diff options
6 files changed, 50 insertions, 5 deletions
diff --git a/docs/sections/guides/infra_guides/oom_base_optional_addons.rst b/docs/sections/guides/infra_guides/oom_base_optional_addons.rst index c98a388484..713aec6c8c 100644 --- a/docs/sections/guides/infra_guides/oom_base_optional_addons.rst +++ b/docs/sections/guides/infra_guides/oom_base_optional_addons.rst @@ -6,7 +6,6 @@ .. Links .. _Prometheus stack README: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack#readme .. _ONAP Next Generation Security & Logging Structure: https://wiki.onap.org/pages/viewpage.action?pageId=103417456 -.. _Istio best practices: https://docs.solo.io/gloo-mesh-enterprise/latest/setup/prod/namespaces/ .. _Istio setup guide: https://istio.io/latest/docs/setup/install/helm/ .. _Kiali setup guide: https://kiali.io/docs/installation/installation-guide/example-install/ .. _Kserve setup guide: https://kserve.github.io/website/0.10/admin/kubernetes_deployment/ @@ -58,7 +57,7 @@ ONAP on Service Mesh ONAP is currenty planned to support Istio as default ServiceMesh platform. Therefor the following instructions describe the setup of Istio and required tools. -Used `Istio best practices`_ and `Istio setup guide`_ +Used `Istio setup guide`_ .. _oom_base_optional_addons_istio_installation: diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml index 7bdb79d8f9..e5c062ccf0 100644 --- a/kubernetes/cps/components/cps-core/values.yaml +++ b/kubernetes/cps/components/cps-core/values.yaml @@ -68,7 +68,7 @@ global: container: name: postgres -image: onap/cps-and-ncmp:3.2.1 +image: onap/cps-and-ncmp:3.2.6 containerPort: &svc_port 8080 managementPort: &mgt_port 8081 diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml index 1c15a2dbce..7d764bf589 100644 --- a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml +++ b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml @@ -49,9 +49,12 @@ logging: onap: cps: {{ .Values.logging.cps }} +{{- with (first .Values.kafkaUser.acls) }} +spring.kafka.consumer.group-id: {{ .name }} +{{- end }} spring.kafka.bootstrap-servers: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 spring.kafka.security.protocol: SASL_PLAINTEXT -spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512 +spring.kafka.properties.sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }} spring.kafka.properties.sasl.jaas.config: ${SASL_JAAS_CONFIG} {{- if .Values.config.additional }} diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml index 3d154dba64..4ff2851b0c 100644 --- a/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml +++ b/kubernetes/cps/components/ncmp-dmi-plugin/templates/deployment.yaml @@ -60,6 +60,11 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-core-creds" "key" "login") | indent 12 }} - name: CPS_CORE_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-core-creds" "key" "password") | indent 12 }} + - name: SASL_JAAS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config volumeMounts: - mountPath: /config-input name: init-data-input @@ -90,6 +95,11 @@ spec: env: - name: SPRING_PROFILES_ACTIVE value: {{ .Values.config.spring.profile }} + - name: SASL_JAAS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }} diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/templates/kafkauser.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/templates/kafkauser.yaml new file mode 100644 index 0000000000..708e99dfe0 --- /dev/null +++ b/kubernetes/cps/components/ncmp-dmi-plugin/templates/kafkauser.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2023 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ include "common.kafkauser" . }}
\ No newline at end of file diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml index 44f11f5b9c..59a64905d1 100644 --- a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml +++ b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml @@ -47,7 +47,7 @@ global: virtualhost: baseurl: "simpledemo.onap.org" -image: onap/ncmp-dmi-plugin:1.2.2 +image: onap/ncmp-dmi-plugin:1.3.0 containerPort: &svc_port 8080 managementPort: &mgt_port 8081 @@ -177,3 +177,20 @@ updateStrategy: type: RollingUpdate maxUnavailable: 0 maxSurge: 1 + +# Strimzi KafkaUser config +kafkaUser: + authenticationType: scram-sha-512 + acls: + - name: ncmp-dmi-plugin-group + type: group + operations: [Read] + - name: ncmp-dmi-cm-avc-subscription-ncmp-dmi-plugin + type: topic + operations: [Read] + - name: dmi-ncmp-cm-avc-subscription + type: topic + operations: [Write] + - name: ncmp-async-m2m + type: topic + operations: [Write] |