diff options
157 files changed, 2756 insertions, 1877 deletions
diff --git a/kubernetes/aaf/.helmignore b/kubernetes/aaf/.helmignore index daebc7da77..542b3390d8 100644 --- a/kubernetes/aaf/.helmignore +++ b/kubernetes/aaf/.helmignore @@ -18,4 +18,4 @@ # Various IDEs
.project
.idea/
-*.tmproj
+*.tmproj
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml index 11b0811af3..39544258fd 100644 --- a/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-cm/templates/deployment.yaml @@ -31,11 +31,12 @@ spec: release: {{ .Release.Name }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-job-complete + command: - /root/job_complete.py args: - - -j - - {{ .Release.Name }}-aaf-create-config + - --job-name + - {{ .Release.Name }}-create-config env: - name: NAMESPACE valueFrom: @@ -44,13 +45,11 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-job-complete - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name - - aaf-cs - - --container-name - aaf-locate env: - name: NAMESPACE @@ -60,23 +59,17 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness containers: - - env: - - name: CASSANDRA_CLUSTER - value: cassandra_container - name: {{ include "common.name" . }} + - name: {{ include "common.name" . }} + command: ["/bin/bash","/opt/app/aaf/bin/cm"] image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/bin/bash","-c"," ln -s /opt/app/osaaf/data /data;/opt/app/aaf/cm/bin/cm"] volumeMounts: - - mountPath: /opt/app/osaaf - name: aaf-persistent-vol + - mountPath: "/opt/app/osaaf" + name: shared-config-volume - mountPath: /etc/localtime name: localtime readOnly: true - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: @@ -103,12 +96,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: aaf-persistent-vol + - name: shared-config-volume {{- if .Values.global.persistence.enabled }} persistentVolumeClaim: - claimName: {{ .Release.Name }}-aaf-pvc + claimName: {{ .Release.Name }}-config {{- else }} emptyDir: {} {{- end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-cm/values.yaml b/kubernetes/aaf/charts/aaf-cm/values.yaml index a149f0656f..9ddb366064 100644 --- a/kubernetes/aaf/charts/aaf-cm/values.yaml +++ b/kubernetes/aaf/charts/aaf-cm/values.yaml @@ -20,20 +20,14 @@ global: readinessRepository: oomk8s readinessImage: readiness-check:2.0.0 flavor: small - ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/aaf/aaf_cm:2.1.1 +image: onap/aaf/aaf_cm:2.1.2-SNAPSHOT pullPolicy: Always -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: {} # default number of instances replicaCount: 1 @@ -44,14 +38,14 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 10 + initialDelaySeconds: 300 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 10 + initialDelaySeconds: 30 periodSeconds: 10 service: diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/init.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/init.cql deleted file mode 100644 index c4f77d80c9..0000000000 --- a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/init.cql +++ /dev/null @@ -1,279 +0,0 @@ -/* # Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. */ - -// Table Initialization -// First make sure the keyspace exists. - -USE authz; - -// -// CORE Table function -// - -// Namespace - establish hierarchical authority to modify -// Permissions and Roles -// "scope" is flag to determine Policy. Typical important scope -// is "company" (1) -CREATE TABLE ns ( - name varchar, - scope int, // deprecated 2.0.11 - description varchar, - parent varchar, - type int, - PRIMARY KEY (name) -); -CREATE INDEX ns_parent on ns(parent); - -CREATE TABLE ns_attrib ( - ns varchar, - key varchar, - value varchar, - PRIMARY KEY (ns,key) -); -create index ns_attrib_key on ns_attrib(key); - -// Will be cached -CREATE TABLE role ( - ns varchar, - name varchar, - perms set<varchar>, // Use "Key" of "name|type|action" - description varchar, - PRIMARY KEY (ns,name) -); -CREATE INDEX role_name ON role(name); - -// Will be cached -CREATE TABLE perm ( - ns varchar, - type varchar, - instance varchar, - action varchar, - roles set<varchar>, // Need to find Roles given Permissions - description varchar, - PRIMARY KEY (ns,type,instance,action) -); - -// This table is user for Authorization -CREATE TABLE user_role ( - user varchar, - role varchar, // deprecated: change to ns/rname after 2.0.11 - ns varchar, - rname varchar, - expires timestamp, - PRIMARY KEY(user,role) - ); -CREATE INDEX user_role_ns ON user_role(ns); -CREATE INDEX user_role_role ON user_role(role); - -// This table is only for the case where return User Credential (MechID) Authentication -CREATE TABLE cred ( - id varchar, - type int, - expires timestamp, - ns varchar, - other int, - notes varchar, - cred blob, - prev blob, - PRIMARY KEY (id,type,expires) - ); -CREATE INDEX cred_ns ON cred(ns); - -// Certificate Cross Table -// coordinated with CRED type 2 -CREATE TABLE cert ( - fingerprint blob, - id varchar, - x500 varchar, - expires timestamp, - PRIMARY KEY (fingerprint) - ); -CREATE INDEX cert_id ON cert(id); -CREATE INDEX cert_x500 ON cert(x500); - -CREATE TABLE notify ( - user text, - type int, - last timestamp, - checksum int, - PRIMARY KEY (user,type) -); - -CREATE TABLE x509 ( - ca text, - serial blob, - id text, - x500 text, - x509 text, - PRIMARY KEY (ca,serial) -); - - -CREATE INDEX x509_id ON x509 (id); -CREATE INDEX x509_x500 ON x509 (x500); - -// -// Deployment Artifact (for Certman) -// -CREATE TABLE artifact ( - mechid text, - machine text, - type Set<text>, - sponsor text, - ca text, - dir text, - os_user text, - ns text, - notify text, - expires timestamp, - renewDays int, - sans Set<text>, - PRIMARY KEY (mechid,machine) -); -CREATE INDEX artifact_machine ON artifact(machine); -CREATE INDEX artifact_ns ON artifact(ns); - -// -// Non-Critical Table functions -// -// Table Info - for Caching -CREATE TABLE cache ( - name varchar, - seg int, // cache Segment - touched timestamp, - PRIMARY KEY(name,seg) -); - -CREATE TABLE history ( - id timeuuid, - yr_mon int, - user varchar, - action varchar, - target varchar, // user, user_role, - subject varchar, // field for searching main portion of target key - memo varchar, //description of the action - reconstruct blob, //serialized form of the target - // detail Map<varchar, varchar>, // additional information - PRIMARY KEY (id) -); -CREATE INDEX history_yr_mon ON history(yr_mon); -CREATE INDEX history_user ON history(user); -CREATE INDEX history_subject ON history(subject); - -// -// A place to hold objects to be created at a future time. -// -CREATE TABLE future ( - id uuid, // uniquify - target varchar, // Target Table - memo varchar, // Description - start timestamp, // When it should take effect - expires timestamp, // When not longer valid - construct blob, // How to construct this object (like History) - PRIMARY KEY(id) -); -CREATE INDEX future_idx ON future(target); -CREATE INDEX future_start_idx ON future(start); - - -CREATE TABLE approval ( - id timeuuid, // unique Key - ticket uuid, // Link to Future Record - user varchar, // the user who needs to be approved - approver varchar, // user approving - type varchar, // approver types i.e. Supervisor, Owner - status varchar, // approval status. pending, approved, denied - memo varchar, // Text for Approval to know what's going on - operation varchar, // List operation to perform - last_notified timestamp, // Timestamp for the last time approver was notified - PRIMARY KEY(id) - ); -CREATE INDEX appr_approver_idx ON approval(approver); -CREATE INDEX appr_user_idx ON approval(user); -CREATE INDEX appr_ticket_idx ON approval(ticket); -CREATE INDEX appr_status_idx ON approval(status); - -CREATE TABLE approved ( - id timeuuid, // unique Key - user varchar, // the user who needs to be approved - approver varchar, // user approving - type varchar, // approver types i.e. Supervisor, Owner - status varchar, // approval status. pending, approved, denied - memo varchar, // Text for Approval to know what's going on - operation varchar, // List operation to perform - PRIMARY KEY(id) - ); -CREATE INDEX approved_approver_idx ON approved(approver); -CREATE INDEX approved_user_idx ON approved(user); - -CREATE TABLE delegate ( - user varchar, - delegate varchar, - expires timestamp, - PRIMARY KEY (user) -); -CREATE INDEX delg_delg_idx ON delegate(delegate); - -// OAuth Tokens -CREATE TABLE oauth_token ( - id text, // Reference - client_id text, // Creating Client ID - user text, // User requesting - active boolean, // Active or not - type int, // Type of Token - refresh text, // Refresh Token - expires timestamp, // Expiration time/Date (signed long) - exp_sec bigint, // Seconds from Jan 1, 1970 - content text, // Content of Token - scopes Set<text>, // Scopes - state text, // Context string (Optional) - req_ip text, // Requesting IP (for logging purpose) - PRIMARY KEY(id) -) with default_time_to_live = 21600; // 6 hours -CREATE INDEX oauth_token_user_idx ON oauth_token(user); - -CREATE TABLE locate ( - name text, // Component/Server name - hostname text, // FQDN of Service/Component - port int, // Port of Service - major int, // Version, Major - minor int, // Version, Minor - patch int, // Version, Patch - pkg int, // Version, Package (if available) - latitude float, // Latitude - longitude float, // Longitude - protocol text, // Protocol (i.e. http https) - subprotocol set<text>, // Accepted SubProtocols, ie. TLS1.1 for https - port_key uuid, // Key into locate_ports - PRIMARY KEY(name,hostname,port) -) with default_time_to_live = 1200; // 20 mins - -CREATE TABLE locate_ports ( - id uuid, // Id into locate - port int, // SubPort - name text, // Name of Other Port - protocol text, // Protocol of Other (i.e. JMX, DEBUG) - subprotocol set<text>, // Accepted sub protocols or versions - PRIMARY KEY(id, port) -) with default_time_to_live = 1200; // 20 mins; - -// -// Used by authz-batch processes to ensure only 1 runs at a time -// -CREATE TABLE run_lock ( - class text, - host text, - start timestamp, - PRIMARY KEY ((class)) -); diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/keyspace.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/keyspace.cql deleted file mode 100644 index 2951b2a197..0000000000 --- a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/keyspace.cql +++ /dev/null @@ -1,25 +0,0 @@ -/* # Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. */ - -// For Developer Machine single instance -// CREATE KEYSPACE authz -// WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1}; -// -// - -// Example of Network Topology, with Datacenter dc1 & dc2 -// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' }; -// Out of the box Docker Cassandra comes with "datacenter1", one instance -CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'datacenter1': '1' }; -// diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/osaaf.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/osaaf.cql deleted file mode 100644 index 89da60f9db..0000000000 --- a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/osaaf.cql +++ /dev/null @@ -1,136 +0,0 @@ -/* # Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. */ - -USE authz; - -// Create 'org' root NS -INSERT INTO ns (name,description,parent,scope,type) - VALUES('org','Root Namespace','.',1,1); - -INSERT INTO role(ns, name, perms, description) - VALUES('org','admin',{'org.access|*|*'},'Org Admins'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org','owner',{'org.access|*|read,approve'},'Org Owners'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org','access','*','read,approve',{'org.owner'},'Org Read Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org','access','*','*',{'org.admin'},'Org Write Access'); - -// Create Root pass -INSERT INTO cred (id,ns,type,cred,expires) - VALUES ('initial@osaaf.org','org.osaaf',1,0x008c5926ca861023c1d2a36653fd88e2,'2099-12-31') using TTL 14400; - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('initial@osaaf.org','org.admin','2099-12-31','org','admin') using TTL 14400; - - -// Create org.osaaf -INSERT INTO ns (name,description,parent,scope,type) - VALUES('org.osaaf','OSAAF Namespace','org',2,2); - -INSERT INTO role(ns, name, perms,description) - VALUES('org.osaaf','admin',{'org.osaaf.access|*|*'},'OSAAF Admins'); - -INSERT INTO perm(ns, type, instance, action, roles,description) - VALUES ('org.osaaf','access','*','*',{'org.osaaf.admin'},'OSAAF Write Access'); - -INSERT INTO role(ns, name, perms,description) - VALUES('org.osaaf','owner',{'org.osaaf.access|*|read,approve'},'OSAAF Owners'); - -INSERT INTO perm(ns, type, instance, action, roles,description) - VALUES ('org.osaaf','access','*','read,appove',{'org.osaaf.owner'},'OSAAF Read Access'); - -// Create org.osaaf.aaf -INSERT INTO ns (name,description,parent,scope,type) - VALUES('org.osaaf.aaf','Application Authorization Framework','org.osaaf',3,3); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.osaaf.aaf','admin',{'org.osaaf.aaf.access|*|*'},'AAF Admins'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.osaaf.aaf','access','*','*',{'org.osaaf.aaf.admin'},'AAF Write Access'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.osaaf.aaf','access','*','read,approve',{'org.osaaf.aaf.owner'},'AAF Read Access'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.osaaf.aaf','owner',{'org.osaaf.aaf.access|*|read,approve'},'AAF Owners'); - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('initial@osaaf.org','org.osaaf.aaf.admin','2099-12-31','org.osaaf.aaf','admin') using TTL 14400; - - -// ONAP Specific Entities -// ONAP initial env Namespace -INSERT INTO ns (name,description,parent,scope,type) - VALUES('org.onap','ONAP','org',2,2); - -INSERT INTO ns (name,description,parent,scope,type) - VALUES('org.onap.portal','ONAP Portal','org.onap.portal',3,3); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.onap.portal','access','*','read',{ - 'org.onap.portal.owner','org.onap.portal.designer','org.onap.portal.tester','org.onap.portal.ops','org.onap.portal.governor' - },'Portal Read Access'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.portal','owner',{'org.onap.portal.access|*|read'},'Portal Owner'); - -INSERT INTO perm(ns, type, instance, action, roles, description) - VALUES ('org.onap.portal','access','*','*',{'org.onap.portal.admin'},'Portal Write Access'); - -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.portal','admin',{'org.onap.portal.access|*|*'},'Portal Admins'); - -// DEMO ID (OPS) -insert into cred (id,type,expires,cred,notes,ns,other) values('demo@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('demo@people.osaaf.org','org.onap.portal.admin','2018-10-31','org.onap.portal','admin'); - -// ADMIN -insert into cred (id,type,expires,cred,notes,ns,other) values('jh0003@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('jh0003@people.osaaf.org','org.onap.portal.admin','2018-10-31','org.onap.portal','admin'); - -// DESIGNER -INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('cs0008@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.portal','designer',{'org.onap.portal.access|*|read'},'Portal Designer'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('cs0008@people.osaaf.org','org.onap.portal.designer','2018-10-31','org.onap.portal','designer'); - -// TESTER -INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('jm0007@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.portal','tester',{'org.onap.portal.access|*|read'},'Portal Tester'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('jm0007@people.osaaf.org','org.onap.portal.tester','2018-10-31','org.onap.portal','tester'); - -// OPS -INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('op0001@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.portal','ops',{'org.onap.portal.access|*|read'},'Portal Operations'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('op0001@people.osaaf.org','org.onap.portal.ops','2018-10-31','org.onap.portal','ops'); - -// GOVERNOR -INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('gv0001@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344); -INSERT INTO role(ns, name, perms, description) - VALUES('org.onap.portal','governor',{'org.onap.portal.access|*|read'},'Portal Governor'); -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('gv0001@people.osaaf.org','org.onap.portal.governor','2018-10-31','org.onap.portal','governor'); - diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/temp_identity.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/temp_identity.cql deleted file mode 100644 index 4b6bf44140..0000000000 --- a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/temp_identity.cql +++ /dev/null @@ -1,22 +0,0 @@ -/* # Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. */ - -USE authz; - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('demo@people.osaaf.org','org.admin','2099-12-31','org','admin') ; - -INSERT INTO user_role(user,role,expires,ns,rname) - VALUES ('demo@people.osaaf.org','org.osaaf.aaf.admin','2099-12-31','org.osaaf.aaf','admin') ; - diff --git a/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml index cfece7093b..e0d500c420 100644 --- a/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml @@ -30,25 +30,31 @@ spec: app: {{ include "common.name" . }} release: {{ .Release.Name }} spec: - hostname: {{ include "common.name" . }} containers: - - args: + - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }} + command: ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh","onap"] ports: - containerPort: {{ .Values.service.externalPort }} - containerPort: {{ .Values.service.externalPort2 }} - containerPort: {{ .Values.service.externalPort3 }} - containerPort: {{ .Values.service.externalPort4 }} + env: + - name: CASSANDRA_CLUSTER_NAME + value: "osaaf" + - name: CASSANDRA_DC + value: "dc1" + - name: HEAP_NEWSIZE + value: "512M" + - name: MAX_HEAP_SIZE + value: "1024M" volumeMounts: - - mountPath: /data - name: aaf-cs-data + - mountPath: /var/lib/cassandra + name: cassandra-storage - mountPath: /etc/localtime name: localtime readOnly: true - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: @@ -57,25 +63,12 @@ spec: periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort3 }} + exec: + command: ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh","wait"] initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - lifecycle: - postStart: - exec: - command: - - /bin/sh - - -c - - > - /bin/sleep {{ .Values.readiness.initialDelaySeconds }}; - cd /data/; - cqlsh -u root -p root -f keyspace.cql ; - cqlsh -u root -p root -f init.cql ; - cqlsh -u root -p root -f osaaf.cql ; - cqlsh -u root -p root -f temp_identity.cql resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . | indent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -85,11 +78,15 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: aaf-cs-data - secret: - secretName: {{ include "common.fullname" . }} + - name: localtime + hostPath: + path: /etc/localtime + - name: cassandra-storage + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }} + {{- else }} + emptyDir: {} + {{- end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-cs/templates/pv.yaml b/kubernetes/aaf/charts/aaf-cs/templates/pv.yaml new file mode 100644 index 0000000000..4209179af8 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-cs/templates/pv.yaml @@ -0,0 +1,44 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-cs/templates/pvc.yaml b/kubernetes/aaf/charts/aaf-cs/templates/pvc.yaml new file mode 100644 index 0000000000..b102ffa08d --- /dev/null +++ b/kubernetes/aaf/charts/aaf-cs/templates/pvc.yaml @@ -0,0 +1,48 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }} + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-cs/values.yaml b/kubernetes/aaf/charts/aaf-cs/values.yaml index 73dac29fab..a914b542f4 100644 --- a/kubernetes/aaf/charts/aaf-cs/values.yaml +++ b/kubernetes/aaf/charts/aaf-cs/values.yaml @@ -24,12 +24,9 @@ flavor: small ################################################################# # application image repository: nexus3.onap.org:10001 -image: library/cassandra:3.11 +image: onap/aaf/aaf_cass:2.1.2-SNAPSHOT pullPolicy: Always -# flag to enable debugging - application support required -debugEnabled: false - # application configuration config: {} @@ -42,14 +39,14 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 180 + initialDelaySeconds: 300 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 180 + initialDelaySeconds: 120 periodSeconds: 10 service: @@ -87,4 +84,14 @@ resources: requests: cpu: 40m memory: 9000Mi - unlimited: {}
\ No newline at end of file + unlimited: {} + +persistence: + enabled: true + #existingClaim: + mountPath: /dockerdata-nfs + mountSubPath: "cass" + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 10Gi + storageClass: "manual"
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml index d269dc6536..5125eb161e 100644 --- a/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-fs/templates/deployment.yaml @@ -31,11 +31,12 @@ spec: release: {{ .Release.Name }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-job-complete + command: - /root/job_complete.py args: - - -j - - {{ .Release.Name }}-aaf-create-config + - --job-name + - {{ .Release.Name }}-create-config env: - name: NAMESPACE valueFrom: @@ -44,13 +45,11 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-job-complete - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name - - aaf-cs - - --container-name - aaf-locate env: - name: NAMESPACE @@ -60,23 +59,17 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness containers: - - env: - - name: CASSANDRA_CLUSTER - value: cassandra_container - name: {{ include "common.name" . }} + - name: {{ include "common.name" . }} + command: ["/bin/bash","/opt/app/aaf/bin/fs"] image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/bin/bash","-c","ln -s /opt/app/osaaf/data /data;/opt/app/aaf/fs/bin/fs "] volumeMounts: - - mountPath: /opt/app/osaaf - name: aaf-persistent-vol + - mountPath: "/opt/app/osaaf" + name: shared-config-volume - mountPath: /etc/localtime name: localtime readOnly: true - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: @@ -103,12 +96,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: aaf-persistent-vol + - name: shared-config-volume {{- if .Values.global.persistence.enabled }} persistentVolumeClaim: - claimName: {{ .Release.Name }}-aaf-pvc + claimName: {{ .Release.Name }}-config {{- else }} emptyDir: {} {{- end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-fs/values.yaml b/kubernetes/aaf/charts/aaf-fs/values.yaml index 0e3a81a9c6..0f0d7c47e7 100644 --- a/kubernetes/aaf/charts/aaf-fs/values.yaml +++ b/kubernetes/aaf/charts/aaf-fs/values.yaml @@ -25,14 +25,9 @@ flavor: small ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/aaf/aaf_fs:2.1.1 +image: onap/aaf/aaf_fs:2.1.2-SNAPSHOT pullPolicy: Always -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: {} # default number of instances replicaCount: 1 @@ -43,14 +38,14 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 10 + initialDelaySeconds: 300 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 10 + initialDelaySeconds: 30 periodSeconds: 10 service: diff --git a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml index b24a008fac..24c8e68cec 100644 --- a/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-gui/templates/deployment.yaml @@ -31,11 +31,12 @@ spec: release: {{ .Release.Name }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-job-complete + command: - /root/job_complete.py args: - - -j - - {{ .Release.Name }}-aaf-create-config + - --job-name + - {{ .Release.Name }}-create-config env: - name: NAMESPACE valueFrom: @@ -44,14 +45,12 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-job-complete - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name - - aaf-cs - - --container-name - - aaf-locate + - aaf-cm env: - name: NAMESPACE valueFrom: @@ -60,23 +59,17 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness containers: - - env: - - name: CASSANDRA_CLUSTER - value: cassandra_container - name: {{ include "common.name" . }} + - name: {{ include "common.name" . }} + command: ["/bin/bash","/opt/app/aaf/bin/gui"] image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/bin/bash","-c"," ln -s /opt/app/osaaf/data /data;/opt/app/aaf/gui/bin/gui "] volumeMounts: - - mountPath: /opt/app/osaaf - name: aaf-persistent-vol + - mountPath: "/opt/app/osaaf" + name: shared-config-volume - mountPath: /etc/localtime name: localtime readOnly: true - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: @@ -103,12 +96,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: aaf-persistent-vol + - name: shared-config-volume {{- if .Values.global.persistence.enabled }} persistentVolumeClaim: - claimName: {{ .Release.Name }}-aaf-pvc + claimName: {{ .Release.Name }}-config {{- else }} emptyDir: {} {{- end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-gui/values.yaml b/kubernetes/aaf/charts/aaf-gui/values.yaml index 5665d1df4f..d44ac5ed46 100644 --- a/kubernetes/aaf/charts/aaf-gui/values.yaml +++ b/kubernetes/aaf/charts/aaf-gui/values.yaml @@ -25,14 +25,9 @@ flavor: small ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/aaf/aaf_gui:2.1.1 +image: onap/aaf/aaf_gui:2.1.2-SNAPSHOT pullPolicy: Always -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: {} # default number of instances replicaCount: 1 @@ -43,14 +38,14 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 10 + initialDelaySeconds: 300 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 10 + initialDelaySeconds: 30 periodSeconds: 10 service: diff --git a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml index c76c0849ab..f932228cd9 100644 --- a/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-hello/templates/deployment.yaml @@ -31,11 +31,12 @@ spec: release: {{ .Release.Name }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-job-complete + command: - /root/job_complete.py args: - - -j - - {{ .Release.Name }}-aaf-create-config + - --job-name + - {{ .Release.Name }}-create-config env: - name: NAMESPACE valueFrom: @@ -44,13 +45,11 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-job-complete - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name - - aaf-cs - - --container-name - aaf-locate env: - name: NAMESPACE @@ -60,23 +59,17 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness containers: - - env: - - name: CASSANDRA_CLUSTER - value: cassandra_container - name: {{ include "common.name" . }} + - name: {{ include "common.name" . }} + command: ["/bin/bash","/opt/app/aaf/bin/hello"] image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/bin/bash","-c"," ln -s /opt/app/osaaf/data /data;/opt/app/aaf/hello/bin/hello "] volumeMounts: - - mountPath: /opt/app/osaaf - name: aaf-persistent-vol + - mountPath: "/opt/app/osaaf" + name: shared-config-volume - mountPath: /etc/localtime name: localtime readOnly: true - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: @@ -103,12 +96,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: aaf-persistent-vol + - name: shared-config-volume {{- if .Values.global.persistence.enabled }} persistentVolumeClaim: - claimName: {{ .Release.Name }}-aaf-pvc + claimName: {{ .Release.Name }}-config {{- else }} emptyDir: {} {{- end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-hello/values.yaml b/kubernetes/aaf/charts/aaf-hello/values.yaml index 6fcf861420..9f694be8b8 100644 --- a/kubernetes/aaf/charts/aaf-hello/values.yaml +++ b/kubernetes/aaf/charts/aaf-hello/values.yaml @@ -19,20 +19,15 @@ global: nodePortPrefix: 302 readinessRepository: oomk8s readinessImage: readiness-check:2.0.0 - +flavor: small ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/aaf/aaf_hello:2.1.1 +image: onap/aaf/aaf_hello:2.1.2-SNAPSHOT pullPolicy: Always -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: {} # default number of instances replicaCount: 1 @@ -43,14 +38,14 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 10 + initialDelaySeconds: 300 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 10 + initialDelaySeconds: 30 periodSeconds: 10 service: diff --git a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml index 6e69f2c7ef..a3a9e285cf 100644 --- a/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-locate/templates/deployment.yaml @@ -31,11 +31,12 @@ spec: release: {{ .Release.Name }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-job-complete + command: - /root/job_complete.py args: - - -j - - {{ .Release.Name }}-aaf-create-config + - --job-name + - {{ .Release.Name }}-create-config env: - name: NAMESPACE valueFrom: @@ -44,12 +45,12 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-job-complete - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name - - aaf-cs + - aaf-service env: - name: NAMESPACE valueFrom: @@ -58,23 +59,17 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness containers: - - env: - - name: CASSANDRA_CLUSTER - value: cassandra_container - name: {{ include "common.name" . }} + - name: {{ include "common.name" . }} + command: ["/bin/bash","/opt/app/aaf/bin/locate"] image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/bin/bash","-c"," ln -s /opt/app/osaaf/data /data;/opt/app/aaf/locate/bin/locate "] volumeMounts: - - mountPath: /opt/app/osaaf - name: aaf-persistent-vol + - mountPath: "/opt/app/osaaf" + name: shared-config-volume - mountPath: /etc/localtime name: localtime readOnly: true - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: @@ -101,12 +96,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: aaf-persistent-vol + - name: shared-config-volume {{- if .Values.global.persistence.enabled }} persistentVolumeClaim: - claimName: {{ .Release.Name }}-aaf-pvc + claimName: {{ .Release.Name }}-config {{- else }} emptyDir: {} {{- end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-locate/values.yaml b/kubernetes/aaf/charts/aaf-locate/values.yaml index c9240025f1..ba1e56373c 100644 --- a/kubernetes/aaf/charts/aaf-locate/values.yaml +++ b/kubernetes/aaf/charts/aaf-locate/values.yaml @@ -19,24 +19,15 @@ global: nodePortPrefix: 302 readinessRepository: oomk8s readinessImage: readiness-check:2.0.0 - -# If mountPath is over NFS (e.g. /dockerdata-nfs is NFS mounted between the nodes), uncomment following lines. -# persistence: -# mountPath: /dockerdata flavor: small ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/aaf/aaf_locate:2.1.1 +image: onap/aaf/aaf_locate:2.1.2-SNAPSHOT pullPolicy: Always -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: {} # default number of instances replicaCount: 1 @@ -47,14 +38,14 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 10 + initialDelaySeconds: 300 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 10 + initialDelaySeconds: 30 periodSeconds: 10 service: diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml index fd4ae21708..06cf2736ef 100644 --- a/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-oauth/templates/deployment.yaml @@ -31,11 +31,12 @@ spec: release: {{ .Release.Name }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-job-complete + command: - /root/job_complete.py args: - - -j - - {{ .Release.Name }}-aaf-create-config + - --job-name + - {{ .Release.Name }}-create-config env: - name: NAMESPACE valueFrom: @@ -44,13 +45,11 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-job-complete - - command: - - /root/ready.py + - name: {{ include "common.name" . }}-readiness + command: + - /root/ready.py args: - --container-name - - aaf-cs - - --container-name - aaf-locate env: - name: NAMESPACE @@ -60,23 +59,17 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness containers: - - env: - - name: CASSANDRA_CLUSTER - value: cassandra_container - name: {{ include "common.name" . }} + - name: {{ include "common.name" . }} + command: ["/bin/bash","/opt/app/aaf/bin/oauth"] image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/bin/bash","-c"," ln -s /opt/app/osaaf/data /data;/opt/app/aaf/oauth/bin/oauth "] volumeMounts: - - mountPath: /opt/app/osaaf - name: aaf-persistent-vol + - mountPath: "/opt/app/osaaf" + name: shared-config-volume - mountPath: /etc/localtime name: localtime readOnly: true - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: @@ -103,12 +96,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: aaf-persistent-vol + - name: shared-config-volume {{- if .Values.global.persistence.enabled }} persistentVolumeClaim: - claimName: {{ .Release.Name }}-aaf-pvc + claimName: {{ .Release.Name }}-config {{- else }} emptyDir: {} {{- end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml index 281aa1cc8d..d94bcae31c 100644 --- a/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml +++ b/kubernetes/aaf/charts/aaf-oauth/templates/service.yaml @@ -26,8 +26,6 @@ spec: ports: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.externalPort }} - #Example internal target port if required - #targetPort: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} name: {{ .Values.service.portName }} {{- else -}} diff --git a/kubernetes/aaf/charts/aaf-oauth/values.yaml b/kubernetes/aaf/charts/aaf-oauth/values.yaml index 943ad16109..e52075a447 100644 --- a/kubernetes/aaf/charts/aaf-oauth/values.yaml +++ b/kubernetes/aaf/charts/aaf-oauth/values.yaml @@ -25,14 +25,9 @@ flavor: small ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/aaf/aaf_oauth:2.1.1 +image: onap/aaf/aaf_oauth:2.1.2-SNAPSHOT pullPolicy: Always -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: {} # default number of instances replicaCount: 1 @@ -43,14 +38,14 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 10 + initialDelaySeconds: 300 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 10 + initialDelaySeconds: 30 periodSeconds: 10 service: diff --git a/kubernetes/aaf/charts/aaf-service/.helmignore b/kubernetes/aaf/charts/aaf-service/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-service/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml index a07d06fd0a..c3c140a35d 100644 --- a/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml +++ b/kubernetes/aaf/charts/aaf-service/templates/deployment.yaml @@ -31,11 +31,12 @@ spec: release: {{ .Release.Name }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-job-complete + command: - /root/job_complete.py args: - - -j - - {{ .Release.Name }}-aaf-create-config + - --job-name + - {{ .Release.Name }}-create-config env: - name: NAMESPACE valueFrom: @@ -44,14 +45,12 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-job-complete - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name - aaf-cs - - --container-name - - aaf-locate env: - name: NAMESPACE valueFrom: @@ -60,23 +59,17 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness containers: - - env: - - name: CASSANDRA_CLUSTER - value: cassandra_container - name: {{ include "common.name" . }} + - name: {{ include "common.name" . }} + command: ["/bin/bash","/opt/app/aaf/bin/service"] image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: ["/bin/bash","-c"," ln -s /opt/app/osaaf/data /data;/opt/app/aaf/service/bin/service "] volumeMounts: - - mountPath: /opt/app/osaaf - name: aaf-persistent-vol + - mountPath: "/opt/app/osaaf" + name: shared-config-volume - mountPath: /etc/localtime name: localtime readOnly: true - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: @@ -103,12 +96,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: aaf-persistent-vol + - name: shared-config-volume {{- if .Values.global.persistence.enabled }} persistentVolumeClaim: - claimName: {{ .Release.Name }}-aaf-pvc + claimName: {{ .Release.Name }}-config {{- else }} emptyDir: {} {{- end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file diff --git a/kubernetes/aaf/charts/aaf-service/values.yaml b/kubernetes/aaf/charts/aaf-service/values.yaml index 5ad31ffdda..7ec6364f3c 100644 --- a/kubernetes/aaf/charts/aaf-service/values.yaml +++ b/kubernetes/aaf/charts/aaf-service/values.yaml @@ -25,14 +25,9 @@ flavor: small ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/aaf/aaf_service:2.1.1 +image: onap/aaf/aaf_service:2.1.2-SNAPSHOT pullPolicy: Always -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: {} # default number of instances replicaCount: 1 @@ -43,14 +38,14 @@ affinity: {} # probe configuration parameters liveness: - initialDelaySeconds: 10 + initialDelaySeconds: 300 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 10 + initialDelaySeconds: 30 periodSeconds: 10 service: diff --git a/kubernetes/aaf/resources/config/backup/backup.sh b/kubernetes/aaf/resources/config/backup/backup.sh deleted file mode 100644 index 0cc2f6287f..0000000000 --- a/kubernetes/aaf/resources/config/backup/backup.sh +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# BEGIN Store prev -BD=/opt/app/osaaf/backup -if [ -e "$BD/6day" ]; then - rm -Rf $BD/6day -fi - -PREV=$BD/6day -for D in $BD/5day $BD/4day $BD/3day $BD/2day $BD/yesterday; do - if [ -e "$D" ]; then - mv "$D" "$PREV" - fi - PREV="$D" -done - -if [ -e "$BD/today" ]; then - if [ -e "$BD/backup.log" ]; then - mv $BD/backup.log $BD/today - fi - gzip $BD/today/* - mv $BD/today $BD/yesterday -fi - -mkdir $BD/today - -# END Store prev -date -docker exec -t aaf_cass bash -c "mkdir -p /opt/app/cass_backup" -docker container cp $BD/cbackup.sh aaf_cass:/opt/app/cass_backup/backup.sh -# echo "login as Root, then run \nbash /opt/app/cass_backup/backup.sh" -docker exec -t aaf_cass bash /opt/app/cass_backup/backup.sh -docker container cp aaf_cass:/opt/app/cass_backup/. $BD/today -date diff --git a/kubernetes/aaf/resources/config/data/identities.dat b/kubernetes/aaf/resources/config/data/identities.dat deleted file mode 100644 index cb7f01db20..0000000000 --- a/kubernetes/aaf/resources/config/data/identities.dat +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# -# Sample Identities.dat -# This file is for use with the "Default Organization". It is a simple mechanism to have a basic ILM structure to use with -# out-of-the-box tire-kicking, or even for Small companies -# -# For Larger Companies, you will want to create a new class implementing the "Organization" interface, making calls to your ILM, or utilizing -# batch feeds, as is appropriate for your company. -# -# Example Field Layout. note, in this example, Application IDs and People IDs are mixed. You may want to split -# out AppIDs, choose your own status indicators, or whatever you use. -# 0 - unique ID -# 1 - full name -# 2 - first name -# 3 - last name -# 4 - phone -# 5 - official email -# 6 - employment status e=employee, c=contractor, a=application, n=no longer with company -# 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID) -# - -iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| -mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna -bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager -mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager -ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager -iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager -osaaf|ID of AAF|||||a|bdevl diff --git a/kubernetes/aaf/resources/config/data/sample.identities.dat b/kubernetes/aaf/resources/config/data/sample.identities.dat deleted file mode 100644 index cf2ca6dcb6..0000000000 --- a/kubernetes/aaf/resources/config/data/sample.identities.dat +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Sample Identities.dat -# This file is for use with the "Default Organization". It is a simple mechanism to have a basic ILM structure to use with -# out-of-the-box tire-kicking, or even for Small companies -# -# For Larger Companies, you will want to create a new class implementing the "Organization" interface, making calls to your ILM, or utilizing -# batch feeds, as is appropriate for your company. -# -# Example Field Layout. note, in this example, Application IDs and People IDs are mixed. You may want to split -# out AppIDs, choose your own status indicators, or whatever you use. -# 0 - unique ID -# 1 - full name -# 2 - first name -# 3 - last name -# 4 - phone -# 5 - official email -# 6 - employment status e=employee, c=contractor, a=application, n=no longer with company -# 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID) -# - -iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@osaaf.com|e| -mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@osaaf.com|e|iowna -bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.develper@osaaf.com|e|mmanager -mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@osaaf.com|e|mmanager -ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@osaaf.com|c|mmanager -iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@osaaf.com|n|mmanager -osaaf|ID of AAF|||||a|bdevl diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.cm.props b/kubernetes/aaf/resources/config/etc/org.osaaf.cm.props deleted file mode 100644 index ccd8a3329e..0000000000 --- a/kubernetes/aaf/resources/config/etc/org.osaaf.cm.props +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -## -## org.osaaf.cm.props -## AAF Certificate Manager properties -## Note: Link to CA Properties in "local" dir -## -cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props:/opt/app/osaaf/local/org.osaaf.cm.ca.props -aaf_component=AAF_NS.cm:2.1.0.0 -port=8150 -cadi_registration_hostname={{.Values.config.cmServiceName}} -#Certman -cm_public_dir=/opt/app/osaaf/public -cm_trust_cas=AAF_RootCA.cer - - diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.common.props b/kubernetes/aaf/resources/config/etc/org.osaaf.common.props deleted file mode 100644 index 052a2ec901..0000000000 --- a/kubernetes/aaf/resources/config/etc/org.osaaf.common.props +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -############################################################ -# Common properties for all AAF Components -# on 2018-03-02 06:59.628-0500 -############################################################ -# Pull in Global Coordinates and Certificate Information -aaf_root_ns=org.osaaf.aaf -aaf_trust_perm=org.osaaf.aaf|org.onap|trust - -cadi_prop_files=/opt/app/osaaf/local/org.osaaf.location.props:/opt/app/osaaf/local/org.osaaf.aaf.props -cadi_protocols=TLSv1.1,TLSv1.2 - -aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 -cadi_loginpage_url=https://AAF_LOCATE_URL/AAF_NS.gui:2.0/login - -# Standard for this App/Machine -aaf_env=DEV -aaf_data_dir=/opt/app/osaaf/data -cadi_loglevel=DEBUG - -# Domain Support (which will accept) -aaf_domain_support=.com:.org - -# Basic Auth -aaf_default_realm=people.osaaf.org - -# OAuth2 -aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect - diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.fs.props b/kubernetes/aaf/resources/config/etc/org.osaaf.fs.props deleted file mode 100644 index 266e08e74b..0000000000 --- a/kubernetes/aaf/resources/config/etc/org.osaaf.fs.props +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -## -## org.osaaf.locator -## AAF Locator Properties -## -cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props -aaf_component=AAF_NS.fs:2.1.0.0 -port=8096 -cadi_registration_hostname={{.Values.config.fsServiceName}} - -aaf_public_dir=/opt/app/osaaf/public diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.gui.props b/kubernetes/aaf/resources/config/etc/org.osaaf.gui.props deleted file mode 100644 index 6c40b40c34..0000000000 --- a/kubernetes/aaf/resources/config/etc/org.osaaf.gui.props +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -## -## org.osaaf.locator -## AAF Locator Properties -## -cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/etc/org.osaaf.orgs.props -aaf_component=AAF_NS.gui:2.1.0.0 -port=8200 -cadi_registration_hostname={{.Values.config.guiServiceName}} - -aaf_gui_title=AAF -aaf_gui_copyright=(c) 2018 AT&T Intellectual Property. All rights reserved. -aaf_gui_theme=theme/onap -cadi_loginpage_url=https://AAF_LOCATE_URL/com.att.aaf.gui:2.0/login - -# GUI URLS and Help URLS -cm_url=https://{{.Values.config.cmServiceName}}:8150 -gw_url=https://{{.Values.config.locateServiceName}}:8095 -fs_url=http://{{.Values.config.fsServiceName}}:8096 - -aaf_url.gui_onboard=https://wiki.web.att.com/display/aaf/OnBoarding -aaf_url.cuigui=https://wiki.web.att.com/display/aaf/Using+the+Command+Prompt - -aaf_url.aaf_help=https://wiki.onap.org/display/DW/Application+Authorization+Framework+Documentation -aaf_url.aaf_help.sub=Bootstrapping+AAF,Installation+Guide -aaf_url.aaf_help.sub.Bootstrapping+AAF=https://wiki.onap.org/display/DW/Bootstrapping+AAF -aaf_url.aaf_help.sub.Installation+Guide=https://wiki.onap.org/display/DW/AAF+Installation+Guide -#aaf_url.cadi_help= -aaf_url.tools=AAF+Projects,AAF+Jira,AAF+Calendar -aaf_url.tool=AAF+Jira=https://jira.onap.org/secure/RapidBoard.jspa?rapidView=69&projectKey=AAF&view=detail&selectedIssue=AAF-134 -aaf_url.tool.AAF+Projects=https://gerrit.onap.org/r/#/admin/projects/?filter=aaf%2F -aaf_url.tool.AAF+Calendar=https://wiki.onap.org/pages/viewpage.action?pageId=6587439 diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.locate.props b/kubernetes/aaf/resources/config/etc/org.osaaf.locate.props deleted file mode 100644 index 1026dd85bd..0000000000 --- a/kubernetes/aaf/resources/config/etc/org.osaaf.locate.props +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -## -## org.osaaf.locator -## AAF Locator Properties -## -cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props -aaf_component=AAF_NS.locator:2.1.0.0 -port=8095 -cadi_registration_hostname={{.Values.config.locateServiceName}} diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.log4j.props b/kubernetes/aaf/resources/config/etc/org.osaaf.log4j.props deleted file mode 100644 index 9f10802821..0000000000 --- a/kubernetes/aaf/resources/config/etc/org.osaaf.log4j.props +++ /dev/null @@ -1,51 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# -log4j.appender.INIT=org.apache.log4j.DailyRollingFileAppender -log4j.appender.INIT.File=${LOG4J_FILENAME_init} -log4j.appender.INIT.DatePattern='.'yyyy-MM-dd -log4j.appender.INIT.layout=org.apache.log4j.PatternLayout -log4j.appender.INIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n - -log4j.appender.SRVR=org.apache.log4j.DailyRollingFileAppender -log4j.appender.SRVR.File=${LOG4J_FILENAME_service} -log4j.appender.SRVR.DatePattern='.'yyyy-MM-dd -log4j.appender.SRVR.layout=org.apache.log4j.PatternLayout -log4j.appender.SRVR.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %p [%c] %m %n - -log4j.appender.AUDIT=org.apache.log4j.DailyRollingFileAppender -log4j.appender.AUDIT.File=${LOG4J_FILENAME_audit} -log4j.appender.AUDIT.DatePattern='.'yyyy-MM-dd -log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout -log4j.appender.AUDIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n - -log4j.appender.stdout=org.apache.log4j.ConsoleAppender -log4j.appender.stdout.layout=org.apache.log4j.PatternLayout -log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] %m %n - -# General Apache libraries -log4j.rootLogger=WARN.SRVR -log4j.logger.org.apache=WARN,SRVR -log4j.logger.com.datastax=WARN,SRVR -log4j.logger.init=INFO,INIT -log4j.logger.service=${LOGGING_LEVEL},SRVR -log4j.logger.audit=INFO,AUDIT -# Additional configs, not cauth with Root Logger -log4j.logger.io.netty=INFO,SRVR -log4j.logger.org.eclipse=INFO,SRVR - - diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.oauth.props b/kubernetes/aaf/resources/config/etc/org.osaaf.oauth.props deleted file mode 100644 index d2a5b97ec2..0000000000 --- a/kubernetes/aaf/resources/config/etc/org.osaaf.oauth.props +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -## -## org.osaaf.locator -## AAF Locator Properties -## -cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props -aaf_component=AAF_NS.oauth:2.1.0.0 -port=8140 -cadi_registration_hostname={{.Values.config.oauthServiceName}} diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.orgs.props b/kubernetes/aaf/resources/config/etc/org.osaaf.orgs.props deleted file mode 100644 index c609de2027..0000000000 --- a/kubernetes/aaf/resources/config/etc/org.osaaf.orgs.props +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# -# Define Organizations for use in some of the components. Not all use them -# -Organization.org.osaaf=org.onap.aaf.org.DefaultOrg -org.osaaf.mailHost=smtp.mail.att.com -org.osaaf.mailFrom=DL-aaf-support@aaf.att.com -org.osaaf.default=true -org.osaaf.also_supports=org.osaaf.people - - - diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.service.props b/kubernetes/aaf/resources/config/etc/org.osaaf.service.props deleted file mode 100644 index adb9032929..0000000000 --- a/kubernetes/aaf/resources/config/etc/org.osaaf.service.props +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -## -## org.osaaf.service -## AAF Service Properties -## -cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props:/opt/app/osaaf/local/org.osaaf.cassandra.props:/opt/app/osaaf/etc/org.osaaf.orgs.props -aaf_component=AAF_NS.service:2.1.0.0 -port=8100 -cadi_registration_hostname={{.Values.config.serviceServiceName}} diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.cm.p12 b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.cm.p12 Binary files differdeleted file mode 100644 index 63aedd2560..0000000000 --- a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.cm.p12 +++ /dev/null diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.cm.pkcs11 b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.cm.pkcs11 deleted file mode 100644 index 05fe60fe6a..0000000000 --- a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.cm.pkcs11 +++ /dev/null @@ -1 +0,0 @@ -name = localca diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.keyfile b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.keyfile deleted file mode 100644 index 7206ad9325..0000000000 --- a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.keyfile +++ /dev/null @@ -1,27 +0,0 @@ -rmaOaytuFLnhz07oilUO0nO_mZ18XInIi56OoezdUTR5f1GR45lp_nX7marcYv7j2ZS-dpWOSur0 -sK5M-ByrgxfUPyk749Ex4nGSMLnAq-nFMaREpGZPmNP-ul_vCxCmaHUnWKPJB4jx_K_osKPb0-ng -tqX0hnpbmcq4okV94MUdUs084ymM5LU-qVU_oYbLUM4dXatobe1go8eX2umrutZbQTjz75i4UEcF -Dv9nDwVqHRGUFMU0NeJlrSlRSO-eiDgVtoSCBGtIkDdKPBTUT3wachHmUBiSBJ3GF05yQP1CwWzz -AQRSwphP11xKI7tSViT5RoxjxfQZiVEbeyg9g9BROe_pLyIDskoW_ujdnPOWRcSIx6Q4J0eew3kb -yqcWUPf1K2nSyBSshlsQ6A9NSOLz_KhyIvP_1OG82m1gir3I77Usl7QqMF8IBXCjJ-H_qqR1u-By -qm_AFjagYA2TgF2YQN-fcneom_5_cA74_xwJ41juhOP72ZWGkX1bAdbiKf85uYo2H3g5HeNWijQL -y4wJ4qFrSptQRyV2Ntf9OLgpOsKsPPiLlNBugmCjHBMaPMbQAYRbsyCH2nKdjjTG3c6iF5Cj9Jco -6McvcrYYuq3ynH-2HoL-T-Zgl2AXLxqK4_dl_H243H-GutoJsmIkELLGS_pCpSt4t7xaDvzqxrTj -4qZ1OjozcpnsqM8HebS28IgoqFaOmrCMqO1MLM_CjAyliTy31P28XEbcYvjEY-FWmnJRSpMLc1Pz --KOH-2V8uTqn5YlUsFt2TNnc8lEwMH6GSV1vkgxwPQaMUgWV2svc0FfBmTLZI4zNmpMu4cGjaG-f -Z8r_hX7pDPANBTaqFxTp999dnaS3lLdZMNbJNEKFF0xxdRuBzsPKDiLa7ItixInZlUcEnwJVWOhC -kcI2J0cEFGxHxWYmYdqyJIvQzjebk6iDqB-mLi0ai-_XYm1niCxZizT_XJADo9LQtTzq1V6pMgYR -PPfbDKoiYRK6D8nbWsGNOh6xOS7zs8qrnTPxwu5CuZX_EFoejmooHTrXEqw2RzRFw9XqXM8p50C3 -YrwI2lA6kTQItGm0yftAxqfbhbjJp_K1P91ckOYL3ZSYze_hXRmguwYuT5NWlKhBtm5aawuDjXEg -yn7PnRTT0smW40hbYbks5L-2VVxTd3tith6Ltqh95miL6vpG5ByDDQlZCWwkq7XH7iScejDvT6UN -jF1K86mNa8CLXuuSzGl1li1CMxoVzW55G3s0-ICDHqjytiUkiUen2V9VzGT9h4BgDfzbShf31M4_ -biO4NL-mkqlDBbh-KcrYjvNj5qQwHSiLSLuQQBoBtJ3hG9jCu4YBYVWJYctV8r3Js_sGDH4rl5w1 -ujEF6QHWZIF73-u53G_LtvoXBnQcrBW8oLpqP-1Pz5d1bio--bRsNa5qAAilNbYmttiKYOYJn4My -c6QvzF81SqTRZy0Fd0NK_hMCglPkH7sd32UX-LBquvQ_yDqB_ml_pADJhWcfuD4iPAQjR2Vgclxf -GPCDva6YpJDzjjnaExDYmGFVFpbIPLfvGUCit_9zAycx0nW1J_cVT1BWFHijjAh_gnIpa6MtY3BE -G3d8ee6_LAQvvVdBwZ955UwyRd-C7Buc7Xcccw-8hcNBKqOCDlE9j4tie2SdO9m53vZRzcLY6Aiw -BiulIAllqHZQYs0OBcaYgbNgJU-gn9ZMWgS9i3ijPvTTBSNX7y7k4L1a4QOceyuOtt7nkv024YUS -acTRmaGotRBuVfI-C0L4Q9NL56_nUATB5ca2GqgLEKnWKsiN3T9cBg4Ji88E8OdiVcoO8segB-0d -QwWCqCZ8_z_R7zBMlDqpfu5wbvoVx0w9JhLgO9f7eoRozqA3qGLv94i1pN6LuU-Q7YPz4jVxmbb_ -2CHyP1n-o1ZWHfWdz6aByXEzrAZdvjfEWwwMYV5l5jFilTXaCNOCjr9S4YjNn0HITdl7E64C06Im -3QWOsnDv9z1APjnFo12KH_1yWscU0t9gx7FG210Ug6C-G3Bko_tm_YOp0Lkum4qrnxgHMf_a
\ No newline at end of file diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.p12 b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.p12 Binary files differdeleted file mode 100644 index ac1dece85c..0000000000 --- a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.p12 +++ /dev/null diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.props b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.props deleted file mode 100644 index 21910eb627..0000000000 --- a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.props +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -cm_url=https://{{.Values.config.cmServiceName}}:8150 -#hostname=aaf.osaaf.org -aaf_env=DEV -cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US -cadi_keyfile=/opt/app/osaaf/local/org.osaaf.aaf.keyfile -cadi_keystore=/opt/app/osaaf/local/org.osaaf.aaf.p12 -cadi_keystore_password=enc:fDY3WPPqHCMQaZdox2UfpRoEq6b9wUqS-aepo0NiqEFa2t7uYHBdxfQAuEwj9Lwb -#cadi_key_password=enc:<KEY PASSWORD (optional if the same as KEYSTORE PASSWORD)> -cadi_alias=aaf-authz@aaf.osaaf.org -cadi_truststore=/opt/app/osaaf/local/org.osaaf.aaf.trust.p12 -cadi_truststore_password=enc:5nzj6v3Rb0oZPV1zCxg8EJFfkFvWFGJflLB0i_FN0Np diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.trust.p12 b/kubernetes/aaf/resources/config/local/org.osaaf.aaf.trust.p12 Binary files differdeleted file mode 100644 index d01e8569ab..0000000000 --- a/kubernetes/aaf/resources/config/local/org.osaaf.aaf.trust.p12 +++ /dev/null diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.cassandra.props b/kubernetes/aaf/resources/config/local/org.osaaf.cassandra.props deleted file mode 100644 index 17f238b851..0000000000 --- a/kubernetes/aaf/resources/config/local/org.osaaf.cassandra.props +++ /dev/null @@ -1,29 +0,0 @@ -############################################################ -# Cassandra properties for AAF Components needing -# on 2018-03-02 06:59.628-0500 -############################################################ -# LOCAL Cassandra -cassandra.clusters={{.Values.config.csServiceName}} -cassandra.clusters.port=9042 -#need this to be fully qualified name when REAL AAF integration -cassandra.clusters.user=cassandra -cassandra.clusters.password=enc:gF_I93pTRMIvj3rof-dx-yK84XYT1UKGf98s1LAJyWV - -# Name for exception that has happened in the past -cassandra.reset.exceptions=com.datastax.driver.core.exceptions.NoHostAvailableException:"no host was tried":"Connection has been closed" - -# Example Consistency Settings for Clusters with at least instances -#cassandra.writeConsistency.ns=LOCAL_QUORUM -#cassandra.writeConsistency.perm=LOCAL_QUORUM -#cassandra.writeConsistency.role=LOCAL_QUORUM -#cassandra.writeConsistency.user_role=LOCAL_QUORUM -#cassandra.writeConsistency.cred=LOCAL_QUORUM -#cassandra.writeConsistency.ns_attrib=LOCAL_QUORUM - -# Consistency Settings when Single Instance -cassandra.writeConsistency.ns=ONE -cassandra.writeConsistency.perm=ONE -cassandra.writeConsistency.role=ONE -cassandra.writeConsistency.user_role=ONE -cassandra.writeConsistency.cred=ONE -cassandra.writeConsistency.ns_attrib=ONE diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.cm.ca.props b/kubernetes/aaf/resources/config/local/org.osaaf.cm.ca.props deleted file mode 100644 index 8843705cbb..0000000000 --- a/kubernetes/aaf/resources/config/local/org.osaaf.cm.ca.props +++ /dev/null @@ -1,11 +0,0 @@ -## -## org.osaaf.cm.ca.props -## Properties to access Certifiate Authority -## - -#Certman -cm_ca.local=org.onap.aaf.auth.cm.ca.LocalCA,/opt/app/osaaf/local/org.osaaf.aaf.cm.p12;aaf_cm_ca;enc:asFEWMNqjH7GktBLb9EGl6L1zfS2qMH5ZS5Zd90KVT5B9ZyRsqx7Gb73YllO8Hyw -cm_ca.local.idDomains=org.osaaf -cm_ca.local.baseSubject=/OU=OSAAF/O=ONAP/C=US -cm_ca.local.perm_type=org.osaaf.aaf.ca - diff --git a/kubernetes/aaf/resources/config/local/org.osaaf.location.props b/kubernetes/aaf/resources/config/local/org.osaaf.location.props deleted file mode 100644 index fd52d6db11..0000000000 --- a/kubernetes/aaf/resources/config/local/org.osaaf.location.props +++ /dev/null @@ -1,12 +0,0 @@ -## -## org.osaaf.location.props -## -## Localized Machine Information -## -# Almeda California -cadi_latitude=37.78187 -cadi_longitude=-122.26147 - -#cadi_registration_hostname=aaf-onap-beijing-test.osaaf.org -cadi_trust_masks=10.12.6/24 -aaf_locate_url=https://{{.Values.config.locateServiceName}}:8095 diff --git a/kubernetes/aaf/resources/config/public/README.txt b/kubernetes/aaf/resources/config/public/README.txt deleted file mode 100644 index 48aaa96feb..0000000000 --- a/kubernetes/aaf/resources/config/public/README.txt +++ /dev/null @@ -1 +0,0 @@ -Public directory left empty on purpose. Content of https://gerrit.onap.org/r/gitweb?p=aaf/authz.git;a=tree;f=auth/sample/public;h=1b387b7858134f80446f006b6d570fa534da3153;hb=refs/heads/master is cloned and mounted into AAF container volume via init container. This is done to dramatically reduce the size of configuration that was being put into a configmap that was exceeding helm configmap limit of 1MB per deployment. diff --git a/kubernetes/aaf/templates/configmap.yaml b/kubernetes/aaf/templates/configmap.yaml deleted file mode 100644 index 9d21e057d6..0000000000 --- a/kubernetes/aaf/templates/configmap.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-aaf-backup - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/backup/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-aaf-local - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/local/org.osaaf.location.props").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/local/org.osaaf.cm.ca.props").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/local/org.osaaf.cassandra.props").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/local/org.osaaf.aaf.props").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-aaf-etc - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/etc/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-aaf-data - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/data/*").AsConfig . | indent 2 }} diff --git a/kubernetes/aaf/templates/job.yaml b/kubernetes/aaf/templates/job.yaml index 719b6dc2c2..103b908491 100644 --- a/kubernetes/aaf/templates/job.yaml +++ b/kubernetes/aaf/templates/job.yaml @@ -15,7 +15,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ include "common.fullname" . }}-create-config + name: {{ .Release.Name }}-create-config namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -29,79 +29,28 @@ spec: app: aaf-init-job release: {{ .Release.Name }} spec: - initContainers: - - name: {{ include "common.name" . }}-inject-config - command: - - /bin/bash - - -c - - > - git clone -b {{ .Values.config.gerritBranch }} --single-branch {{ .Values.config.gerritProject }} /tmp/gerrit; - echo "Clone complete. Copying from /tmp/gerrit/ to /public"; - cp -rf /tmp/gerrit/auth/sample/public/* /public; - echo "Done."; - image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.global.ubuntuInitImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: aaf-public - mountPath: "/public" containers: - - command: ["/bin/bash","-c","if [ ! -d /data/backup ]; then mkdir /data/data && cp -Ra /data1/data/..data/* /data/data/ && mkdir /data/etc && cp -Ra /data1/etc/..data/* data/etc/ && mkdir /data/backup && cp -Ra /data1/backup/..data/* /data/backup/ && cp -Ra /data1/public /data/ && cp -Ra /data1/local /data && mkdir -p /data/logs/oauth && mkdir -p /data/logs/hello && mkdir -p /data/logs/fs && mkdir -p /data/logs/gui && mkdir -p /data/logs/locate && mkdir -p /data/logs/cm && mkdir -p /data/logs/service; fi; exit 0"] - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + - name: {{ include "common.name" . }}-config-container + image: "{{ include "common.repository" . }}/{{ .Values.aaf_config.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: aaf-init-job volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /data - name: aaf-persistent-data - - mountPath: /data1/etc - name: aaf-etc - - mountPath: /data1/data - name: aaf-data - - mountPath: /data1/public/iframe_denied_test.html - name: aaf-public - subPath: iframe_denied_test.html - - mountPath: /data1/public/aaf_2_0.xsd - name: aaf-public - subPath: aaf_2_0.xsd - - mountPath: /data1/public/truststoreONAP.p12 - name: aaf-public - subPath: truststoreONAP.p12 - - mountPath: /data1/public/AAF_RootCA.cer - name: aaf-public - subPath: AAF_RootCA.cer - - mountPath: /data1/public/truststoreONAPall.jks - name: aaf-public - subPath: truststoreONAPall.jks - - mountPath: /data1/local/org.osaaf.location.props - name: aaf-local - subPath: org.osaaf.location.props - - mountPath: /data1/local/org.osaaf.cm.ca.props - name: aaf-local - subPath: org.osaaf.cm.ca.props - - mountPath: /data1/local/org.osaaf.cassandra.props - name: aaf-local - subPath: org.osaaf.cassandra.props - - mountPath: /data1/local/org.osaaf.aaf.props - name: aaf-local - subPath: org.osaaf.aaf.props - - mountPath: /data1/local/org.osaaf.aaf.trust.p12 - name: aaf-local-secret - subPath: org.osaaf.aaf.trust.p12 - - mountPath: /data1/local/org.osaaf.aaf.p12 - name: aaf-local-secret - subPath: org.osaaf.aaf.p12 - - mountPath: /data1/local/org.osaaf.aaf.keyfile - name: aaf-local-secret - subPath: org.osaaf.aaf.keyfile - - mountPath: /data1/local/org.osaaf.aaf.cm.p12 - name: aaf-local-secret - subPath: org.osaaf.aaf.cm.p12 - - mountPath: /data1/backup - name: aaf-backup - - mountPath: /share - name: aaf-public + - mountPath: "/opt/app/osaaf" + name: {{ include "common.name" . }}-config-vol + env: + - name: HOSTNAME + value: "{{ .Values.global.cadi.hostname }}" + - name: AAF_ENV + value: "{{ .Values.global.cadi.aaf_env }}" + - name: AAF_REGISTER_AS + value: "{{ .Values.global.cadi.aaf_register_as }}" + - name: LATITUDE + value: "{{ .Values.global.cadi.cadi_latitude }}" + - name: LONGITUDE + value: "{{ .Values.global.cadi.cadi_longitude }}" + - name: CASS_HOST + value: "{{ .Values.global.cassandraServiceName }}" + - name: AAF_LOCATOR_AS + value: "{{ .Values.global.locateServiceName }}" resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -113,33 +62,13 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: aaf-local-secret - secret: - secretName: {{ .Release.Name }}-aaf-local-secret - - name: aaf-etc - configMap: - name: {{ .Release.Name }}-aaf-etc - - name: aaf-local - configMap: - name: {{ .Release.Name }}-aaf-local - - name: aaf-backup - configMap: - name: {{ .Release.Name }}-aaf-backup - - name: aaf-data - configMap: - name: {{ .Release.Name }}-aaf-data - - name: aaf-persistent-data + - name: {{ include "common.name" . }}-config-vol {{- if .Values.global.persistence.enabled }} persistentVolumeClaim: - claimName: {{ .Release.Name }}-aaf-pvc + claimName: {{ .Release.Name }}-config {{- else }} emptyDir: {} {{- end }} - - name: aaf-public - emptyDir: {} restartPolicy: OnFailure imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/templates/pv.yaml b/kubernetes/aaf/templates/pv.yaml index d9b58f62ad..9d28184985 100644 --- a/kubernetes/aaf/templates/pv.yaml +++ b/kubernetes/aaf/templates/pv.yaml @@ -14,24 +14,60 @@ # limitations under the License. */}} -{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if and .Values.global.persistence.enabled (not .Values.persistence.config.existingClaim) }} kind: PersistentVolume apiVersion: v1 metadata: - name: {{ include "common.fullname" . }} + name: {{ .Release.Name }}-config namespace: {{ include "common.namespace" . }} labels: - app: {{ include "common.name" . }} + app: {{ include "common.name" . }}-config chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" name: {{ include "common.fullname" . }} spec: capacity: - storage: {{ .Values.persistence.size}} + storage: {{ .Values.persistence.config.size}} accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + - {{ .Values.persistence.config.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.config.volumeReclaimPolicy }} hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }} -{{- end -}} + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.config.mountSubPath }} +{{- if .Values.persistence.config.storageClass }} +{{- if (eq "-" .Values.persistence.config.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.config.storageClass }}" +{{- end }} +{{- end }} +{{- end }} +--- +{{- if and .Values.global.persistence.enabled (not .Values.persistence.logs.existingClaim) }} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ .Release.Name }}-logs + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-logs + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} +spec: + capacity: + storage: {{ .Values.persistence.logs.size}} + accessModes: + - {{ .Values.persistence.logs.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.logs.volumeReclaimPolicy }} + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.logs.mountSubPath }} +{{- if .Values.persistence.logs.storageClass }} +{{- if (eq "-" .Values.persistence.logs.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.logs.storageClass }}" +{{- end }} +{{- end }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/aaf/templates/pvc.yaml b/kubernetes/aaf/templates/pvc.yaml index 255c27751c..a9c8b908eb 100644 --- a/kubernetes/aaf/templates/pvc.yaml +++ b/kubernetes/aaf/templates/pvc.yaml @@ -14,35 +14,68 @@ # limitations under the License. */}} -{{- if and .Values.global.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if and .Values.global.persistence.enabled (not .Values.persistence.config.existingClaim) }} kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: {{ .Release.Name }}-aaf-pvc + name: {{ .Release.Name }}-config namespace: {{ include "common.namespace" . }} labels: - app: {{ include "common.name" . }} + app: {{ include "common.name" . }}-config chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} +{{- if .Values.persistence.config.annotations }} annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} +{{ toYaml .Values.persistence.config.annotations | indent 4 }} {{- end }} spec: selector: matchLabels: - name: {{ include "common.fullname" . }} + app: {{ include "common.name" . }}-config accessModes: - - {{ .Values.persistence.accessMode }} + - {{ .Values.persistence.config.accessMode }} resources: requests: - storage: {{ .Values.persistence.size }} -{{- if .Values.persistence.storageClass }} -{{- if (eq "-" .Values.persistence.storageClass) }} + storage: {{ .Values.persistence.config.size }} +{{- if .Values.persistence.config.storageClass }} +{{- if (eq "-" .Values.persistence.config.storageClass) }} storageClassName: "" {{- else }} - storageClassName: "{{ .Values.persistence.storageClass }}" + storageClassName: "{{ .Values.persistence.config.storageClass }}" {{- end }} {{- end }} -{{- end -}} +{{- end }} +--- +{{- if and .Values.global.persistence.enabled (not .Values.persistence.logs.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ .Release.Name }}-logs + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-logs + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.logs.annotations }} + annotations: +{{ toYaml .Values.persistence.logs.annotations | indent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }}-logs + accessModes: + - {{ .Values.persistence.logs.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.logs.size }} +{{- if .Values.persistence.logs.storageClass }} +{{- if (eq "-" .Values.persistence.logs.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.logs.storageClass }}" +{{- end }} +{{- end }} +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml index 931a31dc65..4cc69c264b 100644 --- a/kubernetes/aaf/values.yaml +++ b/kubernetes/aaf/values.yaml @@ -23,21 +23,22 @@ global: ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 persistence: enabled: true + + cadi: + hostname: "aaf.onap" + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + aaf_env: "DEV" + aaf_register_as: "aaf.onap" + cassandraServiceName: aaf-cass + locateServiceName: aaf-locate + ################################################################# # Application configuration defaults. ################################################################# -config: - serviceServiceName: aaf-service - locateServiceName: aaf-locate - cmServiceName: aaf-cm - fsServiceName: aaf-fs - guiServiceName: aaf-gui - helloServiceName: aaf-hello - oauthServiceName: aaf-oauth - csServiceName: aaf-cass - # gerrit branch where the latest aaf/auth/sample/public code exists - gerritProject: http://gerrit.onap.org/r/aaf/authz.git - gerritBranch: 2.0.0-ONAP +repository: nexus3.onap.org:10001 +aaf_config: + image: onap/aaf/aaf_config:2.1.2-SNAPSHOT flavor: small # default number of instances @@ -64,39 +65,31 @@ ingress: ## Persist data to a persitent volume persistence: - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - volumeReclaimPolicy: Retain + mountPath: "/mnt/data/aaf" + enabled: true + config: + #existingClaim: + volumeReclaimPolicy: Retain + accessMode: ReadWriteMany + size: 2Gi + mountSubPath: "config" + storageClass: "manual" + logs: + #existingClaim: + volumeReclaimPolicy: Retain + accessMode: ReadWriteMany + size: 2Gi + mountSubPath: "logs" + storageClass: "manual" - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: <storageClass> - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessMode: ReadWriteMany - size: 2Gi - mountPath: /dockerdata-nfs - mountSubPath: aaf/data +aaf-cs: + persistence: + #existingClaim: + mountPath: /dockerdata-nfs + mountSubPath: "cass" + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + size: 10Gi + storageClass: "manual" -# Configure resource requests and limits -resources: - small: - limits: - cpu: 2 - memory: 3Gi - requests: - cpu: 2 - memory: 3Gi - large: - limits: - cpu: 4 - memory: 6Gi - requests: - cpu: 4 - memory: 6Gi - unlimited: {} +resources: {}
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-data-router/resources/config/schemaIngest.properties b/kubernetes/aai/charts/aai-data-router/resources/config/schemaIngest.properties index d0916515fe..8c680b5820 100644 --- a/kubernetes/aai/charts/aai-data-router/resources/config/schemaIngest.properties +++ b/kubernetes/aai/charts/aai-data-router/resources/config/schemaIngest.properties @@ -20,13 +20,27 @@ # ============LICENSE_END=========================================================
#
-# Properties for the SchemaLocationsBean
-# The AAI Schema jar will be unpacked to bundleconfig/etc
-schemaConfig=NA
-# OXM files named aai_oxm_v*.xml are unpacked here:
-nodeDir=/opt/app/data-router/bundleconfig/etc/oxm
-# DB Edge Rules are unpacked here:
+# Properties for the SchemaLocationsBean
+# Files named aai_oxm_v*.xml are unpacked here:
+nodeDir=/opt/app/data-router/onap/oxm
+# Dummy folder/directory:
edgeDir=
-# DB Edge Property files are copied here:
-edgePropsDir=
+
+# Properties required by the aai-common - aai-schema-ingest lib as of 1.3.0
+schema.configuration.location=N/A
+schema.nodes.location=/opt/app/data-router/onap/oxm/
+schema.edges.location=
+# These versions need to exist if they are included in the list
+schema.version.list=v9,v10,v11,v12,v13,v14
+# Decalares the oxm version to load
+schema.version.api.default=v14
+
+# Don't use these properties in our application, need to be set to prevent an exception on startup (see SchemaVersions bean)
+schema.version.depth.start=v14
+schema.version.related.link.start=v14
+schema.version.app.root.start=v14
+schema.version.namespace.change.start=v14
+schema.version.edge.label.start=v14
+~
+
diff --git a/kubernetes/aai/charts/aai-data-router/resources/dynamic/conf/data-router-oxm.xml b/kubernetes/aai/charts/aai-data-router/resources/dynamic/conf/data-router-oxm.xml new file mode 100644 index 0000000000..c945c39876 --- /dev/null +++ b/kubernetes/aai/charts/aai-data-router/resources/dynamic/conf/data-router-oxm.xml @@ -0,0 +1,22 @@ +<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" + xmlns:task="http://www.springframework.org/schema/task" + xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd + http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd"> + + <context:property-placeholder + location="file:${CONFIG_HOME}/schemaIngest.properties" + ignore-unresolvable="true" /> + + <bean id="schemaLocationsBean" class="org.onap.aai.setup.SchemaLocationsBean"> + <!-- When running with AJSC these properties must be injected directly. + The reason for this is unknown. --> + <property name="nodeDirectory" value="${nodeDir}" /> + <property name="edgeDirectory" value="${edgeDir}" /> + </bean> + + <bean id="schemaVersions" class="org.onap.aai.setup.SchemaVersions"/> + +</beans> + diff --git a/kubernetes/aai/charts/aai-data-router/resources/dynamic/conf/entity-event-policy.xml b/kubernetes/aai/charts/aai-data-router/resources/dynamic/conf/entity-event-policy.xml index 60e71ecfb0..b5e4129595 100644 --- a/kubernetes/aai/charts/aai-data-router/resources/dynamic/conf/entity-event-policy.xml +++ b/kubernetes/aai/charts/aai-data-router/resources/dynamic/conf/entity-event-policy.xml @@ -32,6 +32,8 @@ <property name="searchCertName" value="client-cert-onap.p12" /> <property name="searchKeystorePwd" value="OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10" /> <property name="searchKeystore" value="tomcat_keystore" /> + <property name="schemaVersions" ref="schemaVersions" /> + <property name="schemaLocationsBean" ref="schemaLocationsBean" /> </bean> <bean id="consumerBeanEntityEvent" class="org.onap.aai.event.client.DMaaPEventConsumer" > @@ -45,7 +47,7 @@ <constructor-arg name="messageLimit" value="100" /> <constructor-arg name="transportType" value="HTTPAUTH" /> <constructor-arg name="protocol" value="{{.Values.event.protocol}}" /> - <constructor-arg name="contentType" value="application/json" /> + <constructor-arg name="filter"><null /></constructor-arg> </bean> <bean id="entityEventPolicy" class="org.onap.aai.datarouter.policy.EntityEventPolicy" init-method="startup" > diff --git a/kubernetes/aai/charts/aai-data-router/templates/configmap.yaml b/kubernetes/aai/charts/aai-data-router/templates/configmap.yaml index 23d3dbbcb9..c8532b2ffc 100644 --- a/kubernetes/aai/charts/aai-data-router/templates/configmap.yaml +++ b/kubernetes/aai/charts/aai-data-router/templates/configmap.yaml @@ -37,7 +37,9 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/dynamic/routes/entity-event.route").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/dynamic/conf/data-router-oxm.xml").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/dynamic/conf/entity-event-policy.xml").AsConfig . | indent 2 }} + --- apiVersion: v1 kind: ConfigMap @@ -63,4 +65,4 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}
\ No newline at end of file +{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} diff --git a/kubernetes/aai/charts/aai-data-router/templates/deployment.yaml b/kubernetes/aai/charts/aai-data-router/templates/deployment.yaml index 83542dabe5..a7ecbce96a 100644 --- a/kubernetes/aai/charts/aai-data-router/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-data-router/templates/deployment.yaml @@ -94,11 +94,17 @@ spec: - mountPath: /opt/app/data-router/dynamic/conf/entity-event-policy.xml subPath: entity-event-policy.xml name: {{ include "common.fullname" . }}-dynamic-policy + - mountPath: /opt/app/data-router/dynamic/conf/data-router-oxm.xml + subPath: data-router-oxm.xml + name: {{ include "common.fullname" . }}-dynamic-oxm - mountPath: /opt/app/data-router/bundleconfig/etc/logback.xml name: {{ include "common.fullname" . }}-logback-config subPath: logback.xml - mountPath: /var/log/onap name: {{ include "common.fullname" . }}-logs + - mountPath: /logs + name: {{ include "common.fullname" . }}-logs + ports: - containerPort: {{ .Values.service.internalPort }} {{- if eq .Values.liveness.enabled true }} @@ -126,6 +132,8 @@ spec: name: filebeat-conf - mountPath: /var/log/onap name: {{ include "common.fullname" . }}-logs + - mountPath: /logs + name: {{ include "common.fullname" . }}-logs - mountPath: /usr/share/filebeat/data name: aai-filebeat volumes: @@ -154,6 +162,9 @@ spec: - name: {{ include "common.fullname" . }}-dynamic-policy configMap: name: {{ include "common.fullname" . }}-dynamic + - name: {{ include "common.fullname" . }}-dynamic-oxm + configMap: + name: {{ include "common.fullname" . }}-dynamic - name: {{ include "common.fullname" . }}-logs emptyDir: {} - name: {{ include "common.fullname" . }}-logback-config diff --git a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/client-cert.p12 Binary files differnew file mode 100644 index 0000000000..dbf4fcacec --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/client-cert.p12 diff --git a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000000..9eec841aa2 --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/auth/tomcat_keystore diff --git a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/fproxy.properties b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/fproxy.properties new file mode 100644 index 0000000000..f512fb71a6 --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/fproxy.properties @@ -0,0 +1,2 @@ +credential.cache.timeout.ms=180000 +transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/logback-spring.xml new file mode 100644 index 0000000000..3a35b76f7b --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/logback-spring.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + + <property name="LOGS" value="./logs/AAF-FPS" /> + <property name="FILEPREFIX" value="application" /> + + <appender name="Console" + class="ch.qos.logback.core.ConsoleAppender"> + <layout class="ch.qos.logback.classic.PatternLayout"> + <Pattern> + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + </Pattern> + </layout> + </appender> + + <appender name="RollingFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOGS}/${FILEPREFIX}.log</file> + <encoder + class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> + </encoder> + + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <!-- rollover daily and when the file reaches 10 MegaBytes --> + <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + </fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>10MB</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + </rollingPolicy> + </appender> + + <!-- LOG everything at INFO level --> + <root level="info"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </root> + + <!-- LOG "com.baeldung*" at TRACE level --> + <logger name="org.onap.aaf.fproxy" level="trace" additivity="false"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </logger> + +</configuration>
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/readme.txt b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/readme.txt new file mode 100644 index 0000000000..79cf29e73c --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/fproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/client-cert.p12 Binary files differnew file mode 100644 index 0000000000..dbf4fcacec --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/client-cert.p12 diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000000..99129c145f --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/tomcat_keystore diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json new file mode 100644 index 0000000000..e468b3d7bd --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/auth/uri-authorization.json @@ -0,0 +1,99 @@ +[ + { + "uri": "\/not\/allowed\/at\/all$", + "permissions": [ + "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt" + ] + }, + { + "uri": "\/one\/auth\/required$", + "permissions": [ + "test.auth.access.aSimpleSingleAuth" + ] + }, + { + "uri": "\/multi\/auth\/required$", + "permissions": [ + "test.auth.access.aMultipleAuth1", + "test.auth.access.aMultipleAuth2", + "test.auth.access.aMultipleAuth3" + ] + }, + { + "uri": "\/one\/[^\/]+\/required$", + "permissions": [ + "test.auth.access.aSimpleSingleAuth" + ] + }, + { + "uri": "\/services\/getAAFRequest$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/admin\/getAAFRequest$", + "permissions": [ + "test.auth.access|admin|GET,PUT,POST" + ] + }, + { + "uri": "\/service\/aai\/webapp\/index.html$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/services\/aai\/webapp\/index.html$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/$", + "permissions": [ + "\\|services\\|GET", + "test\\.auth\\.access\\|services\\|GET,PUT" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$", + "permissions": [ + "test\\.auth\\.access\\|rest\\|read" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*", + "permissions": [ + "test.auth.access|clouds|read", + "test.auth.access|tenants|read" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$", + "permissions": [ + "test.auth.access|clouds|read", + "test.auth.access|tenants|read", + "test.auth.access|vservers|read" + ] + }, + { + "uri": "\/backend$", + "permissions": [ + "test\\.auth\\.access\\|services\\|GET,PUT", + "\\|services\\|GET" + ] + }, + { + "uri": "\/services\/inventory\/.*", + "permissions": [ + "org\\.access\\|\\*\\|\\*" + ] + }, + { + "uri": "\/services\/gizmo\/.*", + "permissions": [ + "org\\.access\\|\\*\\|\\*" + ] + } +] diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/cadi.properties b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/cadi.properties new file mode 100644 index 0000000000..a82e38caf6 --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/cadi.properties @@ -0,0 +1,25 @@ +# This is a normal Java Properties File +# Comments are with Pound Signs at beginning of lines, +# and multi-line expression of properties can be obtained by backslash at end of line + +#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below +#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name +#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com +#to your hosts file on your machine. +#hostname=test.aic.cip.att.com + +cadi_loglevel=DEBUG +cadi_keyfile=/opt/app/rproxy/config/security/keyfile + +cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore +cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +# Configure AAF +aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}} +aaf_env=DEV + +aaf_id=demo@people.osaaf.org +aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz + +# This is a colon separated list of client cert issuers +cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/forward-proxy.properties new file mode 100644 index 0000000000..1b58d4235c --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/forward-proxy.properties @@ -0,0 +1,4 @@ +forward-proxy.protocol = https +forward-proxy.host = localhost +forward-proxy.port = 10680 +forward-proxy.cacheurl = /credential-cache
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/logback-spring.xml new file mode 100644 index 0000000000..289fe7512c --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/logback-spring.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + + <property name="LOGS" value="./logs/reverse-proxy" /> + <property name="FILEPREFIX" value="application" /> + + <appender name="Console" + class="ch.qos.logback.core.ConsoleAppender"> + <layout class="ch.qos.logback.classic.PatternLayout"> + <Pattern> + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + </Pattern> + </layout> + </appender> + + <appender name="RollingFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOGS}/${FILEPREFIX}.log</file> + <encoder + class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> + </encoder> + + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <!-- rollover daily and when the file reaches 10 MegaBytes --> + <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + </fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>10MB</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + </rollingPolicy> + </appender> + + <!-- LOG everything at INFO level --> + <root level="debug"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </root> + + <!-- LOG "com.baeldung*" at TRACE level --> + <logger name="org.onap.aaf.rproxy" level="trace" additivity="false"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </logger> + +</configuration> diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/primary-service.properties b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/primary-service.properties new file mode 100644 index 0000000000..8ab780edcb --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/primary-service.properties @@ -0,0 +1,3 @@ +primary-service.protocol = https +primary-service.host = localhost +primary-service.port = 9520 diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/readme.txt b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/readme.txt new file mode 100644 index 0000000000..79cf29e73c --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/reverse-proxy.properties new file mode 100644 index 0000000000..8d46e1f429 --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/reverse-proxy.properties @@ -0,0 +1 @@ +transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/security/keyfile b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/security/keyfile new file mode 100644 index 0000000000..6cd12fcfb4 --- /dev/null +++ b/kubernetes/aai/charts/aai-gizmo/resources/rproxy/config/security/keyfile @@ -0,0 +1,27 @@ +bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM +1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29 +xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK +BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm +6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99 +QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm +zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6 +x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf +8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz +FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz +UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r +banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv +6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG +yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB +xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB +lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq +ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE +fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v +1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5 +liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc +0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u +PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm +8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv +dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ +-85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn +c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J +uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-gizmo/templates/configmap.yaml b/kubernetes/aai/charts/aai-gizmo/templates/configmap.yaml index 8d8a8fa008..a25dcbc806 100644 --- a/kubernetes/aai/charts/aai-gizmo/templates/configmap.yaml +++ b/kubernetes/aai/charts/aai-gizmo/templates/configmap.yaml @@ -64,3 +64,39 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-log-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-log-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +{{ end }} + diff --git a/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml b/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml index 278a8f5ffa..1e68712749 100644 --- a/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-gizmo/templates/deployment.yaml @@ -31,6 +31,19 @@ spec: app: {{ include "common.name" . }} release: {{ .Release.Name }} spec: + {{ if .Values.global.installSidecarSecurity }} + hostAliases: + - ip: {{ .Values.global.aaf.serverIp }} + hostnames: + - {{ .Values.global.aaf.serverHostname }} + + initContainers: + - name: {{ .Values.global.tproxyConfig.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + privileged: true + {{ end }} containers: - name: {{ .Chart.Name }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -111,6 +124,79 @@ spec: - mountPath: /usr/share/filebeat/data name: {{ include "common.fullname" . }}-data-filebeat + {{ if .Values.global.installSidecarSecurity }} + - name: {{ .Values.global.rproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/rproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.rproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/forward-proxy.properties + subPath: forward-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/primary-service.properties + subPath: primary-service.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/reverse-proxy.properties + subPath: reverse-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/cadi.properties + subPath: cadi.properties + - name: {{ include "common.fullname" . }}-rproxy-log-config + mountPath: /opt/app/rproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/uri-authorization.json + subPath: uri-authorization.json + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks + subPath: aaf_truststore.jks + - name: {{ include "common.fullname" . }}-rproxy-security-config + mountPath: /opt/app/rproxy/config/security/keyfile + subPath: keyfile + + ports: + - containerPort: {{ .Values.global.rproxy.port }} + + - name: {{ .Values.global.fproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/fproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.fproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-fproxy-config + mountPath: /opt/app/fproxy/config/fproxy.properties + subPath: fproxy.properties + - name: {{ include "common.fullname" . }}-fproxy-log-config + mountPath: /opt/app/fproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-fproxy-auth-config + mountPath: /opt/app/fproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-fproxy-auth-config + mountPath: /opt/app/fproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + ports: + - containerPort: {{ .Values.global.fproxy.port }} + {{ end }} + volumes: - name: localtime hostPath: @@ -144,5 +230,29 @@ spec: - name: {{ include "common.fullname" . }}-model-config configMap: name: {{ include "common.fullname" . }}-model-configmap + {{ if .Values.global.installSidecarSecurity }} + - name: {{ include "common.fullname" . }}-rproxy-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-config + - name: {{ include "common.fullname" . }}-rproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-log-config + - name: {{ include "common.fullname" . }}-rproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-security-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-security-config + - name: {{ include "common.fullname" . }}-fproxy-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-config + - name: {{ include "common.fullname" . }}-fproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-log-config + - name: {{ include "common.fullname" . }}-fproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-fproxy-auth-config + {{ end }} + imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml b/kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml index 58d57697da..7db76055d1 100644 --- a/kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml +++ b/kubernetes/aai/charts/aai-gizmo/templates/secrets.yaml @@ -40,3 +40,33 @@ type: Opaque data: KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }} KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-fproxy-auth-config + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-rproxy-auth-config + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-rproxy-security-config + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }} +{{ end }} diff --git a/kubernetes/aai/charts/aai-gizmo/templates/service.yaml b/kubernetes/aai/charts/aai-gizmo/templates/service.yaml index 88948cfdf5..ac34ed9248 100644 --- a/kubernetes/aai/charts/aai-gizmo/templates/service.yaml +++ b/kubernetes/aai/charts/aai-gizmo/templates/service.yaml @@ -27,15 +27,27 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} + {{ if .Values.global.installSidecarSecurity }} + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.global.rproxy.port }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.global.rproxy.port }} + name: {{ .Values.service.portName }} + {{- end}} + {{ else }} + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + {{ end }} selector: app: {{ include "common.name" . }} release: {{ .Release.Name }} diff --git a/kubernetes/aai/charts/aai-graphadmin/resources/config/realm.properties b/kubernetes/aai/charts/aai-graphadmin/resources/config/realm.properties index 573cd2a11d..97627eac16 100644 --- a/kubernetes/aai/charts/aai-graphadmin/resources/config/realm.properties +++ b/kubernetes/aai/charts/aai-graphadmin/resources/config/realm.properties @@ -16,7 +16,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END========================================================= - # format : username: password[,rolename ...] # default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader... AAI:OBF:1gfr1ev31gg7,admin @@ -39,3 +38,5 @@ sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin diff --git a/kubernetes/aai/charts/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/charts/aai-graphadmin/templates/deployment.yaml index 5b23fa6064..869eac0cc7 100644 --- a/kubernetes/aai/charts/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-graphadmin/templates/deployment.yaml @@ -96,6 +96,9 @@ spec: - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml name: {{ include "common.fullname" . }}-localhost-access-log-conf subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/realm.properties + name: {{ include "common.fullname" . }}-realm-conf + subPath: realm.properties - mountPath: /opt/app/aai-graphadmin/resources/application.properties name: {{ include "common.fullname" . }}-springapp-conf subPath: application.properties diff --git a/kubernetes/aai/charts/aai-resources/resources/config/realm.properties b/kubernetes/aai/charts/aai-resources/resources/config/realm.properties index 2aa3e01a3a..0499b34f1c 100644 --- a/kubernetes/aai/charts/aai-resources/resources/config/realm.properties +++ b/kubernetes/aai/charts/aai-resources/resources/config/realm.properties @@ -11,7 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - # format : username: password[,rolename ...] # default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader... AAI:OBF:1gfr1ev31gg7,admin @@ -34,3 +33,5 @@ sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin diff --git a/kubernetes/aai/charts/aai-resources/templates/deployment.yaml b/kubernetes/aai/charts/aai-resources/templates/deployment.yaml index 04549dfb94..2b124f01d4 100644 --- a/kubernetes/aai/charts/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-resources/templates/deployment.yaml @@ -472,6 +472,9 @@ spec: - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml name: {{ include "common.fullname" . }}-localhost-access-log-conf subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties + name: {{ include "common.fullname" . }}-realm-conf + subPath: realm.properties - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile name: {{ include "common.fullname" . }}-aaf-certs subPath: org.onap.aai.keyfile diff --git a/kubernetes/aai/charts/aai-sparky-be/resources/config/portal/roles.config b/kubernetes/aai/charts/aai-sparky-be/resources/config/roles.config index ee131d8414..ee131d8414 100644 --- a/kubernetes/aai/charts/aai-sparky-be/resources/config/portal/roles.config +++ b/kubernetes/aai/charts/aai-sparky-be/resources/config/roles.config diff --git a/kubernetes/aai/charts/aai-sparky-be/resources/config/users.config b/kubernetes/aai/charts/aai-sparky-be/resources/config/users.config new file mode 100644 index 0000000000..ce69e88918 --- /dev/null +++ b/kubernetes/aai/charts/aai-sparky-be/resources/config/users.config @@ -0,0 +1,20 @@ +[{
+ "orgId": null,
+ "managerId": null,
+ "firstName": "Demo",
+ "middleInitial": null,
+ "lastName": "User",
+ "phone": null,
+ "email": "demo@email.com",
+ "hrid": null,
+ "orgUserId": "demo",
+ "orgCode": null,
+ "orgManagerUserId": null,
+ "jobTitle": null,
+ "loginId": "demo",
+ "active": false,
+ "roles": [{
+ "id": 1,
+ "name": "View"
+ }]
+}]
\ No newline at end of file diff --git a/kubernetes/aai/charts/aai-sparky-be/templates/configmap.yaml b/kubernetes/aai/charts/aai-sparky-be/templates/configmap.yaml index 055c5ba116..50238aaea3 100644 --- a/kubernetes/aai/charts/aai-sparky-be/templates/configmap.yaml +++ b/kubernetes/aai/charts/aai-sparky-be/templates/configmap.yaml @@ -29,6 +29,8 @@ data: {{ tpl (.Files.Glob "resources/config/application-oxm-default.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/application-oxm-override.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/application-oxm-schema-prod.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/roles.config").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/users.config").AsConfig . | indent 2 }} --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml index 3ecbd80340..d622be662d 100644 --- a/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-sparky-be/templates/deployment.yaml @@ -90,7 +90,7 @@ spec: - mountPath: /opt/app/sparky/config/application-oxm-default.properties name: {{ include "common.fullname" . }}-properties subPath: application-oxm-default.properties - + - mountPath: /opt/app/sparky/config/application-oxm-override.properties name: {{ include "common.fullname" . }}-properties subPath: application-oxm-override.properties @@ -98,7 +98,15 @@ spec: - mountPath: /opt/app/sparky/config/application-oxm-schema-prod.properties name: {{ include "common.fullname" . }}-properties subPath: application-oxm-schema-prod.properties - + + - mountPath: /opt/app/sparky/config/roles.config + name: {{ include "common.fullname" . }}-properties + subPath: roles.config + + - mountPath: /opt/app/sparky/config/users.config + name: {{ include "common.fullname" . }}-properties + subPath: users.config + ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} diff --git a/kubernetes/aai/charts/aai-traversal/resources/config/realm.properties b/kubernetes/aai/charts/aai-traversal/resources/config/realm.properties index 2aa3e01a3a..0499b34f1c 100644 --- a/kubernetes/aai/charts/aai-traversal/resources/config/realm.properties +++ b/kubernetes/aai/charts/aai-traversal/resources/config/realm.properties @@ -11,7 +11,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - # format : username: password[,rolename ...] # default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader... AAI:OBF:1gfr1ev31gg7,admin @@ -34,3 +33,5 @@ sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin diff --git a/kubernetes/aai/charts/aai-traversal/templates/deployment.yaml b/kubernetes/aai/charts/aai-traversal/templates/deployment.yaml index 68bd0185f6..6a5a7db6f0 100644 --- a/kubernetes/aai/charts/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/charts/aai-traversal/templates/deployment.yaml @@ -304,6 +304,9 @@ spec: - mountPath: /opt/app/aai-traversal/resources/localhost-access-logback.xml name: {{ include "common.fullname" . }}-localhost-access-log-conf subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-traversal/resources/etc/auth/realm.properties + name: {{ include "common.fullname" . }}-realm-conf + subPath: realm.properties - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.keyfile name: {{ include "common.fullname" . }}-aaf-certs subPath: org.onap.aai.keyfile diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index bf1602e330..0bc707e4e5 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -30,6 +30,30 @@ global: # global defaults restartPolicy: Always + installSidecarSecurity: false + + fproxy: + name: forward-proxy + activeSpringProfiles: noHostVerification,cadi + image: onap/fproxy:2.1-STAGING-latest + port: 10680 + + rproxy: + name: reverse-proxy + activeSpringProfiles: noHostVerification,cadi + image: onap/rproxy:2.1-STAGING-latest + port: 10692 + + tproxyConfig: + name: init-tproxy-config + image: onap/tproxy-config:2.1-STAGING-latest + + # AAF server details. Only needed if the AAF DNS does not resolve from the pod + aaf: + serverIp: 10.12.6.214 + serverHostname: aaf.osaaf.org + serverPort: 30247 + cassandra: serviceName: aai-cassandra replicas: 3 @@ -257,4 +281,4 @@ resources: requests: cpu: 2 memory: 2Gi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/appc/resources/config/log/org.ops4j.pax.logging.cfg b/kubernetes/appc/resources/config/log/org.ops4j.pax.logging.cfg index 8e1160ec6b..0bbdbb7dcd 100644 --- a/kubernetes/appc/resources/config/log/org.ops4j.pax.logging.cfg +++ b/kubernetes/appc/resources/config/log/org.ops4j.pax.logging.cfg @@ -1,4 +1,3 @@ -# Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. ################################################################################ # # Licensed to the Apache Software Foundation (ASF) under one or more @@ -18,135 +17,76 @@ # ################################################################################ -# Root logger -log4j.rootLogger=INFO, async, osgi:* -log4j.throwableRenderer=org.apache.log4j.OsgiThrowableRenderer - -maxFileSize=100MB -maxBackupIndex=20 -logDir=/var/log/onap -componentName=appc -logDirectory=${logDir}/${componentName} -karafLogName=karaf -errorLogName=error -metricsLogName=metrics -auditLogName=audit -debugLogName=debug - - -# CONSOLE appender not used by default -log4j.appender.stdout=org.apache.log4j.ConsoleAppender -log4j.appender.stdout.layout=org.apache.log4j.PatternLayout -log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd'T'HH:mm:ss.SSS}\t%-16.16t\t%-5.5p\t%c{36}\t%X{bundle.id} - %X{bundle.name} - %X{bundle.version}\t%m%n - -# Async appender forwarding to file appender -log4j.appender.async=org.apache.log4j.AsyncAppender -log4j.appender.async.appenders=out - -# File appender -log4j.appender.out=org.apache.log4j.RollingFileAppender -log4j.appender.out.layout=org.apache.log4j.xml.XMLLayout -log4j.appender.out.layout.Properties=true -log4j.appender.out.file=${logDirectory}/${karafLogName}.log -log4j.appender.out.append=true -log4j.appender.out.maxFileSize=${maxFileSize} -log4j.appender.out.maxBackupIndex=${maxBackupIndex} - -# Sift appender -log4j.appender.sift=org.apache.log4j.sift.MDCSiftingAppender -log4j.appender.sift.key=bundle.name -log4j.appender.sift.default=karaf -log4j.appender.sift.appender=org.apache.log4j.RollingFileAppender -log4j.appender.sift.appender.layout=org.apache.log4j.xml.XMLLayout -log4j.appender.sift.appender.layout.Properties=true -log4j.appender.sift.appender.file=${logDirectory}/$\\{bundle.name\\}.log -log4j.appender.sift.appender.append=true - - - -log4j.category.org.opendaylight.controller.netconf.persist.impl.osgi.ConfigPusherImpl=DEBUG -log4j.category.org.opendaylight.controller.netconf.persist.impl.osgi.ConfigPersisterActivator=DEBUG - - -#ECOMP Debug appender -log4j.appender.debug=org.apache.log4j.RollingFileAppender -log4j.appender.debug.key=bundle.name -log4j.appender.debug.default=karaf -log4j.appender.debug.appName=EELFDebug -log4j.appender.debug.layout=org.apache.log4j.xml.XMLLayout -log4j.appender.debug.layout.Properties=true -log4j.appender.debug.file=${logDirectory}/${debugLogName}.log -log4j.appender.debug.append=true -log4j.appender.debug.maxFileSize=${maxFileSize} -log4j.appender.debug.maxBackupIndex=${maxBackupIndex} -#log4j.appender.debug.filter.f1=org.apache.log4j.varia.LevelRangeFilter -#log4j.appender.debug.filter.f1.LevelMax=WARN -#log4j.appender.debug.filter.f1.LevelMin=TRACE +# Common pattern layout for appenders +log4j2.pattern = %d{ISO8601} | %-5p | %-16t | %-32c{1} | %X{bundle.id} - %X{bundle.name} - %X{bundle.version} | %m%n +# Root logger +log4j2.rootLogger.level = INFO +# uncomment to use asynchronous loggers, which require mvn:com.lmax/disruptor/3.3.2 library +#log4j2.rootLogger.type = asyncRoot +#log4j2.rootLogger.includeLocation = false +log4j2.rootLogger.appenderRef.RollingFile.ref = RollingFile +log4j2.rootLogger.appenderRef.PaxOsgi.ref = PaxOsgi +log4j2.rootLogger.appenderRef.Console.ref = Console +log4j2.rootLogger.appenderRef.Console.filter.threshold.type = ThresholdFilter +log4j2.rootLogger.appenderRef.Console.filter.threshold.level = ${karaf.log.console:-OFF} + +# Loggers configuration + +# Spifly logger +log4j2.logger.spifly.name = org.apache.aries.spifly +log4j2.logger.spifly.level = WARN + +# Security audit logger +log4j2.logger.audit.name = org.apache.karaf.jaas.modules.audit +log4j2.logger.audit.level = INFO +log4j2.logger.audit.additivity = false +log4j2.logger.audit.appenderRef.AuditRollingFile.ref = AuditRollingFile + +# Appenders configuration + +# Console appender not used by default (see log4j2.rootLogger.appenderRefs) +log4j2.appender.console.type = Console +log4j2.appender.console.name = Console +log4j2.appender.console.layout.type = PatternLayout +log4j2.appender.console.layout.pattern = ${log4j2.pattern} + +# Rolling file appender +log4j2.appender.rolling.type = RollingRandomAccessFile +log4j2.appender.rolling.name = RollingFile +log4j2.appender.rolling.fileName = ${karaf.data}/log/karaf.log +log4j2.appender.rolling.filePattern = ${karaf.data}/log/karaf.log.%i +# uncomment to not force a disk flush +#log4j2.appender.rolling.immediateFlush = false +log4j2.appender.rolling.append = true +log4j2.appender.rolling.layout.type = PatternLayout +log4j2.appender.rolling.layout.pattern = ${log4j2.pattern} +log4j2.appender.rolling.policies.type = Policies +log4j2.appender.rolling.policies.size.type = SizeBasedTriggeringPolicy +log4j2.appender.rolling.policies.size.size = 16MB + +# Audit file appender +log4j2.appender.audit.type = RollingRandomAccessFile +log4j2.appender.audit.name = AuditRollingFile +log4j2.appender.audit.fileName = ${karaf.data}/security/audit.log +log4j2.appender.audit.filePattern = ${karaf.data}/security/audit.log.%i +log4j2.appender.audit.append = true +log4j2.appender.audit.layout.type = PatternLayout +log4j2.appender.audit.layout.pattern = ${log4j2.pattern} +log4j2.appender.audit.policies.type = Policies +log4j2.appender.audit.policies.size.type = SizeBasedTriggeringPolicy +log4j2.appender.audit.policies.size.size = 8MB + +# OSGi appender +log4j2.appender.osgi.type = PaxOsgi +log4j2.appender.osgi.name = PaxOsgi +log4j2.appender.osgi.filter = * + +# help with identification of maven-related problems with pax-url-aether +#log4j2.logger.aether.name = shaded.org.eclipse.aether +#log4j2.logger.aether.level = TRACE +#log4j2.logger.http-headers.name = shaded.org.apache.http.headers +#log4j2.logger.http-headers.level = DEBUG +#log4j2.logger.maven.name = org.ops4j.pax.url.mvn +#log4j2.logger.maven.level = TRACE -#Error appender -log4j.appender.error=org.apache.log4j.RollingFileAppender -log4j.appender.error.appName=EELFError -log4j.appender.error.File=${logDirectory}/${errorLogName}.log -log4j.appender.error.Threshold=ERROR -log4j.appender.error.maxFileSize=${maxFileSize} -log4j.appender.error.maxBackupIndex=${maxBackupIndex} -log4j.appender.error.layout=org.apache.log4j.xml.XMLLayout -log4j.appender.error.layout.Properties=true - -#Metrics appender -log4j.appender.metric=org.apache.log4j.RollingFileAppender -log4j.appender.metric.appName=EELFMetrics -log4j.appender.metric.File=${logDirectory}/${metricsLogName}.log -log4j.appender.metric.maxFileSize=${maxFileSize} -log4j.appender.metric.maxBackupIndex=${maxBackupIndex} -log4j.appender.metric.layout=org.apache.log4j.xml.XMLLayout -log4j.appender.metric.layout.Properties=true - -#Audit appender -log4j.appender.audit=org.apache.log4j.RollingFileAppender -log4j.appender.audit.appName=EELFAudit -log4j.appender.audit.File=${logDirectory}/${auditLogName}.log -log4j.appender.audit.maxFileSize=${maxFileSize} -log4j.appender.audit.maxBackupIndex=${maxBackupIndex} -log4j.appender.audit.layout=org.apache.log4j.xml.XMLLayout -log4j.appender.audit.layout.Properties=true - -#Loggers -#Routing of all messages from root logger -log4j.logger.com.att=TRACE, debug, error -#Store to the same log file messages from upper level appender or not -log4j.additivity.com.att=false - -#EELFManager loggers -#EELF parent logger -log4j.logger.com.att.eelf=TRACE, debug -log4j.additivity.com.att.eelf=false - -#Audit logger routing -log4j.logger.com.att.eelf.audit=DEBUG, audit -log4j.additivity.com.att.eelf.audit=false - -#Metric logger routing -log4j.logger.com.att.eelf.metrics=DEBUG, metric -log4j.additivity.com.att.eelf.metrics=false - -#Performance logger routing -log4j.logger.com.att.eelf.perf=DEBUG, metric -log4j.additivity.com.att.eelf.perf=false - -#Server logger routing -log4j.logger.com.att.eelf.server=DEBUG, debug -log4j.additivity.com.att.eelf.server=false - -#Policy logger routing -log4j.logger.com.att.eelf.policy=DEBUG, debug -log4j.additivity.com.att.eelf.policy=false - -#Error logger routing -log4j.logger.com.att.eelf.error=DEBUG, error -log4j.additivity.com.att.eelf.error=false - -#Debug logger routing -log4j.logger.com.att.eelf.debug=DEBUG, debug -log4j.additivity.com.att.eelf.debug=false diff --git a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml index 15edc4528a..996d218ada 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml +++ b/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml @@ -130,17 +130,17 @@ http.port: {{.Values.service.externalPort}} # More info: transport.tcp.port: {{.Values.service.externalPort2}} -xpack.graph.enabled: false +#xpack.graph.enabled: false #Set to false to disable X-Pack graph features. -xpack.ml.enabled: false +#xpack.ml.enabled: false #Set to false to disable X-Pack machine learning features. -xpack.monitoring.enabled: false +#xpack.monitoring.enabled: false #Set to false to disable X-Pack monitoring features. -xpack.security.enabled: false +#xpack.security.enabled: false #Set to false to disable X-Pack security features. -xpack.watcher.enabled: false +#xpack.watcher.enabled: false #Set to false to disable Watcher. diff --git a/kubernetes/clamp/charts/clamp-dash-es/values.yaml b/kubernetes/clamp/charts/clamp-dash-es/values.yaml index eb0588ff31..98ce044d03 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-es/values.yaml @@ -31,7 +31,7 @@ busyboxImage: library/busybox:latest # application image loggingRepository: docker.elastic.co -image: elasticsearch/elasticsearch:5.6.9 +image: elasticsearch/elasticsearch-oss:6.1.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/default.json b/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/default.json deleted file mode 100644 index 6e8fa5f590..0000000000 --- a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/default.json +++ /dev/null @@ -1,18 +0,0 @@ -{"_index":".kibana","_type":"visualization","_id":"AWI967sW8kHy-lwNJZrR","_score":1,"_source":{"title":"CL Total Activity","visState":"{\"title\":\"CL Total Activity\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"eventDuration\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"closedLoopControlName.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","description":"","savedSearchId":"AWIk9P-qDjJ4k3sPXRcQ","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}}} -{"_index":".kibana","_type":"index-pattern","_id":"AWIk7j2UDjJ4k3sPXRaY","_score":1,"_source":{"title":"logstash-*","timeFieldName":"closedLoopAlarmStart","notExpandable":true,"fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"@version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"AAI.cloud-region.identity-url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"AAI.cloud-region.identity-url.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"AAI.complex.physical-location-id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"AAI.complex.physical-location-id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"AAI.generic-vnf.service-id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"AAI.generic-vnf.service-id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"AAI.generic-vnf.vnf-name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"AAI.generic-vnf.vnf-name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"AAI.tenant.tenant-id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"AAI.tenant.tenant-id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"AAI.vserver.is-closed-loop-disabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"AAI.vserver.is-closed-loop-disabled.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"AAI.vserver.prov-status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"AAI.vserver.prov-status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"AAI.vserver.vserver-id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"AAI.vserver.vserver-id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"AAI.vserver.vserver-name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"AAI.vserver.vserver-name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"AAI.vserver.vserver-selflink\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"AAI.vserver.vserver-selflink.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"OPS_CL_timer\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"closedLoopAlarmEnd\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"closedLoopAlarmStart\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"closedLoopControlName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"closedLoopControlName.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"closedLoopEventClient\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"closedLoopEventClient.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"closedLoopEventStatus\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"closedLoopEventStatus.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history.actor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.actor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history.end\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history.operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.operation.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history.outcome\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.outcome.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history.start\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history.subRequestId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.subRequestId.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history.target\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.target.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notificationTime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"policyName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"policyName.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"policyScope\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"policyScope.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"policyVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"policyVersion.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requestID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requestID.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"target\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"target.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"target_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"target_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"eventDuration\",\"type\":\"number\",\"count\":0,\"scripted\":true,\"script\":\"if (doc.containsKey('closedLoopEventStatus') && doc.get('closedLoopEventStatus.keyword').value == 'ABATED') { \\n return doc.get('closedLoopAlarmEnd').value- doc.get('closedLoopAlarmStart').value; \\n} \\nreturn null\",\"lang\":\"painless\",\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]","fieldFormatMap":"{\"eventDuration\":{\"id\":\"duration\",\"params\":{\"inputFormat\":\"milliseconds\"}}}"}} -{"_index":".kibana","_type":"visualization","_id":"AWIk-5O-DjJ4k3sPXRd1","_score":1,"_source":{"title":"ClosedLoopActivationsTable","visState":"{\"title\":\"ClosedLoopActivationsTable\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":true,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"closedLoopControlName.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","description":"","savedSearchId":"AWIk8yDIDjJ4k3sPXRbu","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}}} -{"_index":".kibana","_type":"search","_id":"AWIk9P-qDjJ4k3sPXRcQ","_score":1,"_source":{"title":"ABATED","description":"","columns":["closedLoopAlarmStart","closedLoopAlarmEnd","closedLoopControlName","closedLoopEventStatus","notification"],"sort":["closedLoopAlarmStart","desc"],"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"AWIk7j2UDjJ4k3sPXRaY\",\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"closedLoopEventStatus: \\\"ABATED\\\"\",\"analyze_wildcard\":true}},\"filter\":[{\"meta\":{\"index\":\"AWIk7j2UDjJ4k3sPXRaY\",\"negate\":false,\"disabled\":false,\"alias\":\"ABATED\",\"type\":\"phrase\",\"key\":\"closedLoopEventStatus.keyword\",\"value\":\"ABATED\"},\"query\":{\"match\":{\"closedLoopEventStatus.keyword\":{\"query\":\"ABATED\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"AWIk7j2UDjJ4k3sPXRaY\",\"negate\":false,\"disabled\":true,\"alias\":\"ONSET\",\"type\":\"phrase\",\"key\":\"closedLoopEventStatus.keyword\",\"value\":\"ONSET\"},\"query\":{\"match\":{\"closedLoopEventStatus.keyword\":{\"query\":\"ONSET\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"}}} -{"_index":".kibana","_type":"config","_id":"5.6.7","_score":1,"_source":{"buildNum":15610,"defaultIndex":"AWIk7j2UDjJ4k3sPXRaY"}} -{"_index":".kibana","_type":"visualization","_id":"AWIlBLT7DjJ4k3sPXRe7","_score":1,"_source":{"title":"Closed loop failed action : needs attention","visState":"{\"title\":\"Closed loop failed action : needs attention\",\"type\":\"table\",\"params\":{\"perPage\":5,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"closedLoopControlName.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","description":"","savedSearchId":"AWIlAjTaDjJ4k3sPXRe1","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}}} -{"_index":".kibana","_type":"visualization","_id":"AWI91Rvl8kHy-lwNJZrN","_score":1,"_source":{"title":"CL efficiency - CL reponse time","visState":"{\"title\":\"CL efficiency - CL reponse time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"eventDuration\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"closedLoopControlName.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","description":"","savedSearchId":"AWIk9P-qDjJ4k3sPXRcQ","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}}} -{"_index":".kibana","_type":"visualization","_id":"AWJxqD67B2zw2CQxMIeq","_score":1,"_source":{"title":"Top Error Messages","visState":"{\"title\":\"Top Error Messages\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"history.actor.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Actor\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"history.message.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"history.operation.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}}],\"listeners\":{}}","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"AWIk7j2UDjJ4k3sPXRaY\",\"query\":{\"match_all\":{}},\"filter\":[]}"}}} -{"_index":".kibana","_type":"visualization","_id":"AWI922pp8kHy-lwNJZrP","_score":1,"_source":{"title":"CLEventDurationTables","visState":"{\"title\":\"CLEventDurationTables\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"eventDuration\",\"customLabel\":\"Event Duration\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"closedLoopControlName.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"_term\",\"row\":true}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"requestID.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"_term\"}}],\"listeners\":{}}","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","description":"","savedSearchId":"AWIk9P-qDjJ4k3sPXRcQ","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}}} -{"_index":".kibana","_type":"visualization","_id":"AWIk_VLEDjJ4k3sPXReS","_score":1,"_source":{"title":"Top 5 closed loop success action","visState":"{\"title\":\"Top 5 closed loop success action\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"closedLoopControlName.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","description":"","savedSearchId":"AWIk9P-qDjJ4k3sPXRcQ","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}}} -{"_index":".kibana","_type":"visualization","_id":"AWJoFDTyr1AwiIiFoV5R","_score":1,"_source":{"title":"Hottest closed loops","visState":"{\"title\":\"Hottest closed loops\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"closedLoopControlName.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","description":"","savedSearchId":"AWIk8yDIDjJ4k3sPXRbu","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}}} -{"_index":".kibana","_type":"search","_id":"AWJsTEvYr1AwiIiFoV6S","_score":1,"_source":{"title":"FINAL: FAILURE","description":"","columns":["notification"],"sort":["closedLoopAlarmStart","desc"],"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"AWIk7j2UDjJ4k3sPXRaY\",\"highlightAll\":true,\"version\":true,\"query\":{\"match_all\":{}},\"filter\":[{\"meta\":{\"negate\":false,\"index\":\"AWIk7j2UDjJ4k3sPXRaY\",\"type\":\"phrase\",\"key\":\"notification\",\"value\":\"FINAL: FAILURE\",\"disabled\":false,\"alias\":null},\"query\":{\"match\":{\"notification\":{\"query\":\"FINAL: FAILURE\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"}}} -{"_index":".kibana","_type":"visualization","_id":"AWJsT-HUr1AwiIiFoV6T","_score":1,"_source":{"title":"CL Efficiency - Failed actions","visState":"{\"title\":\"CL Efficiency - Failed actions\",\"type\":\"gauge\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"gauge\":{\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":4},{\"from\":4,\"to\":6},{\"from\":7,\"to\":10}],\"extendRange\":false,\"gaugeColorMode\":\"Labels\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Arc\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":true},\"style\":{\"bgColor\":false,\"bgFill\":\"#eee\",\"bgMask\":false,\"bgWidth\":0.9,\"fontSize\":60,\"labelColor\":true,\"mask\":false,\"maskBars\":50,\"subText\":\"\",\"width\":0.9},\"type\":\"meter\",\"verticalSplit\":true},\"isDisplayWarning\":true,\"type\":\"gauge\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"closedLoopControlName.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 4\":\"rgb(0,104,55)\",\"4 - 6\":\"rgb(255,255,190)\",\"7 - 10\":\"rgb(165,0,38)\"}}}","description":"","savedSearchId":"AWJsTEvYr1AwiIiFoV6S","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"}}} -{"_index":".kibana","_type":"visualization","_id":"AWJoJdIjr1AwiIiFoV5T","_score":1,"_source":{"title":"CL Onset/Abated Variance","visState":"{\"title\":\"CL Onset/Abated Variance\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{\"text\":\"Closed Loop\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-3\",\"name\":\"BottomAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-3\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"horizontal_bar\",\"radiusRatio\":\"13\",\"orderBucketsBySum\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"closedLoopControlName.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Closed Loop\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"closedLoopEventStatus.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"_term\"}}],\"listeners\":{}}","uiStateJSON":"{}","description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"AWIk7j2UDjJ4k3sPXRaY\",\"query\":{\"match_all\":{}},\"filter\":[]}"}}} -{"_index":".kibana","_type":"search","_id":"AWIlAjTaDjJ4k3sPXRe1","_score":1,"_source":{"title":"FAILURE NOTIFICATION","description":"","columns":["closedLoopAlarmStart","closedLoopAlarmEnd","closedLoopControlName","closedLoopEventStatus","notification"],"sort":["closedLoopAlarmStart","desc"],"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"AWIk7j2UDjJ4k3sPXRaY\",\"highlightAll\":true,\"version\":true,\"query\":{\"match_all\":{}},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"ABATED\",\"disabled\":true,\"index\":\"AWIk7j2UDjJ4k3sPXRaY\",\"key\":\"closedLoopEventStatus.keyword\",\"negate\":false,\"type\":\"phrase\",\"value\":\"ABATED\"},\"query\":{\"match\":{\"closedLoopEventStatus.keyword\":{\"query\":\"ABATED\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"ONSET\",\"disabled\":true,\"index\":\"AWIk7j2UDjJ4k3sPXRaY\",\"key\":\"closedLoopEventStatus.keyword\",\"negate\":false,\"type\":\"phrase\",\"value\":\"ONSET\"},\"query\":{\"match\":{\"closedLoopEventStatus.keyword\":{\"query\":\"ONSET\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"FAILURE NOTIFICATION\",\"disabled\":false,\"index\":\"AWIk7j2UDjJ4k3sPXRaY\",\"key\":\"notification.keyword\",\"negate\":false,\"type\":\"phrase\",\"value\":\"FINAL: FAILURE\"},\"query\":{\"match\":{\"notification.keyword\":{\"query\":\"FINAL: FAILURE\",\"type\":\"phrase\"}}}}]}"}}} -{"_index":".kibana","_type":"search","_id":"AWIk8yDIDjJ4k3sPXRbu","_score":1,"_source":{"title":"ONSET","description":"","columns":["closedLoopAlarmStart","closedLoopAlarmEnd","closedLoopControlName","closedLoopEventStatus","notification"],"sort":["closedLoopAlarmStart","desc"],"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"AWIk7j2UDjJ4k3sPXRaY\",\"highlightAll\":true,\"version\":true,\"query\":{\"match_all\":{}},\"filter\":[{\"meta\":{\"index\":\"AWIk7j2UDjJ4k3sPXRaY\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"closedLoopEventStatus.keyword\",\"value\":\"ONSET\"},\"query\":{\"match\":{\"closedLoopEventStatus.keyword\":{\"query\":\"ONSET\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"}}} -{"_index":".kibana","_type":"dashboard","_id":"AWI-9KyytmDBG_mksMZL","_score":1,"_source":{"title":"CLAMP Dashboard","description":"","panelsJSON":"[{\"col\":5,\"id\":\"AWIk_VLEDjJ4k3sPXReS\",\"panelIndex\":1,\"row\":1,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":9,\"id\":\"AWIlBLT7DjJ4k3sPXRe7\",\"panelIndex\":2,\"row\":1,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"AWI967sW8kHy-lwNJZrR\",\"panelIndex\":3,\"row\":7,\"size_x\":5,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"AWI91Rvl8kHy-lwNJZrN\",\"panelIndex\":4,\"row\":4,\"size_x\":5,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"AWJoFDTyr1AwiIiFoV5R\",\"panelIndex\":5,\"row\":1,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":9,\"id\":\"AWJoJdIjr1AwiIiFoV5T\",\"panelIndex\":6,\"row\":7,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":9,\"id\":\"AWJoMx0_r1AwiIiFoV5V\",\"panelIndex\":7,\"row\":4,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":6,\"id\":\"AWJsT-HUr1AwiIiFoV6T\",\"panelIndex\":8,\"row\":4,\"size_x\":3,\"size_y\":6,\"type\":\"visualization\"},{\"size_x\":6,\"size_y\":3,\"panelIndex\":9,\"type\":\"visualization\",\"id\":\"AWJxqD67B2zw2CQxMIeq\",\"col\":1,\"row\":10}]","optionsJSON":"{\"darkTheme\":false}","uiStateJSON":"{\"P-1\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-2\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-3\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-4\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"legendOpen\":true}},\"P-8\":{\"vis\":{\"defaultColors\":{\"0 - 4\":\"rgb(0,104,55)\",\"4 - 6\":\"rgb(255,255,190)\",\"7 - 10\":\"rgb(165,0,38)\"},\"legendOpen\":false}},\"P-9\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}","timeRestore":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"query\":{\"match_all\":{}}}],\"highlightAll\":true,\"version\":true}"}}} -{"_index":".kibana","_type":"visualization","_id":"AWJoMx0_r1AwiIiFoV5V","_score":1,"_source":{"title":"CL Efficiency - Total Activity","visState":"{\"title\":\"CL Efficiency - Total Activity\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"closedLoopAlarmStart per 10 seconds\"},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Sum of eventDuration\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"cardinal\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"defaultYExtents\":true,\"mode\":\"normal\",\"setYExtents\":false,\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Sum of eventDuration\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"eventDuration\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"closedLoopControlName.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"_term\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"closedLoopAlarmStart\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":0,\"extended_bounds\":{}}}],\"listeners\":{}}","uiStateJSON":"{}","description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"AWIk7j2UDjJ4k3sPXRaY\",\"query\":{\"match_all\":{}},\"filter\":[{\"meta\":{\"index\":\"AWIk7j2UDjJ4k3sPXRaY\",\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"exists\",\"key\":\"closedLoopAlarmEnd\",\"value\":\"exists\"},\"exists\":{\"field\":\"closedLoopAlarmEnd\"},\"$state\":{\"store\":\"appState\"}}]}"}}} diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml b/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml index f5297859c4..1747c75811 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml +++ b/kubernetes/clamp/charts/clamp-dash-kibana/resources/config/kibana.yml @@ -11,17 +11,17 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -xpack.graph.enabled: false +#xpack.graph.enabled: false #Set to false to disable X-Pack graph features. -xpack.ml.enabled: false +#xpack.ml.enabled: false #Set to false to disable X-Pack machine learning features. -xpack.monitoring.enabled: false +#xpack.monitoring.enabled: false #Set to false to disable X-Pack monitoring features. -xpack.reporting.enabled: false +#xpack.reporting.enabled: false #Set to false to disable X-Pack reporting features. -xpack.security.enabled: false +#xpack.security.enabled: false #Set to false to disable X-Pack security features. -xpack.watcher.enabled: false +#xpack.watcher.enabled: false #Set to false to disable Watcher. # Kibana is served by a back end server. This setting specifies the port to use. server.port: {{.Values.service.externalPort}} diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml index cd8e1026e7..0f5a93347a 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml +++ b/kubernetes/clamp/charts/clamp-dash-kibana/templates/deployment.yaml @@ -46,26 +46,9 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - - args: - - --output=http://{{.Values.config.elasticsearchServiceName}}.{{ include "common.namespace" . }}:{{.Values.config.elasticsearchPort}}/.kibana - - --input=/config/default.json - - --type=data - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.configRepository }}/{{ .Values.configImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-config - volumeMounts: - - mountPath: /config/default.json - name: {{ include "common.fullname" . }} - subPath: default.json containers: - name: {{ include "common.name" . }} - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.image }}" + image: "{{ .Values.global.imageRepository | default .Values.imageRepository }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: - containerPort: {{ .Values.service.internalPort }} @@ -112,8 +95,5 @@ spec: items: - key: kibana.yml path: kibana.yml - - key: default.json - path: default.json - imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml index 1c32d39b98..88c541a091 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml @@ -27,18 +27,13 @@ global: # Application configuration defaults. ################################################################# -# Configuration image -configRepository: docker.io -configImage: taskrabbit/elasticsearch-dump - - # BusyBox image busyboxRepository: registry.hub.docker.com busyboxImage: library/busybox:latest # application image -loggingRepository: docker.elastic.co -image: kibana/kibana:5.6.9 +loggingRepository: nexus3.onap.org:10001 +image: onap/clamp-dashboard-kibana:3.0-STAGING-latest pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/certs/aafca.pem b/kubernetes/clamp/charts/clamp-dash-logstash/resources/certs/aafca.pem new file mode 100644 index 0000000000..cf12ec4c61 --- /dev/null +++ b/kubernetes/clamp/charts/clamp-dash-logstash/resources/certs/aafca.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEVDCCAjygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB +RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwNjA1MDg1MTQxWhcN +MjMwNjA1MDg1MTQxWjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG +A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzEwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOXCdZIoWM0EnEEw3qPiVMhAgNolWCTaLt +eI2TjlTQdGDIcXdBZukHdNeOKYzOXRsLt6bLRtd5yARpn53EbzS/dgAyHuaz1HjE +5IPWSFRg9SulfHUmcS+GBt1+KiMJTlOsw6wSA73H/PjjXBbWs/uRJTnaNmV3so7W +DhNW6fHOrbom4p+3FucbB/QAM9b/3l/1LKnRgdXx9tekDnaKN5u3HVBmyOlRhaRp +tscLUCT3jijoGAPRcYZybgrpa0z3iCWquibTO/eLwuO/Dn7yHWau9ZZAHGPBSn9f +TiLKRYV55mNjr3zvs8diTPECFPW8w8sRIH3za1aKHgUC1gd87Yr3AgMBAAGjZjBk +MB0GA1UdDgQWBBQa1FdycErTZ6nr4dxiMbKH0P7vqjAfBgNVHSMEGDAWgBRTVTPy +S+vQUbHBeJrBKDF77+rtSTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE +AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAlA/RTPy5i09fJ4ytSAmAdytMwEwRaU9F +dshG7LU9q95ODsuM79yJvV9+ISIJZRsBqf5PDv93bUCKKHIYGvR6kNd+n3yx/fce +txDkC/tMj1T9D8TuDKAclGEO9K5+1roOQQFxr4SE6XKb/wjn8OMrCoJ75S0F3htF +LKL85T77JeGeNgSk8JEsZvQvj32m0gv9rxi5jM/Zi5E2vxrBR9T1v3kVvlt6+PSF +BoHXROk5HQmdHxnH+VYQtDHSwj9Xe9aoJMyL0WjYKd//8NUO+VACDOtK4Nia6gy9 +m/n9kMASMw6f9iF4n6t4902RWrRKTYM1CVu5wyVklVbEdE9i6Db4CpL9E8HpBUAP +t44JiNzuFkDmSE/z5XuQIimDt6nzOaSF8pX2KHY2ICDLwpMNUvxzqXD9ECbdspiy +JC2RGq8uARGGl6kQQBKDNO8SrO7rSBPANd1+LgqrKbCrHYfvFgkZPgT5MlQi+E1G +LNT+i6fzZha9ed/L6yjl5Em71flJGFwRZl2pfErZRxp8pLPcznYyIpSjcwnqNCRC +orhlp8nheiODC3oO3AFHDiFgUqvm8hgpnT2cPk2lpU2VY1TcZ8sW5qUDCxINIPcW +u1SAsa87IJK3vEzPZfTCs/S6XThoqRfXj0c0Rahj7YFRi/PqIPY0ejwdtmZ9m9pZ +8Lb0GYmlo44= +-----END CERTIFICATE----- diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml index 51470d265b..369b5820d5 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml +++ b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/logstash.yml @@ -26,4 +26,4 @@ config.reload.automatic: true #xpack.monitoring.elasticsearch.url: ["http://10.247.186.12:9200", "http://10.247.186.13:9200"] #xpack.monitoring.elasticsearch.username: elastic #xpack.monitoring.elasticsearch.password: changeme -xpack.monitoring.enabled: false +#xpack.monitoring.enabled: false diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf index f88e40da14..317b428c77 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf +++ b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf @@ -1,4 +1,4 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. input { - http_poller { + http_poller { urls => { event_queue => { method => get @@ -20,8 +20,8 @@ input { headers => { Accept => "application/json" } - add_field => { "topic" => "${event_topic}" } - type => "dmaap_event" + topic => "${event_topic}" + tags => [ "dmaap_source" ] } notification_queue => { method => get @@ -29,8 +29,8 @@ input { headers => { Accept => "application/json" } - add_field => { "topic" => "${notification_topic}" } - type => "dmaap_notification" + topic => "${notification_topic}" + tags => [ "dmaap_source" ] } request_queue => { method => get @@ -38,66 +38,91 @@ input { headers => { Accept => "application/json" } - add_field => { "topic" => "${request_topic}" } - type => "dmaap_request" + topic => "${request_topic}" + tags => [ "dmaap_source" ] } } socket_timeout => 30 request_timeout => 30 - interval => 60 + schedule => { "every" => "1m" } codec => "plain" - } + cacert => "/certs.d/aafca.pem" + } } + filter { - if [type] != "dmaap_log" { - # avoid noise if no entry in the list - if [message] == "[]" { - drop { } - } + # avoid noise if no entry in the list + if [message] == "[]" { + drop { } + } + + if [http_request_failure] or [@metadata][code] != "200" { + mutate { + add_tag => [ "error" ] + } + } - # parse json, split the list into multiple events, and parse each event + if "dmaap_source" in [tags] { + # + # Dmaap provides a json list, whose items are Strings containing the event + # provided to Dmaap, which itself is an escaped json. + # + # We first need to parse the json as we have to use the plaintext as it cannot + # work with list of events, then split that list into multiple string events, + # that we then transform into json. + # json { - source => "[message]" - target => "message" + source => "[message]" + target => "message" } + ruby { + code => " + for ev in event.get('message', []) + ev.set('@metadata', event.get('@metadata')) + end + " + } + split { - field => "message" - add_field => { - "type" => "%{type}" - "topic" => "%{topic}" - } + field => "message" } json { - source => "message" + source => "message" + } + mutate { + remove_field => [ "message" ] } - mutate { remove_field => [ "message" ] } } - - # express timestamps in milliseconds instead of microseconds - ruby { + + # + # Some timestamps are expressed as milliseconds, some are in microseconds + # + if [closedLoopAlarmStart] { + ruby { code => " - if event.get('closedLoopAlarmStart').to_s.to_i(10) > 9999999999999 - event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10) / 1000) - else - event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10)) - end - " - } - date { - match => [ "closedLoopAlarmStart", UNIX_MS ] - target => "closedLoopAlarmStart" + if event.get('closedLoopAlarmStart').to_s.to_i(10) > 9999999999999 + event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10) / 1000) + else + event.set('closedLoopAlarmStart', event.get('closedLoopAlarmStart').to_s.to_i(10)) + end + " + } + date { + match => [ "closedLoopAlarmStart", UNIX_MS ] + target => "closedLoopAlarmStart" + } } if [closedLoopAlarmEnd] { ruby { code => " - if event.get('closedLoopAlarmEnd').to_s.to_i(10) > 9999999999999 - event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10) / 1000) - else - event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10)) - end - " + if event.get('closedLoopAlarmEnd').to_s.to_i(10) > 9999999999999 + event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10) / 1000) + else + event.set('closedLoopAlarmEnd', event.get('closedLoopAlarmEnd').to_s.to_i(10)) + end + " } date { match => [ "closedLoopAlarmEnd", UNIX_MS ] @@ -105,39 +130,122 @@ filter { } } - #"yyyy-MM-dd HH:mm:ss" + + + # + # Notification time are expressed under the form "yyyy-MM-dd HH:mm:ss", which + # is close to ISO8601, but lacks of T as spacer: "yyyy-MM-ddTHH:mm:ss" + # if [notificationTime] { - mutate { - gsub => [ - "notificationTime", " ", "T" - ] - } - date { + mutate { + gsub => [ + "notificationTime", " ", "T" + ] + } + date { match => [ "notificationTime", ISO8601 ] target => "notificationTime" - } + } + } + + + # + # Renaming some fields for readability + # + if [AAI][generic-vnf.vnf-name] { + mutate { + add_field => { "vnfName" => "%{[AAI][generic-vnf.vnf-name]}" } + } + } + if [AAI][generic-vnf.vnf-type] { + mutate { + add_field => { "vnfType" => "%{[AAI][generic-vnf.vnf-type]}" } + } + } + if [AAI][vserver.vserver-name] { + mutate { + add_field => { "vmName" => "%{[AAI][vserver.vserver-name]}" } + } + } + if [AAI][complex.city] { + mutate { + add_field => { "locationCity" => "%{[AAI][complex.city]}" } + } + } + if [AAI][complex.state] { + mutate { + add_field => { "locationState" => "%{[AAI][complex.state]}" } + } + } + + + # + # Adding some flags to ease aggregation + # + if [closedLoopEventStatus] =~ /(?i)ABATED/ { + mutate { + add_field => { "flagAbated" => "1" } + } + } + if [notification] =~ /^.*?(?:\b|_)FINAL(?:\b|_).*?(?:\b|_)FAILURE(?:\b|_).*?$/ { + mutate { + add_field => { "flagFinalFailure" => "1" } + } + } + + + if "error" not in [tags] { + # + # Creating data for a secondary index + # + clone { + clones => [ "event-cl-aggs" ] + add_tag => [ "event-cl-aggs" ] + } + + if "event-cl-aggs" in [tags] { + # + # we only need a few fields for aggregations; remove all fields from clone except : + # vmName,vnfName,vnfType,requestID,closedLoopAlarmStart, closedLoopControlName,closedLoopAlarmEnd,abated,nbrDmaapevents,finalFailure + # + prune { + whitelist_names => ["^@.*$","^topic$","^type$","^tags$","^flagFinalFailure$","^flagAbated$","^locationState$","^locationCity$","^vmName$","^vnfName$","^vnfType$","^requestID$","^closedLoopAlarmStart$","^closedLoopControlName$","^closedLoopAlarmEnd$","^target$","^target_type$","^triggerSourceName$","^policyScope$","^policyName$","^policyVersion$"] + } + + } } } + + output { stdout { codec => rubydebug } - if [http_request_failure] { + if "error" in [tags] { elasticsearch { codec => "json" hosts => ["${elasticsearch_base_url}"] index => "errors-%{+YYYY.MM.DD}" doc_as_upsert => true } - } else { + + } else if "event-cl-aggs" in [tags] { elasticsearch { codec => "json" hosts => ["${elasticsearch_base_url}"] - index => "logstash-%{+YYYY.MM.DD}" # creates daily indexes + document_id => "%{requestID}" + index => "events-cl-%{+YYYY.MM.DD}" # creates daily indexes for control loop doc_as_upsert => true + action => "update" + } + } else { + elasticsearch { + codec => "json" + hosts => ["${elasticsearch_base_url}"] + index => "events-%{+YYYY.MM.DD}" # creates daily indexes + doc_as_upsert => true } } - } diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml b/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml index 9186cd919a..350a0e0fad 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml +++ b/kubernetes/clamp/charts/clamp-dash-logstash/templates/configmap.yaml @@ -25,3 +25,13 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-aaf-keys + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml index 433e7ab24f..aff9a0de71 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml +++ b/kubernetes/clamp/charts/clamp-dash-logstash/templates/deployment.yaml @@ -48,7 +48,7 @@ spec: name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} - image: "{{ .Values.global.loggingRepository| default .Values.loggingRepository }}/{{ .Values.image }}" + image: "{{ .Values.global.imageRepository| default .Values.imageRepository }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - name: dmaap_consumer_group @@ -92,6 +92,8 @@ spec: - mountPath: /usr/share/logstash/pipeline/logstash.conf name: {{ include "common.fullname" . }} subPath: pipeline.conf + - name: {{ include "common.fullname" . }}-aaf-certs + mountPath: /certs.d/ resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -114,5 +116,9 @@ spec: path: logstash.yml - key: pipeline.conf path: pipeline.conf + - name: {{ include "common.fullname" . }}-aaf-certs + secret: + secretName: {{ include "common.fullname" . }}-aaf-keys + imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml b/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml index 9be859cd78..52b66c6824 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image -loggingRepository: docker.elastic.co -image: logstash/logstash:5.6.9 +imageRepository: nexus3.onap.org:10001 +image: onap/clamp-dashboard-logstash:3.0-STAGING-latest pullPolicy: Always # flag to enable debugging - application support required @@ -39,7 +39,7 @@ debugEnabled: false config: elasticsearchServiceName: cdash-es elasticsearchPort: 9200 - dmaapHost: message-router.{{ include "common.namespace" . }} + dmaapHost: message-router dmaapScheme: https dmaapPort: 3905 dmaapConsumerGroup: "clampdashboard" diff --git a/kubernetes/common/pgpool/templates/configmap.yaml b/kubernetes/common/pgpool/templates/configmap.yaml deleted file mode 100755 index cc20b42581..0000000000 --- a/kubernetes/common/pgpool/templates/configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-pgpool-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/pgpool/templates/service.yaml b/kubernetes/common/pgpool/templates/service.yaml deleted file mode 100644 index 0811fda593..0000000000 --- a/kubernetes/common/pgpool/templates/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -kind: "Service" -apiVersion: "v1" -metadata: - name: "pgpool" - labels: - name: "pgpool" -spec: - ports: - - protocol: "TCP" - port: 5432 - targetPort: 5432 - selector: - name: "pgpool" - type: ClusterIP diff --git a/kubernetes/common/pgpool/Chart.yaml b/kubernetes/common/postgres/charts/pgpool/Chart.yaml index b57e72a6ee..b57e72a6ee 100644 --- a/kubernetes/common/pgpool/Chart.yaml +++ b/kubernetes/common/postgres/charts/pgpool/Chart.yaml diff --git a/kubernetes/common/pgpool/configs/pgpool.conf b/kubernetes/common/postgres/charts/pgpool/configs/pgpool.conf index 9dd979ac6b..f335174f40 100644 --- a/kubernetes/common/pgpool/configs/pgpool.conf +++ b/kubernetes/common/postgres/charts/pgpool/configs/pgpool.conf @@ -52,12 +52,12 @@ pcp_socket_dir = '/tmp' # - Backend Connection Settings - -backend_hostname0 = '{{.Values.container.primary}}' +backend_hostname0 = '{{.Values.container.name.primary}}' backend_port0 = 5432 backend_weight0= 1 backend_flag0= 'DISALLOW_TO_FAILOVER' -backend_hostname1 = '{{.Values.container.replica}}' +backend_hostname1 = '{{.Values.container.name.replica}}' backend_port1 = 5432 backend_weight1= 1 backend_flag1= 'DISALLOW_TO_FAILOVER' @@ -259,7 +259,7 @@ failover_if_affected_tuples_mismatch = off # LOAD BALANCING MODE #------------------------------------------------------------------------------ -load_balance_mode = off +load_balance_mode = on # Activate load balancing mode # (change requires restart) ignore_leading_white_space = on @@ -358,7 +358,7 @@ health_check_period = 20 health_check_timeout = 10 # Health check timeout # 0 means no timeout -health_check_user = '{{.Values.credentials.pguser}}' +health_check_user = '{{.Values.credentials.pgusername}}' # Health check user health_check_password = '{{.Values.credentials.pgpassword}}' # Password for health check user @@ -419,7 +419,7 @@ search_primary_node_timeout = 10 # ONLINE RECOVERY #------------------------------------------------------------------------------ -recovery_user = '{{.Values.credentials.pguser}}' +recovery_user = '{{.Values.credentials.pgusername}}' # Online recovery user recovery_password = '{{.Values.credentials.pgpassword}}' # Online recovery password diff --git a/kubernetes/common/pgpool/configs/pool_hba.conf b/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf index d8918409e8..d8918409e8 100644 --- a/kubernetes/common/pgpool/configs/pool_hba.conf +++ b/kubernetes/common/postgres/charts/pgpool/configs/pool_hba.conf diff --git a/kubernetes/common/pgpool/configs/pool_passwd b/kubernetes/common/postgres/charts/pgpool/configs/pool_passwd index d8e09a2afa..3636d1de74 100644 --- a/kubernetes/common/pgpool/configs/pool_passwd +++ b/kubernetes/common/postgres/charts/pgpool/configs/pool_passwd @@ -1 +1,2 @@ testuser:md599e8713364988502fa6189781bcf648f +postgres:md53175bce1d3201d16594cebf9d7eb3f9d diff --git a/kubernetes/common/pgpool/requirements.yaml b/kubernetes/common/postgres/charts/pgpool/requirements.yaml index 9f44c6df28..9f44c6df28 100644 --- a/kubernetes/common/pgpool/requirements.yaml +++ b/kubernetes/common/postgres/charts/pgpool/requirements.yaml diff --git a/kubernetes/aaf/templates/secrets.yaml b/kubernetes/common/postgres/charts/pgpool/templates/configmap.yaml index fe876e1c6c..e2c77ff910 100644..100755 --- a/kubernetes/aaf/templates/secrets.yaml +++ b/kubernetes/common/postgres/charts/pgpool/templates/configmap.yaml @@ -13,9 +13,9 @@ # limitations under the License. apiVersion: v1 -kind: Secret +kind: ConfigMap metadata: - name: {{ .Release.Name}}-aaf-local-secret + name: {{ include "common.fullname" . }}-pgpool-configmap namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -23,8 +23,4 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: -{{ (.Files.Glob "resources/config/local/org.osaaf.aaf.trust.p12").AsSecrets | indent 2 }} -{{ (.Files.Glob "resources/config/local/org.osaaf.aaf.p12").AsSecrets | indent 2 }} -{{ (.Files.Glob "resources/config/local/org.osaaf.aaf.keyfile").AsSecrets | indent 2 }} -{{ (.Files.Glob "resources/config/local/org.osaaf.aaf.cm.p12").AsSecrets | indent 2 }} -type: Opaque +{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/pgpool/templates/deployment.yaml b/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml index f598409848..4aa8d831fb 100644 --- a/kubernetes/common/pgpool/templates/deployment.yaml +++ b/kubernetes/common/postgres/charts/pgpool/templates/deployment.yaml @@ -15,7 +15,7 @@ */}} kind: Deployment apiVersion: extensions/v1beta1 -metadata: +metadata: name: {{ include "common.fullname" . }} namespace: {{ include "common.namespace" . }} labels: @@ -23,7 +23,7 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -spec: +spec: replicas: 2 template: metadata: @@ -32,8 +32,9 @@ spec: release: {{ .Release.Name }} spec: containers: - - name: pgpool - image: "{{.Values.image.repository}}/{{.Values.image.container}}:{{.Values.image.tag}}" + - image: "{{.Values.repository}}/{{.Values.image}}" + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} + name: {{ include "common.name" . }} env: - name: PG_PRIMARY_SERVICE_NAME value: {{.Values.container.name.primary}} @@ -52,8 +53,8 @@ spec: port: 5432 initialDelaySeconds: 20 periodSeconds: 10 - livenessProbe: - tcpSocket: + livenessProbe: + tcpSocket: port: 5432 initialDelaySeconds: 15 periodSeconds: 20 @@ -64,4 +65,4 @@ spec: volumes: - name: pgpool-pgconf configMap: - name: {{ .Release.Name }}-pgpool-configmap + name: {{ include "common.fullname" . }}-pgpool-configmap diff --git a/kubernetes/common/postgres/charts/pgpool/templates/service.yaml b/kubernetes/common/postgres/charts/pgpool/templates/service.yaml new file mode 100644 index 0000000000..86442a2740 --- /dev/null +++ b/kubernetes/common/postgres/charts/pgpool/templates/service.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.name }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.name }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.name }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} diff --git a/kubernetes/common/pgpool/values.yaml b/kubernetes/common/postgres/charts/pgpool/values.yaml index 8e7474203d..cb732b7cd7 100644 --- a/kubernetes/common/pgpool/values.yaml +++ b/kubernetes/common/postgres/charts/pgpool/values.yaml @@ -12,7 +12,23 @@ # See the License for the specific language governing permissions and # limitations under the License. -name: pgpool +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + persistence: {} + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: crunchydata +image: crunchy-pgpool:centos7-10.4-2.0.0 +pullPolicy: Always + container: port: 5432 name: @@ -21,8 +37,8 @@ container: credentials: pgusername: testuser pgpassword: password -serviceType: ClusterIP -image: - repository: crunchydata - container: crunchy-pgpool - tag: centos7-10.4-2.0.0 +service: + name: pgpool + type: ClusterIP + externalPort: 5432 + internalPort: 5432 diff --git a/kubernetes/consul/resources/config/consul-agent-config/multicloud-health-check.json b/kubernetes/consul/resources/config/consul-agent-config/multicloud-health-check.json index 8e19b3172e..51f2acc8f5 100644 --- a/kubernetes/consul/resources/config/consul-agent-config/multicloud-health-check.json +++ b/kubernetes/consul/resources/config/consul-agent-config/multicloud-health-check.json @@ -31,6 +31,20 @@ "timeout": "1s" }, { + "id": "multicloud-pike", + "name": "Multicloud Pike Health Check", + "http": "http://multicloud-pike:9007/api/multicloud-pike/v0/swagger.json", + "method": "HEAD", + "header": { + "Cache-Control": ["no-cache"], + "Content-Type": ["application/json"], + "Accept": ["application/json"] + }, + "tls_skip_verify": true, + "interval": "15s", + "timeout": "1s" + }, + { "id": "multicloud-vio", "name": "Multicloud Vio Health Check", "http": "http://multicloud-vio:9004/api/multicloud-vio/v0/swagger.json", diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml index 10ac897046..18632d1d39 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml @@ -60,6 +60,16 @@ postgres: persistence: mountSubPath: dcae/data mountInitPath: dcae + pgpool: + nameOverride: dcae-pgpool + service: + name: dcae-pgpool + credentials: + pgpassword: onapdemodb + container: + name: + primary: dcae-pgpool-primary + replica: dcae-pgpool-replica # application image repository: nexus3.onap.org:10001 @@ -70,7 +80,7 @@ image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.4.3 componentImages: config_binding_service: onap/org.onap.dcaegen2.platform.configbinding.app-app:2.2.3 datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.0.0 - deployment_handler: onap/org.onap.dcaegen2.platform.deployment-handler:3.0.2 + deployment_handler: onap/org.onap.dcaegen2.platform.deployment-handler:3.0.3 holmes_rules: onap/holmes/rule-management:1.2.0-STAGING-latest holmes_engine: onap/holmes/engine-management:1.2.0-STAGING-latest inventory: onap/org.onap.dcaegen2.platform.inventory-api:3.0.4 diff --git a/kubernetes/dmaap/charts/dmaap-bus-controller/values.yaml b/kubernetes/dmaap/charts/dmaap-bus-controller/values.yaml index a14b1b7c98..e79a693382 100644 --- a/kubernetes/dmaap/charts/dmaap-bus-controller/values.yaml +++ b/kubernetes/dmaap/charts/dmaap-bus-controller/values.yaml @@ -92,6 +92,17 @@ postgres: persistence: mountSubPath: dbc/data mountInitPath: dbc + pgpool: + nameOverride: dbc-pgpool + service: + name: dbc-pgpool + credentials: + pgusername: dmaap_admin + pgpassword: onapdemodb + container: + name: + primary: dbc-pgpool-primary + replica: dbc-pgpool-replica ingress: enabled: false diff --git a/kubernetes/dmaap/charts/dmaap-data-router/charts/dmaap-dr-node/values.yaml b/kubernetes/dmaap/charts/dmaap-data-router/charts/dmaap-dr-node/values.yaml index 9a48dbe64e..f8600b5825 100644 --- a/kubernetes/dmaap/charts/dmaap-data-router/charts/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/charts/dmaap-data-router/charts/dmaap-dr-node/values.yaml @@ -26,7 +26,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/datarouter-node:latest +image: onap/dmaap/datarouter-node:1.0.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/dmaap/charts/dmaap-data-router/charts/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/charts/dmaap-data-router/charts/dmaap-dr-prov/values.yaml index 855a64f913..dfdd38bfbf 100644 --- a/kubernetes/dmaap/charts/dmaap-data-router/charts/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/charts/dmaap-data-router/charts/dmaap-dr-prov/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/datarouter-prov:latest +image: onap/dmaap/datarouter-prov:1.0.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/multicloud/charts/multicloud-azure/.helmignore b/kubernetes/multicloud/charts/multicloud-azure/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-azure/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/resources/config/etc/org.osaaf.hello.props b/kubernetes/multicloud/charts/multicloud-azure/Chart.yaml index eeacc1da94..d4b60c68b9 100644 --- a/kubernetes/aaf/resources/config/etc/org.osaaf.hello.props +++ b/kubernetes/multicloud/charts/multicloud-azure/Chart.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,12 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. - -## -## org.osaaf.locator -## AAF Locator Properties -## -cadi_prop_files=/opt/app/osaaf/etc/org.osaaf.common.props -aaf_component=AAF_NS.hello:2.1.0.0 -port=8130 -cadi_registration_hostname={{.Values.config.helloServiceName}} +apiVersion: v1 +description: ONAP multicloud Azure plugin +name: multicloud-azure +version: 3.0.0 diff --git a/kubernetes/multicloud/charts/multicloud-azure/resources/config/log/log.yml b/kubernetes/multicloud/charts/multicloud-azure/resources/config/log/log.yml new file mode 100644 index 0000000000..5e29829cc2 --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-azure/resources/config/log/log.yml @@ -0,0 +1,37 @@ +# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +version: 1 +disable_existing_loggers: False + +loggers: + vio: + handlers: [azure_handler] + level: "DEBUG" + propagate: False +handlers: + vio_handler: + level: "DEBUG" + class: "logging.handlers.RotatingFileHandler" + filename: "/var/log/onap/multicloud/azure/azure.log" + formatter: "mdcFormat" + maxBytes: 52428800 + backupCount: 10 +formatters: + standard: + format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" + mdcFormat: + format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" + mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" + datefmt: "%Y-%m-%d %H:%M:%S" + (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/multicloud/charts/multicloud-azure/templates/NOTES.txt b/kubernetes/multicloud/charts/multicloud-azure/templates/NOTES.txt new file mode 100644 index 0000000000..befedf4578 --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-azure/templates/NOTES.txt @@ -0,0 +1,34 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/multicloud/charts/multicloud-azure/templates/configmap.yaml b/kubernetes/multicloud/charts/multicloud-azure/templates/configmap.yaml new file mode 100644 index 0000000000..5d69f74dc1 --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-azure/templates/configmap.yaml @@ -0,0 +1,29 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }} diff --git a/kubernetes/multicloud/charts/multicloud-azure/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-azure/templates/deployment.yaml new file mode 100644 index 0000000000..d850eba3c9 --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-azure/templates/deployment.yaml @@ -0,0 +1,110 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: multicloud-azure + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + annotations: + sidecar.istio.io/inject: "{{.Values.istioSidecar}}" + spec: + containers: + - env: + - name: MSB_ADDR + value: "{{ .Values.config.msbgateway }}" + - name: MSB_PORT + value: "{{ .Values.config.msbPort }}.{{ include "common.namespace" . }}" + - name: AAI_ADDR + value: aai.{{ include "common.namespace" . }} + - name: AAI_PORT + value: "{{ .Values.config.aai.port }}" + - name: AAI_SCHEMA_VERSION + value: "{{ .Values.config.aai.schemaVersion }}" + - name: AAI_USERNAME + value: "{{ .Values.config.aai.username }}" + - name: AAI_PASSWORD + value: "{{ .Values.config.aai.password }}" + name: {{ include "common.name" . }} + volumeMounts: + - mountPath: /var/log/onap + name: azure-log + - mountPath: /opt/multicloud_azure/multicloud_azure/pub/config/log.yml + name: azure-logconfig + subPath: log.yml + resources: +{{ toYaml (pluck .Values.flavor .Values.resources| first) | indent 12 }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + httpGet: + path: /api/multicloud-azure/v0/swagger.json + port: {{ .Values.service.internalPort }} + scheme: HTTP + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + successThreshold: {{ .Values.liveness.successThreshold }} + failureThreshold: {{ .Values.liveness.failureThreshold }} + {{ end -}} + # side car containers + - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: filebeat-onap + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + name: filebeat-conf + subPath: filebeat.yml + - mountPath: /var/log/onap + name: azure-log + - mountPath: /usr/share/filebeat/data + name: azure-data-filebeat + volumes: + - name: azure-log + emptyDir: {} + - name: azure-data-filebeat + emptyDir: {} + - name: filebeat-conf + configMap: + name: multicloud-filebeat-configmap + - name: azure-logconfig + configMap: + name: {{ include "common.fullname" . }}-log-configmap + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + restartPolicy: Always diff --git a/kubernetes/multicloud/charts/multicloud-azure/templates/service.yaml b/kubernetes/multicloud/charts/multicloud-azure/templates/service.yaml new file mode 100644 index 0000000000..b48aa6da7a --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-azure/templates/service.yaml @@ -0,0 +1,53 @@ +{{/* +# Copyright © 2018 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + msb.onap.org/service-info: '[ + { + "serviceName": "multicloud-azure", + "version": "v0", + "url": "/api/multicloud-azure/v0", + "protocol": "REST", + "port": "{{ .Values.service.externalPort }}", + "visualRange": "1" + } + ]' +spec: + ports: + {{if eq .Values.service.type "NodePort" -}} + - name: {{ .Values.service.portName }} + port: {{ .Values.service.externalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + type: {{ .Values.service.type }} diff --git a/kubernetes/multicloud/charts/multicloud-azure/values.yaml b/kubernetes/multicloud/charts/multicloud-azure/values.yaml new file mode 100644 index 0000000000..7b9d9c7e4b --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-azure/values.yaml @@ -0,0 +1,86 @@ +# Copyright © 2018 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/multicloud/azure:1.2.0-SNAPSHOT +pullPolicy: Always + +#Istio sidecar injection policy +istioSidecar: true + +# application configuration +config: + msbgateway: msb-iag + msbPort: 80 + aai: + port: 8443 + schemaVersion: v13 + username: AAI + password: AAI + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 5 + enabled: true + +service: + type: NodePort + portName: multicloud-azure + externalPort: 9008 + internalPort: 9008 + nodePort: 61 + +ingress: + enabled: false + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 10m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 20m + memory: 2Gi diff --git a/kubernetes/multicloud/charts/multicloud-pike/.helmignore b/kubernetes/multicloud/charts/multicloud-pike/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-pike/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aaf/charts/aaf-cs/templates/secret.yaml b/kubernetes/multicloud/charts/multicloud-pike/Chart.yaml index 4ae60f17c9..cdcfb72f5e 100644 --- a/kubernetes/aaf/charts/aaf-cs/templates/secret.yaml +++ b/kubernetes/multicloud/charts/multicloud-pike/Chart.yaml @@ -1,4 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright (c) 2018 Intel Corporation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,10 +13,6 @@ # limitations under the License. apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} -type: Opaque -data: -{{ (.Files.Glob "resources/config/aaf-cs-data/*").AsSecrets | indent 2 }} +description: ONAP multicloud OpenStack Pike Plugin +name: multicloud-pike +version: 3.0.0 diff --git a/kubernetes/multicloud/charts/multicloud-pike/resources/config/log/log.yml b/kubernetes/multicloud/charts/multicloud-pike/resources/config/log/log.yml new file mode 100644 index 0000000000..935d9ca62e --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-pike/resources/config/log/log.yml @@ -0,0 +1,47 @@ +# Copyright (c) 2018 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +version: 1 +disable_existing_loggers: False + +loggers: + pike: + handlers: [pike_handler] + level: "DEBUG" + propagate: False + newton_base: + handlers: [pike_handler] + level: "DEBUG" + propagate: False + common: + handlers: [pike_handler] + level: "DEBUG" + propagate: False + +handlers: + pike_handler: + level: "DEBUG" + class: "logging.handlers.RotatingFileHandler" + filename: "/var/log/onap/multicloud/openstack/pike/pike.log" + formatter: "mdcFormat" + maxBytes: 1024*1024*50 + backupCount: 10 + +formatters: + standard: + format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" + mdcFormat: + format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" + mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" + datefmt: "%Y-%m-%d %H:%M:%S" + (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/multicloud/charts/multicloud-pike/templates/NOTES.txt b/kubernetes/multicloud/charts/multicloud-pike/templates/NOTES.txt new file mode 100644 index 0000000000..7adeb620b5 --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-pike/templates/NOTES.txt @@ -0,0 +1,34 @@ +# Copyright (c) 2018 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/multicloud/charts/multicloud-pike/templates/configmap.yaml b/kubernetes/multicloud/charts/multicloud-pike/templates/configmap.yaml new file mode 100644 index 0000000000..db636e7bca --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-pike/templates/configmap.yaml @@ -0,0 +1,28 @@ +{{/* +# Copyright (c) 2018 Intel Corporation. +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }} diff --git a/kubernetes/multicloud/charts/multicloud-pike/templates/deployment.yaml b/kubernetes/multicloud/charts/multicloud-pike/templates/deployment.yaml new file mode 100644 index 0000000000..a7c54444b0 --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-pike/templates/deployment.yaml @@ -0,0 +1,110 @@ +{{/* +# Copyright (c) 2018 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + name: {{ include "common.name" . }} + annotations: + sidecar.istio.io/inject: "{{.Values.istioSidecar}}" + spec: + containers: + - env: + - name: MSB_ADDR + value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}" + - name: MSB_PORT + value: "{{ .Values.config.msbPort }}" + - name: AAI_ADDR + value: aai.{{ include "common.namespace" . }} + - name: AAI_PORT + value: "{{ .Values.config.aai.port }}" + - name: AAI_SCHEMA_VERSION + value: "{{ .Values.config.aai.schemaVersion }}" + - name: AAI_USERNAME + value: "{{ .Values.config.aai.username }}" + - name: AAI_PASSWORD + value: "{{ .Values.config.aai.password }}" + name: {{ include "common.name" . }} + volumeMounts: + - mountPath: /var/log/onap + name: pike-log + - mountPath: /opt/pike/pike/pub/config/log.yml + name: pike-logconfig + subPath: log.yml + resources: +{{ include "common.resources" . | indent 12 }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if .Values.liveness.enabled }} + livenessProbe: + httpGet: + path: /api/multicloud-pike/v0/swagger.json + port: {{ .Values.service.internalPort }} + scheme: HTTP + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + successThreshold: {{ .Values.liveness.successThreshold }} + failureThreshold: {{ .Values.liveness.failureThreshold }} + {{ end }} + # side car containers + - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: filebeat-onap + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + name: filebeat-conf + subPath: filebeat.yml + - mountPath: /var/log/onap + name: pike-log + - mountPath: /usr/share/filebeat/data + name: pike-data-filebeat + + volumes: + - name: pike-log + emptyDir: {} + - name: pike-data-filebeat + emptyDir: {} + - name: filebeat-conf + configMap: + name: multicloud-filebeat-configmap + - name: pike-logconfig + configMap: + name: {{ include "common.fullname" . }}-log-configmap + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + restartPolicy: Always diff --git a/kubernetes/multicloud/charts/multicloud-pike/templates/service.yaml b/kubernetes/multicloud/charts/multicloud-pike/templates/service.yaml new file mode 100644 index 0000000000..7953b0d6d9 --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-pike/templates/service.yaml @@ -0,0 +1,61 @@ +{{/* +# Copyright (c) 2018 Intel Corporation. +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + msb.onap.org/service-info: '[ + { + "serviceName": "multicloud-pike", + "version": "v0", + "url": "/api/multicloud-pike/v0", + "protocol": "REST", + "port": "{{ .Values.service.externalPort }}", + "visualRange": "1" + }, + { + "serviceName": "multicloud-pike", + "version": "v1", + "url": "/api/multicloud-pike/v1", + "protocol": "REST", + "port": "{{ .Values.service.externalPort }}", + "visualRange": "1" + } + ]' + +spec: + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.externalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + type: {{ .Values.service.type }} diff --git a/kubernetes/multicloud/charts/multicloud-pike/values.yaml b/kubernetes/multicloud/charts/multicloud-pike/values.yaml new file mode 100644 index 0000000000..ee937ae2ac --- /dev/null +++ b/kubernetes/multicloud/charts/multicloud-pike/values.yaml @@ -0,0 +1,87 @@ +# Copyright (c) 2018 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/multicloud/openstack-pike:1.2.0-STAGING +pullPolicy: Always + +#Istio sidecar injection policy +istioSidecar: true + +# application configuration +config: + msbgateway: msb-iag + msbPort: 80 + aai: + port: 8443 + schemaVersion: v13 + username: AAI + password: AAI + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 5 + enabled: true + +service: + type: NodePort + name: multicloud-pike + portName: multicloud-pike + externalPort: 9007 + internalPort: 9007 + nodePort: 96 + +ingress: + enabled: false + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 10m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 20m + memory: 2Gi + unlimited: {} diff --git a/kubernetes/multicloud/resources/config/provider-plugin.json b/kubernetes/multicloud/resources/config/provider-plugin.json index 2f799e5cdb..2bc98943a5 100644 --- a/kubernetes/multicloud/resources/config/provider-plugin.json +++ b/kubernetes/multicloud/resources/config/provider-plugin.json @@ -7,6 +7,11 @@ "extra_info_hint": "", "provider_plugin": "multicloud-titaniumcloud" }, + "pike": { + "version": "pike", + "extra_info_hint": "", + "provider_plugin": "multicloud-pike" + }, "ocata": { "version": "ocata", "extra_info_hint": "", @@ -25,5 +30,16 @@ } }, "provider_plugin": "multicloud-vio" + }, + "azure": { + "vim_type": "azure", + "versions": { + "1.0": { + "version": "1.0", + "extra_info_hint": "", + "provider_plugin": "multicloud-azure" + } + }, + "provider_plugin": "multicloud-azure" } } diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index f904b4cece..89a3f4b280 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -28,7 +28,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/externalapi/nbi:3.0.0-latest +image: onap/externalapi/nbi:3.0.1 pullPolicy: Always sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU= aai_authorization: Basic QUFJOkFBSQ== diff --git a/kubernetes/oof/resources/config/aaf_root_ca.cer b/kubernetes/oof/resources/config/aaf_root_ca.cer new file mode 100755 index 0000000000..e9a50d7ea0 --- /dev/null +++ b/kubernetes/oof/resources/config/aaf_root_ca.cer @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV +BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx +NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK +DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 +XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn +H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM +pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 +NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg +2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY +wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd +ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM +P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 +aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY +PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G +A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ +UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN +BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz +L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 +7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx +c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf +jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 +RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h +PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF +CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ +Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A +cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR +ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX +dYY= +-----END CERTIFICATE----- diff --git a/kubernetes/oof/resources/config/osdf_config.yaml b/kubernetes/oof/resources/config/osdf_config.yaml index f286be4595..d39a83222f 100755 --- a/kubernetes/oof/resources/config/osdf_config.yaml +++ b/kubernetes/oof/resources/config/osdf_config.yaml @@ -1,18 +1,29 @@ -osdfPlacementSOUsername: {{ .Values.config.osdfPlacementSOUsername }} -osdfPlacementSOPassword: {{ .Values.config.osdfPlacementSOPassword }} +placementVersioningEnabled: {{ .Values.config.placementVersioningEnabled }} -osdfCMSchedulerUsername: {{ .Values.config.osdfCMSchedulerUsername }} -osdfCMSchedulerPassword: {{ .Values.config.osdfCMSchedulerPassword }} +# Placement API latest version numbers to be set in HTTP header +placementMajorVersion: {{ .Values.config.placementMajorVersion }} +placementMinorVersion: {{ .Values.config.placementMinorVersion }} +placementPatchVersion: {{ .Values.config.placementPatchVersion }} + +# Placement API default version numbers to be set in HTTP header +placementDefaultMajorVersion: {{ .Values.config.placementDefaultMajorVersion }} +placementDefaultMinorVersion: {{ .Values.config.placementDefaultMinorVersion }} +placementDefaultPatchVersion: {{ .Values.config.placementDefaultPatchVersion }} +# Credentials for SO soUsername: {{ .Values.config.soUsername }} soPassword: {{ .Values.config.soPassword }} +# Credentials for Conductor conductorUrl: {{ .Values.config.conductorUrl }} conductorUsername: {{ .Values.config.conductorUsername }} conductorPassword: {{ .Values.config.conductorPassword }} conductorPingWaitTime: {{ .Values.config.conductorPingWaitTime }} conductorMaxRetries: {{ .Values.config.conductorMaxRetries }} +# versions to be set in HTTP header +conductorMinorVersion: {{ .Values.config.conductorMinorVersion }} +# Policy Platform -- requires ClientAuth, Authorization, and Environment policyPlatformUrl: {{ .Values.config.policyPlatformUrl }} policyPlatformEnv: {{ .Values.config.policyPlatformEnv }} policyPlatformUsername: {{ .Values.config.policyPlatformUsername }} @@ -20,15 +31,59 @@ policyPlatformPassword: {{ .Values.config.policyPlatformPassword }} policyClientUsername: {{ .Values.config.policyClientUsername }} policyClientPassword: {{ .Values.config.policyClientPassword }} +# Credentials for DMaaP messageReaderHosts: {{ .Values.config.messageReaderHosts }} messageReaderTopic: {{ .Values.config.messageReaderTopic }} messageReaderAafUserId: {{ .Values.config.messageReaderAafUserId }} messageReaderAafPassword: {{ .Values.config.messageReaderAafPassword }} +# Credentials for SDC sdcUrl: {{ .Values.config.sdcUrl }} sdcUsername: {{ .Values.config.sdcUsername }} sdcPassword: {{ .Values.config.sdcPassword }} sdcONAPInstanceID: {{ .Values.config.sdcONAPInstanceID }} +# Credentials for the OOF placement service - Generic osdfPlacementUsername: {{ .Values.config.osdfPlacementUsername }} osdfPlacementPassword: {{ .Values.config.osdfPlacementPassword }} + +# Credentials for the OOF placement service - SO +osdfPlacementSOUsername: {{ .Values.config.osdfPlacementSOUsername }} +osdfPlacementSOPassword: {{ .Values.config.osdfPlacementSOPassword }} + +# Credentials for the OOF placement service - VFC +osdfPlacementVFCUsername: {{ .Values.config.osdfPlacementVFCUsername }} +osdfPlacementVFCPassword: {{ .Values.config.osdfPlacementVFCPassword }} + +# Credentials for the OOF CM scheduling service - Generic +osdfCMSchedulerUsername: {{ .Values.config.osdfCMSchedulerUsername }} +osdfCMSchedulerPassword: {{ .Values.config.osdfCMSchedulerPassword }} + +is_aaf_enabled: {{ .Values.config.is_aaf_enabled }} +aaf_cache_expiry_hrs: {{ .Values.config.aaf_cache_expiry_hrs }} +aaf_url: {{ .Values.config.aaf_url }} +aaf_user_roles: + {{- range .Values.config.aaf_user_roles }} + - {{ . }} + {{- end }} + +# Secret Management Service from AAF +aaf_sms_url: {{ .Values.config.aaf_sms_url }} +aaf_sms_timeout: {{ .Values.config.aaf_sms_timeout }} +secret_domain: {{ .Values.config.secret_domain }} +aaf_ca_certs: {{ .Values.config.aaf_ca_certs }} + +# config db api +configDbUrl: {{ .Values.config.configDbUrl }} +configDbUserName: {{ .Values.config.configDbUserName }} +configDbPassword: {{ .Values.config.configDbPassword }} +configDbGetCellListUrl: {{ .Values.config.configDbGetCellListUrl }} +configDbGetNbrListUrl: {{ .Values.config.configDbGetNbrListUrl }} + +# Credentials for PCIHandler +pciHMSUsername: {{ .Values.config.pciHMSUsername }} +pciHMSPassword: {{ .Values.config.pciHMSPassword }} + +# Credentials for the OOF PCI Opt service +osdfPCIOptUsername: {{ .Values.config.osdfPCIOptUsername }} +osdfPCIOptPassword: {{ .Values.config.osdfPCIOptPassword }} diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml index ed64166b59..07f1ff44a9 100644 --- a/kubernetes/oof/templates/deployment.yaml +++ b/kubernetes/oof/templates/deployment.yaml @@ -38,6 +38,10 @@ spec: - --container-name - pdp - --container-name + - aaf-service + - --container-name + - aaf-sms + - --container-name - oof-has-api env: - name: NAMESPACE @@ -76,6 +80,9 @@ spec: - mountPath: /opt/app/config/osdf_config.yaml name: {{ include "common.fullname" . }}-config subPath: osdf_config.yaml + - mountPath: /opt/app/ssl_cert/aaf_root_ca.cer + name: {{ include "common.fullname" . }}-config + subPath: aaf_root_ca.cer resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -97,5 +104,7 @@ spec: items: - key: osdf_config.yaml path: osdf_config.yaml + - key: aaf_root_ca.cer + path: aaf_root_ca.cer imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index c249f26569..da69c42b9e 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -36,12 +36,15 @@ debugEnabled: false config: msbgateway: msb-iag msbPort: 80 - # Credentials for the OOF placement service – SO. - osdfPlacementSOUsername: so_test - osdfPlacementSOPassword: so_testpwd - # Credentials for the OOF CM scheduling service – Generic. - osdfCMSchedulerUsername: test1 - osdfCMSchedulerPassword: testpwd1 + placementVersioningEnabled: False + # Placement API latest version numbers to be set in HTTP header + placementMajorVersion: "1" + placementMinorVersion: "0" + placementPatchVersion: "0" + # Placement API default version numbers to be set in HTTP header + placementDefaultMajorVersion: "1" + placementDefaultMinorVersion: "0" + placementDefaultPatchVersion: "0" # Credentials of the callback url for SO. soUsername: "" # SO username for call back. soPassword: "" # SO password for call back. @@ -51,6 +54,8 @@ config: conductorPassword: plan.15 conductorPingWaitTime: 60 conductorMaxRetries: 30 + # versions to be set in HTTP header + conductorMinorVersion: 0 # Url and credentials for the Policy Platform policyPlatformUrl: http://pdp:8081/pdp/api/getConfig # Policy Dev platform URL policyPlatformEnv: TEST # Environment for policy platform @@ -71,6 +76,38 @@ config: # Credentials for the placement service – Generic. osdfPlacementUsername: "test" osdfPlacementPassword: "testpwd" + # Credentials for the OOF placement service – SO. + osdfPlacementSOUsername: so_test + osdfPlacementSOPassword: so_testpwd + # Credentials for the OOF placement service - VFC + osdfPlacementVFCUsername: vfc_test + osdfPlacementVFCPassword: vfc_testpwd + # Credentials for the OOF CM scheduling service – Generic. + osdfCMSchedulerUsername: test1 + osdfCMSchedulerPassword: testpwd1 + #AAF Authentication + is_aaf_enabled: False + aaf_cache_expiry_hrs: 3 + aaf_url: https://aaf-service:8100 + aaf_user_roles: + - '/api/oof/v1/placement:org.onap.osdf.access|*|read ALL' + # Secret Management Service from AAF + aaf_sms_url: https://aaf-sms:10443 + aaf_sms_timeout: 30 + secret_domain: osdf + aaf_ca_certs: /opt/app/ssl_cert/aaf_root_ca.cer + # config db api + configDbUrl: http://config.db.url:8080 + configDbUserName: osdf + configDbPassword: passwd + configDbGetCellListUrl: 'SDNCConfigDBAPI/getCellList' + configDbGetNbrListUrl: 'SDNCConfigDBAPI/getNbrList' + # Credentials for PCIHandler + pciHMSUsername: "" # pcihandler username for call back. + pciHMSPassword: "" # pcihandler password for call back. + # Credentials for the OOF PCI Opt service + osdfPCIOptUsername: pci_test + osdfPCIOptPassword: pci_testpwd # default number of instances replicaCount: 1 nodeSelector: {} diff --git a/kubernetes/policy/resources/config/pe/console.conf b/kubernetes/policy/resources/config/pe/console.conf index 9cf8a29612..deb213e4b6 100644 --- a/kubernetes/policy/resources/config/pe/console.conf +++ b/kubernetes/policy/resources/config/pe/console.conf @@ -135,8 +135,8 @@ onap_application_name= #-----------------------ONAP-PORTAL-Properties---------------------- -ONAP_REDIRECT_URL=http://portal-app.{{.Release.Namespace}}:8989/ONAPPORTAL/login.htm -ONAP_REST_URL=http://portal-app.{{.Release.Namespace}}:8989/ONAPPORTAL/auxapi +ONAP_REDIRECT_URL=https://portal-app.{{.Release.Namespace}}:30225/ONAPPORTAL/login.htm +ONAP_REST_URL=https://portal-app:8443/ONAPPORTAL/auxapi ONAP_UEB_URL_LIST= ONAP_PORTAL_INBOX_NAME= ONAP_UEB_APP_KEY= diff --git a/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAP.keystore b/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAP.keystore Binary files differdeleted file mode 100644 index ff0f0d76a4..0000000000 --- a/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAP.keystore +++ /dev/null diff --git a/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.jks b/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.jks Binary files differnew file mode 100644 index 0000000000..4b7e115d8c --- /dev/null +++ b/kubernetes/portal/charts/portal-app/resources/certs/keystoreONAPPortal.jks diff --git a/kubernetes/portal/charts/portal-app/resources/server/server.xml b/kubernetes/portal/charts/portal-app/resources/server/server.xml index 09c2f8405f..c87e6c377a 100644 --- a/kubernetes/portal/charts/portal-app/resources/server/server.xml +++ b/kubernetes/portal/charts/portal-app/resources/server/server.xml @@ -89,7 +89,7 @@ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" - keystoreFile="keystoreONAP.keystore" keystorePass="{{ .Values.global.keypass }}" + keystoreFile="{{.Values.global.keystoreFile}}" keystorePass="{{.Values.global.keypass}}" clientAuth="false" sslProtocol="TLS" /> <!-- Define an AJP 1.3 Connector on port 8009 --> diff --git a/kubernetes/portal/charts/portal-app/templates/configmap.yaml b/kubernetes/portal/charts/portal-app/templates/configmap.yaml index d4ef698f71..28de588aa0 100644 --- a/kubernetes/portal/charts/portal-app/templates/configmap.yaml +++ b/kubernetes/portal/charts/portal-app/templates/configmap.yaml @@ -25,4 +25,3 @@ metadata: data: {{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTAL/*").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/certs/*").AsConfig . | indent 2 }} diff --git a/kubernetes/portal/charts/portal-app/templates/deployment.yaml b/kubernetes/portal/charts/portal-app/templates/deployment.yaml index 3fc2741556..fb9f35ba19 100644 --- a/kubernetes/portal/charts/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/charts/portal-app/templates/deployment.yaml @@ -59,11 +59,11 @@ spec: - name: javax.net.ssl.keyStore value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}} - name: javax.net.ssl.keyStorePassword - value: {{ .Values.global.keypass }} + value: {{ .Values.global.trustpass }} - name: javax.net.ssl.trustStore value: {{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}} - name: javax.net.ssl.trustStorePassword - value: {{ .Values.global.keypass }} + value: {{ .Values.global.trustpass }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} @@ -106,10 +106,10 @@ spec: - name: properties-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml" subPath: server.xml - - name: properties-onapportal + - name: authz-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.keystoreFile}}" subPath: {{ .Values.global.keystoreFile}} - - name: properties-onapportal + - name: authz-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.truststoreFile}}" subPath: {{ .Values.global.truststoreFile}} - name: var-log-onap @@ -143,6 +143,9 @@ spec: configMap: name: {{ include "common.fullname" . }}-onapportal defaultMode: 0755 + - name: authz-onapportal + secret: + secretName: {{ include "common.fullname" . }}-authz-onapportal - name: filebeat-conf configMap: name: portal-filebeat diff --git a/kubernetes/aaf/resources/config/backup/cbackup.sh b/kubernetes/portal/charts/portal-app/templates/secret.yaml index de918520c6..18f85c1698 100644 --- a/kubernetes/aaf/resources/config/backup/cbackup.sh +++ b/kubernetes/portal/charts/portal-app/templates/secret.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2018 Amdocs, Bell Canada, AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,11 +12,16 @@ # See the License for the specific language governing permissions and # limitations under the License. -cd /opt/app/cass_backup -DATA="ns role perm ns_attrib user_role cred cert x509 delegate approval approved future notify artifact health history" -PWD=cassandra -CQLSH="cqlsh -u cassandra -k authz -p $PWD" -for T in $DATA ; do - echo "Creating $T.dat" - $CQLSH -e "COPY authz.$T TO '$T.dat' WITH DELIMITER='|'" -done +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-authz-onapportal + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql index 1dcf0d8606..6b9e8a957c 100644 --- a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql +++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql @@ -1,41 +1,41 @@ -/* -# Copyright © 2018 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -*/ - -USE portal; -/* -Any updates required by OOM to the portaldb are made here. -1. split up SDC-FE and SDC-BE. Originally both FE and BE point to the same IP -while the OOM K8s version has these service split up. -*/ --- app_url is the FE, app_rest_endpoint is the BE ---portal-sdk => TODO: doesn't open a node port yet -update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8990/ONAPPORTALSDK/api/v2' where app_name = 'xDemo App'; ---dmaap-bc => the dmaap-bc doesn't open a node port.. -update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl'; ---sdc-be => 8443:30204, 8080:30205 ---sdc-fe => 8181:30206, 9443:30207 -update fn_app set app_url = 'http://{{.Values.config.sdcFeHostName}}:{{.Values.config.sdcFePort}}/sdc1/portal', app_rest_endpoint = 'http://sdc-be:8080/api/v2' where app_name = 'SDC'; ---pap => 8443:30219 -update fn_app set app_url = 'http://{{.Values.config.papHostName}}:{{.Values.config.papPort}}/onap/policy', app_rest_endpoint = 'http://pap:8443/onap/api/v2' where app_name = 'Policy'; ---vid => 8080:30200 -update fn_app set app_url = 'https://{{.Values.config.vidHostName}}:{{.Values.config.vidPort}}/vid/welcome.htm', app_rest_endpoint = 'https://vid:8443/vid/api/v2' where app_name = 'Virtual Infrastructure Deployment'; ---sparky => TODO: sparky doesn't open a node port yet -update fn_app set app_url = 'http://{{.Values.config.aaiSparkyHostName}}:{{.Values.config.aaiSparkyPort}}/services/aai/webapp/index.html#/viewInspect', app_rest_endpoint = 'http://aai-sparky-be.{{.Release.Namespace}}:9517/api/v2' where app_name = 'A&AI UI'; ---cli => 8080:30260 -update fn_app set app_url = 'http://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI'; ---msb-discovery => 10081:30281 this is clearly incorrect -update fn_app set app_url = 'http://{{.Values.config.msbDiscoveryHostName}}:{{.Values.config.msbDiscoveryPort}}/iui/microservices/default.html' where app_name = 'MSB'; +/*
+# Copyright © 2018 Amdocs, Bell Canada, AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+*/
+
+USE portal;
+/*
+Any updates required by OOM to the portaldb are made here.
+1. split up SDC-FE and SDC-BE. Originally both FE and BE point to the same IP
+while the OOM K8s version has these service split up.
+*/
+-- app_url is the FE, app_rest_endpoint is the BE
+--portal-sdk => TODO: doesn't open a node port yet
+update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8990/ONAPPORTALSDK/api/v2' where app_name = 'xDemo App';
+--dmaap-bc => the dmaap-bc doesn't open a node port..
+update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
+--sdc-be => 8443:30204, 8080:30205
+--sdc-fe => 8181:30206, 9443:30207
+update fn_app set app_url = 'http://{{.Values.config.sdcFeHostName}}:{{.Values.config.sdcFePort}}/sdc1/portal', app_rest_endpoint = 'http://sdc-be:8080/api/v2' where app_name = 'SDC';
+--pap => 8443:30219
+update fn_app set app_url = 'https://{{.Values.config.papHostName}}:{{.Values.config.papPort}}/onap/policy', app_rest_endpoint = 'https://pap:8443/onap/api/v2' where app_name = 'Policy';
+--vid => 8080:30200
+update fn_app set app_url = 'https://{{.Values.config.vidHostName}}:{{.Values.config.vidPort}}/vid/welcome.htm', app_rest_endpoint = 'https://vid:8443/vid/api/v2' where app_name = 'Virtual Infrastructure Deployment';
+--sparky => TODO: sparky doesn't open a node port yet
+update fn_app set app_url = 'http://{{.Values.config.aaiSparkyHostName}}:{{.Values.config.aaiSparkyPort}}/services/aai/webapp/index.html#/viewInspect', app_rest_endpoint = 'http://aai-sparky-be.{{.Release.Namespace}}:9517/api/v2' where app_name = 'A&AI UI';
+--cli => 8080:30260
+update fn_app set app_url = 'http://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI';
+--msb-discovery => 10081:30281 this is clearly incorrect
+update fn_app set app_url = 'http://{{.Values.config.msbDiscoveryHostName}}:{{.Values.config.msbDiscoveryPort}}/iui/microservices/default.html' where app_name = 'MSB';
diff --git a/kubernetes/portal/values.yaml b/kubernetes/portal/values.yaml index ecb7d5ecf6..719116b7dd 100644 --- a/kubernetes/portal/values.yaml +++ b/kubernetes/portal/values.yaml @@ -20,9 +20,10 @@ global: portalPort: "8989" # application's front end hostname. Must be resolvable on the client side environment portalHostName: "portal.api.simpledemo.onap.org" - keystoreFile: "keystoreONAP.keystore" - truststoreFile: "keystoreONAPall.jks" + keystoreFile: "keystoreONAPPortal.jks" + truststoreFile: "truststoreONAPall.jks" keypass: "changeit" + trustpass: "changeit" config: logstashServiceName: log-ls diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml index fb920574c5..7fb9885596 100755 --- a/kubernetes/robot/values.yaml +++ b/kubernetes/robot/values.yaml @@ -112,14 +112,14 @@ resources: # probe configuration parameters liveness: - initialDelaySeconds: 10 + initialDelaySeconds: 180 periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 10 + initialDelaySeconds: 180 periodSeconds: 10 service: diff --git a/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties b/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties index eb17d09882..3a6b5a08f0 100644 --- a/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties +++ b/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties @@ -18,18 +18,18 @@ # Configuration file for SDNC Controller Module # -org.onap.ccsdk.features.rest.adaptors.envtype=solo +org.onap.ccsdk.features.blueprints.adaptors.envtype=solo # Config Generator Microservices -org.onap.ccsdk.features.rest.adaptors.modelservice.type=generic -org.onap.ccsdk.features.rest.adaptors.modelservice.enable=true -org.onap.ccsdk.features.rest.adaptors.modelservice.url=http://controller-blueprints:8080/api/v1/ -org.onap.ccsdk.features.rest.adaptors.modelservice.user=ccsdkapps -org.onap.ccsdk.features.rest.adaptors.modelservice.passwd=ccsdkapps +org.onap.ccsdk.features.blueprints.adaptors.modelservice.type=generic +org.onap.ccsdk.features.blueprints.adaptors.modelservice.enable=true +org.onap.ccsdk.features.blueprints.adaptors.modelservice.url=http://controller-blueprints:8080/api/v1/ +org.onap.ccsdk.features.blueprints.adaptors.modelservice.user=ccsdkapps +org.onap.ccsdk.features.blueprints.adaptors.modelservice.passwd=ccsdkapps # Generic RESTCONF Adaptor -org.onap.ccsdk.features.rest.adaptors.restconf.type=generic -org.onap.ccsdk.features.rest.adaptors.restconf.enable=true -org.onap.ccsdk.features.rest.adaptors.restconf.user=admin -org.onap.ccsdk.features.rest.adaptors.restconf.passwd={{ .Values.config.odlPassword}} -org.onap.ccsdk.features.rest.adaptors.restconf.url=http://sdnc:8282/restconf/ +org.onap.ccsdk.features.blueprints.adaptors.restconf.type=generic +org.onap.ccsdk.features.blueprints.adaptors.restconf.enable=true +org.onap.ccsdk.features.blueprints.adaptors.restconf.user=admin +org.onap.ccsdk.features.blueprints.adaptors.restconf.passwd={{ .Values.config.odlPassword}} +org.onap.ccsdk.features.blueprints.adaptors.restconf.url=http://sdnc:8282/restconf/ diff --git a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml index 1e74daa2d9..19c6028202 100755 --- a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml @@ -59,21 +59,21 @@ mso: auth: 33293332AEC4930F655D8E2E8BB08937 password: B8EBDE0311F0AF355CF3F2FD505A8CAD sdnc: - endpoint: http://mso-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/SDNCAdapter + endpoint: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/SDNCAdapter rest: - endpoint: http://mso-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/v1/sdnc + endpoint: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/v1/sdnc timeout: PT60S tenant: endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/TenantAdapter vnf: endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/VnfAdapter rest: - endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/vnfs/v1/vnfs + endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/vnfs volume-groups: rest: endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}g:8087/services/rest/v1/volume-groups vnf-async: - endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/VnfAsyncAdapter + endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/VnfAsync bpmn: process: historyTimeToLive: '30' @@ -212,13 +212,13 @@ mso: callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService vnfadapter: create: - callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/VNFAdaptercallback + callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/vnfAdapterNotify delete: - callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/VNFAdaptercallback + callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/vnfAdapterNotify query: - callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/VNFAdaptercallback + callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/vnfAdapterNotify rollback: - callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/VNFAdaptercallback + callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/vnfAdapterNotify global: dmaap: username: testuser diff --git a/kubernetes/so/charts/so-monitoring/Chart.yaml b/kubernetes/so/charts/so-monitoring/Chart.yaml new file mode 100644 index 0000000000..f46d9f7876 --- /dev/null +++ b/kubernetes/so/charts/so-monitoring/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +# @author: gareth.roper@ericsson.com +apiVersion: v1 +description: A Helm chart for ONAP Service Orchestration Monitoring +name: so-monitoring +version: 3.0.0
\ No newline at end of file diff --git a/kubernetes/so/charts/so-monitoring/templates/configmap.yaml b/kubernetes/so/charts/so-monitoring/templates/configmap.yaml new file mode 100644 index 0000000000..f7860108d8 --- /dev/null +++ b/kubernetes/so/charts/so-monitoring/templates/configmap.yaml @@ -0,0 +1,26 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +# @author: gareth.roper@ericsson.com +apiVersion: v1 +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} diff --git a/kubernetes/so/charts/so-monitoring/templates/deployment.yaml b/kubernetes/so/charts/so-monitoring/templates/deployment.yaml new file mode 100644 index 0000000000..79d466227d --- /dev/null +++ b/kubernetes/so/charts/so-monitoring/templates/deployment.yaml @@ -0,0 +1,149 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +# @author: gareth.roper@ericsson.com +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} +spec: + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + spec: + initContainers: + - name: so-chown + image: alpine:3.6 + volumeMounts: + - name: logs + mountPath: /app/logs + imagePullPolicy: {{ index .Values.pullPolicy }} + command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /app/logs"] + restartPolicy: Always + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: +{{ include "common.resources" . | indent 12 }} + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-db-secrets + key: mariadb.readwrite.host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-db-secrets + key: mariadb.readwrite.port + - name: DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-db-secrets + key: mariadb.readwrite.rolename + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-db-secrets + key: mariadb.readwrite.password + - name: DB_ADMIN_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-db-secrets + key: mariadb.admin.rolename + - name: DB_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-db-secrets + key: mariadb.admin.password + - name: CADI_KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-ssl-pwd-secret + key: cadi_keystore_password + - name: CADI_TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-ssl-pwd-secret + key: cadi_truststore_password + - name: MSO_KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-ssl-client-secret + key: keystore_password + - name: MSO_TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-ssl-client-secret + key: truststore_password + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ index .Values "global" "pullPolicy" }} + volumeMounts: + - name: logs + mountPath: /app/logs + - name: certs + mountPath: /app/certs/ + readOnly: true + - name: config + mountPath: /app/config + readOnly: true + readinessProbe: + tcpSocket: + port: {{ index .Values.readinessProbe.port }} + initialDelaySeconds: {{ index .Values.readinessProbe.initialDelaySeconds}} + periodSeconds: {{ index .Values.readinessProbe.periodSeconds}} + livenessProbe: + tcpSocket: + port: {{ index .Values.livenessProbe.port }} + initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} + successThreshold: {{ index .Values.livenessProbe.successThreshold}} + failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + + ports: + - containerPort: {{ index .Values.containerPort }} + name: {{ .Values.service.portName }} + protocol: TCP + volumes: + - name: logs + emptyDir: {} + - name: certs + secret: + secretName: {{ .Release.Name}}-so-ssl-secret + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + + diff --git a/kubernetes/so/charts/so-monitoring/templates/service.yaml b/kubernetes/so/charts/so-monitoring/templates/service.yaml new file mode 100644 index 0000000000..053af9b5c2 --- /dev/null +++ b/kubernetes/so/charts/so-monitoring/templates/service.yaml @@ -0,0 +1,45 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +# @author: gareth.roper@ericsson.com +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ .Release.Name }} + + diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/charts/so-monitoring/values.yaml new file mode 100644 index 0000000000..79170eb5d2 --- /dev/null +++ b/kubernetes/so/charts/so-monitoring/values.yaml @@ -0,0 +1,70 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +# @author: gareth.roper@ericsson.com +image: onap/so/so-monitoring:latest +pullPolicy: IfNotPresent +replicaCount: 1 +minReadySeconds: 10 +containerPort: 9091 +logPath: app/logs/ +app: so-monitoring +service: + type: ClusterIP + internalPort: 9091 + externalPort: 9091 + portName: so-monitor-port +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 +# Resource Limit flavor -By Default using small +flavor: small +#Segregation for different environment (Small or large) +resources: + small: + requests: + memory: 1Gi + cpu: 10m + limits: + memory: 4Gi + cpu: 1 + large: + requests: + memory: 2Gi + cpu: 20m + limits: + memory: 8Gi + cpu: 2 +readinessProbe: + port: 9091 + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 10 +livenessProbe: + port: 9091 + initialDelaySeconds: 40 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false +nodeSelector: {} +tolerations: [] +affinity: {} + diff --git a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml index 9ea0237c42..615988066a 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml @@ -118,15 +118,15 @@ org: myurl: http://so-sdnc-adapter{{ include "common.namespace" . }}:8086/adapters/rest/SDNCNotify rest: bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage - sdncauth: 406B2AE613211B6FB52466DE6E1769AC + sdncauth: 263f7d5f944d4d0c76db74b4148bec67d0bc796a874bc0d2a2a12aae89a866aa69133f700f391f784719a37f6a68d29bf5a2fbae1dab0402db7788c800c5ba73 sdncconnecttime: 5000 - sdncurl10: http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/GENERIC-RESOURCE-API:' - sdncurl11: http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNFTOPOLOGYAIC-API:' - sdncurl12: http://sdnc.{{ include "common.namespace" . }}:8282/ - sdncurl5: http://sdnc.{{ include "common.namespace" . }}:8282/restconf/config - sdncurl6: http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNF-API:' - sdncurl8: http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NBNC-API:' - sdncurl9: http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NORTHBOUND-API:service-topology-operation + sdncurl10: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/GENERIC-RESOURCE-API:' + sdncurl11: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNFTOPOLOGYAIC-API:' + sdncurl12: 'http://sdnc.{{ include "common.namespace" . }}:8282/' + sdncurl5: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/config' + sdncurl6: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNF-API:' + sdncurl8: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NBNC-API:' + sdncurl9: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NORTHBOUND-API:service-topology-operation' service: infra: service-topology-infra-activate-operation: POST|90000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1 diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml index b9b90166f2..067b3c57c0 100644 --- a/kubernetes/vnfsdk/values.yaml +++ b/kubernetes/vnfsdk/values.yaml @@ -53,6 +53,17 @@ postgres: pgPrimaryPassword: postgres pgUserPassword: postgres pgRootPassword: postgres + pgpool: + nameOverride: vnfsdk-pgpool + service: + name: vnfsdk-pgpool + credentials: + pgusername: postgres + pgpassword: postgres + container: + name: + primary: pgpool-primary + replica: pgpool-replica # flag to enable debugging - application support required debugEnabled: false |