diff options
36 files changed, 257 insertions, 293 deletions
diff --git a/.gitmodules b/.gitmodules index e01f7e520f..08d7aea901 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,7 +1,7 @@ [submodule "kubernetes/aai"] path = kubernetes/aai url = ../aai/oom - branch = . + branch = master ignore = dirty [submodule "kubernetes/robot"] path = kubernetes/robot diff --git a/kubernetes/aai b/kubernetes/aai -Subproject 926a74401db06aa541ef460f9b611be4d341bf2 +Subproject 9d23a1c8a97d5878e2aafc871f17af007349c28 diff --git a/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml b/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml index 2192662d6a..fd29fbebfb 100644 --- a/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml +++ b/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml @@ -57,9 +57,9 @@ spec: env: # This sets the port that CDT will use to connect to the main appc container. # The 11 is the node port suffix that is used in the main appc oom templates - # for nodePort3. This value will be configured in appc main chart in appc-cdt section. + # for nodePort4. This value will be configured in appc main chart in appc-cdt section. - name: CDT_PORT - value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort3 }}" + value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort4 }}" volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh index ad135f863a..c52c6e3aa1 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/startODL.sh @@ -111,8 +111,6 @@ then # echo "Copying a working version of the logging configuration into the opendaylight etc folder" # cp ${APPC_HOME}/data/org.ops4j.pax.logging.cfg ${ODL_HOME}/etc/org.ops4j.pax.logging.cfg - echo "Starting OpenDaylight" - ${ODL_HOME}/bin/start echo "Waiting ${SLEEP_TIME} seconds for OpenDaylight to initialize" sleep ${SLEEP_TIME} @@ -137,6 +135,7 @@ then fi echo "Copying the aaa shiro configuration into opendaylight" + mkdir -p ${ODL_HOME}/etc/opendaylight/datastore/initial/config if $ENABLE_AAF then cp ${APPC_HOME}/data/properties/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml @@ -144,29 +143,6 @@ then cp ${APPC_HOME}/data/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml fi - echo "Restarting OpenDaylight" - ${ODL_HOME}/bin/stop - checkRun () { - running=0 - while read a b c d e f g h - do - if [ "$h" == "/bin/sh /opt/opendaylight/bin/karaf server" ] - then - running=1 - fi - done < <(ps -eaf) - echo $running - } - - while [ $( checkRun ) == 1 ] - do - echo "Karaf is still running, waiting..." - sleep 5s - done - echo "Karaf process has stopped" - sleep 10s - - echo "Installed at `date`" > ${SDNC_HOME}/.installed fi # Move journal and snapshots directory to persistent storage @@ -195,5 +171,27 @@ ln -s ${hostdir}/snapshots ${ODL_HOME}/snapshots echo "Starting cdt-proxy-service jar, logging to ${APPC_HOME}/cdt-proxy-service/jar.log" java -jar ${APPC_HOME}/cdt-proxy-service/cdt-proxy-service.jar > ${APPC_HOME}/cdt-proxy-service/jar.log & -exec ${ODL_HOME}/bin/karaf server +echo "Adding a property system.properties for AAF cadi.properties location" +echo "" >> ${ODL_HOME}/etc/system.properties +echo "cadi_prop_files=${APPC_HOME}/data/properties/cadi.properties" >> ${ODL_HOME}/etc/system.properties +echo "" >> ${ODL_HOME}/etc/system.properties + +echo "Adding a value to property appc.asdc.env in appc.properties for appc-asdc-listener feature" +echo "" >> $APPC_HOME/data/properties/appc.properties +echo "appc.asdc.env=$DMAAP_TOPIC_ENV" >> $APPC_HOME/data/properties/appc.properties +echo "" >> $APPC_HOME/data/properties/appc.properties + +echo "Copying jetty, keystore for https into opendalight" +cp ${APPC_HOME}/data/jetty.xml ${ODL_HOME}/etc/jetty.xml +cp ${APPC_HOME}/data/keystore ${ODL_HOME}/etc/keystore +cp ${APPC_HOME}/data/custom.properties ${ODL_HOME}/etc/custom.properties +echo "Copying a working version of the logging configuration into the opendaylight etc folder" +cp ${APPC_HOME}/data/org.ops4j.pax.logging.cfg ${ODL_HOME}/etc/org.ops4j.pax.logging.cfg + +ODL_BOOT_FEATURES_EXTRA="odl-netconf-connector,odl-restconf-noauth,odl-netconf-clustered-topology,odl-mdsal-clustering" +sed -i -e "\|featuresBoot[^a-zA-Z]|s|$|,${ODL_BOOT_FEATURES_EXTRA}|" $ODL_HOME/etc/org.apache.karaf.features.cfg + +exec ${APPC_HOME}/bin/dockerInstall.sh & +echo "Starting OpenDaylight" +exec ${ODL_HOME}/bin/karaf server diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml index 81834eaafc..de6e7e4742 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/aaa-app-config.xml @@ -80,42 +80,42 @@ <urls> <pair-key>/auth/**</pair-key> <!