredsSecretName
-
ueb-listener:
enabled: true
mariadb-galera:
diff --git a/kubernetes/strimzi/Chart.yaml b/kubernetes/strimzi/Chart.yaml
index 1b927d6c4d..180b42bff9 100644
--- a/kubernetes/strimzi/Chart.yaml
+++ b/kubernetes/strimzi/Chart.yaml
@@ -15,7 +15,7 @@
apiVersion: v2
description: ONAP Strimzi Kafka
name: strimzi
-version: 13.0.1
+version: 13.0.2
dependencies:
- name: common
@@ -31,4 +31,3 @@ dependencies:
version: ~13.x-0
repository: 'file://components/strimzi-kafka-bridge'
condition: strimzi-kafka-bridge.enabled
-
diff --git a/kubernetes/strimzi/components/strimzi-kafka-bridge/Chart.yaml b/kubernetes/strimzi/components/strimzi-kafka-bridge/Chart.yaml
index e254d99710..ca4a4e94d3 100644
--- a/kubernetes/strimzi/components/strimzi-kafka-bridge/Chart.yaml
+++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/Chart.yaml
@@ -15,7 +15,7 @@
apiVersion: v2
description: ONAP Strimzi Kafka Bridge
name: strimzi-kafka-bridge
-version: 13.0.0
+version: 13.0.1
dependencies:
- name: common
diff --git a/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/configmap.yaml b/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/configmap.yaml
index 25fbf3df77..7f4dea46e1 100644
--- a/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/configmap.yaml
+++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/configmap.yaml
@@ -21,4 +21,3 @@ metadata:
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/log4j2.properties").AsConfig . | indent 2 }}
-
diff --git a/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/strimzi-kb.yaml b/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/strimzi-kb.yaml
index b081e290e3..8364dfe58f 100644
--- a/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/strimzi-kb.yaml
+++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/strimzi-kb.yaml
@@ -34,6 +34,18 @@ spec:
configMapKeyRef:
key: log4j2.properties
name: {{ include "common.fullname" . }}-kb-logging-cm
+ resources:
+ requests:
+ cpu: {{ .Values.resources.requests.cpu }}
+ memory: {{ .Values.resources.requests.memory }}
+ limits:
+ cpu: {{ .Values.resources.limits.cpu }}
+ memory: {{ .Values.resources.limits.memory }}
template:
pod:
{{- include "common.imagePullSecrets" . | nindent 6 }}
+ securityContext:
+ {{- toYaml .Values.pod.securityContext | nindent 8 }}
+ bridgeContainer:
+ securityContext:
+ {{- toYaml .Values.bridgeContainer.securityContext | nindent 8 }}
diff --git a/kubernetes/strimzi/components/strimzi-kafka-bridge/values.yaml b/kubernetes/strimzi/components/strimzi-kafka-bridge/values.yaml
index 8a4c4cdc6c..fa7b10aa22 100644
--- a/kubernetes/strimzi/components/strimzi-kafka-bridge/values.yaml
+++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/values.yaml
@@ -33,3 +33,27 @@ config:
# nameOverride is required to avoid duplication
# in pod and service names ie ...-bridge-bridge-{random hex}
nameOverride: strimzi-kafka
+
+resources:
+ limits:
+ cpu: '2'
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+
+pod:
+ securityContext:
+ seccompProfile:
+ type: RuntimeDefault
+bridgeContainer:
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
+ runAsUser: 1001
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
diff --git a/kubernetes/strimzi/resources/metrics/cruisecontrol-metrics-config.yml b/kubernetes/strimzi/resources/metrics/cruisecontrol-metrics-config.yml
index 12c742ef35..1e59dc67a0 100644
--- a/kubernetes/strimzi/resources/metrics/cruisecontrol-metrics-config.yml
+++ b/kubernetes/strimzi/resources/metrics/cruisecontrol-metrics-config.yml
@@ -17,4 +17,4 @@ lowercaseOutputName: true
rules:
- pattern: kafka.cruisecontrol<name=(.+)><>(\w+)
name: kafka_cruisecontrol_$1_$2
