diff options
181 files changed, 1753 insertions, 4921 deletions
diff --git a/kubernetes/aai b/kubernetes/aai -Subproject dceb913fa262d4d1112ae734e6f9768b0354f9b +Subproject 7e6e2bf385f85e85e008d06b2415290851fee2b diff --git a/kubernetes/common/cassandra/resources/exec.py b/kubernetes/common/cassandra/resources/exec.py index 5b3ae33371..a7f297399e 100644 --- a/kubernetes/common/cassandra/resources/exec.py +++ b/kubernetes/common/cassandra/resources/exec.py @@ -1,4 +1,4 @@ -#!/usr/bin/python +#!/usr/bin/env python import getopt import logging import os @@ -7,7 +7,7 @@ import time from kubernetes import config from kubernetes.client import Configuration -from kubernetes.client.apis import core_v1_api +from kubernetes.client.api import core_v1_api from kubernetes.client.rest import ApiException from kubernetes.stream import stream diff --git a/kubernetes/common/cassandra/resources/restore.sh b/kubernetes/common/cassandra/resources/restore.sh index b9deb32316..798ab6c53c 100644 --- a/kubernetes/common/cassandra/resources/restore.sh +++ b/kubernetes/common/cassandra/resources/restore.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # Initialize variables ss_dir="" diff --git a/kubernetes/common/cassandra/templates/backup/cronjob.yaml b/kubernetes/common/cassandra/templates/backup/cronjob.yaml index e4f2aabfa0..f536be5053 100644 --- a/kubernetes/common/cassandra/templates/backup/cronjob.yaml +++ b/kubernetes/common/cassandra/templates/backup/cronjob.yaml @@ -13,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} +{{- $global := . }} {{- if .Values.backup.enabled }} apiVersion: batch/v1beta1 kind: CronJob @@ -52,7 +53,7 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - - /bin/bash + - /bin/sh - -c - | clearSnapshot(){ @@ -237,7 +238,7 @@ spec: {{- range $i := until (int .Values.replicaCount)}} - name: data-dir-{{ $i }} persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-data-{{ $i }} + claimName: {{ include "common.fullname" $global }}-data-{{ include "common.fullname" $global }}-{{ $i }} {{- end }} - name: backup-dir persistentVolumeClaim: diff --git a/kubernetes/common/certInitializer/resources/import-custom-certs.sh b/kubernetes/common/certInitializer/resources/import-custom-certs.sh new file mode 100755 index 0000000000..dd311830e7 --- /dev/null +++ b/kubernetes/common/certInitializer/resources/import-custom-certs.sh @@ -0,0 +1,61 @@ +#!/bin/bash + +# Copyright © 2020 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +CERTS_DIR=${CERTS_DIR:-/certs} +WORK_DIR=${WORK_DIR:-/updatedTruststore} +ONAP_TRUSTSTORE=${ONAP_TRUSTSTORE:-truststoreONAPall.jks} +JRE_TRUSTSTORE=${JRE_TRUSTSTORE:-$JAVA_HOME/lib/security/cacerts} +TRUSTSTORE_OUTPUT_FILENAME=${TRUSTSTORE_OUTPUT_FILENAME:-truststore.jks} + +mkdir -p $WORK_DIR + +# Decrypt and move relevant files to WORK_DIR +for f in $CERTS_DIR/*; do + if [[ $AAF_ENABLED == false ]] && [[ $f == *$ONAP_TRUSTSTORE* ]]; then + # Dont use onap truststore when aaf is disabled + continue + fi + if [[ $f == *.sh ]]; then + continue + fi + if [[ $f == *.b64 ]] + then + base64 -d $f > $WORK_DIR/`basename $f .b64` + else + cp $f $WORK_DIR/. + fi +done + +# Prepare truststore output file +if [[ $AAF_ENABLED == true ]] + then + mv $WORK_DIR/$ONAP_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME + else + echo "AAF is disabled, using JRE truststore" + cp $JRE_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME +fi + +# Import Custom Certificates +for f in $WORK_DIR/*; do + if [[ $f == *.pem ]]; then + echo "importing certificate: $f" + keytool -import -file $f -alias `basename $f` -keystore $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME -storepass $TRUSTSTORE_PASSWORD -noprompt + if [[ $? != 0 ]]; then + echo "failed importing certificate: $f" + exit 1 + fi + fi +done diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml index 1250c1225e..c453f11c85 100644 --- a/kubernetes/common/certInitializer/templates/_certInitializer.yaml +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2020 Samsung Electronics +# Copyright © 2020 Bell Canada, Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -96,6 +96,51 @@ value: "{{ $initRoot.public_fqdn | default "" }}" {{- end -}} +{{/* + This init container will import custom .pem certificates to truststoreONAPall.jks + Custom certificates must be placed in common/certInitializer/resources directory. + + The feature is enabled by setting Values.global.importCustomCertsEnabled = true + It can be used independently of aafEnabled, however it requires the same includes + as describe above for _initContainer. + + When AAF is enabled the truststoreONAPAll.jks (which contains AAF CA) will be used + to import custom certificates, otherwise the default java keystore will be used. + + The updated truststore file will be placed in /updatedTruststore and can be mounted per component + to a specific path by defining Values.certInitializer.truststoreMountpath (see _trustStoreVolumeMount) + The truststore file will be available to mount even if no custom certificates were imported. +*/}} +{{- define "common.certInitializer._initImportCustomCertsContainer" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} +- name: {{ include "common.name" $dot }}-import-custom-certs + image: {{ $subchartDot.Values.global.jreImage }} + imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} + securityContext: + runAsUser: 0 + command: + - /bin/bash + - -c + - /root/import-custom-certs.sh + env: + - name: AAF_ENABLED + value: "{{ $subchartDot.Values.global.aafEnabled }}" + - name: TRUSTSTORE_OUTPUT_FILENAME + value: "{{ $initRoot.truststoreOutputFileName }}" + - name: TRUSTSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "truststore-creds" "key" "password") | indent 6 }} + volumeMounts: + - mountPath: /certs + name: aaf-agent-certs + - mountPath: /root/import-custom-certs.sh + name: aaf-agent-certs + subPath: import-custom-certs.sh + - mountPath: /updatedTruststore + name: updated-truststore +{{- end -}} + {{- define "common.certInitializer._volumeMount" -}} {{- $dot := default . .dot -}} {{- $initRoot := default $dot.Values.certInitializer .initRoot -}} @@ -103,6 +148,21 @@ name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} {{- end -}} +{{/* + This is used together with _initImportCustomCertsContainer + It mounts the updated truststore (with imported custom certificates) to the + truststoreMountpath defined in the values file for the component. +*/}} +{{- define "common.certInitializer._trustStoreVolumeMount" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} +{{- if gt (len $initRoot.truststoreMountpath) 0 }} +- mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }} + name: updated-truststore + subPath: {{ $initRoot.truststoreOutputFileName }} +{{- end -}} +{{- end -}} + {{- define "common.certInitializer._volumes" -}} {{- $dot := default . .dot -}} {{- $initRoot := default $dot.Values.certInitializer .initRoot -}} @@ -121,10 +181,17 @@ name: {{ include "common.fullname" $subchartDot }}-add-config defaultMode: 0700 {{- end -}} +{{- if $dot.Values.global.importCustomCertsEnabled }} +- name: updated-truststore + emptyDir: {} +{{- end -}} {{- end -}} {{- define "common.certInitializer.initContainer" -}} {{- $dot := default . .dot -}} + {{- if $dot.Values.global.importCustomCertsEnabled }} + {{ include "common.certInitializer._initImportCustomCertsContainer" . }} + {{- end -}} {{- if $dot.Values.global.aafEnabled }} {{ include "common.certInitializer._initContainer" . }} {{- end -}} @@ -135,11 +202,14 @@ {{- if $dot.Values.global.aafEnabled }} {{- include "common.certInitializer._volumeMount" . }} {{- end -}} + {{- if $dot.Values.global.importCustomCertsEnabled }} + {{- include "common.certInitializer._trustStoreVolumeMount" . }} + {{- end -}} {{- end -}} {{- define "common.certInitializer.volumes" -}} {{- $dot := default . .dot -}} - {{- if $dot.Values.global.aafEnabled }} + {{- if or ($dot.Values.global.aafEnabled ) ($dot.Values.global.importCustomCertsEnabled) }} {{- include "common.certInitializer._volumes" . }} {{- end -}} {{- end -}} diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml index 416282f72a..271e410069 100644 --- a/kubernetes/common/certInitializer/values.yaml +++ b/kubernetes/common/certInitializer/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2020 Samsung Electronics +# Copyright © 2020 Bell Canada, Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ global: repository: nexus3.onap.org:10001 aafAgentImage: onap/aaf/aaf_agent:2.1.20 aafEnabled: true + jreImage: registry.gitlab.com/onap-integration/docker/onap-java pullPolicy: Always @@ -26,6 +27,11 @@ secrets: login: '{{ .Values.aafDeployFqi }}' password: '{{ .Values.aafDeployPass }}' passwordPolicy: required + - uid: truststore-creds + type: password + externalSecret: '{{ tpl (default "" .Values.truststoreCredsExternalSecret) . }}' + password: '{{ .Values.truststorePassword }}' + passwordPolicy: required readinessCheck: wait_for: @@ -45,3 +51,7 @@ cadi_latitude: "38.0" cadi_longitude: "-72.0" aaf_add_config: "" mountPath: "/opt/app/osaaf" +importCustomCertsEnabled: false +truststoreMountpath: "" +truststoreOutputFileName: truststore.jks +truststorePassword: changeit diff --git a/kubernetes/policy/charts/brmsgw/Chart.yaml b/kubernetes/common/logConfiguration/Chart.yaml index b09939d64c..1d13dcbd56 100644 --- a/kubernetes/policy/charts/brmsgw/Chart.yaml +++ b/kubernetes/common/logConfiguration/Chart.yaml @@ -1,5 +1,4 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,6 +13,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP Policy BRMS GW -name: brmsgw +description: Template used to create same STDOUT log configuration +name: logConfiguration version: 6.0.0 diff --git a/kubernetes/dcaegen2/components/dcae-redis/requirements.yaml b/kubernetes/common/logConfiguration/requirements.yaml index c593f60ae4..237f1d1354 100644 --- a/kubernetes/dcaegen2/components/dcae-redis/requirements.yaml +++ b/kubernetes/common/logConfiguration/requirements.yaml @@ -1,4 +1,4 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada +# Copyright © 2018 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,4 +15,4 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local' + repository: 'file://../common' diff --git a/kubernetes/common/logConfiguration/templates/_log.tpl b/kubernetes/common/logConfiguration/templates/_log.tpl new file mode 100644 index 0000000000..bf19f210e4 --- /dev/null +++ b/kubernetes/common/logConfiguration/templates/_log.tpl @@ -0,0 +1,41 @@ +{{/* +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* + Resolve the level of the logs. + The value for .Values.logLevel is used by default, + unless either override mechanism is used. + + - .Values.global.logLevel : override default log level for all components + - .Values.logLevelOverride : override global and default log level on a per + component basis + + The function can takes below arguments (inside a dictionary): + - .dot : environment (.) + - .initRoot : the root dictionary of logConfiguration submodule + (default to .Values.logConfiguration) +*/}} +{{- define "common.log.level" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.logConfiguration .initRoot -}} +{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} + {{- if $subchartDot.Values.logLevelOverride }} + {{- printf "%s" $subchartDot.Values.logLevelOverride -}} + {{- else }} + {{- default $subchartDot.Values.logLevel $subchartDot.Values.global.logLevel -}} + {{- end }} +{{- end -}} diff --git a/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml b/kubernetes/common/logConfiguration/values.yaml index bd7eb8ea40..7ebb0ff84e 100644 --- a/kubernetes/policy/charts/policy-distribution/templates/secrets.yaml +++ b/kubernetes/common/logConfiguration/values.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secretFast" . }} +logLevel: INFO diff --git a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml index 29d96748a3..0c05977322 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/cronjob.yaml @@ -90,6 +90,8 @@ spec: volumeMounts: - name: backup-dir mountPath: /backup + - name: db-data + mountPath: /var/lib/mysql containers: - name: mariadb-backup-validate image: "{{ include "common.repository" . }}/{{ .Values.backupImage }}" @@ -164,4 +166,7 @@ spec: - name: backup-dir persistentVolumeClaim: claimName: {{ include "common.fullname" . }}-backup-data + - name: db-data + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-data-{{ include "common.fullname" . }}-{{ sub .Values.replicaCount 1 }} {{- end }} diff --git a/kubernetes/consul/resources/config/consul-agent-config/sdnc-portal-health.json b/kubernetes/consul/resources/config/consul-agent-config/sdnc-portal-health.json deleted file mode 100644 index d03ce90820..0000000000 --- a/kubernetes/consul/resources/config/consul-agent-config/sdnc-portal-health.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "service": { - "name": "Health Check: SDNC Portal", - "checks": [ - { - "id": "sdnc-portal", - "name": "SDNC Portal Health Check", - "http": "http://sdnc-portal:8843/login", - "method": "HEAD", - "header": { - "Cache-Control": ["no-cache"], - "Content-Type": ["application/json"], - "Accept": ["application/json"] - }, - "tls_skip_verify": true, - "interval": "15s", - "timeout": "1s" - } - ] - } -} diff --git a/kubernetes/dcaegen2/Makefile b/kubernetes/dcaegen2/Makefile index f10f2fc682..0561f20f5e 100644 --- a/kubernetes/dcaegen2/Makefile +++ b/kubernetes/dcaegen2/Makefile @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-redis make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler make-dcae-dashboard +make-dcaegen2: make-dcae-bootstrap make-dcae-cloudify-manager make-dcae-config-binding-service make-dcae-healthcheck make-dcae-servicechange-handler make-dcae-inventory-api make-dcae-deployment-handler make-dcae-policy-handler make-dcae-dashboard make-dcae-bootstrap: cd components && helm dep up dcae-bootstrap && helm lint dcae-bootstrap @@ -25,9 +25,6 @@ make-dcae-config-binding-service: make-dcae-healthcheck: cd components && helm dep up dcae-healthcheck && helm lint dcae-healthcheck -make-dcae-redis: - cd components && helm dep up dcae-redis && helm lint dcae-redis - make-dcae-servicechange-handler: cd components && helm dep up dcae-servicechange-handler && helm lint dcae-servicechange-handler diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tca-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tca-inputs.yaml deleted file mode 100644 index 9240094fa9..0000000000 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tca-inputs.yaml +++ /dev/null @@ -1,28 +0,0 @@ -#============LICENSE_START======================================================== -#================================================================================= -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2018 Amdocs, Bell Canada -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -{{ if .Values.componentImages.tca }} -tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.tca }} -{{ end }} -dmaap_host: {{ .Values.config.address.message_router }}.{{include "common.namespace" . }} -consul_host: {{ .Values.config.address.consul.host }}.{{include "common.namespace" . }} -cbs_host: config-binding-service -enableRedisCaching: {{ .Values.config.redisCaching }} -{{ if .Values.config.redisHosts }} -redisHosts: {{ .Values.config.redisHosts }} -{{ end }} diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 33682e7dbe..5bce55ae6c 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== #================================================================================= -# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -70,8 +70,6 @@ config: ves: port: 30235 portSecure: 30417 - # redisCaching is a string not a boolean! - redisCaching: "false" # postgres values--overriding defaults in the postgres subchart postgres: @@ -107,7 +105,7 @@ mongo: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.0.2 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:2.0.4 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager @@ -115,9 +113,8 @@ default_k8s_location: central componentImages: holmes_rules: onap/holmes/rule-management:1.2.7 holmes_engine: onap/holmes/engine-management:1.2.6 - tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2 - tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.1 - ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.1 + tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.0 + ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.3 snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0 prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2 hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0 diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index b7ea4c9e6f..f5d1ffe1ed 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -46,7 +46,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.cm-container:3.0.0 +image: onap/org.onap.dcaegen2.deployments.cm-container:3.1.0 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml index c39b12cd6c..f7492e03c9 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml @@ -48,7 +48,7 @@ spec: - --container-name - consul-server - --container-name - - pdp + - policy-xacml-pdp - "-t" - "45" env: diff --git a/kubernetes/dcaegen2/components/dcae-redis/.helmignore b/kubernetes/dcaegen2/components/dcae-redis/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/dcaegen2/components/dcae-redis/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/dcaegen2/components/dcae-redis/Chart.yaml b/kubernetes/dcaegen2/components/dcae-redis/Chart.yaml deleted file mode 100644 index d4c264f713..0000000000 --- a/kubernetes/dcaegen2/components/dcae-redis/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP DCAE Redis -name: dcae-redis -version: 6.0.0 diff --git a/kubernetes/dcaegen2/components/dcae-redis/resources/redis/scripts/redis-cluster-config.sh b/kubernetes/dcaegen2/components/dcae-redis/resources/redis/scripts/redis-cluster-config.sh deleted file mode 100755 index 49872863a9..0000000000 --- a/kubernetes/dcaegen2/components/dcae-redis/resources/redis/scripts/redis-cluster-config.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash -# ================================================================================ -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2018 Amdocs, Bell Canada -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -(if [[ "$HOSTNAME" == *{{.Chart.Name}}-0 ]]; then - echo "delay by 10 seconds for redis server starting" - sleep 10 - - NODES="" - echo "====> wait for all {{.Values.replicaCount}} redis pods up" - while [ "$(echo $NODES | wc -w)" -lt {{.Values.replicaCount}} ] - do - echo "======> $(echo $NODES |wc -w) / {{.Values.replicaCount}} pods up" - sleep 5 - RESP=$(wget -vO- --ca-certificate /var/run/secrets/kubernetes.io/serviceaccount/ca.crt --header "Authorization: Bearer $(</var/run/secrets/kubernetes.io/serviceaccount/token)" https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_PORT_443_TCP_PORT/api/v1/namespaces/{{.Release.Namespace}}/pods?labelSelector=app={{.Chart.Name}}) - - IPS=$(echo $RESP | jq -r '.items[].status.podIP') - IPS2=$(echo $IPS | sed -e 's/[a-zA-Z]*//g') - echo "======> IPs: ["$IPS2"]" - NODES="" - for I in $IPS2; do NODES="$NODES $I:{{.Values.service.externalPort}}"; done - echo "======> nodes: ["$NODES"]" - done - echo "====> all {{.Values.replicaCount}} redis cluster pods are up. wait 10 seconds before the next step"; echo - sleep 10 - - echo "====> Configure the cluster" - - # $NODES w/o quotes - echo "======> nodes: [$(echo $NODES |paste -s)]" - redis-trib create --replicas 1 $(echo $NODES |paste -s) -fi ) & - -redis-server /conf/redis.conf - diff --git a/kubernetes/dcaegen2/components/dcae-redis/templates/NOTES.txt b/kubernetes/dcaegen2/components/dcae-redis/templates/NOTES.txt deleted file mode 100644 index 0a386aa131..0000000000 --- a/kubernetes/dcaegen2/components/dcae-redis/templates/NOTES.txt +++ /dev/null @@ -1,34 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/dcaegen2/components/dcae-redis/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-redis/templates/configmap.yaml deleted file mode 100644 index 85ebee672b..0000000000 --- a/kubernetes/dcaegen2/components/dcae-redis/templates/configmap.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} -data: - redis.conf: |+ - cluster-enabled yes - cluster-require-full-coverage no - cluster-node-timeout 15000 - cluster-config-file /data/nodes.conf - cluster-migration-barrier 1 - appendonly yes - protected-mode no ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-scripts - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/redis/scripts/*").AsConfig . | indent 2 }} diff --git a/kubernetes/dcaegen2/components/dcae-redis/templates/ingress.yaml b/kubernetes/dcaegen2/components/dcae-redis/templates/ingress.yaml deleted file mode 100644 index 8f87c68f1e..0000000000 --- a/kubernetes/dcaegen2/components/dcae-redis/templates/ingress.yaml +++ /dev/null @@ -1 +0,0 @@ -{{ include "common.ingress" . }} diff --git a/kubernetes/dcaegen2/components/dcae-redis/templates/pv.yaml b/kubernetes/dcaegen2/components/dcae-redis/templates/pv.yaml deleted file mode 100644 index 72bad411db..0000000000 --- a/kubernetes/dcaegen2/components/dcae-redis/templates/pv.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -{{- $global := . }} -{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) }} -{{- range $i := until (int $global.Values.replicaCount)}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-data-{{$i}} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.fullname" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }} -spec: - capacity: - storage: {{ $global.Values.persistence.size}} - accessModes: - - {{ $global.Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" $global }}-data" - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/dcaegen2/components/dcae-redis/templates/service.yaml b/kubernetes/dcaegen2/components/dcae-redis/templates/service.yaml deleted file mode 100644 index 31c1c22b17..0000000000 --- a/kubernetes/dcaegen2/components/dcae-redis/templates/service.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - #Example internal target port if required - #targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.externalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName2 }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName2 }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/dcaegen2/components/dcae-redis/templates/statefulset.yaml b/kubernetes/dcaegen2/components/dcae-redis/templates/statefulset.yaml deleted file mode 100644 index d4ac832e09..0000000000 --- a/kubernetes/dcaegen2/components/dcae-redis/templates/statefulset.yaml +++ /dev/null @@ -1,125 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - serviceName: {{ .Values.service.name }} - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /bin/sh - - -c - - | - /opt/scripts/redis-cluster-config.sh - ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} - - containerPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.name2 }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - exec: - command: - - sh - - -c - - "redis-cli -h $(hostname) ping" - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - {{end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /conf - name: {{ include "common.fullname" . }}-config - - mountPath: /data - name: {{ include "common.fullname" . }}-data - - mountPath: /opt/scripts - name: {{ include "common.fullname" . }}-scripts - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }} - items: - - key: redis.conf - path: redis.conf - - name: {{ include "common.fullname" . }}-scripts - configMap: - name: {{ include "common.fullname" . }}-scripts - defaultMode: 0755 - - name: localtime - hostPath: - path: /etc/localtime - {{- if not .Values.persistence.enabled }} - - name: {{ include "common.fullname" . }}-data - emptyDir: {} - {{- end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - {{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: {{ include "common.fullname" . }}-data - labels: - name: {{ include "common.fullname" . }} - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size | quote}} - {{- end }} diff --git a/kubernetes/dcaegen2/components/dcae-redis/values.yaml b/kubernetes/dcaegen2/components/dcae-redis/values.yaml deleted file mode 100644 index 3daa740312..0000000000 --- a/kubernetes/dcaegen2/components/dcae-redis/values.yaml +++ /dev/null @@ -1,121 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - persistence: {} - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.redis-cluster-container:1.0.0 -pullPolicy: Always - -# application configuration -# Example: -config: {} - -# default number of instances -replicaCount: 3 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 15 - periodSeconds: 10 - -service: - #Example service definition with external, internal and node ports. - #Services may use any combination of ports depending on the 'type' of - #service being defined. - type: ClusterIP - name: dcae-redis - portName: client - externalPort: 6379 - internalPort: 6379 - portName2: gossip - externalPort2: 16379 - internalPort2: 16379 - -## Persist data to a persitent volume -persistence: - enabled: true - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - volumeReclaimPolicy: Retain - - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: <storageClass> - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - accessMode: ReadWriteOnce - size: 10Mi - mountPath: /dockerdata-nfs - mountSubPath: redis/data - -ingress: - enabled: false - service: - - baseaddr: "dcaeredis" - name: "dcae-redis" - port: 6379 - - baseaddr: "dcaeredisgossip" - name: "dcae-redis" - port: 16379 - config: - ssl: "none" -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 2 - memory: 2Gi - requests: - cpu: 1 - memory: 1Gi - large: - limits: - cpu: 4 - memory: 4Gi - requests: - cpu: 2 - memory: 2Gi - unlimited: {} diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml index 63ce3db3fc..92206f7e2f 100644 --- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -42,7 +42,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.3.2 +image: onap/org.onap.dcaegen2.platform.servicechange-handler:1.4.0 pullPolicy: Always @@ -94,4 +94,4 @@ resources: unlimited: {} # Kubernetes namespace for components deployed via Cloudify manager # If empty, use the common namespace -# dcae_ns: "dcae" +# dcae_ns: "dcae"
\ No newline at end of file diff --git a/kubernetes/dcaegen2/requirements.yaml b/kubernetes/dcaegen2/requirements.yaml index 55931dc331..82629f7e21 100644 --- a/kubernetes/dcaegen2/requirements.yaml +++ b/kubernetes/dcaegen2/requirements.yaml @@ -32,10 +32,6 @@ dependencies: version: ~6.x-0 repository: 'file://components/dcae-healthcheck' condition: dcae-healthcheck.enabled - - name: dcae-redis - version: ~6.x-0 - repository: 'file://components/dcae-redis' - condition: dcae-redis.enabled - name: dcae-servicechange-handler version: ~6.x-0 repository: 'file://components/dcae-servicechange-handler' diff --git a/kubernetes/dcaegen2/resources/expected-components.json b/kubernetes/dcaegen2/resources/expected-components.json index fd3d04fcb8..d89203b070 100644 --- a/kubernetes/dcaegen2/resources/expected-components.json +++ b/kubernetes/dcaegen2/resources/expected-components.json @@ -1,10 +1,10 @@ [ {{- $ctx := . }} -{{- $components := tuple "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-redis" "dcae-servicechange-handler" }} +{{- $components := tuple "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-servicechange-handler" }} {{- range $i, $v := $components }} {{- if index $ctx.Values . "enabled" }} {{- if $i }},{{ end }} {{ $v | quote | indent 2 }} {{- end -}} {{- end }} -]
\ No newline at end of file +] diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml index c66a786537..939bd115a4 100644 --- a/kubernetes/dcaegen2/values.yaml +++ b/kubernetes/dcaegen2/values.yaml @@ -24,10 +24,8 @@ global: consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 busyboxRepository: docker.io busyboxImage: library/busybox:1.30 -redis: - replicaCount: 6 -# Enable all DCAE components except redis by default +# Enable all DCAE components by default dcae-bootstrap: enabled: true dcae-cloudify-manager: @@ -44,7 +42,5 @@ dcae-inventory-api: enabled: true dcae-policy-handler: enabled: true -dcae-redis: - enabled: false dcae-servicechange-handler: - enabled: true
\ No newline at end of file + enabled: true diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml index 37bb861235..e390cba4e7 100644 --- a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml @@ -34,8 +34,8 @@ config: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.1 -httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.1 +image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.2 +httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.2 service: type: ClusterIP @@ -97,3 +97,4 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml index 28e79a1593..6d87223ff7 100644 --- a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml @@ -93,7 +93,7 @@ postgres: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.1 +image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.2 # Resource Limit flavor -By Default using small flavor: small @@ -114,3 +114,4 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml index 5a52e10d6e..ac58c70957 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml @@ -57,11 +57,14 @@ spec: value: {{ .Values.config.importK8S }} - name: ONAP_IMPORT_POLICYPLUGIN value: {{ .Values.config.importPolicy }} - - name: ONAP_INPORT_POSTGRESPLUGIN + - name: ONAP_IMPORT_POSTGRESPLUGIN value: {{ .Values.config.importPostgres }} - name: ONAP_IMPORT_CLAMPPLUGIN value: {{ .Values.config.importClamp }} - name: ONAP_IMPORT_DMAAPPLUGIN value: {{ .Values.config.importDMaaP }} + - name: ONAP_USEDMAAPPLUGIN + value: {{ .Values.config.useDmaapPlugin | quote }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" + diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml index 37f79a4a73..8e0fd2fb9d 100644 --- a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -35,11 +35,11 @@ config: #dashboardPassword: doesntmatter mrTopicURL: http://message-router:3904/events importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml - importK8S: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/k8splugin/1.7.2/k8splugin_types.yaml - importPolicy: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/dcaepolicyplugin/2.4.0/dcaepolicyplugin_types.yaml - importPostgres: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.ccsdk.platform.plugins/type_files/pgaas/1.1.0/pgaas_types.yaml - importClamp: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/clamppolicyplugin/1.1.0/clamppolicyplugin_types.yaml - importDMaaP: https://nexus.onap.org/content/repositories/raw/org.onap.ccsdk.platform.plugins/type_files/dmaap/dmaap.yaml + importK8S: plugin:k8splugin?version=3.3.0 + importPostgres: plugin:pgaas?version=1.3.0 + importClamp: plugin:clamppolicyplugin?version=1.1.0 + importDMaaP: plugin:dmaap?version=1.5.0 + useDmaapPlugin: false secrets: - uid: "dashsecret" @@ -72,7 +72,7 @@ readiness: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.3 +image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.6 # Resource Limit flavor -By Default using small flavor: small @@ -93,3 +93,4 @@ resources: cpu: 2 memory: 2Gi unlimited: {} + diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml index cde35af14c..f8ef8d1452 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/dmaap-provisioning-job.yaml @@ -5,7 +5,7 @@ metadata: namespace: {{ include "common.namespace" . }} labels: {{- include "common.labels" . | nindent 4 }} spec: - backoffLimit: 5 + backoffLimit: 20 template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: diff --git a/kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json b/kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json index 27df701b80..2ce2d8564b 100644 --- a/kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json +++ b/kubernetes/multicloud/charts/multicloud-k8s/resources/config/config.json @@ -45,7 +45,8 @@ "HEAT_VOL", "OTHER", "VF_MODULES_METADATA", - "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT" + "CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT", + "HELM" ], "consumerGroup": "multicloud-k8s-group", "environmentName": "AUTO", diff --git a/kubernetes/onap/resources/environments/public-cloud.yaml b/kubernetes/onap/resources/environments/public-cloud.yaml index 3062e4e3fa..08329d8b43 100644 --- a/kubernetes/onap/resources/environments/public-cloud.yaml +++ b/kubernetes/onap/resources/environments/public-cloud.yaml @@ -146,9 +146,6 @@ sdnc: sdnc-ansible-server: readiness: initialDelaySeconds: 120 - sdnc-portal: - readiness: - initialDelaySeconds: 120 ueb-listener: liveness: initialDelaySeconds: 60 diff --git a/kubernetes/onap/resources/overrides/environment.yaml b/kubernetes/onap/resources/overrides/environment.yaml index 2788e244e2..5f2336382f 100644 --- a/kubernetes/onap/resources/overrides/environment.yaml +++ b/kubernetes/onap/resources/overrides/environment.yaml @@ -213,9 +213,6 @@ sdnc: sdnc-ansible-server: readiness: initialDelaySeconds: 120 - sdnc-portal: - readiness: - initialDelaySeconds: 120 ueb-listener: liveness: initialDelaySeconds: 60 diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index b96385cf07..dd80323216 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -90,6 +90,12 @@ global: # flag to enable debugging - application support required debugEnabled: false + # configuration to set log level to all components (the one that are using + # "common.log.level" to set this) + # can be overrided per components by setting logConfiguration.logLevelOverride + # to the desired value + # logLevel: DEBUG + #Global ingress configuration ingress: enabled: false diff --git a/kubernetes/policy/.helmignore b/kubernetes/policy/.helmignore index f0c1319444..f0c1319444 100644..100755 --- a/kubernetes/policy/.helmignore +++ b/kubernetes/policy/.helmignore diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml index f98bcd6fdd..57dd77ec37 100644..100755 --- a/kubernetes/policy/Chart.yaml +++ b/kubernetes/policy/Chart.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018, 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,6 +14,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP Policy Administration Point +description: ONAP Policy name: policy version: 6.0.0 diff --git a/kubernetes/policy/Makefile b/kubernetes/policy/Makefile new file mode 100755 index 0000000000..8af301d7ae --- /dev/null +++ b/kubernetes/policy/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw-tweaks.sh b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw-tweaks.sh deleted file mode 100644 index d7b27a071c..0000000000 --- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw-tweaks.sh +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#! /bin/bash - -PROPS_BUILD="${POLICY_HOME}/etc/build.info" - -PROPS_RUNTIME="${POLICY_HOME}/servers/brmsgw/config.properties" -PROPS_INSTALL="${POLICY_HOME}/install/servers/brmsgw/config.properties" - - -if [ ! -f "${PROPS_BUILD}" ]; then - echo "error: version information does not exist: ${PROPS_BUILD}" - exit 1 -fi - -source "${POLICY_HOME}/etc/build.info" - -if [ -z "${version}" ]; then - echo "error: no version information present" - exit 1 -fi - -for CONFIG in ${PROPS_RUNTIME} ${PROPS_INSTALL}; do - if [ ! -f "${CONFIG}" ]; then - echo "warning: configuration does not exist: ${CONFIG}" - else - sed -i -e "s/brms.dependency.version=.*/brms.dependency.version=${version}/g" "${CONFIG}" - fi -done diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf deleted file mode 100644 index a0e5d1ec87..0000000000 --- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# BRMSpep component installation configuration parameters -BRMSGW_JMX_PORT=9989 - -COMPONENT_X_MX_MB=1024 -COMPONENT_X_MS_MB=1024 - -REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/ -REST_PDP_ID=https://{{ .Values.global.pdp.nameOverride }}:{{.Values.config.pdpPort}}/pdp/ - -PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID} -PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD} -PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID} -PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD} - -M2_HOME=/usr/share/java/maven-3 -snapshotRepositoryID=policy-nexus-snapshots -snapshotRepositoryName=Snapshots -snapshotRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots -releaseRepositoryID=policy-nexus-releases -releaseRepositoryName=Releases -releaseRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases -repositoryUsername=${REPOSITORY_USERNAME} -repositoryPassword=${REPOSITORY_PASSWORD} -UEB_URL=message-router -UEB_TOPIC=PDPD-CONFIGURATION -UEB_API_KEY= -UEB_API_SECRET= - -groupID=org.onap.policy-engine -artifactID=drlPDPGroup -AMSTERDAM_GROUP_ID=org.onap.policy-engine.drools.amsterdam -AMSTERDAM_ARTIFACT_ID=policy-amsterdam-rules - -# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase -resource_name=brmsgw_1 -node_type=brms_gateway - -#Environment should be Set either DEV, TEST or PROD -ENVIRONMENT=TEST - -#Notification Properties... type can be either websocket, ueb, or dmaap -BRMS_NOTIFICATION_TYPE=websocket -BRMS_UEB_URL=message-router -BRMS_UEB_TOPIC=PDPD-CONFIGURATION -BRMS_UEB_DELAY= -BRMS_CLIENT_ID=python -BRMS_CLIENT_KEY=dGVzdA== -BRMS_UEB_API_KEY= -BRMS_UEB_API_SECRET= - -#Dependency.json file version -BRMS_DEPENDENCY_VERSION=1.6.4 -BRMS_MODELS_DEPENDENCY_VERSION=2.2.6 diff --git a/kubernetes/policy/charts/brmsgw/templates/NOTES.txt b/kubernetes/policy/charts/brmsgw/templates/NOTES.txt deleted file mode 100644 index fa0aa7d258..0000000000 --- a/kubernetes/policy/charts/brmsgw/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/brmsgw/templates/configmap.yaml b/kubernetes/policy/charts/brmsgw/templates/configmap.yaml deleted file mode 100644 index 9e515917a0..0000000000 --- a/kubernetes/policy/charts/brmsgw/templates/configmap.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-pe-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }} - diff --git a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml deleted file mode 100644 index 7dd96926ce..0000000000 --- a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml +++ /dev/null @@ -1,174 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done" - env: - - name: JDBC_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: JDBC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - - name: PDP_HTTP_USER_ID - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} - - name: PDP_HTTP_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} - - name: PDP_PAP_PDP_HTTP_USER_ID - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} - - name: PDP_PAP_PDP_HTTP_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} - - name: REPOSITORY_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }} - - name: REPOSITORY_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }} - volumeMounts: - - mountPath: /config-input/pe - name: pe-input - - mountPath: /config-input/pe-brmsgw - name: pe-brmsgw-input - - mountPath: /config/pe - name: pe - - mountPath: /config/pe-brmsgw - name: pe-brmsgw - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - - command: - - /root/ready.py - args: - - --container-name - - {{ .Values.global.pap.nameOverride }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - containers: - - command: - - /bin/bash - - ./do-start.sh - - brmsgw - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: JDBC_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: JDBC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - - name: PDP_HTTP_USER_ID - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} - - name: PDP_HTTP_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} - - name: PDP_PAP_PDP_HTTP_USER_ID - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} - - name: PDP_PAP_PDP_HTTP_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} - - name: REPOSITORY_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }} - - name: REPOSITORY_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }} - ports: - - containerPort: {{ .Values.service.externalPort }} - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.externalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{- end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.externalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /tmp/policy-install/config/brmsgw-tweaks.sh - name: pe-brmsgw - subPath: brmsgw-tweaks.sh - - mountPath: /tmp/policy-install/config/brmsgw.conf - name: pe-brmsgw - subPath: brmsgw.conf - - mountPath: /tmp/policy-install/config/base.conf - name: pe - subPath: base.conf - - mountPath: /tmp/policy-install/do-start.sh - name: pe-scripts - subPath: do-start.sh - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: pe-input - configMap: - name: {{ include "common.release" . }}-pe-configmap - defaultMode: 0755 - - name: pe-scripts - configMap: - name: {{ include "common.release" . }}-pe-scripts-configmap - defaultMode: 0777 - - name: pe-brmsgw-input - configMap: - name: {{ include "common.fullname" . }}-pe-configmap - defaultMode: 0755 - - name: pe - emptyDir: - medium: Memory - - name: pe-brmsgw - emptyDir: - medium: Memory - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml deleted file mode 100644 index 70a2e3e855..0000000000 --- a/kubernetes/policy/charts/brmsgw/values.yaml +++ /dev/null @@ -1,133 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - envsubstImage: dibi/envsubst - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-secret - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' - login: '{{ .Values.db.user }}' - password: '{{ .Values.db.password }}' - passwordPolicy: required - - uid: pdp-http-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}' - login: '{{ .Values.pdp.pdphttpuserid }}' - password: '{{ .Values.pdp.pdphttppassword }}' - passwordPolicy: required - - uid: pap-http-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}' - login: '{{ .Values.pap.pdppappdphttpuserid }}' - password: '{{ .Values.pap.pdppappdphttppassword }}' - passwordPolicy: required - - uid: nexus-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.nexus.nexusCredsExternalSecret) . }}' - login: '{{ .Values.nexus.repositoryUsername }}' - password: '{{ .Values.nexus.repositoryPassword }}' - passwordPolicy: required - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.4 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: - papPort: 9091 - pdpPort: 8081 - nexusPort: 8081 - -db: - user: policy_user - password: policy_user -pdp: - pdphttpuserid: testpdp - pdphttppassword: alpha123 -pap: - pdppappdphttpuserid: testpap - pdppappdphttppassword: alpha123 -nexus: - repositoryUsername: admin - repositoryPassword: admin123 - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: false - -readiness: - initialDelaySeconds: 30 - periodSeconds: 10 - -service: - type: ClusterIP - name: brmsgw - portName: brmsgw - externalPort: 9989 - internalPort: 9989 - nodePort: 16 - - -ingress: - enabled: false - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 2Gi - requests: - cpu: 10m - memory: 0.5Gi - large: - limits: - cpu: 2 - memory: 4Gi - requests: - cpu: 20m - memory: 1Gi - unlimited: {} diff --git a/kubernetes/policy/charts/drools/charts/nexus/requirements.yaml b/kubernetes/policy/charts/drools/charts/nexus/requirements.yaml deleted file mode 100644 index d3c442d32e..0000000000 --- a/kubernetes/policy/charts/drools/charts/nexus/requirements.