-- <pair-value>authcBasic, roles[admin], dynamicAuthorization</pair-value> --> - <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value> + <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value> </urls> <urls> <pair-key>/restconf/config/aaa-cert-mdsal**</pair-key> <!-- <pair-value>authcBasic, roles[admin]</pair-value> --> - <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value> + <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value> </urls> <urls> <pair-key>/restconf/operational/aaa-cert-mdsal**</pair-key> <!-- <pair-value>authcBasic, roles[admin]</pair-value> --> - <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value> + <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value> </urls> <urls> <pair-key>/restconf/operations/aaa-cert-rpc**</pair-key> <!-- <pair-value>authcBasic, roles[admin]</pair-value> --> - <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value> + <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value> </urls> <urls> <pair-key>/restconf/config/aaa-authn-model**</pair-key> <!-- <pair-value>authcBasic, roles[admin]</pair-value> --> - <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value> + <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value> </urls> <urls> <pair-key>/restconf/operational/aaa-authn-model**</pair-key> <!-- <pair-value>authcBasic, roles[admin]</pair-value> --> - <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value> + <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value> </urls> <urls> <pair-key>/restconf/operations/cluster-admin**</pair-key> <!-- <pair-value>authcBasic, roles[admin]</pair-value> --> - <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value> + <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value> </urls> <urls> <pair-key>/**</pair-key> <!-- <pair-value>authcBasic, roles[admin]</pair-value> --> - <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value> + <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value> </urls> </shiro-configuration> diff --git a/kubernetes/appc/templates/service.yaml b/kubernetes/appc/templates/service.yaml index fdd31a4ed0..a44214a611 100644 --- a/kubernetes/appc/templates/service.yaml +++ b/kubernetes/appc/templates/service.yaml @@ -41,23 +41,31 @@ spec: - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: "{{ .Values.service.portName }}-8443" + name: "{{ .Values.service.portName }}-8282" - port: {{ .Values.service.externalPort2 }} + targetPort: {{ .Values.service.internalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: "{{ .Values.service.portName }}-1830" + name: "{{ .Values.service.portName }}-8443" - port: {{ .Values.service.externalPort3 }} targetPort: {{ .Values.service.internalPort3 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} + name: "{{ .Values.service.portName }}-1830" + - port: {{ .Values.service.externalPort4 }} + targetPort: {{ .Values.service.internalPort4 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }} name: "{{ .Values.service.portName }}-9090" {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}-8443 + name: {{ .Values.service.portName }}-8282 - port: {{ .Values.service.externalPort2 }} targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName }}-1830 + name: {{ .Values.service.portName }}-8443 - port: {{ .Values.service.externalPort3 }} targetPort: {{ .Values.service.internalPort3 }} + name: {{ .Values.service.portName }}-1830 + - port: {{ .Values.service.externalPort4 }} + targetPort: {{ .Values.service.internalPort4 }} name: {{ .Values.service.portName }}-9090 {{- end}} selector: diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml index 578dbc7453..cfd118dae6 100644 --- a/kubernetes/appc/values.yaml +++ b/kubernetes/appc/values.yaml @@ -93,9 +93,9 @@ dgbuilder: service: name: appc-dgbuilder -#passing value to cdt chart. value of nodePort3 will be same as appc.service.nodePort3. +#passing value to cdt chart. value of nodePort4 will be same as appc.service.nodePort4. appc-cdt: - nodePort3: 11 + nodePort4: 11 # default number of instances replicaCount: 1 @@ -119,19 +119,22 @@ service: type: NodePort name: appc portName: appc - #targetPort - internalPort: 8443 - #port - externalPort: 8443 - nodePort: 30 - - externalPort2: 1830 - nodePort2: 31 + + internalPort: 8181 + externalPort: 8282 + nodePort: "08" + + internalPort2: 8443 + externalPort2: 8443 + nodePort2: 30 + + externalPort3: 1830 + nodePort3: 31 clusterPort: 2550 - internalPort3: 9191 - externalPort3: 9090 - nodePort3: 11 + internalPort4: 9191 + externalPort4: 9090 + nodePort4: 11 ## Persist data to a persitent volume persistence: diff --git a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml index 7e93715e29..e340c08f34 100644 --- a/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/charts/dcae-bootstrap/values.yaml @@ -95,13 +95,12 @@ postgres: # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.6.2 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.6.3 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager # Use to override default setting in blueprints componentImages: - dashboard: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.1.0 holmes_rules: onap/holmes/rule-management:1.2.6 holmes_engine: onap/holmes/engine-management:1.2.5 tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.1.2 diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/policy-keystore b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/policy-keystore Binary files differdeleted file mode 100644 index ab25c3a341..0000000000 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/policy-keystore +++ /dev/null diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/policy-management.conf b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/policy-management.conf deleted file mode 100644 index c2ccefe4e3..0000000000 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/policy-management.conf +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -CONTROLLER_ARTIFACT_ID=policy-management -CONTROLLER_NAME=policy-management-controller -CONTROLLER_PORT=9696 -RULES_ARTIFACT=not-used:not-used:1.0.0-SNAPSHOT -UEB_TOPIC=policyengine-develop diff --git a/kubernetes/policy/charts/drools/resources/configmaps/amsterdam.pre.sh b/kubernetes/policy/charts/drools/resources/configmaps/amsterdam.pre.sh new file mode 100644 index 0000000000..5949db4dc4 --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/configmaps/amsterdam.pre.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + + +docker-entrypoint.sh nexus
\ No newline at end of file diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf b/kubernetes/policy/charts/drools/resources/configmaps/base.conf index e7c6928b0a..ba39b0b5ad 100644 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf +++ b/kubernetes/policy/charts/drools/resources/configmaps/base.conf @@ -1,4 +1,5 @@ -# Copyright © 2017-2018 Amdocs, Bell Canada, AT&T +# Copyright © 2017-2018 Amdocs, Bell Canada. +# Modifications Copyright (C) 2018-2019 AT&T Intellectual Property. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,41 +15,33 @@ # JVM options -JVM_OPTIONS=-server -Xms1024m -Xmx2048m +JVM_OPTIONS={{.Values.server.jvmOpts}} # SYSTEM software configuration POLICY_HOME=/opt/app/policy POLICY_LOGS=/var/log/onap/policy/pdpd JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk -KEYSTORE_PASSWD=Pol1cy_0nap -TRUSTSTORE_PASSWD=Pol1cy_0nap # Telemetry credentials TELEMETRY_PORT=9696 TELEMETRY_HOST=0.0.0.0 -TELEMETRY_USER=demo@people.osaaf.org -TELEMETRY_PASSWORD=demo123456! # nexus repository SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots -SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots/ +SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/ RELEASE_REPOSITORY_ID=policy-nexus-releases -RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases/ -REPOSITORY_USERNAME=admin -REPOSITORY_PASSWORD=admin123 +RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/ # Relational (SQL) DB access SQL_HOST={{.Values.global.mariadb.nameOverride}} -SQL_USER=policy_user -SQL_PASSWORD=policy_user # AAF -AAF=true +AAF={{.Values.aaf.enabled}} AAF_NAMESPACE=org.onap.policy AAF_HOST=aaf-locate.{{.Release.Namespace}} @@ -56,8 +49,6 @@ AAF_HOST=aaf-locate.{{.Release.Namespace}} PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION PDPD_CONFIGURATION_SERVERS=message-router -PDPD_CONFIGURATION_API_KEY= -PDPD_CONFIGURATION_API_SECRET= PDPD_CONFIGURATION_CONSUMER_GROUP= PDPD_CONFIGURATION_CONSUMER_INSTANCE= PDPD_CONFIGURATION_PARTITION_KEY= @@ -65,23 +56,14 @@ PDPD_CONFIGURATION_PARTITION_KEY= # PAP-PDP configuration channel POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP -POLICY_PDP_PAP_API_KEY= -POLICY_PDP_PAP_API_SECRET= # PAP PAP_HOST=policy-pap -PAP_USERNAME=healthcheck -PAP_PASSWORD=zb!XztG34 # PDP-X PDP_HOST=policy-xacml-pdp -PDP_USERNAME=healthcheck -PDP_PASSWORD=zb!XztG34 -PDP_CLIENT_USERNAME=python -PDP_CLIENT_PASSWORD=test -PDP_ENVIRONMENT=TEST # DCAE DMaaP @@ -96,23 +78,15 @@ DMAAP_SERVERS=message-router # AAI AAI_URL=https://aai.{{.Release.Namespace}}:8443 -AAI_USERNAME=policy@policy.onap.org -AAI_PASSWORD=demo123456! # MSO SO_URL=http://so.{{.Release.Namespace}}:8080/onap/so/infra -SO_USERNAME=InfraPortalClient -SO_PASSWORD=password1$ # VFC VFC_URL= -VFC_USERNAME= -VFC_PASSWORD= # SDNC SDNC_URL=http://sdnc.{{.Release.Namespace}}:8282/restconf/operations -SDNC_USERNAME=admin -SDNC_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/feature-pooling-dmaap.conf b/kubernetes/policy/charts/drools/resources/configmaps/feature-pooling-dmaap.conf index 7b95e79b4d..44d0bf18ce 100644 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/feature-pooling-dmaap.conf +++ b/kubernetes/policy/charts/drools/resources/configmaps/feature-pooling-dmaap.conf @@ -1,5 +1,5 @@ -# Copyright 2018 AT&T Intellectual Property. All rights reserved -# Modifications Copyright © 2018 Amdocs, Bell Canada +# Copyright 2018-2019 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf b/kubernetes/policy/charts/drools/resources/configmaps/status.post.sh index 20d8298472..e2d7381689 100644 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf +++ b/kubernetes/policy/charts/drools/resources/configmaps/status.post.sh @@ -1,16 +1,20 @@ -# Copyright © 2017-2018 Amdocs, Bell Canada, AT&T -# +#!/bin/bash +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +# ============LICENSE_END========================================================= -HEALTHCHECK_USER=demo@people.osaaf.org -HEALTHCHECK_PASSWORD=demo123456! +policy status diff --git a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh deleted file mode 100644 index ff7a64bdb9..0000000000 --- a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh +++ /dev/null @@ -1,107 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#!/bin/bash - -if [ "$#" -ne 4 ]; then - echo "Usage: $(basename $0) <k8s-host> <policy-pdp-node-port> <policy-drools-node-port> <resource-id>" - exit 1 -fi - -K8S_HOST=$1 -POLICY_PDP_PORT=$2 -POLICY_DROOLS_PORT=$3 -RESOURCE_ID=$4 - -echo -echo -echo "Removing the vFW Policy from PDP.." -echo -echo - -curl -v -k -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyComponent" : "PDP", - "policyName": "com.BRMSParamvFirewall", - "policyType": "BRMS_Param" -}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/deletePolicy - -sleep 20 - -echo - -echo -echo "Updating vFW Operational Policy .." -echo - -curl -v -k -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamvFirewall", - "policyDescription": "BRMS Param vFirewall policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller": "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+'${RESOURCE_ID}'%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/updatePolicy - -sleep 5 - -echo -echo -echo "Pushing the vFW Policy .." -echo -echo - -curl -v -k --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamvFirewall", - "policyType": "BRMS_Param" -}' https://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/pushPolicy - -sleep 20 - -echo -echo -echo "Restarting PDP-D .." -echo -echo - -POD=$(kubectl --namespace {{ include "common.namespace" . }} get pods | sed 's/ .*//'| grep drools) -kubectl --namespace {{ include "common.namespace" . }} exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 5 && policy start" - -sleep 20 - -echo -echo -echo "PDP-D amsterdam maven coordinates .." -echo -echo - -curl -vvv -k --silent --user "demo@people.osaaf.org:demo123456!" -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools | python -m json.tool - - -echo -echo -echo "PDP-D control loop updated .." -echo -echo - -curl -v -k --silent --user "demo@people.osaaf.org:demo123456!" -X GET https://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params | python -m json.tool diff --git a/kubernetes/policy/charts/drools/resources/secrets/credentials.conf b/kubernetes/policy/charts/drools/resources/secrets/credentials.conf new file mode 100644 index 0000000000..36d3c3b376 --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/secrets/credentials.conf @@ -0,0 +1,56 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +KEYSTORE_PASSWD={{.Values.keystore.password}} +TRUSTSTORE_PASSWD={{.Values.truststore.password}} + +TELEMETRY_USER={{.Values.telemetry.user}} +TELEMETRY_PASSWORD={{.Values.telemetry.password}} + +REPOSITORY_USERNAME={{.Values.nexus.user}} +REPOSITORY_PASSWORD={{.Values.nexus.password}} + +SQL_USER={{.Values.db.user}} +SQL_PASSWORD={{.Values.db.password}} + +PDPD_CONFIGURATION_API_KEY={{.Values.dmaap.brmsgw.key}} +PDPD_CONFIGURATION_API_SECRET={{.Values.dmaap.brmsgw.secret}} + +POLICY_PDP_PAP_API_KEY={{.Values.dmaap.pap.key}} +POLICY_PDP_PAP_API_SECRET={{.Values.dmaap.pap.secret}} + +PAP_USERNAME={{.Values.pap.user}} +PAP_PASSWORD={{.Values.pap.password}} + +PDP_USERNAME={{.Values.pdp.user}} +PDP_PASSWORD={{.Values.pdp.password}} + +AAI_USERNAME={{.Values.aai.user}} +AAI_PASSWORD={{.Values.aai.password}} + +SO_USERNAME={{.Values.so.user}} +SO_PASSWORD={{.Values.so.password}} + +VFC_USERNAME={{.Values.vfc.user}} +VFC_PASSWORD={{.Values.vfc.password}} + +SDNC_USERNAME={{.Values.sdnc.user}} +SDNC_PASSWORD={{.Values.sdnc.password}} + +HEALTHCHECK_USER={{.Values.telemetry.user}} +HEALTHCHECK_PASSWORD={{.Values.telemetry.password}} diff --git a/kubernetes/policy/charts/drools/templates/NOTES.txt b/kubernetes/policy/charts/drools/templates/NOTES.txt deleted file mode 100644 index fa0aa7d258..0000000000 --- a/kubernetes/policy/charts/drools/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/charts/drools/templates/configmap.yaml b/kubernetes/policy/charts/drools/templates/configmap.yaml index 1f9503130c..7daf473db2 100644 --- a/kubernetes/policy/charts/drools/templates/configmap.yaml +++ b/kubernetes/policy/charts/drools/templates/configmap.yaml @@ -19,4 +19,4 @@ metadata: name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} data: -{{ tpl (.Files.Glob "resources/config/opt/policy/config/drools/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/configmaps/*").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/charts/drools/templates/secrets.yaml b/kubernetes/policy/charts/drools/templates/secrets.yaml index e21084fe5d..31ba543c0e 100644 --- a/kubernetes/policy/charts/drools/templates/secrets.yaml +++ b/kubernetes/policy/charts/drools/templates/secrets.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018-2019 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,6 +23,8 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -data: -{{ (.Files.Glob "resources/config/opt/policy/config/drools/keys/*").AsSecrets | indent 2 }} type: Opaque +data: +{{- range $path, $bytes := .Files.Glob "resources/secrets/*" }} + {{ base $path }}: {{ tpl ($.Files.Get $path) $ | b64enc | quote }} +{{- end }} diff --git a/kubernetes/policy/charts/drools/templates/statefulset.yaml b/kubernetes/policy/charts/drools/templates/statefulset.yaml index beacbabd06..bb21ae14aa 100644 --- a/kubernetes/policy/charts/drools/templates/statefulset.yaml +++ b/kubernetes/policy/charts/drools/templates/statefulset.yaml @@ -78,15 +78,16 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /tmp/policy-install/config/feature-healthcheck.conf + {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }} + - mountPath: /tmp/policy-install/config/{{ base $path }} name: drools-secret - subPath: feature-healthcheck.conf - - mountPath: /tmp/policy-install/config/feature-pooling-dmaap.conf - name: drools-config - subPath: feature-pooling-dmaap.conf - - mountPath: /tmp/policy-install/config/base.conf + subPath: {{ base $path }} + {{- end }} + {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }} + - mountPath: /tmp/policy-install/config/{{ base $path }} name: drools-config - subPath: base.conf + subPath: {{ base $path }} + {{- end }} - mountPath: /var/log/onap name: policy-logs resources: @@ -125,18 +126,19 @@ spec: configMap: name: {{ include "common.fullname" . }}-configmap items: - - key: base.conf - path: base.conf - mode: 0755 - - key: feature-pooling-dmaap.conf - path: feature-pooling-dmaap.conf + {{- range $path, $bytes := .Files.Glob "resources/configmaps/*" }} + - key: {{ base $path }} + path: {{ base $path }} mode: 0755 + {{- end }} - name: drools-secret secret: secretName: {{ include "common.fullname" . }}-secret items: - - key: feature-healthcheck.conf - path: feature-healthcheck.conf + {{- range $path, $bytes := .Files.Glob "resources/secrets/*" }} + - key: {{ base $path }} + path: {{ base $path }} mode: 0644 + {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml index 21f9169462..74e0fe8e1c 100644 --- a/kubernetes/policy/charts/drools/values.yaml +++ b/kubernetes/policy/charts/drools/values.yaml @@ -23,21 +23,18 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 ubuntuImage: ubuntu:16.04 + ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pdpd-cl:1.5.1 +image: onap/policy-pdpd-cl:1.5.2 pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false -# application configuration -config: - nexusPort: 8081 - # default number of instances replicaCount: 1 @@ -71,6 +68,65 @@ service: ingress: enabled: false +# Default installation values to be overridden + +server: + jvmOpts: -server -Xms1024m -Xmx2048m + +aaf: + enabled: "true" + +keystore: + password: Pol1cy_0nap + +truststore: + password: Pol1cy_0nap + +telemetry: + user: demo@people.osaaf.org + password: demo123456! + +nexus: + nexus: admin + password: admin123 + port: 8081 + +db: + user: policy_user + password: policy_user + +pap: + user: healthcheck + password: zb!XztG34 + +pdp: + user: healthcheck + password: zb!XztG34 + +aai: + user: policy@policy.onap.org + password: demo123456! + +so: + user: InfraPortalClient + password: password1$ + +vfc: + user: + password: + +sdnc: + user: admin + password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + +dmaap: + brmsgw: + key: + password: + pap: + key: + password: + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/policy/charts/policy-apex-pdp/values.yaml b/kubernetes/policy/charts/policy-apex-pdp/values.yaml index 381c825311..1dd1d18409 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-apex-pdp/values.yaml @@ -29,7 +29,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-apex-pdp:2.2.1 +image: onap/policy-apex-pdp:2.2.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml index bace88fe70..3a55227d81 100644 --- a/kubernetes/policy/charts/policy-api/values.yaml +++ b/kubernetes/policy/charts/policy-api/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-api:2.1.1 +image: onap/policy-api:2.1.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-pap/values.yaml b/kubernetes/policy/charts/policy-pap/values.yaml index e3cb999af1..bcf08f20e8 100644 --- a/kubernetes/policy/charts/policy-pap/values.yaml +++ b/kubernetes/policy/charts/policy-pap/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pap:2.1.1 +image: onap/policy-pap:2.1.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml index 0f61c03939..161722b585 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-xacml-pdp:2.1.1 +image: onap/policy-xacml-pdp:2.1.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml index 31575ca40f..0637c040c0 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml @@ -64,8 +64,8 @@ service: type: NodePort name: sdnc-portal portName: sdnc-portal - internalPort: 8843 - externalPort: 8843 + internalPort: 8443 + externalPort: 8443 nodePort: "01" ingress: diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/charts/so-bpmn-infra/values.yaml index d004b12aa3..89b0eb4183 100755 --- a/kubernetes/so/charts/so-bpmn-infra/values.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/bpmn-infra:1.5.1 +image: onap/so/bpmn-infra:1.5.2 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml index 863d0318db..57b7fe50b2 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/catalog-db-adapter:1.5.1 +image: onap/so/catalog-db-adapter:1.5.2 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-monitoring/values.yaml b/kubernetes/so/charts/so-monitoring/values.yaml index f0b273c01c..7539e47af9 100644 --- a/kubernetes/so/charts/so-monitoring/values.yaml +++ b/kubernetes/so/charts/so-monitoring/values.yaml @@ -32,7 +32,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/so-monitoring:1.5.1 +image: onap/so/so-monitoring:1.5.2 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-openstack-adapter/values.yaml b/kubernetes/so/charts/so-openstack-adapter/values.yaml index 792fab90fc..c570f5eb45 100755 --- a/kubernetes/so/charts/so-openstack-adapter/values.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/values.yaml @@ -26,7 +26,7 @@ global: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/openstack-adapter:1.5.1 +image: onap/so/openstack-adapter:1.5.2 pullPolicy: Always repository: nexus3.onap.org:10001 diff --git a/kubernetes/so/charts/so-request-db-adapter/values.yaml b/kubernetes/so/charts/so-request-db-adapter/values.yaml index b440a0af8f..028d123a31 100755 --- a/kubernetes/so/charts/so-request-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-request-db-adapter/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/request-db-adapter:1.5.1 +image: onap/so/request-db-adapter:1.5.2 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-sdc-controller/values.yaml b/kubernetes/so/charts/so-sdc-controller/values.yaml index a6be6c5734..1259435ec9 100755 --- a/kubernetes/so/charts/so-sdc-controller/values.yaml +++ b/kubernetes/so/charts/so-sdc-controller/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/sdc-controller:1.5.1 +image: onap/so/sdc-controller:1.5.2 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-sdnc-adapter/values.yaml b/kubernetes/so/charts/so-sdnc-adapter/values.yaml index c0ae22324f..e48c9c93e2 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/sdnc-adapter:1.5.1 +image: onap/so/sdnc-adapter:1.5.2 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-vfc-adapter/values.yaml b/kubernetes/so/charts/so-vfc-adapter/values.yaml index 4bf6051a9f..1663fb350c 100755 --- a/kubernetes/so/charts/so-vfc-adapter/values.yaml +++ b/kubernetes/so/charts/so-vfc-adapter/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/vfc-adapter:1.5.1 +image: onap/so/vfc-adapter:1.5.2 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/charts/so-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-vnfm-adapter/values.yaml index 445154f717..d29bff28aa 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/values.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/values.yaml @@ -26,7 +26,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/vnfm-adapter:1.5.1 +image: onap/so/vnfm-adapter:1.5.2 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 9750efe265..ae126fa78e 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -43,7 +43,7 @@ global: # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 -image: onap/so/api-handler-infra:1.5.1 +image: onap/so/api-handler-infra:1.5.2 pullPolicy: Always replicaCount: 1 |