diff options
48 files changed, 313 insertions, 129 deletions
diff --git a/kubernetes/aai/components/aai-resources/resources/config/application.properties b/kubernetes/aai/components/aai-resources/resources/config/application.properties index 78a07f2a0f..7258b7bef8 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/application.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/application.properties @@ -104,3 +104,7 @@ schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Value schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD} schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} {{ end }} + +#to expose the Prometheus scraping endpoint +management.metrics.distribution.percentiles-histogram[http.server.requests]=true +management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms, 60ms, 70ms, 80ms, 90ms, 100ms, 500ms, 1000ms, 5000ms, 7000ms
\ No newline at end of file diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml index 023bf4917b..49e0ec6758 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml @@ -108,7 +108,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-blueprintsprocessor:1.3.0 +image: onap/ccsdk-blueprintsprocessor:1.3.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml index f71255bc5f..2750f5f145 100644 --- a/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml @@ -41,15 +41,15 @@ spec: containers: - env: - name: MSB_PROTO - value: {{ .Values.config.msbprotocol }} + value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}" - name: MSB_ADDR value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}" - name: MSB_PORT - value: "{{ .Values.config.msbPort }}" + value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}" - name: AAI_ADDR - value: aai.{{ include "common.namespace" . }} + value: "aai.{{ include "common.namespace" . }}" - name: AAI_PORT - value: "{{ .Values.config.aai.port }}" + value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}" - name: AAI_SCHEMA_VERSION value: "{{ .Values.config.aai.schemaVersion }}" - name: AAI_USERNAME @@ -57,7 +57,7 @@ spec: - name: AAI_PASSWORD value: "{{ .Values.config.aai.password }}" - name: SSL_ENABLED - value: "{{ .Values.config.ssl_enabled }}" + value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}" name: {{ include "common.name" . }} volumeMounts: - mountPath: "{{ .Values.log.path }}" @@ -78,7 +78,7 @@ spec: httpGet: path: /api/multicloud-fcaps/v1/healthcheck port: {{ .Values.service.internalPort }} - scheme: HTTPS + scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} diff --git a/kubernetes/multicloud/components/multicloud-fcaps/templates/service.yaml b/kubernetes/multicloud/components/multicloud-fcaps/templates/service.yaml index fabe32e0ff..e73a942172 100644 --- a/kubernetes/multicloud/components/multicloud-fcaps/templates/service.yaml +++ b/kubernetes/multicloud/components/multicloud-fcaps/templates/service.yaml @@ -32,7 +32,7 @@ metadata: "url": "/api/multicloud-fcaps/v0", "protocol": "REST", "port": "{{ .Values.service.externalPort }}", - "enable_ssl": {{ .Values.config.ssl_enabled }}, + "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}, "visualRange": "1" }, { @@ -41,7 +41,7 @@ metadata: "url": "/api/multicloud-fcaps/v1", "protocol": "REST", "port": "{{ .Values.service.externalPort }}", - "enable_ssl": {{ .Values.config.ssl_enabled }}, + "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}, "visualRange": "1" } ]' diff --git a/kubernetes/multicloud/components/multicloud-fcaps/values.yaml b/kubernetes/multicloud/components/multicloud-fcaps/values.yaml index 21be9d38cb..b9e90af1ef 100644 --- a/kubernetes/multicloud/components/multicloud-fcaps/values.yaml +++ b/kubernetes/multicloud/components/multicloud-fcaps/values.yaml @@ -26,16 +26,17 @@ image: onap/multicloud/openstack-fcaps:1.5.7 pullPolicy: Always #Istio sidecar injection policy -istioSidecar: false +istioSidecar: true # application configuration config: ssl_enabled: true - msbprotocol: https msbgateway: msb-iag msbPort: 443 + msbPlainPort: 80 aai: - port: 8443 + aaiPort: 8443 + aaiPlainPort: 8080 schemaVersion: v13 username: AAI password: AAI @@ -59,7 +60,7 @@ liveness: service: type: ClusterIP name: multicloud-fcaps - portName: multicloud-fcaps + portName: http externalPort: 9011 internalPort: 9011 nodePort: 87 diff --git a/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json b/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json index 2ce2d8564b..cf818798d4 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json +++ b/kubernetes/multicloud/components/multicloud-k8s/resources/config/config.json @@ -5,7 +5,7 @@ "port":9014, "userName":"healthcheck", "password":"zb!XztG34", - "https":true + "https":{{ (eq "true" (include "common.needTLS" .)) | ternary true false }} }, "receptionHandlerParameters":{ "SDCReceptionHandler":{ @@ -27,7 +27,7 @@ "sdcConfiguration":{ "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup", "parameters":{ - "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443", + "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}", "messageBusAddress": [ "message-router.