- type: GAUGE \ No newline at end of file
+ type: GAUGE
diff --git a/kubernetes/strimzi/resources/metrics/kafka-metrics-config.yml b/kubernetes/strimzi/resources/metrics/kafka-metrics-config.yml
index 7ad971fc16..8db35a9c8d 100644
--- a/kubernetes/strimzi/resources/metrics/kafka-metrics-config.yml
+++ b/kubernetes/strimzi/resources/metrics/kafka-metrics-config.yml
@@ -134,4 +134,4 @@ rules:
name: kafka_$1_$2_$3
type: GAUGE
labels:
- quantile: "0.$4" \ No newline at end of file
+ quantile: "0.$4"
diff --git a/kubernetes/strimzi/resources/metrics/zookeeper-metrics-config.yml b/kubernetes/strimzi/resources/metrics/zookeeper-metrics-config.yml
index 6a1eab7825..d5bf27f44d 100644
--- a/kubernetes/strimzi/resources/metrics/zookeeper-metrics-config.yml
+++ b/kubernetes/strimzi/resources/metrics/zookeeper-metrics-config.yml
@@ -41,4 +41,4 @@ rules:
type: GAUGE
labels:
replicaId: "$2"
- memberType: "$3" \ No newline at end of file
+ memberType: "$3"
diff --git a/kubernetes/strimzi/templates/strimzi-kafka.yaml b/kubernetes/strimzi/templates/strimzi-kafka.yaml
index aee4696fe0..5f5fcd553a 100644
--- a/kubernetes/strimzi/templates/strimzi-kafka.yaml
+++ b/kubernetes/strimzi/templates/strimzi-kafka.yaml
@@ -20,6 +20,13 @@ spec:
kafka:
version: {{ .Values.config.kafkaVersion }}
replicas: {{ .Values.replicaCount }}
+ resources:
+ limits:
+ cpu: {{ .Values.kafka.resources.limits.cpu }}
+ memory: {{ .Values.kafka.resources.limits.memory }}
+ requests:
+ cpu: {{ .Values.kafka.resources.requests.cpu }}
+ memory: {{ .Values.kafka.resources.requests.memory }}
listeners:
- name: plain
port: {{ .Values.config.kafkaInternalPort }}
@@ -71,8 +78,7 @@ spec:
pod:
{{- include "common.imagePullSecrets" . | nindent 8 }}
securityContext:
- runAsUser: 0
- fsGroup: 0
+ {{- toYaml .Values.kafka.template.pod.securityContext | nindent 10 }}
{{- if .Values.affinity.podAntiAffinity.enabled }}
affinity:
podAntiAffinity:
@@ -85,6 +91,9 @@ spec:
- {{ include "common.fullname" . }}-kafka
topologyKey: "kubernetes.io/hostname"
{{- end }}
+ kafkaContainer:
+ securityContext:
+ {{- toYaml .Values.kafka.template.kafkaContainer.securityContext | nindent 10 }}
config:
default.replication.factor: {{ .Values.replicaCount }}
min.insync.replicas: {{ (eq 1.0 (.Values.replicaCount)) | ternary 1 (sub .Values.replicaCount 1) }}
@@ -116,8 +125,7 @@ spec:
pod:
{{- include "common.imagePullSecrets" . | nindent 8 }}
securityContext:
- runAsUser: 0
- fsGroup: 0
+ {{- toYaml .Values.zookeeper.template.pod.securityContext | nindent 10 }}
{{- if .Values.affinity.podAntiAffinity.enabled }}
affinity:
podAntiAffinity:
@@ -130,6 +138,9 @@ spec:
- {{ include "common.fullname" . }}-zookeeper
topologyKey: "kubernetes.io/hostname"
{{- end }}
+ zookeeperContainer:
+ securityContext:
+ {{- toYaml .Values.zookeeper.template.zookeeperContainer.securityContext | nindent 10 }}
replicas: {{ .Values.replicaCount }}
config:
ssl.hostnameVerification: false
@@ -149,30 +160,76 @@ spec:
configMapKeyRef:
name: {{ include "common.fullname" . }}
key: zookeeper-metrics-config.yml
+ resources:
+ limits:
+ cpu: {{ .Values.zookeeper.resources.limits.cpu }}
+ memory: {{ .Values.zookeeper.resources.limits.memory }}
+ requests:
+ cpu: {{ .Values.zookeeper.resources.requests.cpu }}
+ memory: {{ .Values.zookeeper.resources.requests.memory }}
{{- end }}
entityOperator:
template:
pod:
{{- include "common.imagePullSecrets" . | nindent 8 }}
- topicOperator: {}
- userOperator: {}
+ securityContext:
+ {{- toYaml .Values.entityOperator.template.pod.securityContext | nindent 10 }}
+ topicOperatorContainer:
+ securityContext:
+ {{- toYaml .Values.entityOperator.template.topicOperatorContainer.securityContext | nindent 10 }}