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' diff --git a/kubernetes/policy/charts/drools/charts/nexus/templates/NOTES.txt b/kubernetes/policy/charts/drools/charts/nexus/templates/NOTES.txt deleted file mode 100644 index 5d0107eb99..0000000000 --- a/kubernetes/policy/charts/drools/charts/nexus/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/drools/charts/nexus/templates/service.yaml b/kubernetes/policy/charts/drools/charts/nexus/templates/service.yaml deleted file mode 100644 index 7883651a2e..0000000000 --- a/kubernetes/policy/charts/drools/charts/nexus/templates/service.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/policy/charts/drools/requirements.yaml b/kubernetes/policy/charts/drools/requirements.yaml deleted file mode 100644 index d3c442d32e..0000000000 --- a/kubernetes/policy/charts/drools/requirements.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' diff --git a/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties b/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties deleted file mode 100644 index 189248ffb3..0000000000 --- a/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties +++ /dev/null @@ -1,47 +0,0 @@ -### -# ============LICENSE_START======================================================= -# feature-healthcheck -# ================================================================================ -# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -### - -http.server.services=HEALTHCHECK -http.server.services.HEALTHCHECK.host=0.0.0.0 -http.server.services.HEALTHCHECK.port=6969 -http.server.services.HEALTHCHECK.restClasses=org.onap.policy.drools.healthcheck.RestHealthCheck -http.server.services.HEALTHCHECK.managed=false -http.server.services.HEALTHCHECK.swagger=true -http.server.services.HEALTHCHECK.userName=${envd:HEALTHCHECK_USER} -http.server.services.HEALTHCHECK.password=${envd:HEALTHCHECK_PASSWORD} -http.server.services.HEALTHCHECK.https=true -http.server.services.HEALTHCHECK.aaf=${envd:AAF:false} -http.server.services.HEALTHCHECK.serialization.provider=org.onap.policy.common.gson.JacksonHandler,org.onap.policy.common.endpoints.http.server.YamlJacksonHandler - -http.client.services=PAP - -http.client.services.PAP.host={{ .Values.global.pap.nameOverride }} -http.client.services.PAP.port=9091 -http.client.services.PAP.contextUriPath=pap/test -http.client.services.PAP.https=true -http.client.services.PAP.userName=${envd:PAP_LEGACY_USERNAME} -http.client.services.PAP.password=${envd:PAP_LEGACY_PASSWORD} - -http.client.services.PDP.host={{ .Values.global.pdp.nameOverride }} -http.client.services.PDP.port=8081 -http.client.services.PDP.contextUriPath=pdp/test -http.client.services.PDP.https=true -http.client.services.PDP.userName=${envd:PDP_LEGACY_USERNAME} -http.client.services.PDP.password=${envd:PDP_LEGACY_PASSWORD} diff --git a/kubernetes/policy/charts/drools/resources/configmaps/status.post.sh b/kubernetes/policy/charts/drools/resources/configmaps/status.post.sh deleted file mode 100644 index e2d7381689..0000000000 --- a/kubernetes/policy/charts/drools/resources/configmaps/status.post.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -# ============LICENSE_START======================================================= -# ONAP -# ================================================================================ -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= - -policy status diff --git a/kubernetes/policy/charts/pap/templates/NOTES.txt b/kubernetes/policy/charts/pap/templates/NOTES.txt deleted file mode 100644 index 170b03e6db..0000000000 --- a/kubernetes/policy/charts/pap/templates/NOTES.txt +++ /dev/null @@ -1,37 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2019 Nordix Foundation. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/pdp/Chart.yaml b/kubernetes/policy/charts/pdp/Chart.yaml deleted file mode 100644 index 25301ee483..0000000000 --- a/kubernetes/policy/charts/pdp/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Policy PDP -name: pdp -version: 6.0.0 diff --git a/kubernetes/policy/charts/pdp/requirements.yaml b/kubernetes/policy/charts/pdp/requirements.yaml deleted file mode 100644 index d3c442d32e..0000000000 --- a/kubernetes/policy/charts/pdp/requirements.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' diff --git a/kubernetes/policy/charts/pdp/resources/config/log/xacml-pdp-rest/logback.xml b/kubernetes/policy/charts/pdp/resources/config/log/xacml-pdp-rest/logback.xml deleted file mode 100644 index daa4112e51..0000000000 --- a/kubernetes/policy/charts/pdp/resources/config/log/xacml-pdp-rest/logback.xml +++ /dev/null @@ -1,150 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---> - -<configuration scan="true" scanPeriod="3 seconds" debug="true"> - <!--<jmxConfigurator /> --> - <!-- specify the base path of the log directory --> - <property name="logDir" value="/var/log/onap" /> - <!-- specify the component name --> - <property name="componentName" value="policy" /> - <!-- specify the sub component name --> - <property name="subComponentName" value="xacml-pdp-rest" /> - <!-- The directories where logs are written --> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" /> - <!-- log file names --> - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - <property name="queueSize" value="256" /> - <property name="maxFileSize" value="50MB" /> - <property name="maxHistory" value="30" /> - <property name="totalSizeCap" value="10GB" /> - <!-- Example evaluator filter applied against console appender --> - <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <!-- ============================================================================ --> - <!-- EELF Appenders --> - <!-- ============================================================================ --> - <!-- The EELFAppender is used to record events to the general application - log --> - <!-- EELF Audit Appender. This appender is used to record audit engine - related logging events. The audit logger and appender are specializations - of the EELF application root logger and appender. This can be used to segregate - Policy engine events from other components, or it can be eliminated to record - these events as part of the application root log. --> - <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${auditLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFAudit" /> - </appender> - <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${metricsLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - - %msg%n"</pattern> --> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFMetrics" /> - </appender> - <appender name="EELFError" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${errorLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>INFO</level> - </filter> - </appender> - <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFError" /> - </appender> - <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/${debugLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFDebug" /> - <includeCallerData>true</includeCallerData> - </appender> - <!-- ============================================================================ --> - <!-- EELF loggers --> - <!-- ============================================================================ --> - <logger name="com.att.eelf.audit" level="info" additivity="false"> - <appender-ref ref="asyncEELFAudit" /> - </logger> - <logger name="com.att.eelf.metrics" level="info" additivity="false"> - <appender-ref ref="asyncEELFMetrics" /> - </logger> - <logger name="com.att.eelf.error" level="info" additivity="false"> - <appender-ref ref="asyncEELFError" /> - </logger> - <logger name="com.att.eelf.debug" level="debug" additivity="false"> - <appender-ref ref="asyncEELFDebug" /> - </logger> - <root level="INFO"> - <appender-ref ref="asyncEELFDebug" /> - </root> -</configuration> diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdp-tweaks.sh b/kubernetes/policy/charts/pdp/resources/config/pe/pdp-tweaks.sh deleted file mode 100644 index 6060fe9b6f..0000000000 --- a/kubernetes/policy/charts/pdp/resources/config/pe/pdp-tweaks.sh +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#! /bin/bash - diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf deleted file mode 100644 index bb12880ca7..0000000000 --- a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf +++ /dev/null @@ -1,70 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# pdp component installation configuration parameters - -# tomcat specific parameters - -TOMCAT_JMX_PORT=9991 -TOMCAT_SHUTDOWN_PORT=8087 -SSL_HTTP_CONNECTOR_PORT=8081 -SSL_AJP_CONNECTOR_PORT=8381 -SSL_AJP_CONNECTOR_REDIRECT_PORT=8443 - -TOMCAT_X_MS_MB=1024 -TOMCAT_X_MX_MB=1024 - -# pdp properties - -UEB_CLUSTER=message-router - -REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/ -REST_PDP_ID=https://${{"{{"}}FQDN{{"}}"}}:{{.Values.service.externalPort}}/pdp/ -REST_PDP_CONFIG=/opt/app/policy/servers/pdp/bin/config -REST_PDP_WEBAPPS=/opt/app/policy/servers/pdp/webapps -REST_PDP_REGISTER=true -REST_PDP_REGISTER_SLEEP=15 -REST_PDP_REGISTER_RETRIES=-1 -REST_PDP_MAXCONTENT=999999999 - -# PDP related properties -PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID} -PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD} -PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID} -PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD} - -node_type=pdp_xacml -resource_name=pdp_1 -dependency_groups=brmsgw_1 -test_via_jmx=true - -# -# Notification Properties -# Notification type: websocket, ueb or dmaap... if left blank websocket is the default -PDP_NOTIFICATION_TYPE=websocket -PDP_UEB_CLUSTER= -PDP_UEB_TOPIC= -PDP_UEB_DELAY= -PDP_UEB_API_KEY= -PDP_UEB_API_SECRET= -PDP_DMAAP_AAF_LOGIN= -PDP_DMAAP_AAF_PASSWORD= - -#AAF Policy Name space -#Required only, when we use AAF -POLICY_AAF_NAMESPACE= -POLICY_AAF_RESOURCE= - -# Indeterminate resolution -DECISION_INDETERMINATE_RESPONSE=PERMIT diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf deleted file mode 100644 index e7171c280e..0000000000 --- a/kubernetes/policy/charts/pdp/resources/config/pe/pdplp.conf +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# JVM specific parameters -LOGPARSER_JMX_PORT=9997 -LOGPARSER_X_MS_MB=1024 -LOGPARSER_X_MX_MB=1024 - -SERVER=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort}}/pdp/ -LOGPATH=/var/log/onap/policy/pdpx/pdp-rest.log -PARSERLOGPATH=/opt/app/policy/servers/pdplp/bin/IntegrityMonitor.log - -node_type=logparser -# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase -resource_name=pdplp_1 diff --git a/kubernetes/policy/charts/pdp/templates/NOTES.txt b/kubernetes/policy/charts/pdp/templates/NOTES.txt deleted file mode 100644 index 868bb33d2b..0000000000 --- a/kubernetes/policy/charts/pdp/templates/NOTES.txt +++ /dev/null @@ -1,34 +0,0 @@ - -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/pdp/templates/configmap.yaml b/kubernetes/policy/charts/pdp/templates/configmap.yaml deleted file mode 100644 index 79c4d38c68..0000000000 --- a/kubernetes/policy/charts/pdp/templates/configmap.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-log-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/log/xacml-pdp-rest/logback.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-pe-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/charts/pdp/templates/service.yaml b/kubernetes/policy/charts/pdp/templates/service.yaml deleted file mode 100644 index 864676ad6f..0000000000 --- a/kubernetes/policy/charts/pdp/templates/service.yaml +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "{{ include "common.servicename" . }}", - "version": "v1", - "url": "/pdp", - "protocol": "REST", - "port": "{{ .Values.service.externalPort }}", - "visualRange":"1" - }, - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - sessionAffinity: None - clusterIP: None diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml deleted file mode 100644 index 7e99b1bac0..0000000000 --- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml +++ /dev/null @@ -1,184 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - serviceName: {{ include "common.servicename" . }} - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done" - env: - - name: JDBC_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: JDBC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - - name: PDP_HTTP_USER_ID - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} - - name: PDP_HTTP_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} - - name: PDP_PAP_PDP_HTTP_USER_ID - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} - - name: PDP_PAP_PDP_HTTP_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} - volumeMounts: - - mountPath: /config-input/pe - name: pe-input - - mountPath: /config-input/pe-pdp - name: pe-pdp-input - - mountPath: /config/pe - name: pe - - mountPath: /config/pe-pdp - name: pe-pdp - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - - command: - - /root/ready.py - args: - - --container-name - - {{ .Values.global.pap.nameOverride }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - containers: - - command: - - /bin/bash - - ./do-start.sh - - pdp - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: JDBC_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: JDBC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - resources: -{{ include "common.resources" . | indent 12 }} - ports: - - containerPort: {{ .Values.service.externalPort }} - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.externalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{- end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.externalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /tmp/policy-install/config/base.conf - name: pe - subPath: base.conf - - mountPath: /tmp/policy-install/config/pdp-tweaks.sh - name: pe-pdp-input - subPath: pdp-tweaks.sh - - mountPath: /tmp/policy-install/config/pdplp.conf - name: pe-pdp - subPath: pdplp.conf - - mountPath: /tmp/policy-install/config/pdp.conf - name: pe-pdp - subPath: pdp.conf - - mountPath: /tmp/policy-install/do-start.sh - name: pe-scripts - subPath: do-start.sh - - mountPath: /var/log/onap - name: policy-logs - - mountPath: /tmp/logback.xml - name: policy-logback - subPath: logback.xml - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/opt/app/policy/servers/pdp/webapps/pdp/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] - - image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: filebeat-onap - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - name: filebeat-conf - subPath: filebeat.yml - - mountPath: /var/log/onap - name: policy-logs - - mountPath: /usr/share/filebeat/data - name: policy-data-filebeat - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: filebeat-conf - configMap: - name: {{ include "common.release" . }}-filebeat-configmap - - name: policy-logs - emptyDir: {} - - name: policy-data-filebeat - emptyDir: {} - - name: policy-logback - configMap: - name: {{ include "common.fullname" . }}-log-configmap - - name: pe-input - configMap: - name: {{ include "common.release" . }}-pe-configmap - defaultMode: 0755 - - name: pe-scripts - configMap: - name: {{ include "common.release" . }}-pe-scripts-configmap - defaultMode: 0777 - - name: pe-pdp-input - configMap: - name: {{ include "common.fullname" . }}-pe-configmap - defaultMode: 0755 - - name: pe - emptyDir: - medium: Memory - - name: pe-pdp - emptyDir: - medium: Memory - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml deleted file mode 100644 index 8921eabf81..0000000000 --- a/kubernetes/policy/charts/pdp/values.yaml +++ /dev/null @@ -1,122 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018,2019 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-secret - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' - login: '{{ .Values.db.user }}' - password: '{{ .Values.db.password }}' - passwordPolicy: required - - uid: pdp-http-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}' - login: '{{ .Values.pdp.pdphttpuserid }}' - password: '{{ .Values.pdp.pdphttppassword }}' - passwordPolicy: required - - uid: pap-http-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}' - login: '{{ .Values.pap.pdppappdphttpuserid }}' - password: '{{ .Values.pap.pdppappdphttppassword }}' - passwordPolicy: required - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.4 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration - -db: - user: policy_user - password: policy_user -pdp: - pdphttpuserid: testpdp - pdphttppassword: alpha123 -pap: - pdppappdphttpuserid: testpap - pdppappdphttppassword: alpha123 - -config: - papPort: 9091 - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: ClusterIP - name: pdp - portName: pdp - internalPort: 8081 - externalPort: 8081 - -ingress: - enabled: false - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 20m - memory: 2Gi - unlimited: {} diff --git a/kubernetes/policy/charts/policy-common/Chart.yaml b/kubernetes/policy/charts/policy-common/Chart.yaml deleted file mode 100644 index 0af8e01b51..0000000000 --- a/kubernetes/policy/charts/policy-common/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Policy Common -name: policy-common -version: 6.0.0 diff --git a/kubernetes/policy/charts/policy-common/requirements.yaml b/kubernetes/policy/charts/policy-common/requirements.yaml deleted file mode 100644 index d3c442d32e..0000000000 --- a/kubernetes/policy/charts/policy-common/requirements.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -dependencies: - - name: common - version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) - repository: '@local' diff --git a/kubernetes/policy/charts/policy-common/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/charts/policy-common/resources/config/log/filebeat/filebeat.yml deleted file mode 100644 index 258b654f6f..0000000000 --- a/kubernetes/policy/charts/policy-common/resources/config/log/filebeat/filebeat.yml +++ /dev/null @@ -1,55 +0,0 @@ -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -filebeat.prospectors: -#it is mandatory, in our case it's log -- input_type: log - #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. - paths: - - /var/log/onap/*/*/*/*.log - - /var/log/onap/*/*/*.log - - /var/log/onap/*/*.log - #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive - ignore_older: 48h - # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit - clean_inactive: 96h - - -# Name of the registry file. If a relative path is used, it is considered relative to the -# data path. Else full qualified file name. -#filebeat.registry_file: ${path.data}/registry - - -output.logstash: - #List of logstash server ip addresses with port number. - #But, in our case, this will be the loadbalancer IP address. - #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. - hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"] - #If enable will do load balancing among availabe Logstash, automatically. - loadbalance: true - - #The list of root certificates for server verifications. - #If certificate_authorities is empty or not set, the trusted - #certificate authorities of the host system are used. - #ssl.certificate_authorities: $ssl.certificate_authorities - - #The path to the certificate for SSL client authentication. If the certificate is not specified, - #client authentication is not available. - #ssl.certificate: $ssl.certificate - - #The client certificate key used for client authentication. - #ssl.key: $ssl.key - - #The passphrase used to decrypt an encrypted key stored in the configured key file - #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf b/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf deleted file mode 100644 index 810b090069..0000000000 --- a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -JAVA_HOME=/usr/local/openjdk-11 -POLICY_HOME=/opt/app/policy -POLICY_LOGS=/var/log/onap -KEYSTORE_PASSWD=Pol1cy_0nap -TRUSTSTORE_PASSWD=Pol1cy_0nap - -JDBC_DRIVER=org.mariadb.jdbc.Driver -JDBC_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/onap_sdk?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30 -JDBC_LOG_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/log?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30 - -JDBC_USER=${JDBC_USER} -JDBC_PASSWORD=${JDBC_PASSWORD} - -site_name=site_1 -fp_monitor_interval=30 -failed_counter_threshold=3 -test_trans_interval=20 -write_fpc_interval=5 -max_fpc_update_interval=60 -test_via_jmx=false -jmx_fqdn= - -AAF_NAMESPACE=org.onap.policy -AAF_HOST=aaf-locate.{{.Release.Namespace}} - -ENVIRONMENT=TEST - -#Micro Service Model Properties -policy_msOnapName= -policy_msPolicyName= diff --git a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh deleted file mode 100644 index ee427af678..0000000000 --- a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh +++ /dev/null @@ -1,100 +0,0 @@ -#!/bin/bash - -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# Modifications Copyright © 2020 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -# Script to configure and start the Policy components that are to run in the designated container, -# It is intended to be used as the entrypoint in the Dockerfile, so the last statement of the -# script just goes into a long sleep so that the script does not exit (which would cause the -# container to be torn down). - -container=$1 - -case $container in -pap) - comps="base pap paplp console mysql elk" - ;; -pdp) - comps="base pdp pdplp" - ;; -brmsgw) - comps="base brmsgw" - ;; -*) - echo "Usage: do-start.sh pap|pdp|brmsgw" >&2 - exit 1 -esac - - -# skip installation if build.info file is present (restarting an existing container) -if [[ -f /opt/app/policy/etc/build.info ]]; then - echo "Found existing installation, will not reinstall" - . /opt/app/policy/etc/profile.d/env.sh - -else - if [[ -d config ]]; then - cp config/*.conf . - fi - - for comp in $comps; do - echo "Installing component: $comp" - ./docker-install.sh --install $comp - done - for comp in $comps; do - echo "Configuring component: $comp" - ./docker-install.sh --configure $comp - done - - . /opt/app/policy/etc/profile.d/env.sh - - # install keystore - # override the policy keystore and truststore if present - if [[ -f config/policy-keystore ]]; then - cp config/policy-keystore $POLICY_HOME/etc/ssl - fi - - if [[ -f config/policy-truststore ]]; then - cp -f config/policy-truststore $POLICY_HOME/etc/ssl - fi - - if [[ -f config/$container-tweaks.sh ]] ; then - # file may not be executable; running it as an - # argument to bash avoids needing execute perms. - bash config/$container-tweaks.sh - fi - - if [[ $container == pap ]]; then - # wait for DB up - # now that DB is up, invoke database upgrade - # (which does nothing if the db is already up-to-date) - if [[ -v JDBC_USER ]]; then - dbuser=${JDBC_USER}; - else - dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=)) - fi - - if [[ -v JDBC_PASSWORD ]]; then - dbpw=${JDBC_PASSWORD} - else - dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=)) - fi - db_upgrade_remote.sh $dbuser $dbpw {{.Values.global.mariadb.service.name}} - fi - -fi - -policy.sh start -sleep 1000d diff --git a/kubernetes/policy/charts/policy-common/templates/NOTES.txt b/kubernetes/policy/charts/policy-common/templates/NOTES.txt deleted file mode 100644 index fa0aa7d258..0000000000 --- a/kubernetes/policy/charts/policy-common/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/policy-common/templates/configmap.yaml b/kubernetes/policy/charts/policy-common/templates/configmap.yaml deleted file mode 100644 index 4aed50976c..0000000000 --- a/kubernetes/policy/charts/policy-common/templates/configmap.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.release" . }}-pe-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.release" . }}-pe-scripts-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/scripts/do-start.sh").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.release" . }}-filebeat-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/charts/policy-common/values.yaml b/kubernetes/policy/charts/policy-common/values.yaml deleted file mode 100644 index 57eacc56f0..0000000000 --- a/kubernetes/policy/charts/policy-common/values.yaml +++ /dev/null @@ -1,81 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: - logstashServiceName: log-ls - logstashPort: 5044 - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: NodePort - name: <onap-app> - externalPort: <8080> - #Example internal target port if required - #internalPort: <80> - nodePort: <replace with unused node port suffix eg. 23> - -ingress: - enabled: false - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi diff --git a/kubernetes/policy/charts/policy-distribution/templates/NOTES.txt b/kubernetes/policy/charts/policy-distribution/templates/NOTES.txt deleted file mode 100644 index c882c3385e..0000000000 --- a/kubernetes/policy/charts/policy-distribution/templates/NOTES.txt +++ /dev/null @@ -1,37 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2018 Ericsson. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/policy-xacml-pdp/requirements.yaml b/kubernetes/policy/charts/policy-xacml-pdp/requirements.yaml deleted file mode 100644 index f70a3630c3..0000000000 --- a/kubernetes/policy/charts/policy-xacml-pdp/requirements.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -dependencies: - - name: common - version: ~6.x-0 - repository: '@local' diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml deleted file mode 100644 index bd7eb8ea40..0000000000 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/secrets.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/Makefile b/kubernetes/policy/components/Makefile new file mode 100755 index 0000000000..2fc0cbe4ab --- /dev/null +++ b/kubernetes/policy/components/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/policy/charts/policy-apex-pdp/Chart.yaml b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml index d63683ed62..d63683ed62 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml diff --git a/kubernetes/policy/charts/policy-apex-pdp/requirements.yaml b/kubernetes/policy/components/policy-apex-pdp/requirements.yaml index 95b3b6deac..86751eae3c 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/requirements.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/requirements.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +21,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json index 767d1452cc..767d1452cc 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/OnapPfConfig.json +++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/config.json index 5df0a26596..5df0a26596 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/config.json +++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/config.json diff --git a/kubernetes/policy/charts/policy-apex-pdp/resources/config/logback.xml b/kubernetes/policy/components/policy-apex-pdp/resources/config/logback.xml index 634176ea2c..83261220c9 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/resources/config/logback.xml +++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/logback.xml @@ -1,103 +1,103 @@ -<!--
- ============LICENSE_START=======================================================
- Copyright (C) 2020 Bell Canada. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- SPDX-License-Identifier: Apache-2.0
- ============LICENSE_END=========================================================
--->
-
-<configuration scan="true" scanPeriod="30 seconds" debug="false">
-
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/apex-pdp/error.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/apex-pdp/error.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>WARN</level>
- </filter>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="ErrorOut" />
- </appender>
-
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/apex-pdp/debug.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/apex-pdp/debug.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="DebugOut" />
- </appender>
-
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/apex-pdp/network.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/apex-pdp/network.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="NetworkOut" />
- </appender>
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="STDOUT" />
- </appender>
-
- <logger name="network" level="INFO" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <root level="INFO">
- <appender-ref ref="AsyncDebugOut" />
- <appender-ref ref="AsyncErrorOut" />
- <appender-ref ref="AsyncStdOut" />
- </root>
-
+<!-- + ============LICENSE_START======================================================= + Copyright (C) 2020 Bell Canada. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/apex-pdp/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/apex-pdp/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/apex-pdp/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/apex-pdp/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/apex-pdp/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/apex-pdp/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + </configuration>
\ No newline at end of file diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/NOTES.txt b/kubernetes/policy/components/policy-apex-pdp/templates/NOTES.txt index c882c3385e..c882c3385e 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/templates/NOTES.txt +++ b/kubernetes/policy/components/policy-apex-pdp/templates/NOTES.txt diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/configmap.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/configmap.yaml index 23fd1b56d0..d5184bb50f 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/configmap.yaml @@ -1,6 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2020 Nordix Foundation. +# Modifications Copyright (C) 2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,6 +23,11 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} {{- with .Files.Glob "resources/config/*store" }} binaryData: {{- range $path, $bytes := . }} diff --git a/kubernetes/policy/charts/brmsgw/templates/secrets.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/secrets.yaml index bd7eb8ea40..bd7eb8ea40 100644..100755 --- a/kubernetes/policy/charts/brmsgw/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/secrets.yaml diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/service.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml index adbd5ed986..adbd5ed986 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/templates/service.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml index 71a7f3d39c..4deb21a79b 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright (C) 2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -47,6 +48,8 @@ spec: env: - name: TRUSTSTORE_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }} + - name: KEYSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 10 }} - name: RESTSERVER_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD @@ -59,14 +62,15 @@ spec: image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" - command: - - /opt/app/policy/apex-pdp/bin/apexOnapPf.sh - - -c - - /home/apexuser/config/OnapPfConfig.json imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["bash","-c"] + args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \ + source {{ .Values.certInitializer.credsPath }}/.ci; fi;\ + /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"] ports: - containerPort: {{ .Values.service.externalPort }} {{- if eq .Values.liveness.enabled true }} @@ -84,7 +88,14 @@ spec: env: - name: REPLICAS value: "{{ .Values.replicaCount }}" +{{- if not .Values.global.aafEnabled }} + - name: KEYSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 12 }} +{{- end }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -93,7 +104,7 @@ spec: - mountPath: /home/apexuser/config name: apexconfig resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -103,6 +114,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/charts/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index 35b2711b04..21e9df41e6 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -22,6 +22,10 @@ ################################################################# global: nodePortPrefix: 302 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + envsubstImage: dibi/envsubst + aafEnabled: true persistence: {} ################################################################# @@ -35,9 +39,14 @@ secrets: password: '{{ .Values.restServer.password }}' - uid: truststore-pass type: password - externalSecret: '{{ tpl (default "" .Values.truststore.passwordExternalSecret) . }}' - password: '{{ .Values.truststore.password }}' - policy: required + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + - uid: keystore-pass + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -57,6 +66,30 @@ restServer: password: zb!XztG34 truststore: password: Pol1cy_0nap +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-apex-pdp-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 101 + gid: 102 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + export $(/opt/app/aaf_config/bin/agent.sh local showpass + {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12"); + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWORD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); # default number of instances replicaCount: 1 @@ -89,8 +122,8 @@ ingress: enabled: false # Resource Limit flavor -By Default using small -flavor: small # Segregation for Different environment (Small and Large) +flavor: small resources: small: limits: diff --git a/kubernetes/policy/charts/policy-api/Chart.yaml b/kubernetes/policy/components/policy-api/Chart.yaml index 021263a1fc..676a647e9a 100644..100755 --- a/kubernetes/policy/charts/policy-api/Chart.yaml +++ b/kubernetes/policy/components/policy-api/Chart.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/policy/charts/policy-api/requirements.yaml b/kubernetes/policy/components/policy-api/requirements.yaml index f70a3630c3..c9502372be 100644..100755 --- a/kubernetes/policy/charts/policy-api/requirements.yaml +++ b/kubernetes/policy/components/policy-api/requirements.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +20,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/policy/charts/policy-api/resources/config/config.json b/kubernetes/policy/components/policy-api/resources/config/config.json index fba7e6ce12..8db1f5a99f 100644..100755 --- a/kubernetes/policy/charts/policy-api/resources/config/config.json +++ b/kubernetes/policy/components/policy-api/resources/config/config.json @@ -29,7 +29,7 @@ "name": "PolicyProviderParameterGroup", "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl", "databaseDriver": "org.mariadb.jdbc.Driver", - "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/policyadmin", + "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin", "databaseUser": "${SQL_USER}", "databasePassword": "${SQL_PASSWORD_BASE64}", "persistenceUnit": "PolicyMariaDb" diff --git a/kubernetes/policy/charts/policy-api/resources/config/logback.xml b/kubernetes/policy/components/policy-api/resources/config/logback.xml index 4b73633f26..7298e4cc14 100644..100755 --- a/kubernetes/policy/charts/policy-api/resources/config/logback.xml +++ b/kubernetes/policy/components/policy-api/resources/config/logback.xml @@ -1,159 +1,159 @@ -<!--
- ============LICENSE_START=======================================================
- Copyright (C) 2020 Bell Canada. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- SPDX-License-Identifier: Apache-2.0
- ============LICENSE_END=========================================================
--->
-
-<configuration scan="true" scanPeriod="30 seconds" debug="false">
-
- <appender name="ErrorOut"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/api/error.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/api/error.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>WARN</level>
- </filter>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncErrorOut"
- class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="ErrorOut" />
- </appender>
-
- <appender name="DebugOut"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/api/debug.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/api/debug.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncDebugOut"
- class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="DebugOut" />
- </appender>
-
- <appender name="NetworkOut"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/api/network.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/api/network.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncNetworkOut"
- class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="NetworkOut" />
- </appender>
-
- <appender name="MetricOut"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/api/metric.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/api/metric.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncMetricOut"
- class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="MetricOut" />
- </appender>
-
- <appender name="TransactionOut"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/api/audit.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/api/audit.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncTransactionOut"
- class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="TransactionOut" />
- </appender>
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="STDOUT" />
- </appender>
-
- <logger name="network" level="INFO" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <logger name="org.eclipse.jetty.server.RequestLog" level="info"
- additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <logger name="org.eclipse.jetty" level="ERROR" />
-
- <root level="INFO">
- <appender-ref ref="AsyncDebugOut" />
- <appender-ref ref="AsyncErrorOut" />
- <appender-ref ref="AsyncMetricOut" />
- <appender-ref ref="AsyncTransactionOut" />
- <appender-ref ref="AsyncStdOut" />
- </root>
-
-</configuration>
+<!-- + ============LICENSE_START======================================================= + Copyright (C) 2020 Bell Canada. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/api/error.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/api/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/api/debug.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/api/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/api/network.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/api/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="MetricOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/api/metric.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/api/metric.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncMetricOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="MetricOut" /> + </appender> + + <appender name="TransactionOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/api/audit.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/api/audit.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}|%X{AlertSeverity}|%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncTransactionOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="TransactionOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" + additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty" level="ERROR" /> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncMetricOut" /> + <appender-ref ref="AsyncTransactionOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration> diff --git a/kubernetes/policy/charts/policy-api/templates/configmap.yaml b/kubernetes/policy/components/policy-api/templates/configmap.yaml index e2a3de7756..77b7aed22b 100644..100755 --- a/kubernetes/policy/charts/policy-api/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-api/templates/configmap.yaml @@ -1,6 +1,7 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2020 Nordix Foundation. +# Modified Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,6 +23,11 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} {{- with .Files.Glob "resources/config/*store" }} binaryData: {{- range $path, $bytes := . }} diff --git a/kubernetes/policy/charts/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml index f8da461fb4..cfb0937457 100644..100755 --- a/kubernetes/policy/charts/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml @@ -21,10 +21,10 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /root/job_complete.py args: - - --container-name - - {{ include "common.release" . }}-galera-config + - --job-name + - {{ include "common.release" . }}-policy-galera-config env: - name: NAMESPACE valueFrom: @@ -34,7 +34,6 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - - command: - sh args: @@ -57,13 +56,25 @@ spec: image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config - +{{ include "common.certInitializer.initContainer" . | indent 8 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["bash","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ + /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/config.json"] +{{- else }} command: ["/opt/app/policy/api/bin/policy-api.sh"] args: ["/opt/app/policy/api/etc/mounted/config.json"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -81,13 +92,14 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/policy/api/etc/mounted name: apiconfig-processed resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -97,6 +109,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/charts/pap/templates/secrets.yaml b/kubernetes/policy/components/policy-api/templates/secrets.yaml index bd7eb8ea40..bd7eb8ea40 100644..100755 --- a/kubernetes/policy/charts/pap/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-api/templates/secrets.yaml diff --git a/kubernetes/policy/charts/policy-api/templates/service.yaml b/kubernetes/policy/components/policy-api/templates/service.yaml index fba02c84b9..fba02c84b9 100644..100755 --- a/kubernetes/policy/charts/policy-api/templates/service.yaml +++ b/kubernetes/policy/components/policy-api/templates/service.yaml diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index 35700d9f9c..2e45858b9f 100644..100755 --- a/kubernetes/policy/charts/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -23,6 +23,9 @@ global: nodePortPrefix: 304 persistence: {} envsubstImage: dibi/envsubst + aafEnabled: true + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 ################################################################# # Secrets metaconfig @@ -40,6 +43,42 @@ secrets: login: '{{ .Values.restServer.user }}' password: '{{ .Values.restServer.password }}' passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-api-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + export $(/opt/app/aaf_config/bin/agent.sh local showpass + {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12"); + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + ################################################################# # Application configuration defaults. @@ -56,6 +95,10 @@ debugEnabled: false db: user: policy_user password: policy_user + service: + name: policy-mariadb + internalPort: 3306 + restServer: user: healthcheck password: zb!XztG34 @@ -90,4 +133,21 @@ service: ingress: enabled: false -resources: {} +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} + diff --git a/kubernetes/policy/charts/policy-distribution/Chart.yaml b/kubernetes/policy/components/policy-distribution/Chart.yaml index db04d7cc6d..db04d7cc6d 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/Chart.yaml +++ b/kubernetes/policy/components/policy-distribution/Chart.yaml diff --git a/kubernetes/policy/charts/policy-distribution/requirements.yaml b/kubernetes/policy/components/policy-distribution/requirements.yaml index 95b3b6deac..12ce3e0067 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/requirements.yaml +++ b/kubernetes/policy/components/policy-distribution/requirements.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright (C) 2020 AT&T. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +21,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/policy/charts/policy-distribution/resources/config/config.json b/kubernetes/policy/components/policy-distribution/resources/config/config.json index 9b9a7a5a93..9b9a7a5a93 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/resources/config/config.json +++ b/kubernetes/policy/components/policy-distribution/resources/config/config.json diff --git a/kubernetes/policy/charts/policy-distribution/resources/config/logback.xml b/kubernetes/policy/components/policy-distribution/resources/config/logback.xml index 21dd0fca64..8d63217766 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/resources/config/logback.xml +++ b/kubernetes/policy/components/policy-distribution/resources/config/logback.xml @@ -1,113 +1,113 @@ -<!--
- ============LICENSE_START=======================================================
- Copyright (C) 2020 Bell Canada. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- SPDX-License-Identifier: Apache-2.0
- ============LICENSE_END=========================================================
--->
-
-<configuration scan="true" scanPeriod="30 seconds" debug="false">
-
- <appender name="ErrorOut"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/distribution/error.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/distribution/error.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>WARN</level>
- </filter>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncErrorOut"
- class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="ErrorOut" />
- </appender>
-
- <appender name="DebugOut"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/distribution/debug.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/distribution/debug.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncDebugOut"
- class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="DebugOut" />
- </appender>
-
- <appender name="NetworkOut"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/distribution/network.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/distribution/network.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncNetworkOut"
- class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="NetworkOut" />
- </appender>
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="STDOUT" />
- </appender>
-
- <logger name="network" level="INFO" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <logger name="org.eclipse.jetty.server.RequestLog" level="info"
- additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <root level="INFO">
- <appender-ref ref="AsyncDebugOut" />
- <appender-ref ref="AsyncErrorOut" />
- <appender-ref ref="AsyncStdOut" />
- </root>
-
+<!-- + ============LICENSE_START======================================================= + Copyright (C) 2020 Bell Canada. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/distribution/error.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/distribution/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/distribution/debug.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/distribution/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/distribution/network.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/distribution/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" + class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" + additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + </configuration>
\ No newline at end of file diff --git a/kubernetes/policy/charts/policy-distribution/templates/configmap.yaml b/kubernetes/policy/components/policy-distribution/templates/configmap.yaml index 23fd1b56d0..d5184bb50f 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/configmap.yaml @@ -1,6 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2020 Nordix Foundation. +# Modifications Copyright (C) 2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,6 +23,11 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} {{- with .Files.Glob "resources/config/*store" }} binaryData: {{- range $path, $bytes := . }} diff --git a/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml index 8301df1c78..add085f94d 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml @@ -1,3 +1,21 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2020 AT&T Intellectual Property. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + apiVersion: apps/v1 kind: Deployment metadata: @@ -50,12 +68,25 @@ spec: image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["bash","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ + /opt/app/policy/distribution/bin/policy-dist.sh /opt/app/policy/distribution/etc/mounted/config.json"] +{{- else }} command: ["/opt/app/policy/distribution/bin/policy-dist.sh"] args: ["/opt/app/policy/distribution/etc/mounted/config.json"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -73,13 +104,14 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/policy/distribution/etc/mounted name: distributionconfig resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -89,6 +121,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/charts/pdp/templates/secrets.yaml b/kubernetes/policy/components/policy-distribution/templates/secrets.yaml index bd7eb8ea40..bd7eb8ea40 100644..100755 --- a/kubernetes/policy/charts/pdp/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/secrets.yaml diff --git a/kubernetes/policy/charts/policy-distribution/templates/service.yaml b/kubernetes/policy/components/policy-distribution/templates/service.yaml index 9619d0c834..9619d0c834 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/templates/service.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/service.yaml diff --git a/kubernetes/policy/charts/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index 5165b16962..ae80b7d40a 100644..100755 --- a/kubernetes/policy/charts/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -45,6 +45,16 @@ secrets: login: '{{ .Values.sdcBe.user }}' password: '{{ .Values.sdcBe.password }}' passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required ################################################################# # Global configuration defaults. @@ -52,6 +62,9 @@ secrets: global: persistence: {} envsubstImage: dibi/envsubst + aafEnabled: true + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 ################################################################# # Application configuration defaults. @@ -78,6 +91,30 @@ papParameters: sdcBe: user: policy password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-distribution-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + export $(/opt/app/aaf_config/bin/agent.sh local showpass + {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12"); + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); # default number of instances replicaCount: 1 @@ -108,4 +145,20 @@ service: ingress: enabled: false -resources: {} +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} diff --git a/kubernetes/policy/charts/drools/Chart.yaml b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml index 3cc791d36b..22567af862 100644..100755 --- a/kubernetes/policy/charts/drools/Chart.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018, 2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,6 +14,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP Drools Policy Engine -name: drools +description: ONAP Drools Policy Engine (PDP-D) +name: policy-drools-pdp version: 6.0.0 diff --git a/kubernetes/sdnc/charts/sdnc-portal/requirements.yaml b/kubernetes/policy/components/policy-drools-pdp/requirements.yaml index 6a61926e9e..ca24480fc8 100644..100755 --- a/kubernetes/sdnc/charts/sdnc-portal/requirements.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/requirements.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018, 2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,4 +16,7 @@ dependencies: - name: common version: ~6.x-0 - repository: '@local'
\ No newline at end of file + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/policy/charts/drools/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf index c996d13e27..184ae9aee7 100644..100755 --- a/kubernetes/policy/charts/drools/resources/configmaps/base.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf @@ -30,14 +30,14 @@ TELEMETRY_HOST=0.0.0.0 # nexus repository SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots -SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/ +SNAPSHOT_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/ RELEASE_REPOSITORY_ID=policy-nexus-releases -RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/ +RELEASE_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/ REPOSITORY_OFFLINE={{.Values.nexus.offline}} # Relational (SQL) DB access -SQL_HOST={{ .Values.global.mariadb.service.name }} +SQL_HOST={{ .Values.db.name }} # AAF diff --git a/kubernetes/policy/charts/drools/resources/configmaps/feature-pooling-dmaap.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf index 44d0bf18ce..44d0bf18ce 100644..100755 --- a/kubernetes/policy/charts/drools/resources/configmaps/feature-pooling-dmaap.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf diff --git a/kubernetes/policy/charts/drools/resources/configmaps/logback.xml b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml index 49a476cbf6..9cd92da7fa 100644..100755 --- a/kubernetes/policy/charts/drools/resources/configmaps/logback.xml +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml @@ -1,162 +1,162 @@ -<!--
- ============LICENSE_START=======================================================
- Copyright (C) 2020 Bell Canada. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- SPDX-License-Identifier: Apache-2.0
- ============LICENSE_END=========================================================
--->
-
-<configuration scan="true" scanPeriod="30 seconds" debug="false">
-
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pdpd/error.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pdpd/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>WARN</level>
- </filter>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="ErrorOut" />
- </appender>
-
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pdpd/debug.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pdpd/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="DebugOut" />
- </appender>
-
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pdpd/network.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pdpd/network.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="NetworkOut" />
- </appender>
-
- <appender name="MetricOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pdpd/metric.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pdpd/metric.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
- <encoder>
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncMetricOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="MetricOut" />
- </appender>
-
- <appender name="TransactionOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pdpd/audit.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pdpd/audit.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
- <encoder>
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncTransactionOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="TransactionOut" />
- </appender>
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="STDOUT" />
- </appender>
-
- <appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
- <encoder>
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncMetricStdOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="MetricStdOut" />
- </appender>
-
- <appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
- <encoder>
- <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncTransactionStdOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="TransactionStdOut" />
- </appender>
-
- <logger name="network" level="INFO" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <root level="INFO">
- <appender-ref ref="AsyncDebugOut" />
- <appender-ref ref="AsyncErrorOut" />
- <appender-ref ref="AsyncMetricOut" />
- <appender-ref ref="AsyncTransactionOut" />
- <appender-ref ref="AsyncStdOut" />
- <appender-ref ref="AsyncMetricStdOut" />
- <appender-ref ref="AsyncTransactionStdOut" />
- </root>
-
+<!-- + ============LICENSE_START======================================================= + Copyright (C) 2020 Bell Canada. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/network.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="MetricOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/metric.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/metric.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" /> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncMetricOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="MetricOut" /> + </appender> + + <appender name="TransactionOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/audit.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/audit.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" /> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncTransactionOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="TransactionOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" /> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncMetricStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="MetricStdOut" /> + </appender> + + <appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="org.onap.policy.drools.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" /> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncTransactionStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="TransactionStdOut" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncMetricOut" /> + <appender-ref ref="AsyncTransactionOut" /> + <appender-ref ref="AsyncStdOut" /> + <appender-ref ref="AsyncMetricStdOut" /> + <appender-ref ref="AsyncTransactionStdOut" /> + </root> + </configuration>
\ No newline at end of file diff --git a/kubernetes/policy/charts/drools/resources/configmaps/settings.xml b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/settings.xml index 3777d27044..3777d27044 100644..100755 --- a/kubernetes/policy/charts/drools/resources/configmaps/settings.xml +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/settings.xml diff --git a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf b/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf index bb2b90c1a7..bb2b90c1a7 100644..100755 --- a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf diff --git a/kubernetes/policy/charts/drools/templates/configmap.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/configmap.yaml index 9a92ad9769..90d75cc409 100644..100755 --- a/kubernetes/policy/charts/drools/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/configmap.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2018-2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,6 +18,11 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} {{- with .Files.Glob "resources/configmaps/*{.zip,store}" }} binaryData: {{- range $path, $bytes := . }} diff --git a/kubernetes/policy/charts/drools/templates/secrets.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml index 7fb84b5ddc..7fb84b5ddc 100644..100755 --- a/kubernetes/policy/charts/drools/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/secrets.yaml diff --git a/kubernetes/policy/charts/drools/templates/service.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml index 9f4ad9bed4..9f4ad9bed4 100644..100755 --- a/kubernetes/policy/charts/drools/templates/service.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml diff --git a/kubernetes/policy/charts/drools/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml index dd813b4107..dc917ce248 100644..100755 --- a/kubernetes/policy/charts/drools/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2018-2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -37,12 +37,25 @@ spec: spec: initContainers: - command: + - /root/job_complete.py + args: + - --job-name + - {{ include "common.release" . }}-policy-galera-config + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-db-readiness +{{- if not .Values.nexus.offline }} + - command: - /root/ready.py args: - --container-name - - {{ include "common.release" . }}-galera-config - - --container-name - - {{ .Values.global.nexus.nameOverride }} + - {{ .Values.nexus.name }} env: - name: NAMESPACE valueFrom: @@ -52,10 +65,16 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness +{{- end }} +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["bash","-c"] + args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \ + source {{ .Values.certInitializer.credsPath }}/.ci; fi;\ + /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"] ports: - containerPort: {{ .Values.service.externalPort }} - containerPort: {{ .Values.service.externalPort2 }} @@ -79,6 +98,7 @@ spec: - name: SQL_PASSWORD {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -92,22 +112,9 @@ spec: name: drools-config subPath: {{ base $path }} {{- end }} - - mountPath: /var/log/onap - name: policy-logs resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} - - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: filebeat-onap - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - name: filebeat-conf - subPath: filebeat.yml - - mountPath: /var/log/onap - name: policy-logs - - mountPath: /usr/share/filebeat/data - name: policy-data-filebeat nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} {{- end -}} @@ -116,16 +123,10 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: {{ include "common.release" . }}-filebeat-configmap - - name: policy-logs - emptyDir: {} - - name: policy-data-filebeat - emptyDir: {} - name: drools-config configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 292305fa43..5a7f6f0504 100644..100755 --- a/kubernetes/policy/charts/drools/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2020 AT&T +# Modifications Copyright © 2018-2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,9 +20,8 @@ global: nodePortPrefix: 302 readinessRepository: oomk8s readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - ubuntuImage: ubuntu:16.04 + envsubstImage: dibi/envsubst + aafEnabled: true ################################################################# # Secrets metaconfig @@ -67,8 +66,8 @@ readiness: service: type: ClusterIP - name: drools - portName: drools + name: policy-drools-pdp + portName: policy-drools-pdp internalPort: 6969 externalPort: 6969 nodePort: 17 @@ -81,6 +80,27 @@ ingress: # Default installation values to be overridden +certInitializer: + nameOverride: policy-drools-pdp-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 1000 + gid: 1000 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + export $(/opt/app/aaf_config/bin/agent.sh local showpass + {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12"); + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + server: jvmOpts: -server -XshowSettings:vm @@ -98,12 +118,14 @@ telemetry: password: demo123456! nexus: + name: policy-nexus + port: 8081 user: admin password: admin123 - port: 8081 offline: true db: + name: policy-mariadb user: policy_user password: policy_user @@ -155,8 +177,8 @@ cds: svcPort: 9111 # Resource Limit flavor -By Default using small +# Segregation for Different environment (small, large, or unlimited) flavor: small -# Segregation for Different environment (Small and Large) resources: small: limits: diff --git a/kubernetes/policy/charts/drools/charts/nexus/Chart.yaml b/kubernetes/policy/components/policy-nexus/Chart.yaml index faf8a38748..09103ed352 100644..100755 --- a/kubernetes/policy/charts/drools/charts/nexus/Chart.yaml +++ b/kubernetes/policy/components/policy-nexus/Chart.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018-2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,5 +15,5 @@ apiVersion: v1 description: ONAP Policy Nexus -name: nexus +name: policy-nexus version: 6.0.0 diff --git a/kubernetes/policy/charts/brmsgw/requirements.yaml b/kubernetes/policy/components/policy-nexus/requirements.yaml index d3c442d32e..d3c442d32e 100644..100755 --- a/kubernetes/policy/charts/brmsgw/requirements.yaml +++ b/kubernetes/policy/components/policy-nexus/requirements.yaml diff --git a/kubernetes/policy/charts/drools/charts/nexus/templates/deployment.yaml b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml index 3c2aa0e953..95b4cb187f 100644..100755 --- a/kubernetes/policy/charts/drools/charts/nexus/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018-2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -68,7 +68,11 @@ spec: - mountPath: /sonatype-work name: nexus-data resources: -{{ include "common.resources" . | indent 12 }} +{{- if eq .Values.resources.flavor "large" }} +{{ toYaml .Values.resources.large | indent 12 }} +{{- else }} +{{ toYaml .Values.resources.small | indent 12 }} +{{- end -}} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} diff --git a/kubernetes/policy/charts/drools/charts/nexus/templates/pv.yaml b/kubernetes/policy/components/policy-nexus/templates/pv.yaml index 62e66f1602..62e66f1602 100644..100755 --- a/kubernetes/policy/charts/drools/charts/nexus/templates/pv.yaml +++ b/kubernetes/policy/components/policy-nexus/templates/pv.yaml diff --git a/kubernetes/policy/charts/drools/charts/nexus/templates/pvc.yaml b/kubernetes/policy/components/policy-nexus/templates/pvc.yaml index 1cadcc51d5..1cadcc51d5 100644..100755 --- a/kubernetes/policy/charts/drools/charts/nexus/templates/pvc.yaml +++ b/kubernetes/policy/components/policy-nexus/templates/pvc.yaml diff --git a/kubernetes/policy/charts/brmsgw/templates/service.yaml b/kubernetes/policy/components/policy-nexus/templates/service.yaml index 7883651a2e..7883651a2e 100644..100755 --- a/kubernetes/policy/charts/brmsgw/templates/service.yaml +++ b/kubernetes/policy/components/policy-nexus/templates/service.yaml diff --git a/kubernetes/policy/charts/drools/charts/nexus/values.yaml b/kubernetes/policy/components/policy-nexus/values.yaml index 2024bca973..126c4d38ac 100644..100755 --- a/kubernetes/policy/charts/drools/charts/nexus/values.yaml +++ b/kubernetes/policy/components/policy-nexus/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T +# Modifications Copyright © 2018-2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -60,8 +60,8 @@ readiness: service: type: ClusterIP - name: nexus - portName: nexus + name: policy-nexus + portName: policy-nexus externalPort: 8081 internalPort: 8081 nodePort: 36 @@ -76,12 +76,12 @@ persistence: accessMode: ReadWriteOnce size: 2Gi mountPath: /dockerdata-nfs - mountSubPath: nexus/data + mountSubPath: policy/nexus/data -# Resource Limit flavor -By Default using small -flavor: small # Segregation for Different environment (Small and Large) +# Resource Limit flavor - By Default using small resources: + flavor: small small: limits: cpu: 1 diff --git a/kubernetes/policy/charts/pap/Chart.yaml b/kubernetes/policy/components/policy-pap/Chart.yaml index 9133e8685a..6affa3432d 100644..100755 --- a/kubernetes/policy/charts/pap/Chart.yaml +++ b/kubernetes/policy/components/policy-pap/Chart.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Nordix Foundation. +# Modified Copyright (C) 2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,5 +19,5 @@ apiVersion: v1 description: ONAP Policy Administration (PAP) -name: pap +name: policy-pap version: 6.0.0 diff --git a/kubernetes/policy/charts/pap/requirements.yaml b/kubernetes/policy/components/policy-pap/requirements.yaml index a6c2f0a42a..aa47b48548 100644..100755 --- a/kubernetes/policy/charts/pap/requirements.yaml +++ b/kubernetes/policy/components/policy-pap/requirements.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Nordix Foundation. +# Modified Copyright (C) 2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,3 +21,6 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/policy/charts/pap/resources/config/config.json b/kubernetes/policy/components/policy-pap/resources/config/config.json index aba167708c..72c318042f 100644..100755 --- a/kubernetes/policy/charts/pap/resources/config/config.json +++ b/kubernetes/policy/components/policy-pap/resources/config/config.json @@ -40,7 +40,7 @@ "name": "PolicyProviderParameterGroup", "implementation": "org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl", "databaseDriver": "org.mariadb.jdbc.Driver", - "databaseUrl": "jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/{{ .Values.global.mariadb.config.mysqlDatabase }}", + "databaseUrl": "jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin", "databaseUser": "${SQL_USER}", "databasePassword": "${SQL_PASSWORD_BASE64}", "persistenceUnit": "PolicyMariaDb" diff --git a/kubernetes/policy/charts/pap/resources/config/logback.xml b/kubernetes/policy/components/policy-pap/resources/config/logback.xml index 233e6a7dbe..6038e20b84 100644..100755 --- a/kubernetes/policy/charts/pap/resources/config/logback.xml +++ b/kubernetes/policy/components/policy-pap/resources/config/logback.xml @@ -1,103 +1,103 @@ -<!--
- ============LICENSE_START=======================================================
- Copyright (C) 2020 Bell Canada. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- SPDX-License-Identifier: Apache-2.0
- ============LICENSE_END=========================================================
--->
-
-<configuration scan="true" scanPeriod="30 seconds" debug="false">
-
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pap/error.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pap/error.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>WARN</level>
- </filter>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="ErrorOut" />
- </appender>
-
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pap/debug.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pap/debug.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="DebugOut" />
- </appender>
-
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pap/network.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pap/network.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="NetworkOut" />
- </appender>
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="STDOUT" />
- </appender>
-
- <logger name="network" level="INFO" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <root level="INFO">
- <appender-ref ref="AsyncDebugOut" />
- <appender-ref ref="AsyncErrorOut" />
- <appender-ref ref="AsyncStdOut" />
- </root>
-
-</configuration>
+<!-- + ============LICENSE_START======================================================= + Copyright (C) 2020 Bell Canada. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pap/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pap/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pap/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pap/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pap/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pap/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration> diff --git a/kubernetes/policy/charts/pap/templates/configmap.yaml b/kubernetes/policy/components/policy-pap/templates/configmap.yaml index 372bf4dcca..3265fbb220 100644..100755 --- a/kubernetes/policy/charts/pap/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-pap/templates/configmap.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019-2020 Nordix Foundation. All rights reserved. +# Modifications Copyright (C) 2020 AT&T Intellectual Property. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,6 +22,11 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} {{- with .Files.Glob "resources/config/*store" }} binaryData: {{- range $path, $bytes := . }} diff --git a/kubernetes/policy/charts/pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index da44bd54f9..d2ce4ae925 100644..100755 --- a/kubernetes/policy/charts/pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -1,3 +1,21 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2020 AT&T Intellectual Property. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + apiVersion: apps/v1 kind: Deployment metadata: {{- include "common.resourceMetadata" . | nindent 2 }} @@ -9,10 +27,10 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /root/job_complete.py args: - - --container-name - - {{ .Values.global.mariadb.service.name }} + - --job-name + - {{ include "common.release" . }}-policy-galera-config env: - name: NAMESPACE valueFrom: @@ -22,7 +40,6 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness - - command: - sh args: @@ -53,12 +70,25 @@ spec: image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["bash","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ + /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/config.json"] +{{- else }} command: ["/opt/app/policy/pap/bin/policy-pap.sh"] args: ["/opt/app/policy/pap/etc/mounted/config.json"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} ports: {{ include "common.containerPorts" . | nindent 12 }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container @@ -75,13 +105,14 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/policy/pap/etc/mounted name: papconfig-processed resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -91,6 +122,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/charts/policy-apex-pdp/templates/secrets.yaml b/kubernetes/policy/components/policy-pap/templates/secrets.yaml index bd7eb8ea40..bd7eb8ea40 100644..100755 --- a/kubernetes/policy/charts/policy-apex-pdp/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-pap/templates/secrets.yaml diff --git a/kubernetes/policy/charts/pap/templates/service.yaml b/kubernetes/policy/components/policy-pap/templates/service.yaml index 5c4061e831..5c4061e831 100644..100755 --- a/kubernetes/policy/charts/pap/templates/service.yaml +++ b/kubernetes/policy/components/policy-pap/templates/service.yaml diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 3eba5564ac..9c0f13b622 100644..100755 --- a/kubernetes/policy/charts/pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -25,6 +25,9 @@ global: nodePortPrefixExt: 304 persistence: {} envsubstImage: dibi/envsubst + aafEnabled: true + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 ################################################################# # Secrets metaconfig @@ -54,6 +57,42 @@ secrets: login: '{{ .Values.healthCheckRestClient.distribution.user }}' password: '{{ .Values.healthCheckRestClient.distribution.password }}' passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-pap-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + export $(/opt/app/aaf_config/bin/agent.sh local showpass + {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12"); + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + ################################################################# # Application configuration defaults. @@ -71,9 +110,14 @@ debugEnabled: false db: user: policy_user password: policy_user + service: + name: policy-mariadb + internalPort: 3306 + restServer: user: healthcheck password: zb!XztG34 + healthCheckRestClient: api: user: healthcheck @@ -115,4 +159,21 @@ service: ingress: enabled: false -resources: {} +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} + diff --git a/kubernetes/policy/charts/policy-xacml-pdp/Chart.yaml b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml index ab79a68745..fda3fde208 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/Chart.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,6 +17,6 @@ # ============LICENSE_END========================================================= apiVersion: v1 -description: ONAP Policy XACML PDP +description: ONAP Policy XACML PDP (PDP-X) name: policy-xacml-pdp version: 6.0.0 diff --git a/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml b/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml new file mode 100755 index 0000000000..c9502372be --- /dev/null +++ b/kubernetes/policy/components/policy-xacml-pdp/requirements.yaml @@ -0,0 +1,25 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json index 1598ca4afa..1598ca4afa 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/logback.xml b/kubernetes/policy/components/policy-xacml-pdp/resources/config/logback.xml index 61fbe4b2cf..ae0beaade8 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/logback.xml +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/logback.xml @@ -1,103 +1,103 @@ -<!--
- ============LICENSE_START=======================================================
- Copyright (C) 2020 Bell Canada. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- SPDX-License-Identifier: Apache-2.0
- ============LICENSE_END=========================================================
--->
-
-<configuration scan="true" scanPeriod="30 seconds" debug="false">
-
- <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pdpx/error.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pdpx/error.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>WARN</level>
- </filter>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="ErrorOut" />
- </appender>
-
- <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pdpx/debug.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pdpx/debug.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="DebugOut" />
- </appender>
-
- <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/onap/policy/pdpx/network.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>/var/log/onap/policy/pdpx/network.%d{yyyy-MM-dd}.%i.log.zip
- </fileNamePattern>
- <maxFileSize>50MB</maxFileSize>
- <maxHistory>30</maxHistory>
- <totalSizeCap>10GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="NetworkOut" />
- </appender>
-
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
- </encoder>
- </appender>
-
- <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="STDOUT" />
- </appender>
-
- <logger name="network" level="INFO" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
- <appender-ref ref="AsyncNetworkOut" />
- <appender-ref ref="AsyncStdOut" />
- </logger>
-
- <root level="INFO">
- <appender-ref ref="AsyncDebugOut" />
- <appender-ref ref="AsyncErrorOut" />
- <appender-ref ref="AsyncStdOut" />
- </root>
-
+<!-- + ============LICENSE_START======================================================= + Copyright (C) 2020 Bell Canada. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpx/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpx/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpx/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpx/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpx/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpx/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + </configuration>
\ No newline at end of file diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties index c7e4ad197e..b53200be9a 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/xacml.properties +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/xacml.properties @@ -48,6 +48,6 @@ xacml.pip.engines=count-recent-operations,get-operation-outcome # JPA Properties # javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver -javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory +javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory javax.persistence.jdbc.user=${SQL_USER} javax.persistence.jdbc.password=${SQL_PASSWORD_BASE64} diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/configmap.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/configmap.yaml index 3ca4f82963..85ce86c338 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/configmap.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright (C) 2020 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,6 +22,11 @@ kind: ConfigMap metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} {{- with .Files.Glob "resources/config/*store" }} binaryData: {{- range $path, $bytes := . }} diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml index 3580018eb4..a83f1d8699 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml @@ -1,3 +1,21 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2020 AT&T Intellectual Property. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + apiVersion: apps/v1 kind: Deployment metadata: @@ -21,10 +39,10 @@ spec: spec: initContainers: - command: - - /root/ready.py + - /root/job_complete.py args: - - --container-name - - {{ include "common.release" . }}-galera-config + - --job-name + - {{ include "common.release" . }}-policy-galera-config env: - name: NAMESPACE valueFrom: @@ -60,12 +78,25 @@ spec: image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["bash","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\ + /opt/app/policy/pdpx/bin/policy-pdpx.sh /opt/app/policy/pdpx/etc/mounted/config.json"] +{{- else }} command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"] args: ["/opt/app/policy/pdpx/etc/mounted/config.json"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -83,6 +114,7 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -91,7 +123,7 @@ spec: emptyDir: medium: Memory resources: -{{ include "common.resources" . | indent 12 }} +{{ include "common.resources" . }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 10 }} @@ -101,6 +133,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/policy/charts/policy-api/templates/secrets.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/secrets.yaml index bd7eb8ea40..bd7eb8ea40 100644..100755 --- a/kubernetes/policy/charts/policy-api/templates/secrets.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/secrets.yaml diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/service.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml index 33b990f208..aeefe41bca 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/service.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 36dd5a57cb..fdeadcff6d 100644..100755 --- a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -22,6 +22,9 @@ global: persistence: {} envsubstImage: dibi/envsubst + aafEnabled: true + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 ################################################################# # Secrets metaconfig @@ -45,6 +48,42 @@ secrets: login: '{{ .Values.apiServer.user }}' password: '{{ .Values.apiServer.password }}' passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-xacml-pdp-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + export $(/opt/app/aaf_config/bin/agent.sh local showpass + {{ .Values.fqi }} {{ .Values.fqdn }} | grep "^cadi_keystore_password_p12"); + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + ################################################################# # Application configuration defaults. @@ -62,9 +101,14 @@ debugEnabled: false db: user: policy_user password: policy_user + service: + name: policy-mariadb + internalPort: 3306 + restServer: user: healthcheck password: zb!XztG34 + apiServer: user: healthcheck password: zb!XztG34 @@ -98,4 +142,21 @@ service: ingress: enabled: false -resources: {} +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} + diff --git a/kubernetes/policy/requirements.yaml b/kubernetes/policy/requirements.yaml index 01e41d9d0f..53ab55d047 100644..100755 --- a/kubernetes/policy/requirements.yaml +++ b/kubernetes/policy/requirements.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018, 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,10 +16,35 @@ dependencies: - name: common version: ~6.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) repository: '@local' - name: mariadb-galera version: ~6.x-0 repository: '@local' + - name: policy-nexus + version: ~6.x-0 + repository: 'file://components/policy-nexus' + condition: policy-nexus.enabled + - name: policy-api + version: ~6.x-0 + repository: 'file://components/policy-api' + condition: policy-api.enabled + - name: policy-pap + version: ~6.x-0 + repository: 'file://components/policy-pap' + condition: policy-pap.enabled + - name: policy-xacml-pdp + version: ~6.x-0 + repository: 'file://components/policy-xacml-pdp' + condition: policy-xacml-pdp.enabled + - name: policy-apex-pdp + version: ~6.x-0 + repository: 'file://components/policy-apex-pdp' + condition: policy-apex-pdp.enabled + - name: policy-drools-pdp + version: ~6.x-0 + repository: 'file://components/policy-drools-pdp' + condition: policy-drools-pdp.enabled + - name: policy-distribution + version: ~6.x-0 + repository: 'file://components/policy-distribution' + condition: policy-distribution.enabled diff --git a/kubernetes/policy/resources/config/db.sh b/kubernetes/policy/resources/config/db.sh index ef821a11d4..51157f1a8a 100644..100755 --- a/kubernetes/policy/resources/config/db.sh +++ b/kubernetes/policy/resources/config/db.sh @@ -1,5 +1,6 @@ +#!/bin/bash -x # Copyright © 2017 Amdocs, Bell Canada, AT&T -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018, 2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,8 +14,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -#!/bin/bash -xv mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; }; + for db in support onap_sdk log migration operationshistory10 pooling policyadmin operationshistory do mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};" diff --git a/kubernetes/policy/resources/config/log/ep_sdk_app/logback.xml b/kubernetes/policy/resources/config/log/ep_sdk_app/logback.xml deleted file mode 100644 index bcc6b167fc..0000000000 --- a/kubernetes/policy/resources/config/log/ep_sdk_app/logback.xml +++ /dev/null @@ -1,186 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---> -<configuration debug="true" scan="true" scanPeriod="3 seconds"> - <!-- - Logback files for the ECOMP SDK Application "ecomp_app" - are created in directory ${catalina.base}/logs/ecomp_app; - e.g., apache-tomcat-8.0.35/logs/ecomp_app/application.log - --> - <!--<jmxConfigurator /> --> - <!-- specify the base path of the log directory --> - <property name="logDir" value="/var/log/onap" /> - <!-- specify the component name --> - <property name="componentName" value="policy" /> - <!-- specify the sub component name --> - <property name="subComponentName" value="ep_sdk_app" /> - <!-- The directories where logs are written --> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" /> - <!-- log file names --> - <property name="generalLogName" value="application" /> - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - <property name="queueSize" value="256" /> - <property name="maxFileSize" value="50MB" /> - <property name="maxHistory" value="30" /> - <property name="totalSizeCap" value="10GB" /> - <!-- - These loggers are not used in code (yet). - <property name="securityLogName" value="security" /> - <property name="policyLogName" value="policy" /> - <property name="performanceLogName" value="performance" /> - <property name="serverLogName" value="server" /> - --> - <!-- Example evaluator filter applied against console appender --> - <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT"> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <!-- ============================================================================ --> - <!-- EELF Appenders --> - <!-- ============================================================================ --> - <!-- The EELFAppender is used to record events to the general application - log --> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELF"> - <file>${logDirectory}/${generalLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- daily rollover --> - <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - <filter class="org.openecomp.portalapp.util.CustomLoggingFilter" /> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELF"> - <queueSize>${queueSize}</queueSize> - <!-- Class name is part of caller data --> - <includeCallerData>true</includeCallerData> - <appender-ref ref="EELF" /> - </appender> - <!-- EELF Audit Appender. This appender is used to record audit engine - related logging events. The audit logger and appender are specializations - of the EELF application root logger and appender. This can be used to segregate - Policy engine events from other components, or it can be eliminated to record - these events as part of the application root log. --> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFAudit"> - <file>${logDirectory}/${auditLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- daily rollover --> - <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFAudit"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFAudit" /> - </appender> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFMetrics"> - <file>${logDirectory}/${metricsLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- daily rollover --> - <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFMetrics"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFMetrics" /> - </appender> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFError"> - <file>${logDirectory}/${errorLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- daily rollover --> - <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>INFO</level> - </filter> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFError"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFError" /> - </appender> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFDebug"> - <file>${logDirectory}/${debugLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <!-- daily rollover --> - <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFDebug"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFDebug" /> - <includeCallerData>true</includeCallerData> - </appender> - <!-- ============================================================================ --> - <!-- EELF loggers --> - <!-- ============================================================================ --> - <logger additivity="false" level="info" name="com.att.eelf.audit"> - <appender-ref ref="asyncEELFAudit" /> - </logger> - <logger additivity="false" level="info" name="com.att.eelf.metrics"> - <appender-ref ref="asyncEELFMetrics" /> - </logger> - <logger additivity="false" level="info" name="com.att.eelf.error"> - <appender-ref ref="asyncEELFError" /> - </logger> - <logger additivity="false" level="debug" name="com.att.eelf.debug"> - <appender-ref ref="asyncEELFDebug" /> - </logger> - <root level="INFO"> - <appender-ref ref="asyncEELFDebug" /> - </root> -</configuration> diff --git a/kubernetes/policy/resources/config/log/xacml-pap-rest/logback.xml b/kubernetes/policy/resources/config/log/xacml-pap-rest/logback.xml deleted file mode 100644 index 9401e54861..0000000000 --- a/kubernetes/policy/resources/config/log/xacml-pap-rest/logback.xml +++ /dev/null @@ -1,150 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. ---> - -<configuration debug="true" scan="true" scanPeriod="3 seconds"> - <!--<jmxConfigurator /> --> - <!-- specify the base path of the log directory --> - <property name="logDir" value="/var/log/onap" /> - <!-- specify the component name --> - <property name="componentName" value="policy" /> - <!-- specify the sub component name --> - <property name="subComponentName" value="xacml-pap-rest" /> - <!-- The directories where logs are written --> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" /> - <!-- log file names --> - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - <property name="queueSize" value="256" /> - <property name="maxFileSize" value="50MB" /> - <property name="maxHistory" value="30" /> - <property name="totalSizeCap" value="10GB" /> - <!-- Example evaluator filter applied against console appender --> - <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT"> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <!-- ============================================================================ --> - <!-- EELF Appenders --> - <!-- ============================================================================ --> - <!-- The EELFAppender is used to record events to the general application - log --> - <!-- EELF Audit Appender. This appender is used to record audit engine - related logging events. The audit logger and appender are specializations - of the EELF application root logger and appender. This can be used to segregate - Policy engine events from other components, or it can be eliminated to record - these events as part of the application root log. --> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFAudit"> - <file>${logDirectory}/${auditLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFAudit"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFAudit" /> - </appender> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFMetrics"> - <file>${logDirectory}/${metricsLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - - %msg%n"</pattern> --> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFMetrics"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFMetrics" /> - </appender> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFError"> - <file>${logDirectory}/${errorLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>INFO</level> - </filter> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFError"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFError" /> - </appender> - <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFDebug"> - <file>${logDirectory}/${debugLogName}.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> - <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> - <maxFileSize>${maxFileSize}</maxFileSize> - </timeBasedFileNamingAndTriggeringPolicy> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${pattern}</pattern> - </encoder> - </appender> - <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFDebug"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="EELFDebug" /> - <includeCallerData>true</includeCallerData> - </appender> - <!-- ============================================================================ --> - <!-- EELF loggers --> - <!-- ============================================================================ --> - <logger additivity="false" level="info" name="com.att.eelf.audit"> - <appender-ref ref="asyncEELFAudit" /> - </logger> - <logger additivity="false" level="info" name="com.att.eelf.metrics"> - <appender-ref ref="asyncEELFMetrics" /> - </logger> - <logger additivity="false" level="info" name="com.att.eelf.error"> - <appender-ref ref="asyncEELFError" /> - </logger> - <logger additivity="false" level="debug" name="com.att.eelf.debug"> - <appender-ref ref="asyncEELFDebug" /> - </logger> - <root level="INFO"> - <appender-ref ref="asyncEELFDebug" /> - </root> -</configuration> diff --git a/kubernetes/policy/resources/config/pe/console.conf b/kubernetes/policy/resources/config/pe/console.conf deleted file mode 100644 index cb170f0802..0000000000 --- a/kubernetes/policy/resources/config/pe/console.conf +++ /dev/null @@ -1,146 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# configs component installation configuration parameters - -# tomcat specific parameters - -TOMCAT_JMX_PORT=9993 -TOMCAT_SHUTDOWN_PORT=8090 -SSL_HTTP_CONNECTOR_PORT=8443 -SSL_HTTP_CONNECTOR_REDIRECT_PORT=8443 -SSL_AJP_CONNECTOR_PORT=8383 -SSL_AJP_CONNECTOR_REDIRECT_PORT=8443 - -TOMCAT_X_MS_MB=2048 -TOMCAT_X_MX_MB=2048 - -# ------------------ console properties --------------------------- - -# -# Authorization Policy - -ROOT_POLICIES=admin -ADMIN_FILE=Policy-Admin.xml - - -# Set your domain here: - -REST_ADMIN_DOMAIN=com - -# -# Location where the GIT repository is located -# -REST_ADMIN_REPOSITORY=repository - -# -# Location where all the user workspaces are located. -# -REST_ADMIN_WORKSPACE=/opt/app/policy/servers/console/bin/workspace - -# -# These can be set so the Admin Console knows who is logged on. Ideally, you can run the console in a J2EE -# container and setup authentication as you please. Setting HttpSession attribute values will override these -# values set in the properties files. -# -# ((HttpServletRequest) request).getSession().setAttribute("xacml.rest.admin.user.name", "Homer"); -# -# The default policy: Policy-Admin.xml is extremely simple. -# -# You can test authorization within the Admin Console by changing the user id. -# There are 3 supported user ids: -# guest - Read only access -# editor - Read/Write access -# admin - Read/Write/Admin access -# -# An empty or null value for xacml.rest.admin.user.id results in no access to the application at all. -# -# This is for development/demonstration purposes only. A production environment should provide authentication which is -# outside the scope of this application. This application can be used to develop a XACML policy for user authorization -# within this application. -# - -REST_ADMIN_USER_NAME=Administrator -REST_ADMIN_USER_ID=super-admin - -# -# -# Property to declare the max time frame for logs. -# -LOG_TIMEFRAME=30 - -# Property to declare the number of visible rows for users in MicroService Policy -COLUMN_COUNT=3 - -# Dashboard refresh rate in miliseconds -REFRESH_RATE=40000 - -# -# URL location for the PAP servlet. -# - - -REST_PAP_URL=https://{{.Values.global.pap.nameOverride}}:{{.Values.service.externalPort2}}/pap/ - -# -# Config/Action Properties location. -# - -REST_CONFIG_HOME=/opt/app/policy/servers/pap/webapps/Config/ -REST_ACTION_HOME=/opt/app/policy/servers/pap/webapps/Action/ -REST_CONFIG_URL=https://{{.Values.global.pap.nameOverride}}:{{.Values.service.externalPort2}}/ -REST_CONFIG_WEBAPPS=/opt/app/policy/servers/pap/webapps/ - -# PAP account information -CONSOLE_PAP_HTTP_USER_ID=testpap -CONSOLE_PAP_HTTP_PASSWORD=alpha123 - - -node_type=pap_admin -resource_name=console_1 - -# The (optional) period of time in seconds between executions of the integrity audit. -# Value < 0 : Audit does not run (default value if property is not present = -1) -# Value = 0 : Audit runs continuously -# Value > 0 : The period of time in seconds between execution of the audit on a particular node -integrity_audit_period_seconds=-1 - -#Automatic Policy Distribution -automatic_push=false - -#Diff of policies for Firewall feature -FW_GETURL= -FW_AUTHOURL= -FW_PROXY= -FW_PORT= - -#SMTP Server Details for Java Mail -onap_smtp_host= -onap_smtp_port=25 -onap_smtp_userName= -onap_smtp_password= -onap_smtp_emailExtension= -onap_application_name= - -#-----------------------ONAP-PORTAL-Properties---------------------- - -ONAP_REDIRECT_URL=https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm -ONAP_REST_URL=https://portal-app:8443/ONAPPORTAL/auxapi -ONAP_UEB_URL_LIST= -ONAP_PORTAL_INBOX_NAME= -ONAP_UEB_APP_KEY=ueb_key_5 -ONAP_UEB_APP_SECRET=ueb_key_5 -ONAP_UEB_APP_MAILBOX_NAME= -APP_DISPLAY_NAME=ONAP Policy -ONAP_SHARED_CONTEXT_REST_URL=http://portal-app.{{.Release.Namespace}}:8989/ONAPPORTAL/context diff --git a/kubernetes/policy/resources/config/pe/elk.conf b/kubernetes/policy/resources/config/pe/elk.conf deleted file mode 100644 index 2750bff702..0000000000 --- a/kubernetes/policy/resources/config/pe/elk.conf +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# elasticsearch - -ELK_JMX_PORT=9995 diff --git a/kubernetes/policy/resources/config/pe/mysql.conf b/kubernetes/policy/resources/config/pe/mysql.conf deleted file mode 100644 index d4f83d414e..0000000000 --- a/kubernetes/policy/resources/config/pe/mysql.conf +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# mysql scripts component installation configuration parameters - -# Path to mysql bin -MYSQL_BIN=/usr/local/mysql/bin - diff --git a/kubernetes/policy/resources/config/pe/pap-tweaks.sh b/kubernetes/policy/resources/config/pe/pap-tweaks.sh deleted file mode 100644 index 1930b98f77..0000000000 --- a/kubernetes/policy/resources/config/pe/pap-tweaks.sh +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#! /bin/bash diff --git a/kubernetes/policy/resources/config/pe/pap.conf b/kubernetes/policy/resources/config/pe/pap.conf deleted file mode 100644 index ee1a492bc2..0000000000 --- a/kubernetes/policy/resources/config/pe/pap.conf +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# pap component installation configuration parameters - -# tomcat specific parameters - -TOMCAT_JMX_PORT=9990 -TOMCAT_SHUTDOWN_PORT=9405 -SSL_HTTP_CONNECTOR_PORT=9091 -SSL_AJP_CONNECTOR_PORT=8380 -SSL_AJP_CONNECTOR_REDIRECT_PORT=8443 - -TOMCAT_X_MS_MB=1024 -TOMCAT_X_MX_MB=1024 - -# pap properties - -PAP_PDPS=/opt/app/policy/servers/pap/bin/pdps -PAP_URL=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort2}}/pap/ - -PAP_INITIATE_PDP=true -PAP_HEARTBEAT_INTERVAL=10000 -PAP_HEARTBEAT_TIMEOUT=10000 - -REST_ADMIN_DOMAIN=com -REST_ADMIN_REPOSITORY=repository -REST_ADMIN_WORKSPACE=workspace - -# PDP related properties -PAP_PDP_URL=https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-0.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-1.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-2.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;https://{{ include "common.release" . }}-{{ .Values.global.pdp.nameOverride }}-3.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/ -PAP_PDP_HTTP_USER_ID=testpdp -PAP_PDP_HTTP_PASSWORD=alpha123 - -PAP_HTTP_USER_ID=testpap -PAP_HTTP_PASSWORD=alpha123 - -#new values added 10-21-2015 -PROP_PAP_TRANS_WAIT=500000 -PROP_PAP_TRANS_TIMEOUT=5000 -PROP_PAP_AUDIT_TIMEOUT=300000 -PROP_PAP_RUN_AUDIT_FLAG=true -PROP_PAP_AUDIT_FLAG=true - -PROP_PAP_INCOMINGNOTIFICATION_TRIES=4 - - -node_type=pap -resource_name=pap_1 -dependency_groups=paplp_1 -test_via_jmx=true - -# The (optional) period of time in seconds between executions of the integrity audit. -# Value < 0 : Audit does not run (default value if property is not present = -1) -# Value = 0 : Audit runs continuously -# Value > 0 : The period of time in seconds between execution of the audit on a particular node -integrity_audit_period_seconds=-1 diff --git a/kubernetes/policy/resources/config/pe/paplp.conf b/kubernetes/policy/resources/config/pe/paplp.conf deleted file mode 100644 index 34186d5652..0000000000 --- a/kubernetes/policy/resources/config/pe/paplp.conf +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# JVM specific parameters -LOGPARSER_JMX_PORT=9996 -LOGPARSER_X_MS_MB=1024 -LOGPARSER_X_MX_MB=1024 - -SERVER=https://{{ include "common.servicename" . }}:{{.Values.service.externalPort2}}/pap/ -LOGPATH=/var/log/onap/policy/pap/pap-rest.log -PARSERLOGPATH=/opt/app/policy/servers/paplp/bin/IntegrityMonitor.log - -node_type=logparser -# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase -resource_name=paplp_1 diff --git a/kubernetes/policy/templates/NOTES.txt b/kubernetes/policy/templates/NOTES.txt deleted file mode 100644 index fa0aa7d258..0000000000 --- a/kubernetes/policy/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/templates/configmap.yaml b/kubernetes/policy/templates/configmap.yaml index 8c804c35ed..2537e477ea 100644..100755 --- a/kubernetes/policy/templates/configmap.yaml +++ b/kubernetes/policy/templates/configmap.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018, 2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,31 +16,12 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-log-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/log/xacml-pap-rest/logback.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-sdk-log-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/log/ep_sdk_app/logback.xml").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-pe-configmap - namespace: {{ include "common.namespace" . }} -data: -{{ tpl (.Files.Glob "resources/config/pe/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: name: {{ include "common.fullname" . }}-db-configmap namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/db.sh").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/templates/deployment.yaml b/kubernetes/policy/templates/deployment.yaml deleted file mode 100644 index 73493056b7..0000000000 --- a/kubernetes/policy/templates/deployment.yaml +++ /dev/null @@ -1,182 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done" - env: - - name: JDBC_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: JDBC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - volumeMounts: - - mountPath: /config-input - name: pe - - mountPath: /config - name: pe-processed - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - - command: - - /root/ready.py - args: - - --container-name - - {{ include "common.release" . }}-galera-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - containers: - - command: - - /bin/bash - - ./do-start.sh - - pap - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - resources: -{{ include "common.resources" . | indent 12 }} - ports: - - containerPort: {{ .Values.service.externalPort }} - - containerPort: {{ .Values.service.externalPort2 }} - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.externalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.externalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: PRELOAD_POLICIES - value: "{{ .Values.config.preloadPolicies }}" - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /tmp/policy-install/config/pap-tweaks.sh - name: pe-pap - subPath: pap-tweaks.sh - - mountPath: /tmp/policy-install/config/paplp.conf - name: pe-pap - subPath: paplp.conf - - mountPath: /tmp/policy-install/config/pap.conf - name: pe-pap - subPath: pap.conf - - mountPath: /tmp/policy-install/config/mysql.conf - name: pe-pap - subPath: mysql.conf - - mountPath: /tmp/policy-install/config/elk.conf - name: pe-pap - subPath: elk.conf - - mountPath: /tmp/policy-install/config/console.conf - name: pe-pap - subPath: console.conf - - mountPath: /tmp/policy-install/config/base.conf - name: pe-processed - subPath: base.conf - - mountPath: /tmp/policy-install/do-start.sh - name: pe-scripts - subPath: do-start.sh - - mountPath: /var/log/onap - name: policy-logs - - mountPath: /tmp/policy-install/logback.xml - name: policy-sdk-logback - subPath: logback.xml - - mountPath: /tmp/logback.xml - name: policy-logback - subPath: logback.xml - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/opt/app/policy/servers/pap/webapps/pap/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; export SRC=/tmp/policy-install/logback.xml; export DST=/opt/app/policy/servers/console/webapps/onap/WEB-INF/classes/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] - - image: "{{ .Values.global.loggingRepository | default .Values.loggingRepository }}/{{ .Values.global.loggingImage | default .Values.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: filebeat-onap - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - name: filebeat-conf - subPath: filebeat.yml - - mountPath: /var/log/onap - name: policy-logs - - mountPath: /usr/share/filebeat/data - name: policy-data-filebeat - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: filebeat-conf - configMap: - name: {{ include "common.release" . }}-filebeat-configmap - - name: policy-logs - emptyDir: {} - - name: policy-data-filebeat - emptyDir: {} - - name: policy-logback - configMap: - name: {{ include "common.fullname" . }}-log-configmap - - name: policy-sdk-logback - configMap: - name: {{ include "common.fullname" . }}-sdk-log-configmap - - name: pe - configMap: - name: {{ include "common.release" . }}-pe-configmap - defaultMode: 0755 - - name: pe-scripts - configMap: - name: {{ include "common.release" . }}-pe-scripts-configmap - defaultMode: 0777 - - name: pe-pap - configMap: - name: {{ include "common.fullname" . }}-pe-configmap - defaultMode: 0755 - - name: pe-processed - emptyDir: - medium: Memory - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index f6a1ace3dc..57e363bf8d 100644..100755 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -1,4 +1,5 @@ # Copyright © 2018 Amdocs, Bell Canada +# Modifications Copyright © 2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,7 +16,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ include "common.release" . }}-galera-config + name: {{ include "common.release" . }}-policy-galera-config namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }}-job @@ -43,7 +44,7 @@ spec: apiVersion: v1 fieldPath: metadata.namespace containers: - - name: {{ include "common.release" . }}-galera-config + - name: {{ include "common.release" . }}-policy-galera-config image: {{ .Values.mariadb_image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: diff --git a/kubernetes/policy/templates/secrets.yaml b/kubernetes/policy/templates/secrets.yaml index c1f98ba3cc..c1f98ba3cc 100644..100755 --- a/kubernetes/policy/templates/secrets.yaml +++ b/kubernetes/policy/templates/secrets.yaml diff --git a/kubernetes/policy/templates/service.yaml b/kubernetes/policy/templates/service.yaml deleted file mode 100644 index 9f4ad9bed4..0000000000 --- a/kubernetes/policy/templates/service.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2019 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }} - - port: {{ .Values.service.externalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 4de13eee2d..5c023fd9fc 100644..100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2020 AT&T +# Modifications Copyright © 2018-2020 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,23 +17,9 @@ # Global configuration defaults. ################################################################# global: - nodePortPrefix: 302 readinessRepository: oomk8s readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - envsubstImage: dibi/envsubst - ubuntuImage: ubuntu:16.04 - pdp: - nameOverride: pdp - pap: - nameOverride: pap - drools: - nameOverride: drools - brmwgw: - nameOverride: brmsgw - nexus: - nameOverride: nexus + aafEnabled: true mariadb: # '&mariadbConfig' means we "store" the values for later use in the file # with '*mariadbConfig' pointer. @@ -62,49 +48,44 @@ secrets: password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' passwordPolicy: generate -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.4 -mariadb_image: library/mariadb:10 -pullPolicy: Always - -subChartsOnly: - enabled: true - db: &dbSecretsHook credsExternalSecret: *dbSecretName -pap: - nameOverride: pap +policy-api: + enabled: true db: *dbSecretsHook -pdp: - nameOverride: pdp +policy-pap: + enabled: true db: *dbSecretsHook -drools: - nameOverride: drools +policy-xacml-pdp: + enabled: true db: *dbSecretsHook -brmsgw: - nameOverride: brmsgw +policy-apex-pdp: + enabled: true db: *dbSecretsHook -policy-api: +policy-drools-pdp: + enabled: true db: *dbSecretsHook -policy-xacml-pdp: +policy-distribution: + enabled: true db: *dbSecretsHook +policy-nexus: + enabled: true + +################################################################# +# DB configuration defaults. +################################################################# + +repository: nexus3.onap.org:10001 +mariadb_image: library/mariadb:10 +pullPolicy: Always -nexus: - nameOverride: nexus +subChartsOnly: + enabled: true # flag to enable debugging - application support required debugEnabled: false -# application configuration -config: - preloadPolicies: false - pdpPort: 8081 - # default number of instances replicaCount: 1 @@ -124,26 +105,6 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 -service: - type: NodePort - name: pap - portName: pap - internalPort: 8443 - externalPort: 8443 - nodePort: 19 - internalPort2: 9091 - externalPort2: 9091 - nodePort2: 18 - -ingress: - enabled: false - service: - - baseaddr: "policy.api" - name: "pap" - port: 8443 - config: - ssl: "redirect" - mariadb-galera: # mariadb-galera.config and global.mariadb.config must be equals config: @@ -162,22 +123,3 @@ mariadb-galera: [mysqld] lower_case_table_names = 1 -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 20m - memory: 2Gi - unlimited: {} diff --git a/kubernetes/sdnc/charts/sdnc-portal/.helmignore b/kubernetes/sdnc/charts/sdnc-portal/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/sdnc/charts/sdnc-portal/Chart.yaml b/kubernetes/sdnc/charts/sdnc-portal/Chart.yaml deleted file mode 100644 index 15dd2dde29..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: SDN-C Admin Portal -name: sdnc-portal -version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json b/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json deleted file mode 100644 index e845e96b7f..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json +++ /dev/null @@ -1,68 +0,0 @@ -{ - "MainMenu": "gamma", - "dbConnLimit": "100", - "home": "/opt/admportal", - "sslEnabled": "true", - "nonSslPort": "8543", - "ConexusNetworkPort": "{{.Values.service.internalPort}}", - "AppNetworkPort": "8543", - "clusterPort": "8443", - "serviceHomingServiceType": "SDN-ETHERNET-INTERNET", - "passwordKey": "QtfJMKggVk", - "preloadImportDirectory": "C:/data/csv", - "clusterPrefixURL": "/jolokia/read/org.opendaylight.controller:Category=Shards,name=member-", - "clusterMidURL": "-shard-", - "clusterSuffixURL": "-config,type=DistributedConfigDatastore", - "shards": [ - "default", - "inventory", - "topology" - ], - "dbFabric": "false", - "ip-addresses": { - "lo": "127.0.0.1", - "eth0": "127.0.0.1", - "docker0": "172.17.0.1", - "virbr0": "192.168.122.1" - }, - "svclogicPropertiesDb01": "{{.Values.config.configDir}}/svclogic.properties.sdnctldb01", - "databases": [ - "{{include "common.mariadbService" $}}|sdnc-sdnctldb01.{{.Release.Namespace}}" - ], - "dbFabricServer": "localhost", - "dbFabricPort": "32275", - "dbFabricGroupId": "hagroup1", - "dbFabricUser": "${DB_FABRIC_USER}", - "dbFabricPassword": "${DB_FABRIC_PASSWORD", - "dbFabricDB": "{{.Values.config.dbFabricDB}}", - "dbUser": "${SDNC_DB_USER}", - "dbPassword": "${SDNC_DB_PASSWORD}", - "dbName": "{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}", - "odlProtocol": "http", - "odlHost": "sdnc.{{.Release.Namespace}}", - "odlConexusHost": "sdnc.{{.Release.Namespace}}", - "odlPort": "8181", - "odlConexusPort": "8181", - "odlUser": "${ODL_USER}", - "odlPasswd": "${ODL_PASSWORD}", - "ConexusNetwork_sslCert": "{{.Values.config.storesDir}}/org.onap.sdnc.p12", - "ConexusNetwork_sslKey": "${KEYSTORE_PASSWORD}", - "AppNetwork_sslCert": "", - "AppNetwork_sslKey": "", - "hostnameList": [ - { - "hname": "localhost" - } - ], - "shard_list": [ - { - "shard_name": "default" - }, - { - "shard_name": "inventory" - }, - { - "shard_name": "topology" - } - ] -} diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties b/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties deleted file mode 100644 index beb514e583..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties +++ /dev/null @@ -1,31 +0,0 @@ -### -# ============LICENSE_START======================================================= -# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -### -org.onap.ccsdk.sli.dbtype=jdbc -org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01 -org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} -org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver -org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} -org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER} -org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD} -org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01 -org.onap.ccsdk.sli.jdbc.connection.timeout=50 -org.onap.ccsdk.sli.jdbc.request.timeout=100 -org.onap.ccsdk.sli.jdbc.limit.init=10 -org.onap.ccsdk.sli.jdbc.limit.min=10 -org.onap.ccsdk.sli.jdbc.limit.max=20 -org.onap.dblib.connection.recovery=false diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties b/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties deleted file mode 100644 index a2570cd8a1..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties +++ /dev/null @@ -1,5 +0,0 @@ -org.openecomp.sdnctl.sli.dbtype = jdbc -org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb01:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} -org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} -org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER} -org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD} diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02 b/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02 deleted file mode 100644 index 267bc2085a..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02 +++ /dev/null @@ -1,5 +0,0 @@ -org.openecomp.sdnctl.sli.dbtype = jdbc -org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb02:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} -org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} -org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER} -org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD} diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/configmap.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/configmap.yaml deleted file mode 100644 index c41c3ef0d6..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/templates/configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml deleted file mode 100644 index b0e85efdfd..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml +++ /dev/null @@ -1,152 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - sh - args: - - -c - - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" - env: - - name: SDNC_DB_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - - name: SDNC_DB_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} - - name: DB_FABRIC_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "fabric-db-creds" "key" "login") | indent 10 }} - - name: DB_FABRIC_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "fabric-db-creds" "key" "password") | indent 10 }} - - name: ODL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }} - - name: ODL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} - - name: KEYSTORE_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 10 }} - volumeMounts: - - mountPath: /config-input - name: config-input - - mountPath: /config - name: properties - image: "{{ .Values.global.envsubstImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - - - command: - - /root/ready.py - args: - - --container-name - - {{ include "common.mariadbService" . }} - - --container-name - - {{ .Values.config.sdncChartName }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - containers: - - name: {{ include "common.name" . }} - command: ["/bin/bash"] - args: ["-c", "cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh"] - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{ if .Values.liveness.enabled }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: MYSQL_ROOT_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14 }} - - name: SDNC_CONFIG_DIR - value: "{{ .Values.config.configDir }}" - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: {{ .Values.config.configDir }}/admportal.json - name: properties - subPath: admportal.json - - mountPath: {{ .Values.config.configDir }}/dblib.properties - name: properties - subPath: dblib.properties - - mountPath: {{ .Values.config.configDir }}/svclogic.properties - name: properties - subPath: svclogic.properties - - mountPath: {{ .Values.config.configDir }}/svclogic.properties.sdnctldb01 - name: properties - subPath: svclogic.properties - - mountPath: {{ .Values.config.configDir }}/svclogic.properties.sdnctldb02 - name: properties - subPath: svclogic.properties.sdnctldb02 - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: config-input - configMap: - name: {{ include "common.fullname" . }} - defaultMode: 0644 - - name: properties - emptyDir: - medium: Memory - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/ingress.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/ingress.yaml deleted file mode 100644 index 0cd8cfbd36..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/templates/ingress.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright © 2020 Samsung, Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -{{ include "common.ingress" . }} diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/secrets.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/secrets.yaml deleted file mode 100644 index 34932b713d..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/templates/secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{/* -# Copyright © 2020 Samsung Electronics -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.secretFast" . }} diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/service.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/service.yaml deleted file mode 100644 index 815035292b..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/templates/service.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "sdnc-portal", - "version": "v1", - "url": "/", - "protocol": "UI", - "port": "{{ .Values.service.externalPort }}", - "visualRange":"0|1" - } - ]' -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml deleted file mode 100644 index f2ce269505..0000000000 --- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml +++ /dev/null @@ -1,162 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - # envsusbt - envsubstImage: dibi/envsubst - - mariadbGalera: - #This flag allows SO to instantiate its own mariadb-galera cluster - #If shared instance is used, this chart assumes that DB already exists - localCluster: false - service: mariadb-galera - internalPort: 3306 - nameOverride: mariadb-galera - -################################################################# -# Secrets metaconfig -################################################################# -secrets: - - uid: db-root-password - type: password - externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}' - password: '{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}' - passwordPolicy: required - - uid: db-secret - name: &dbSecretName '{{ include "common.release" . }}-sdnc-portal-db-secret' - type: basicAuth - # This is a nasty trick that allows you override this secret using external one - # with the same field that is used to pass this to subchart - externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-portal-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' - login: '{{ index .Values "mariadb-galera" "config" "userName" }}' - password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' - passwordPolicy: required - - uid: odl-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}' - login: '{{ .Values.config.odlUser }}' - password: '{{ .Values.config.odlPassword }}' - passwordPolicy: required - - uid: fabric-db-creds - type: basicAuth - externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}' - login: '{{ .Values.config.dbFabricUser }}' - password: '{{ .Values.config.dbFabricPassword }}' - passwordPolicy: required - - uid: keystore-password - type: password - externalSecret: '{{ tpl (default "" .Values.config.KeyStorePwdExternalSecret) . }}' - password: '{{ .Values.config.keystorePwd }}' - passwordPolicy: required - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/admportal-sdnc-image:1.8.4 -config: - dbFabricDB: mysql - dbFabricUser: admin - dbFabricPassword: admin - # dbFabricDBCredsExternalSecret: some secret - sdncChartName: sdnc - configDir: /opt/onap/sdnc/data/properties - storesDir: /opt/onap/sdnc/data/stores - odlUser: admin - odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U - # odlCredsExternalSecret: some secret - keystorePwd: ff^G9D]yf&r}Ktum@BJ0YB?N - # keystorePwdExternalSecret: some secret - -mariadb-galera: - config: - userCredentialsExternalSecret: *dbSecretName - userName: sdnctl - userPassword: gamma - mysqlDatabase: sdnctl - nameOverride: sdnc-portal-galera - service: - name: sdnc-portal-galera - portName: sdnc-portal-galera - internalPort: 3306 - replicaCount: 1 - persistence: - enabled: true - mountSubPath: sdnc-portal/maria/data - -# default number of instances -replicaCount: 0 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 180 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 60 - periodSeconds: 10 - -service: - type: NodePort - name: sdnc-portal - portName: sdnc-portal - internalPort: 8443 - externalPort: 8443 - nodePort: "01" - -ingress: - enabled: false - service: - - baseaddr: "sdnc-portal.api" - name: "sdnc-portal" - port: 8443 - config: - ssl: "redirect" - -#Resource limit flavor -By default using small -flavor: small -#segregation for different environment (small and large) - -resources: - small: - limits: - cpu: 1 - memory: 1Gi - requests: - cpu: 0.5 - memory: 500Mi - large: - limits: - cpu: 2 - memory: 2Gi - requests: - cpu: 1 - memory: 1Gi - unlimited: {} diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml index a283678bc5..c1d679bd48 100644 --- a/kubernetes/sdnc/requirements.yaml +++ b/kubernetes/sdnc/requirements.yaml @@ -19,6 +19,9 @@ dependencies: - name: certInitializer version: ~6.x-0 repository: '@local' + - name: logConfiguration + version: ~6.x-0 + repository: '@local' - name: network-name-gen version: ~6.x-0 repository: '@local' diff --git a/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg b/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg index a2daef1833..8a608f081a 100644 --- a/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg +++ b/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg @@ -42,7 +42,7 @@ log4j2.rootLogger.appenderRef.Console.ref = Console log4j2.rootLogger.appenderRef.DebugFile.ref = DebugFile log4j2.rootLogger.appenderRef.ErrorFile.ref = ErrorFile log4j2.rootLogger.appenderRef.Console.filter.threshold.type = ThresholdFilter -log4j2.rootLogger.appenderRef.Console.filter.threshold.level = ${karaf.log.console:-OFF} +log4j2.rootLogger.appenderRef.Console.filter.threshold.level = ${env:KARAF_CONSOLE_LOG_LEVEL\:-OFF} log4j2.bundle.info = %X{bundle.id} - %.50X{bundle.name} - %X{bundle.version} # Veracode: Address Improper Output Neutralization for Logs CWE ID 117 flaw @@ -113,7 +113,6 @@ log4j2.appender.error.strategy.max = ${maxBackupIndex} log4j2.appender.error.strategy.fileIndex = min log4j2.appender.error.filter.threshold.type = ThresholdFilter log4j2.appender.error.filter.threshold.level = WARN -log4j2.appender.error.filter.threshold.match = ACCEPT log4j2.appender.metric.type = RollingRandomAccessFile log4j2.appender.metric.name = MetricFile @@ -163,7 +162,7 @@ log4j2.appender.rr.strategy.max = 100 log4j2.appender.rr.strategy.fileIndex = min log4j2.appender.security.type = RollingRandomAccessFile -log4j2.appender.security.name = securityRollingFile +log4j2.appender.security.name = SecurityFile log4j2.appender.security.fileName = ${logDirectory}/${securityLogName}.log log4j2.appender.security.filePattern = ${logDirectory}/${securityLogName}.log.%i log4j2.appender.security.append = true @@ -177,7 +176,7 @@ log4j2.appender.security.policies.size.size = ${maxFileSize} log4j2.logger.security.name = org.apache.karaf.jaas.modules.audit log4j2.logger.security.level = INFO log4j2.logger.security.additivity = false -log4j2.logger.security.appenderRef.AuditRollingFile.ref = AuditRollingFile +log4j2.logger.security.appenderRef.SecurityFile.ref = SecurityFile log4j2.logger.audit.name = org.onap.logging.filter.base.AbstractAuditLogFilter log4j2.logger.audit.level = INFO diff --git a/kubernetes/sdnc/resources/config/overrides/sdnc-versions.yaml b/kubernetes/sdnc/resources/config/overrides/sdnc-versions.yaml index c664860218..a27bccc246 100644 --- a/kubernetes/sdnc/resources/config/overrides/sdnc-versions.yaml +++ b/kubernetes/sdnc/resources/config/overrides/sdnc-versions.yaml @@ -4,8 +4,6 @@ sdnc: image: onap/sdnc-ansible-server-image:1.7.0 dmaap-listener: image: onap/sdnc-dmaap-listener-image:1.7.0 - sdnc-portal: - image: onap/admportal-sdnc-image:1.7.0 ueb-listener: image: onap/sdnc-ueb-listener-image:1.7.0 cds: diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 437cb31a8e..265d3af7be 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -99,7 +99,14 @@ spec: - name: {{ include "common.name" . }}-chown image: "busybox" - command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} ; chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}"] + command: + - sh + args: + - -c + - chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} +{{- if .Values.global.aafEnabled }} + - chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }} +{{- end }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: {{ .Values.persistence.mdsalPath }} @@ -151,6 +158,8 @@ spec: value: {{ include "common.mariadbService" . }} - name: JAVA_HOME value: "{{ .Values.config.javaHome}}" + - name: KARAF_CONSOLE_LOG_LEVEL + value: "{{ include "common.log.level" . }}" volumeMounts: {{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index f16f3b1925..c01245a928 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -190,6 +190,7 @@ config: # dependency / sub-chart configuration certInitializer: nameOverride: sdnc-cert-initializer + truststoreMountpath: /opt/onap/sdnc/data/stores fqdn: "sdnc" app_ns: "org.osaaf.aaf" fqi: "sdnc@sdnc.onap.org" @@ -249,17 +250,6 @@ ueb-listener: configDir: /opt/onap/sdnc/data/properties odlCredsExternalSecret: *odlCredsSecretName -sdnc-portal: - mariadb-galera: - <<: *mariadbGalera - config: - <<: *mariadbGaleraConfig - mysqlDatabase: *sdncDbName - config: - sdncChartName: sdnc - configDir: /opt/onap/sdnc/data/properties - odlCredsExternalSecret: *odlCredsSecretName - sdnc-ansible-server: config: restCredsExternalSecret: *ansibleSecretName |