{{ include "common.namespace" . }}" ], @@ -54,7 +54,12 @@ "keystorePassword": "null", "activeserverTlsAuth": false, "isFilterinEmptyResources": true, - "isUseHttpsWithDmaap": false + "isUseHttpsWithDmaap": false, + "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}, + "httpsproxyHost": "null", + "httpproxyHost": "null", + "httpsproxyPort": 8181, + "httpproxyPort": 8080 } } }, @@ -62,7 +67,7 @@ "k8sConfiguration":{ "parameterClassName":"org.onap.policy.distribution.forwarding.k8s.K8sArtifactForwarderParameterGroup", "parameters":{ - "useHttps": true, + "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}, "hostname": "pdp", "port": 8081, "userName": "testpdp", diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml index e63be9c81c..c9912ffd17 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml @@ -73,6 +73,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.artifactImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: framework-artifactbroker command: ["/opt/app/distribution/bin/artifact-dist.sh"] args: ["/opt/app/distribution/etc/mounted/config.json"] diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml index b152af282e..36cb701a9b 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml @@ -18,7 +18,7 @@ global: nodePortPrefixExt: 304 persistence: {} - artifactImage: onap/multicloud/framework-artifactbroker:1.7.3 + artifactImage: onap/multicloud/framework-artifactbroker:1.8.1 ################################################################# # Application configuration defaults. @@ -54,7 +54,7 @@ readiness: service: type: ClusterIP name: multicloud-k8s - portName: multicloud-k8s + portName: http internalPort: 9015 externalPort: 9015 nodePort: 98 diff --git a/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml index a802cb1466..3174dae242 100644 --- a/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml @@ -41,15 +41,15 @@ spec: containers: - env: - name: MSB_PROTO - value: {{ .Values.config.msbprotocol }} + value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}" - name: MSB_ADDR value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}" - name: MSB_PORT - value: "{{ .Values.config.msbPort }}" + value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}" - name: AAI_ADDR - value: aai.{{ include "common.namespace" . }} + value: "aai.{{ include "common.namespace" . }}" - name: AAI_PORT - value: "{{ .Values.config.aai.port }}" + value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}" - name: AAI_SCHEMA_VERSION value: "{{ .Values.config.aai.schemaVersion }}" - name: AAI_USERNAME @@ -57,7 +57,7 @@ spec: - name: AAI_PASSWORD value: "{{ .Values.config.aai.password }}" - name: SSL_ENABLED - value: "{{ .Values.config.ssl_enabled }}" + value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}" name: {{ include "common.name" . }} volumeMounts: - mountPath: "{{ .Values.log.path }}" diff --git a/kubernetes/multicloud/components/multicloud-pike/values.yaml b/kubernetes/multicloud/components/multicloud-pike/values.yaml index 7b606a5492..4ed7a64ecb 100644 --- a/kubernetes/multicloud/components/multicloud-pike/values.yaml +++ b/kubernetes/multicloud/components/multicloud-pike/values.yaml @@ -31,11 +31,12 @@ istioSidecar: true # application configuration config: ssl_enabled: false - msbprotocol: https msbgateway: msb-iag msbPort: 443 + msbPlainPort: 80 aai: - port: 8443 + aaiPort: 8443 + aaiPlainPort: 8080 schemaVersion: v13 username: AAI password: AAI @@ -59,7 +60,7 @@ liveness: service: type: ClusterIP name: multicloud-pike - portName: multicloud-pike + portName: http externalPort: 9007 internalPort: 9007 nodePort: 96 diff --git a/kubernetes/multicloud/components/multicloud-prometheus/values.yaml b/kubernetes/multicloud/components/multicloud-prometheus/values.yaml index 757041ce43..78373c88f2 100644 --- a/kubernetes/multicloud/components/multicloud-prometheus/values.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/values.yaml @@ -53,7 +53,7 @@ persistence: service: type: ClusterIP name: multicloud-prometheus - portName: multicloud-prometheus + portName: http internalPort: 9090 externalPort: 9090 diff --git a/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/config.json b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/config.json index da0727c3a7..ebc53849d6 100644 --- a/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/config.json +++ b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/config.json @@ -5,7 +5,7 @@ "port":9014, "userName":"healthcheck", "password":"zb!XztG34", - "https":true + "https":{{ (eq "true" (include "common.needTLS" .)) | ternary true false }} }, "receptionHandlerParameters":{ "SDCReceptionHandler":{ @@ -27,7 +27,7 @@ "sdcConfiguration":{ "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup", "parameters":{ - "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443", + "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}", "messageBusAddress": [ "message-router.