+ userOperatorContainer:
+ securityContext:
+ {{- toYaml .Values.entityOperator.template.userOperatorContainer.securityContext | nindent 10 }}
+ topicOperator:
+ resources:
+ limits:
+ cpu: {{ .Values.entityOperator.template.topicOperator.resources.limits.cpu }}
+ memory: {{ .Values.entityOperator.template.topicOperator.resources.limits.memory }}
+ requests:
+ cpu: {{ .Values.entityOperator.template.topicOperator.resources.requests.cpu }}
+ memory: {{ .Values.entityOperator.template.topicOperator.resources.requests.memory }}
+ userOperator:
+ resources:
+ limits:
+ cpu: {{ .Values.entityOperator.template.userOperator.resources.limits.cpu }}
+ memory: {{ .Values.entityOperator.template.userOperator.resources.limits.memory }}
+ requests:
+ cpu: {{ .Values.entityOperator.template.userOperator.resources.requests.cpu }}
+ memory: {{ .Values.entityOperator.template.userOperator.resources.requests.memory }}
{{- if .Values.cruiseControl.enabled }}
cruiseControl:
template:
pod:
{{- include "common.imagePullSecrets" . | nindent 8 }}
+ securityContext:
+ {{- toYaml .Values.cruiseControl.template.pod.securityContext | nindent 10 }}
+ cruiseControlContainer:
+ securityContext:
+ {{- toYaml .Values.cruiseControl.template.cruiseControlContainer.securityContext | nindent 10 }}
metricsConfig:
type: {{ .Values.cruiseControl.metricsConfig.type }}
valueFrom:
configMapKeyRef:
name: {{ include "common.fullname" . }}
key: cruisecontrol-metrics-config.yml
+ resources:
+ limits:
+ cpu: {{ .Values.cruiseControl.template.resources.limits.cpu }}
+ memory: {{ .Values.cruiseControl.template.resources.limits.memory }}
+ requests:
+ cpu: {{ .Values.cruiseControl.template.resources.requests.cpu }}
+ memory: {{ .Values.cruiseControl.template.resources.requests.memory }}
{{- end }}
{{- if .Values.metrics.kafkaExporter.enabled }}
kafkaExporter:
template:
pod:
{{- include "common.imagePullSecrets" . | nindent 8 }}
+ securityContext:
+ {{- toYaml .Values.cruiseControl.template.pod.securityContext | nindent 10 }}
+ container:
+ securityContext:
+ {{- toYaml .Values.kafkaExporter.template.container.securityContext | nindent 10 }}
topicRegex: {{ .Values.metrics.kafkaExporter.topicRegex }}
groupRegex: {{ .Values.metrics.kafkaExporter.groupRegex }}
resources:
diff --git a/kubernetes/strimzi/values.yaml b/kubernetes/strimzi/values.yaml
index 3cced3e41a..fe3ca852a9 100644
--- a/kubernetes/strimzi/values.yaml
+++ b/kubernetes/strimzi/values.yaml
@@ -33,7 +33,7 @@ affinity:
podAntiAffinity:
enabled: true
config:
- kafkaVersion: 3.7.0
+ kafkaVersion: 3.8.0
authType: simple
saslMechanism: &saslMech scram-sha-512
kafkaInternalPort: &plainPort 9092
@@ -141,6 +141,29 @@ cruiseControl:
# ref. https://strimzi.io/blog/2020/06/15/cruise-control/
kafkaRebalance:
enabled: false
+ template:
+ pod:
+ securityContext:
+ seccompProfile:
+ type: RuntimeDefault
+ cruiseControlContainer:
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
+ runAsUser: 1001
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ resources:
+ limits:
+ cpu: '2'
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
######################
# Component overrides
@@ -151,3 +174,122 @@ strimzi-kafka-bridge:
saslMechanism: *saslMech
kafkaInternalPort: *plainPort
strimziKafkaAdminUser: *adminUser
+
+kafka:
+ template:
+ pod:
+ securityContext:
+ runAsUser: 1001
+ runAsGroup: 1001
+ fsGroup: 1001
+ seccompProfile:
+ type: RuntimeDefault
+ kafkaContainer:
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ #runAsGroup: 1001
+ runAsNonRoot: true
+ runAsUser: 1001
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ resources:
+ limits:
+ cpu: '2'
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+
+zookeeper:
+ template:
+ pod:
+ securityContext:
+ runAsUser: 1001
+ runAsGroup: 1001
+ fsGroup: 1001
+ seccompProfile:
+ type: RuntimeDefault
+ zookeeperContainer:
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ #runAsGroup: 1001
+ runAsNonRoot: true
+ runAsUser: 1001
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ resources:
+ limits:
+ cpu: '2'
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+
+entityOperator:
+ template:
+ pod:
+ securityContext:
+ seccompProfile:
+ type: RuntimeDefault
+ topicOperatorContainer:
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
+ runAsUser: 1001
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ userOperatorContainer:
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
+ runAsUser: 1001
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
+ topicOperator:
+ resources:
+ limits:
+ cpu: '2'
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ userOperator:
+ resources:
+ limits:
+ cpu: '2'
+ memory: 2Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+
+kafkaExporter:
+ template:
+ pod:
+ securityContext:
+ seccompProfile:
+ type: RuntimeDefault
+ container:
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsGroup: 1001
+ runAsNonRoot: true
+ runAsUser: 1001
+ capabilities:
+ drop:
+ - ALL
+ - CAP_NET_RAW
diff --git a/kubernetes/uui/Chart.yaml b/kubernetes/uui/Chart.yaml
index 7c4a5b78ca..900a6c97e1 100644
--- a/kubernetes/uui/Chart.yaml
+++ b/kubernetes/uui/Chart.yaml
@@ -18,7 +18,7 @@
apiVersion: v2
description: ONAP uui
name: uui
-version: 13.0.0
+version: 13.1.0
dependencies:
- name: common
@@ -39,3 +39,6 @@ dependencies:
- name: uui-intent-analysis
version: ~13.x-0
repository: 'file://components/uui-intent-analysis'
+ - name: uui-llm-adaptation
+ version: ~13.x-0
+ repository: 'file://components/uui-llm-adaptation'
diff --git a/kubernetes/uui/components/uui-intent-analysis/values.yaml b/kubernetes/uui/components/uui-intent-analysis/values.yaml
index c638303d86..73903ceae9 100644
--- a/kubernetes/uui/components/uui-intent-analysis/values.yaml
+++ b/kubernetes/uui/components/uui-intent-analysis/values.yaml
@@ -40,7 +40,7 @@ secrets:
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
-image: onap/usecase-ui-intent-analysis:5.2.4
+image: onap/usecase-ui-intent-analysis:14.0.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/.helmignore b/kubernetes/uui/components/uui-llm-adaptation/.helmignore
index 825c007791..f0c1319444 100644
--- a/kubernetes/platform/components/oauth2-proxy/components/oauth2-proxy/.helmignore
+++ b/kubernetes/uui/components/uui-llm-adaptation/.helmignore
@@ -19,5 +19,3 @@
.project
.idea/
*.tmproj
-
-OWNERS
diff --git a/kubernetes/uui/components/uui-llm-adaptation/Chart.yaml b/kubernetes/uui/components/uui-llm-adaptation/Chart.yaml
new file mode 100644
index 0000000000..1c36c236ee
--- /dev/null
+++ b/kubernetes/uui/components/uui-llm-adaptation/Chart.yaml
@@ -0,0 +1,35 @@
+# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+description: ONAP uui llm adaptation
+name: uui-llm-adaptation
+version: 13.0.0
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: postgres
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local'
diff --git a/kubernetes/uui/components/uui-llm-adaptation/resources/config/llm-adaptation-init.sql b/kubernetes/uui/components/uui-llm-adaptation/resources/config/llm-adaptation-init.sql
new file mode 100644
index 0000000000..5379c73864
--- /dev/null
+++ b/kubernetes/uui/components/uui-llm-adaptation/resources/config/llm-adaptation-init.sql
@@ -0,0 +1,23 @@
+--
+-- Copyright (C) 2024 CMCC, Inc. and others. All rights reserved.