{{ include "common.namespace" . }}" ], @@ -53,7 +53,12 @@ "keystorePassword": "null", "activeserverTlsAuth": false, "isFilterinEmptyResources": true, - "isUseHttpsWithDmaap": false + "isUseHttpsWithDmaap": false, + "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}, + "httpsproxyHost": "null", + "httpproxyHost": "null", + "httpsproxyPort": 8181, + "httpproxyPort": 8080 } } }, diff --git a/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml index 2524cd8421..7f178063b5 100644 --- a/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml @@ -41,15 +41,15 @@ spec: containers: - env: - name: MSB_PROTO - value: {{ .Values.config.msbprotocol }} + value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}" - name: MSB_ADDR value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}" - name: MSB_PORT - value: "{{ .Values.config.msbPort }}" + value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}" - name: AAI_ADDR - value: aai.{{ include "common.namespace" . }} + value: "aai.{{ include "common.namespace" . }}" - name: AAI_PORT - value: "{{ .Values.config.aai.port }}" + value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}" - name: AAI_SCHEMA_VERSION value: "{{ .Values.config.aai.schemaVersion }}" - name: AAI_USERNAME @@ -57,7 +57,7 @@ spec: - name: AAI_PASSWORD value: "{{ .Values.config.aai.password }}" - name: SSL_ENABLED - value: "{{ .Values.config.ssl_enabled }}" + value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}" name: {{ include "common.name" . }} volumeMounts: - mountPath: "{{ .Values.log.path }}" @@ -79,7 +79,7 @@ spec: httpGet: path: /api/multicloud-starlingx/v0/swagger.json port: {{ .Values.service.internalPort }} - scheme: HTTPS + scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} diff --git a/kubernetes/multicloud/components/multicloud-starlingx/templates/service.yaml b/kubernetes/multicloud/components/multicloud-starlingx/templates/service.yaml index cf67f106ee..5c30c26296 100644 --- a/kubernetes/multicloud/components/multicloud-starlingx/templates/service.yaml +++ b/kubernetes/multicloud/components/multicloud-starlingx/templates/service.yaml @@ -32,7 +32,7 @@ metadata: "url": "/api/multicloud-starlingx/v0", "protocol": "REST", "port": "{{ .Values.service.externalPort }}", - "enable_ssl": {{ .Values.config.ssl_enabled }}, + "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}, "visualRange": "1" }, { @@ -41,7 +41,7 @@ metadata: "url": "/api/multicloud-starlingx/v1", "protocol": "REST", "port": "{{ .Values.service.externalPort }}", - "enable_ssl": {{ .Values.config.ssl_enabled }}, + "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}, "visualRange": "1" } ]' diff --git a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml index e59f34a8bc..1232c3b79a 100644 --- a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml +++ b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml @@ -17,7 +17,7 @@ ################################################################# global: nodePortPrefixExt: 304 - artifactImage: onap/multicloud/framework-artifactbroker:1.7.3 + artifactImage: onap/multicloud/framework-artifactbroker:1.8.1 ################################################################# # Application configuration defaults. @@ -33,11 +33,12 @@ istioSidecar: false # application configuration config: ssl_enabled: true - msbprotocol: https msbgateway: msb-iag msbPort: 443 + msbPlainPort: 80 aai: - port: 8443 + aaiPort: 8443 + aaiPlainPort: 8080 schemaVersion: v13 username: AAI password: AAI diff --git a/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml index 1d27d6eb33..c5c368c8b5 100644 --- a/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml @@ -41,14 +41,16 @@ spec: spec: containers: - env: + - name: MSB_PROTO + value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}" - name: MSB_ADDR - value: "{{ .Values.config.msbgateway }}" + value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}" - name: MSB_PORT - value: "{{ .Values.config.msbPort }}.{{ include "common.namespace" . }}" + value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}" - name: AAI_ADDR - value: aai.{{ include "common.namespace" . }} + value: "aai.{{ include "common.namespace" . }}" - name: AAI_PORT - value: "{{ .Values.config.aai.port }}" + value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}" - name: AAI_SCHEMA_VERSION value: "{{ .Values.config.aai.schemaVersion }}" - name: AAI_USERNAME diff --git a/kubernetes/multicloud/components/multicloud-vio/values.yaml b/kubernetes/multicloud/components/multicloud-vio/values.yaml index 17643baffe..3b852df885 100644 --- a/kubernetes/multicloud/components/multicloud-vio/values.yaml +++ b/kubernetes/multicloud/components/multicloud-vio/values.yaml @@ -23,7 +23,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/vio:1.4.1 +image: onap/multicloud/vio:1.4.2 pullPolicy: Always #Istio sidecar injection policy @@ -32,9 +32,11 @@ istioSidecar: true # application configuration config: msbgateway: msb-iag - msbPort: 80 + msbPort: 443 + msbPlainPort: 80 aai: - port: 8443 + aaiPort: 8443 + aaiPlainPort: 8080 schemaVersion: v13 username: AAI password: AAI @@ -58,7 +60,7 @@ liveness: service: type: ClusterIP name: multicloud-vio - portName: multicloud-vio + portName: http externalPort: 9004 internalPort: 9004 nodePort: 92 diff --git a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/config.json b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/config.json index 655076a901..e34637666f 100644 --- a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/config.json +++ b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/config.json @@ -5,7 +5,7 @@ "port":9014, "userName":"healthcheck", "password":"zb!XztG34", - "https":true + "https":{{ (eq "true" (include "common.needTLS" .)) | ternary true false }} }, "receptionHandlerParameters":{ "SDCReceptionHandler":{ @@ -27,7 +27,7 @@ "sdcConfiguration":{ "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup", "parameters":{ - "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443", + "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}", "messageBusAddress": [ "message-router.{{ include "common.namespace" . }}" ], @@ -53,7 +53,12 @@ "keystorePassword": "null", "activeserverTlsAuth": false, "isFilterinEmptyResources": true, - "isUseHttpsWithDmaap": false + "isUseHttpsWithDmaap": false, + "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}, + "httpsproxyHost": "null", + "httpproxyHost": "null", + "httpsproxyPort": 8181, + "httpproxyPort": 8080 } } }, diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml index 7656632737..8eadcf689d 100644 --- a/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml @@ -50,15 +50,15 @@ spec: containers: - env: - name: MSB_PROTO - value: {{ .Values.config.msbprotocol }} + value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}" - name: MSB_ADDR value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}" - name: MSB_PORT - value: "{{ .Values.config.msbPort }}" + value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}" - name: AAI_ADDR - value: aai.{{ include "common.namespace" . }} + value: "aai.{{ include "common.namespace" . }}" - name: AAI_PORT - value: "{{ .Values.config.aai.port }}" + value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}" - name: AAI_SCHEMA_VERSION value: "{{ .Values.config.aai.schemaVersion }}" - name: AAI_USERNAME @@ -66,7 +66,7 @@ spec: - name: AAI_PASSWORD value: "{{ .Values.config.aai.password }}" - name: SSL_ENABLED - value: "{{ .Values.config.ssl_enabled }}" + value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}" name: {{ include "common.name" . }} volumeMounts: - mountPath: "{{ .Values.log.path }}" @@ -88,7 +88,7 @@ spec: httpGet: path: /api/multicloud-titaniumcloud/v1/swagger.json port: {{ .Values.service.internalPort }} - scheme: HTTPS + scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/service.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/service.yaml index 5a555b3222..f71306740f 100644 --- a/kubernetes/multicloud/components/multicloud-windriver/templates/service.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/templates/service.yaml @@ -33,7 +33,7 @@ metadata: "url": "/api/multicloud-titanium_cloud/v0", "protocol": "REST", "port": "{{ .Values.service.externalPort }}", - "enable_ssl": {{ .Values.config.ssl_enabled }}, + "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}, "visualRange": "1" }, { @@ -42,7 +42,7 @@ metadata: "url": "/api/multicloud-titaniumcloud/v0", "protocol": "REST", "port": "{{ .Values.service.externalPort }}", - "enable_ssl": {{ .Values.config.ssl_enabled }}, + "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}, "visualRange": "1" }, { @@ -51,7 +51,7 @@ metadata: "url": "/api/multicloud-titaniumcloud/v1", "protocol": "REST", "port": "{{ .Values.service.externalPort }}", - "enable_ssl": {{ .Values.config.ssl_enabled }}, + "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}, "visualRange": "1" } ]' diff --git a/kubernetes/multicloud/components/multicloud-windriver/values.yaml b/kubernetes/multicloud/components/multicloud-windriver/values.yaml index 1a6527b4cb..33802937cd 100644 --- a/kubernetes/multicloud/components/multicloud-windriver/values.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/values.yaml @@ -18,7 +18,7 @@ ################################################################# global: nodePortPrefix: 302 - artifactImage: onap/multicloud/framework-artifactbroker:1.7.3 + artifactImage: onap/multicloud/framework-artifactbroker:1.8.1 persistence: {} ################################################################# @@ -34,11 +34,12 @@ istioSidecar: true # application configuration config: ssl_enabled: true - msbprotocol: https msbgateway: msb-iag msbPort: 443 + msbPlainPort: 80 aai: - port: 8443 + aaiPort: 8443 + aaiPlainPort: 8080 schemaVersion: v13 username: AAI password: AAI diff --git a/kubernetes/multicloud/templates/deployment.yaml b/kubernetes/multicloud/templates/deployment.yaml index 53716e5f44..ff9dac1898 100644 --- a/kubernetes/multicloud/templates/deployment.yaml +++ b/kubernetes/multicloud/templates/deployment.yaml @@ -40,15 +40,15 @@ spec: containers: - env: - name: MSB_PROTO - value: {{ .Values.config.msbprotocol }} + value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}" - name: MSB_ADDR - value: {{ .Values.config.msbgateway }}.{{ include "common.namespace" . }} + value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}" - name: MSB_PORT - value: "{{ .Values.config.msbPort }}" + value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}" - name: AAI_ADDR value: "aai.{{ include "common.namespace" . }}" - name: AAI_PORT - value: "{{ .Values.config.aai.port }}" + value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}" - name: AAI_SCHEMA_VERSION value: "{{ .Values.config.aai.schemaVersion }}" - name: AAI_USERNAME @@ -56,7 +56,7 @@ spec: - name: AAI_PASSWORD value: "{{ .Values.config.aai.password }}" - name: SSL_ENABLED - value: "{{ .Values.config.ssl_enabled }}" + value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}" resources: {{ include "common.resources" . | indent 12 }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -80,7 +80,7 @@ spec: httpGet: path: /api/multicloud/v0/swagger.json port: {{ .Values.service.internalPort }} - scheme: HTTPS + scheme: "{{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}" initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} diff --git a/kubernetes/multicloud/templates/service.yaml b/kubernetes/multicloud/templates/service.yaml index 3f950db038..1c483b0d2d 100644 --- a/kubernetes/multicloud/templates/service.yaml +++ b/kubernetes/multicloud/templates/service.yaml @@ -18,7 +18,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ .Values.service.portName }} + name: {{ .Values.service.name }} namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -33,7 +33,11 @@ metadata: "url": "/api/multicloud/v0", "protocol": "REST", "port": "{{ .Values.service.externalPort }}", + {{if (include "common.needTLS" .) -}} "enable_ssl": {{ .Values.config.ssl_enabled }}, + {{- else -}} + "enable_ssl": false, + {{- end}} "visualRange": "1" }, { @@ -42,7 +46,7 @@ metadata: "url": "/api/multicloud/v1", "protocol": "REST", "port": "{{ .Values.service.externalPort }}", - "enable_ssl": {{ .Values.config.ssl_enabled }}, + "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}, "visualRange": "1" } ]' diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml index 977de08b6a..91dfa5cacb 100644 --- a/kubernetes/multicloud/values.yaml +++ b/kubernetes/multicloud/values.yaml @@ -18,7 +18,7 @@ ################################################################# global: nodePortPrefix: 302 - artifactImage: onap/multicloud/framework-artifactbroker:1.7.3 + artifactImage: onap/multicloud/framework-artifactbroker:1.8.1 prometheus: enabled: false persistence: {} @@ -28,7 +28,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/framework:1.7.3 +image: onap/multicloud/framework:1.8.1 pullPolicy: Always #Istio sidecar injection policy @@ -57,13 +57,14 @@ multicloud-windriver: # application configuration config: ssl_enabled: true - msbprotocol: https msbgateway: msb-iag - msbPort: 443 logstashServiceName: log-ls logstashPort: 5044 + msbPort: 443 + msbPlainPort: 80 aai: - port: 8443 + aaiPort: 8443 + aaiPlainPort: 8080 schemaVersion: v13 username: AAI password: AAI @@ -87,7 +88,7 @@ liveness: service: type: ClusterIP name: multicloud - portName: multicloud-framework + portName: http externalPort: 9001 internalPort: 9001 nodePort: 91 diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml index 4d9ff9250e..71320dc3eb 100755 --- a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml @@ -2,6 +2,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2020 AT&T Intellectual Property. +# Modifications Copyright © 2022 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -56,6 +57,10 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} - name: RESTSERVER_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }} +{{- if .Values.config.useStrimziKafka }} + - name: JAASLOGIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }} +{{- end }} volumeMounts: - mountPath: /config-input name: apexconfig-input diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index db5251913e..f0fa193281 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -1,6 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2018 Ericsson. All rights reserved. # Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. +# Modifications Copyright © 2022 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -44,12 +45,19 @@ secrets: externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' password: '{{ .Values.certStores.keyStorePassword }}' passwordPolicy: required + - uid: policy-kafka-user + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: sasl.jaas.config + value: '{{ .Values.config.someConfig }}' + policy: generate ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/policy-apex-pdp:2.7.3 +image: onap/policy-apex-pdp:2.8.0 pullPolicy: Always # flag to enable debugging - application support required @@ -160,3 +168,26 @@ metrics: chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' release: '{{ include "common.release" . }}' heritage: '{{ .Release.Service }}' + +# application configuration +config: +# Event consumption (kafka) properties + useStrimziKafka: true + kafkaBootstrap: strimzi-kafka-bootstrap + kafka: + consumer: + groupId: policy-group + app: + listener: + policyPdpPapTopic: policy-pdp-pap +# If targeting a custom kafka cluster, ie useStrimziKakfa: false +# uncomment below config and target your kafka bootstrap servers, +# along with any other security config. +# +# eventConsumption: +# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092 +# spring.kafka.security.protocol: PLAINTEXT +# spring.kafka.consumer.group-id: policy-group +# +# Any new property can be added in the env by setting in overrides in the format mentioned below +# All the added properties must be in "key: value" format instead of yaml. diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index 0e3ada8956..45e54ed3aa 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -79,7 +79,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-api:2.6.3 +image: onap/policy-api:2.7.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml index 406b59c545..bae5941854 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml @@ -23,18 +23,17 @@ spring: password: ${RESTSERVER_PASSWORD} {{- if .Values.config.useStrimziKafka }} kafka: + consumer: + group-id: {{ .Values.config.kafka.consumer.groupId }} bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 security.protocol: SASL_PLAINTEXT properties.sasl: mechanism: SCRAM-SHA-512 jaas.config: ${JAASLOGIN} {{ else }} -{{ toYaml .Values.config.eventPublisher | nindent 2 }} +{{ toYaml .Values.config.eventConsumption | nindent 2 }} {{- end }} -{{- if .Values.config.additional }} -{{ toYaml .Values.config.additional | nindent 2 }} -{{- end }} security: enable-csrf: false @@ -62,6 +61,29 @@ participant: - ${topicServer:message-router} topicCommInfrastructure: dmaap useHttps: true +# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below +# clampAutomationCompositionTopics: +# topicSources: +# - topic: policy-acruntime-participant +# servers: +# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# fetchTimeout: 15000 +# useHttps: true +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} +# topicSinks: +# - topic: policy-acruntime-participant +# servers: +# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# useHttps: true +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} management: endpoints: diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml index 5f8aa3b5a1..697ce6ea47 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml @@ -78,7 +78,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-http-ppnt:6.2.3 +image: onap/policy-clamp-ac-http-ppnt:6.3.0 pullPolicy: Always # application configuration diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml index 6c14fd2207..00451b9425 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml @@ -21,20 +21,19 @@ spring: user: name: ${RESTSERVER_USER} password: ${RESTSERVER_PASSWORD} -{{- if .Values.config.useStrimziKafka }} kafka: + consumer: + group-id: {{ .Values.config.kafka.consumer.groupId }} +{{- if .Values.config.useStrimziKafka }} bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 security.protocol: SASL_PLAINTEXT properties.sasl: mechanism: SCRAM-SHA-512 jaas.config: ${JAASLOGIN} {{ else }} -{{ toYaml .Values.config.eventPublisher | nindent 2 }} +{{ toYaml .Values.config.eventConsumption | nindent 2 }} {{- end }} -{{- if .Values.config.additional }} -{{ toYaml .Values.config.additional | nindent 2 }} -{{- end }} security: enable-csrf: false @@ -67,6 +66,32 @@ participant: topicCommInfrastructure: dmaap useHttps: true +# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below +# clampAutomationCompositionTopics: +# topicSources: +# - +# topic: policy-acruntime-participant +# servers: +# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# fetchTimeout: 15000 +# useHttps: true +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} +# topicSinks: +# - +# topic: policy-acruntime-participant +# servers: +# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# useHttps: true +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} + management: endpoints: web: diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml index 2cf8d2d723..b8f6b9f3c4 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml @@ -79,7 +79,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-k8s-ppnt:6.2.3 +image: onap/policy-clamp-ac-k8s-ppnt:6.3.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml index 856b16d91d..07d5eca377 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml @@ -21,20 +21,19 @@ spring: user: name: ${RESTSERVER_USER} password: ${RESTSERVER_PASSWORD} -{{- if .Values.config.useStrimziKafka }} kafka: + consumer: + group-id: {{ .Values.config.kafka.consumer.groupId }} +{{- if .Values.config.useStrimziKafka }} bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 security.protocol: SASL_PLAINTEXT properties.sasl: mechanism: SCRAM-SHA-512 jaas.config: ${JAASLOGIN} {{ else }} -{{ toYaml .Values.config.eventPublisher | nindent 2 }} +{{ toYaml .Values.config.eventConsumption | nindent 2 }} {{- end }} -{{- if .Values.config.additional }} -{{ toYaml .Values.config.additional | nindent 2 }} -{{- end }} security: enable-csrf: false @@ -83,6 +82,32 @@ participant: topicCommInfrastructure: dmaap useHttps: true +# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below +# clampAutomationCompositionTopics: +# topicSources: +# - +# topic: policy-acruntime-participant +# servers: +# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# fetchTimeout: 15000 +# useHttps: true +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} +# topicSinks: +# - +# topic: policy-acruntime-participant +# servers: +# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# useHttps: true +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} + management: endpoints: web: diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml index 6fefa02783..9d000f1018 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml @@ -90,7 +90,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-pf-ppnt:6.2.3 +image: onap/policy-clamp-ac-pf-ppnt:6.3.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-be/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml index c23657c421..3442cdd3be 100644 --- a/kubernetes/policy/components/policy-clamp-be/values.yaml +++ b/kubernetes/policy/components/policy-clamp-be/values.yaml @@ -71,7 +71,7 @@ secrets: flavor: small # application image -image: onap/policy-clamp-backend:6.2.3 +image: onap/policy-clamp-backend:6.3.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml index 219be24079..4fb70fc337 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml @@ -44,19 +44,17 @@ spring: hibernate: dialect: org.hibernate.dialect.MariaDB103Dialect format_sql: true -{{- if .Values.config.useStrimziKafka }} kafka: + consumer: + group-id: {{ .Values.config.kafka.consumer.groupId }} +{{- if .Values.config.useStrimziKafka }} bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 security.protocol: SASL_PLAINTEXT properties.sasl: mechanism: SCRAM-SHA-512 jaas.config: ${JAASLOGIN} {{ else }} -{{ toYaml .Values.config.eventPublisher | nindent 2 }} -{{- end }} - -{{- if .Values.config.additional }} -{{ toYaml .Values.config.additional | nindent 2 }} +{{ toYaml .Values.config.eventConsumption | nindent 2 }} {{- end }} security: @@ -95,6 +93,32 @@ runtime: topicCommInfrastructure: dmaap useHttps: true +# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below +# topicParameterGroup: +# topicSources: +# - +# topic: policy-acruntime-participant +# servers: +# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# useHttps: true +# fetchTimeout: 15000 +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} +# topicSinks: +# - +# topic: policy-acruntime-participant +# servers: +# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# useHttps: true +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} + management: endpoints: web: diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml index d224aa6bc4..87b613a3ef 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml @@ -85,7 +85,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-runtime-acm:6.2.3 +image: onap/policy-clamp-runtime-acm:6.3.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index d36f1c2275..fe1c720590 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -67,7 +67,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/policy-distribution:2.7.3 +image: onap/policy-distribution:2.8.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 74c743cb2b..d48d05fe44 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -41,7 +41,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pdpd-cl:1.10.3 +image: onap/policy-pdpd-cl:1.11.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml index 60a6ce38c4..c605b6b6ea 100644 --- a/kubernetes/policy/components/policy-gui/values.yaml +++ b/kubernetes/policy/components/policy-gui/values.yaml @@ -73,7 +73,7 @@ subChartsOnly: flavor: small # application image -image: onap/policy-gui:2.2.3 +image: onap/policy-gui:2.3.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml index 195b087ff1..7cb32d0079 100644 --- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml +++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (C) 2022 Bell Canada. All rights reserved. +# Modifications Copyright © 2022 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -40,19 +41,17 @@ spring: naming: physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy -{{- if .Values.config.useStrimziKafka }} kafka: + consumer: + group-id: {{ .Values.config.kafka.consumer.groupId }} +{{- if .Values.config.useStrimziKafka }} bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 security.protocol: SASL_PLAINTEXT properties.sasl: mechanism: SCRAM-SHA-512 jaas.config: ${JAASLOGIN} {{ else }} -{{ toYaml .Values.config.eventPublisher | nindent 2 }} -{{- end }} - -{{- if .Values.config.additional }} -{{ toYaml .Values.config.additional | nindent 2 }} +{{ toYaml .Values.config.eventConsumption | nindent 2 }} {{- end }} server: @@ -99,6 +98,15 @@ pap: - message-router useHttps: true topicCommInfrastructure: dmaap +# If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks +# servers: +# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 +# topicCommInfrastructure: kafka +# additionalProps: +# security.protocol: SASL_PLAINTEXT +# sasl.mechanism: SCRAM-SHA-512 +# sasl.jaas.config: ${JAASLOGIN} + healthCheckRestClientParameters: - clientName: api hostname: policy-api diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 2c240d2347..0dc6dbe4dc 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -2,6 +2,7 @@ # Copyright (C) 2019 Nordix Foundation. # Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. # Modifications Copyright (C) 2020-2022 Bell Canada. All rights reserved. +# Modifications Copyright © 2022 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -99,7 +100,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pap:2.6.3 +image: onap/policy-pap:2.7.0 pullPolicy: Always # flag to enable debugging - application support required @@ -211,7 +212,7 @@ config: kafkaBootstrap: strimzi-kafka-bootstrap kafka: consumer: - groupId: poicy-group + groupId: policy-group app: listener: policyPdpPapTopic: policy-pdp-pap diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index e7e7eebefe..3a44719727 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -83,7 +83,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-xacml-pdp:2.6.3 +image: onap/policy-xacml-pdp:2.7.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/templates/policy-kafka-user.yaml b/kubernetes/policy/templates/policy-kafka-user.yaml index 1bc7ab1d3a..43edb64c83 100644 --- a/kubernetes/policy/templates/policy-kafka-user.yaml +++ b/kubernetes/policy/templates/policy-kafka-user.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2022 Nordix Foundation +# Modifications Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -29,13 +30,21 @@ spec: - resource: type: group name: {{ .Values.config.acRuntimeTopic.consumer.groupId }} - operation: Read + operation: All - resource: type: topic name: {{ .Values.config.acRuntimeTopic.name }} - operation: Read + operation: All - resource: type: topic - name: {{ .Values.config.acRuntimeTopic.name }} - operation: Write + name: {{ .Values.config.policyPdpPapTopic.name }} + operation: All + - resource: + type: topic + name: {{ .Values.config.policyHeartbeatTopic.name }} + operation: All + - resource: + type: topic + name: {{ .Values.config.policyNotificationTopic.name }} + operation: All {{- end }} diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index d7d556a39f..aa3fdb7bf2 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -237,6 +237,7 @@ config: segmentBytes: 1073741824 consumer: groupId: policy-group + someConfig: blah mariadb-galera: # mariadb-galera.config and global.mariadb.config must be equals diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index 2da601b26c..d92bf49ec3 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -35,8 +35,8 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-backend-all-plugins:1.11.6 -backendInitImage: onap/sdc-backend-init:1.11.6 +image: onap/sdc-backend-all-plugins:1.11.8 +backendInitImage: onap/sdc-backend-init:1.11.8 pullPolicy: Always diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index d126aecbaf..86e2b7b8e1 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -51,8 +51,8 @@ cassandra: # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.11.6 -cassandraInitImage: onap/sdc-cassandra-init:1.11.6 +image: onap/sdc-cassandra:1.11.8 +cassandraInitImage: onap/sdc-cassandra-init:1.11.8 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index 722f6130a5..04d96448d0 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -47,7 +47,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-frontend:1.11.6 +image: onap/sdc-frontend:1.11.8 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index 91363a83ed..9c68f57911 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -59,8 +59,8 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-onboard-backend:1.11.6 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.11.6 +image: onap/sdc-onboard-backend:1.11.8 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.11.8 pullPolicy: Always # flag to enable debugging - application support required |