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+
+create table if not exists intent(
+ intent_id varchar(255) primary key,
+ intent_name varchar(255),
+ intent_generateType VARCHAR (225)
+); \ No newline at end of file
diff --git a/kubernetes/uui/components/uui-llm-adaptation/resources/entrypoint/run.sh b/kubernetes/uui/components/uui-llm-adaptation/resources/entrypoint/run.sh
new file mode 100644
index 0000000000..f1dcefa168
--- /dev/null
+++ b/kubernetes/uui/components/uui-llm-adaptation/resources/entrypoint/run.sh
@@ -0,0 +1,31 @@
+{{/*
+#
+# Copyright (C) 2022 Huawei Technologies Co., Ltd. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+*/}}
+
+main_path="/home/uui"
+echo @main_path@ $main_path
+
+JAVA_PATH="$JAVA_HOME/bin/java"
+JAVA_OPTS="-Xms50m -Xmx128m"
+echo @JAVA_PATH@ $JAVA_PATH
+echo @JAVA_OPTS@ $JAVA_OPTS
+
+jar_path="$main_path/usecase-ui-llm-adaptation.jar"
+echo @jar_path@ $jar_path
+
+echo "Starting usecase-ui-llm-adaptation..."
+$JAVA_PATH $JAVA_OPTS -classpath $jar_path -jar $jar_path $SPRING_OPTS
diff --git a/kubernetes/uui/components/uui-llm-adaptation/templates/configmap.yaml b/kubernetes/uui/components/uui-llm-adaptation/templates/configmap.yaml
new file mode 100644
index 0000000000..3583c416de
--- /dev/null
+++ b/kubernetes/uui/components/uui-llm-adaptation/templates/configmap.yaml
@@ -0,0 +1,31 @@
+{{/*
+# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-entrypoint
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/entrypoint/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/uui/components/uui-llm-adaptation/templates/deployment.yaml b/kubernetes/uui/components/uui-llm-adaptation/templates/deployment.yaml
new file mode 100644
index 0000000000..d2824d1bbb
--- /dev/null
+++ b/kubernetes/uui/components/uui-llm-adaptation/templates/deployment.yaml
@@ -0,0 +1,74 @@
+{{/*
+# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ command: ["sh", "-c"]
+ args:
+ - ". /uui/run.sh"
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ env:
+ - name: POSTGRES_IP
+ value: {{ .Values.postgres.service.name2 }}
+ - name: POSTGRES_PORT
+ value: "{{ .Values.postgres.service.externalPort }}"
+ - name: POSTGRES_DB_NAME
+ value: {{ .Values.postgres.config.pgDatabase }}
+ - name: POSTGRES_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: POSTGRES_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+{{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+{{- end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 10 }}
+{{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+{{- end }}
+{{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
+{{- end }}
+ volumeMounts:
+ - mountPath: /uui/run.sh
+ name: entrypoint
+ subPath: run.sh
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: entrypoint
+ configMap:
+ name: {{ include "common.fullname" . }}-entrypoint
+ defaultMode: 0755
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
diff --git a/kubernetes/uui/components/uui-llm-adaptation/templates/job.yaml b/kubernetes/uui/components/uui-llm-adaptation/templates/job.yaml
new file mode 100644
index 0000000000..90d6d63dab
--- /dev/null
+++ b/kubernetes/uui/components/uui-llm-adaptation/templates/job.yaml
@@ -0,0 +1,82 @@
+{{/*
+# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-init-postgres
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-job
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-job
+ release: {{ include "common.release" . }}
+ spec:
+ restartPolicy: Never
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --service-name
+ - "{{ .Values.postgres.service.name2 }}"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
+ containers:
+ - name: {{ include "common.name" . }}-job
+ image: {{ include "repositoryGenerator.image.postgres" . }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ env:
+ - name: PGUSER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: PGPASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ psql -h $(UUI_ADAPTATION_PG_PRIMARY_SERVICE_HOST) -f /aaa/init/llm-adaptation-init.sql -d {{ .Values.postgres.config.pgDatabase }}
+ volumeMounts:
+ - name: init-data
+ mountPath: /aaa/init/llm-adaptation-init.sql
+ subPath: llm-adaptation-init.sql
+ {{ include "common.waitForJobContainer" . | indent 6 | trim }}
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: init-data
+ configMap:
+ name: {{ include "common.fullname" . }}
diff --git a/kubernetes/uui/components/uui-llm-adaptation/templates/secrets.yaml b/kubernetes/uui/components/uui-llm-adaptation/templates/secrets.yaml
new file mode 100644
index 0000000000..638e02c1e5
--- /dev/null
+++ b/kubernetes/uui/components/uui-llm-adaptation/templates/secrets.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/uui/components/uui-llm-adaptation/templates/service.yaml b/kubernetes/uui/components/uui-llm-adaptation/templates/service.yaml
new file mode 100644
index 0000000000..33e96ef8c4
--- /dev/null
+++ b/kubernetes/uui/components/uui-llm-adaptation/templates/service.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/uui/components/uui-llm-adaptation/values.yaml b/kubernetes/uui/components/uui-llm-adaptation/values.yaml
new file mode 100644
index 0000000000..f5804efb20
--- /dev/null
+++ b/kubernetes/uui/components/uui-llm-adaptation/values.yaml
@@ -0,0 +1,126 @@
+# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for uui llm adaptation.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+global:
+ passwordStrength: long
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: uui-llm-adaptation
+ roles:
+ - read
+
+secrets:
+ - uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-uui-adaptation-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "uui-adaptation-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootpassword }}'
+ policy: generate
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-uui-adaptation-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "uui-adaptation-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+
+image: onap/usecase-ui-llm-adaptation:14.0.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+flavor: small
+replicaCount: 1
+nodeSelector: {}
+affinity: {}
+
+service:
+ type: ClusterIP
+ name: uui-llm-adaptation
+ ports:
+ - name: http-rest
+ port: &svc_port 8084
+
+liveness:
+ initialDelaySeconds: 120
+ port: *svc_port
+ periodSeconds: 10
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ port: *svc_port
+ periodSeconds: 10
+
+# application configuration override for postgres
+postgres:
+ nameOverride: &postgresName uui-adaptation-postgres
+ service:
+ name: *postgresName
+ name2: uui-adaptation-pg-primary
+ name3: uui-adaptation-pg-replica
+ container:
+ name:
+ primary: uui-adaptation-pg-primary
+ replica: uui-adaptation-pg-replica
+ config:
+ pgUserName: uui
+ pgDatabase: uuiadaptation
+ pgUserExternalSecret: *pgUserCredsSecretName
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
+ persistence:
+ mountSubPath: uui/uuiadaptation/data
+ mountInitPath: uui
+
+readinessCheck:
+ wait_for:
+ services:
+ - '{{ .Values.postgres.service.name2 }}'
+
+wait_for_job_container:
+ containers:
+ - '{{ include "common.name" . }}-job'
+
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: "2"
+ memory: "1Gi"
+ requests:
+ cpu: "1"
+ memory: "200Mi"
+ large:
+ limits:
+ cpu: "4"
+ memory: "2Gi"
+ requests:
+ cpu: "2"
+ memory: "1Gi"
+ unlimited: {}
+
diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml
index d1bc3379d0..6e715bd7a9 100644
--- a/kubernetes/uui/components/uui-server/values.yaml
+++ b/kubernetes/uui/components/uui-server/values.yaml
@@ -48,7 +48,7 @@ flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:5.2.2
+image: onap/usecase-ui-server:14.0.0
pullPolicy: Always
# application configuration
diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml
index b7893bc0fa..2cc0837f41 100644
--- a/kubernetes/uui/values.yaml
+++ b/kubernetes/uui/values.yaml
@@ -25,7 +25,7 @@ subChartsOnly:
flavor: small
# application image
-image: onap/usecase-ui:5.2.2
+image: onap/usecase-ui:14.0.0
pullPolicy: Always
# application configuration
diff --git a/kubernetes/vfc/components/Makefile b/kubernetes/vfc/components/Makefile
deleted file mode 100644
index 9544d70f33..0000000000
--- a/kubernetes/vfc/components/Makefile
+++ /dev/null
@@ -1,58 +0,0 @@
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES :=
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @: