summaryrefslogtreecommitdiffstats
path: root/kubernetes/aaf/charts/aaf-cs
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/aaf/charts/aaf-cs')
-rw-r--r--kubernetes/aaf/charts/aaf-cs/.helmignore21
-rw-r--r--kubernetes/aaf/charts/aaf-cs/Chart.yaml4
-rw-r--r--kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/init.cql266
-rw-r--r--kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/keyspace.cql11
-rw-r--r--kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/osaaf.cql122
-rw-r--r--kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/temp_identity.cql8
-rw-r--r--kubernetes/aaf/charts/aaf-cs/templates/NOTES.txt19
-rw-r--r--kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml95
-rw-r--r--kubernetes/aaf/charts/aaf-cs/templates/secret.yaml22
-rw-r--r--kubernetes/aaf/charts/aaf-cs/templates/service.yaml62
-rw-r--r--kubernetes/aaf/charts/aaf-cs/values.yaml91
11 files changed, 721 insertions, 0 deletions
diff --git a/kubernetes/aaf/charts/aaf-cs/.helmignore b/kubernetes/aaf/charts/aaf-cs/.helmignore
new file mode 100644
index 0000000000..f0c1319444
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-cs/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/aaf/charts/aaf-cs/Chart.yaml b/kubernetes/aaf/charts/aaf-cs/Chart.yaml
new file mode 100644
index 0000000000..a0f05c4cf3
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-cs/Chart.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+description: ONAP AAF cassandra
+name: aaf-cs
+version: 2.0.0
diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/init.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/init.cql
new file mode 100644
index 0000000000..c06e5ee952
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/init.cql
@@ -0,0 +1,266 @@
+
+// Table Initialization
+// First make sure the keyspace exists.
+
+USE authz;
+
+//
+// CORE Table function
+//
+
+// Namespace - establish hierarchical authority to modify
+// Permissions and Roles
+// "scope" is flag to determine Policy. Typical important scope
+// is "company" (1)
+CREATE TABLE ns (
+ name varchar,
+ scope int, // deprecated 2.0.11
+ description varchar,
+ parent varchar,
+ type int,
+ PRIMARY KEY (name)
+);
+CREATE INDEX ns_parent on ns(parent);
+
+CREATE TABLE ns_attrib (
+ ns varchar,
+ key varchar,
+ value varchar,
+ PRIMARY KEY (ns,key)
+);
+create index ns_attrib_key on ns_attrib(key);
+
+// Will be cached
+CREATE TABLE role (
+ ns varchar,
+ name varchar,
+ perms set<varchar>, // Use "Key" of "name|type|action"
+ description varchar,
+ PRIMARY KEY (ns,name)
+);
+CREATE INDEX role_name ON role(name);
+
+// Will be cached
+CREATE TABLE perm (
+ ns varchar,
+ type varchar,
+ instance varchar,
+ action varchar,
+ roles set<varchar>, // Need to find Roles given Permissions
+ description varchar,
+ PRIMARY KEY (ns,type,instance,action)
+);
+
+// This table is user for Authorization
+CREATE TABLE user_role (
+ user varchar,
+ role varchar, // deprecated: change to ns/rname after 2.0.11
+ ns varchar,
+ rname varchar,
+ expires timestamp,
+ PRIMARY KEY(user,role)
+ );
+CREATE INDEX user_role_ns ON user_role(ns);
+CREATE INDEX user_role_role ON user_role(role);
+
+// This table is only for the case where return User Credential (MechID) Authentication
+CREATE TABLE cred (
+ id varchar,
+ type int,
+ expires timestamp,
+ ns varchar,
+ other int,
+ notes varchar,
+ cred blob,
+ prev blob,
+ PRIMARY KEY (id,type,expires)
+ );
+CREATE INDEX cred_ns ON cred(ns);
+
+// Certificate Cross Table
+// coordinated with CRED type 2
+CREATE TABLE cert (
+ fingerprint blob,
+ id varchar,
+ x500 varchar,
+ expires timestamp,
+ PRIMARY KEY (fingerprint)
+ );
+CREATE INDEX cert_id ON cert(id);
+CREATE INDEX cert_x500 ON cert(x500);
+
+CREATE TABLE notify (
+ user text,
+ type int,
+ last timestamp,
+ checksum int,
+ PRIMARY KEY (user,type)
+);
+
+CREATE TABLE x509 (
+ ca text,
+ serial blob,
+ id text,
+ x500 text,
+ x509 text,
+ PRIMARY KEY (ca,serial)
+);
+
+
+CREATE INDEX x509_id ON x509 (id);
+CREATE INDEX x509_x500 ON x509 (x500);
+
+//
+// Deployment Artifact (for Certman)
+//
+CREATE TABLE artifact (
+ mechid text,
+ machine text,
+ type Set<text>,
+ sponsor text,
+ ca text,
+ dir text,
+ os_user text,
+ ns text,
+ notify text,
+ expires timestamp,
+ renewDays int,
+ sans Set<text>,
+ PRIMARY KEY (mechid,machine)
+);
+CREATE INDEX artifact_machine ON artifact(machine);
+CREATE INDEX artifact_ns ON artifact(ns);
+
+//
+// Non-Critical Table functions
+//
+// Table Info - for Caching
+CREATE TABLE cache (
+ name varchar,
+ seg int, // cache Segment
+ touched timestamp,
+ PRIMARY KEY(name,seg)
+);
+
+CREATE TABLE history (
+ id timeuuid,
+ yr_mon int,
+ user varchar,
+ action varchar,
+ target varchar, // user, user_role,
+ subject varchar, // field for searching main portion of target key
+ memo varchar, //description of the action
+ reconstruct blob, //serialized form of the target
+ // detail Map<varchar, varchar>, // additional information
+ PRIMARY KEY (id)
+);
+CREATE INDEX history_yr_mon ON history(yr_mon);
+CREATE INDEX history_user ON history(user);
+CREATE INDEX history_subject ON history(subject);
+
+//
+// A place to hold objects to be created at a future time.
+//
+CREATE TABLE future (
+ id uuid, // uniquify
+ target varchar, // Target Table
+ memo varchar, // Description
+ start timestamp, // When it should take effect
+ expires timestamp, // When not longer valid
+ construct blob, // How to construct this object (like History)
+ PRIMARY KEY(id)
+);
+CREATE INDEX future_idx ON future(target);
+CREATE INDEX future_start_idx ON future(start);
+
+
+CREATE TABLE approval (
+ id timeuuid, // unique Key
+ ticket uuid, // Link to Future Record
+ user varchar, // the user who needs to be approved
+ approver varchar, // user approving
+ type varchar, // approver types i.e. Supervisor, Owner
+ status varchar, // approval status. pending, approved, denied
+ memo varchar, // Text for Approval to know what's going on
+ operation varchar, // List operation to perform
+ last_notified timestamp, // Timestamp for the last time approver was notified
+ PRIMARY KEY(id)
+ );
+CREATE INDEX appr_approver_idx ON approval(approver);
+CREATE INDEX appr_user_idx ON approval(user);
+CREATE INDEX appr_ticket_idx ON approval(ticket);
+CREATE INDEX appr_status_idx ON approval(status);
+
+CREATE TABLE approved (
+ id timeuuid, // unique Key
+ user varchar, // the user who needs to be approved
+ approver varchar, // user approving
+ type varchar, // approver types i.e. Supervisor, Owner
+ status varchar, // approval status. pending, approved, denied
+ memo varchar, // Text for Approval to know what's going on
+ operation varchar, // List operation to perform
+ PRIMARY KEY(id)
+ );
+CREATE INDEX approved_approver_idx ON approved(approver);
+CREATE INDEX approved_user_idx ON approved(user);
+
+CREATE TABLE delegate (
+ user varchar,
+ delegate varchar,
+ expires timestamp,
+ PRIMARY KEY (user)
+);
+CREATE INDEX delg_delg_idx ON delegate(delegate);
+
+// OAuth Tokens
+CREATE TABLE oauth_token (
+ id text, // Reference
+ client_id text, // Creating Client ID
+ user text, // User requesting
+ active boolean, // Active or not
+ type int, // Type of Token
+ refresh text, // Refresh Token
+ expires timestamp, // Expiration time/Date (signed long)
+ exp_sec bigint, // Seconds from Jan 1, 1970
+ content text, // Content of Token
+ scopes Set<text>, // Scopes
+ state text, // Context string (Optional)
+ req_ip text, // Requesting IP (for logging purpose)
+ PRIMARY KEY(id)
+) with default_time_to_live = 21600; // 6 hours
+CREATE INDEX oauth_token_user_idx ON oauth_token(user);
+
+CREATE TABLE locate (
+ name text, // Component/Server name
+ hostname text, // FQDN of Service/Component
+ port int, // Port of Service
+ major int, // Version, Major
+ minor int, // Version, Minor
+ patch int, // Version, Patch
+ pkg int, // Version, Package (if available)
+ latitude float, // Latitude
+ longitude float, // Longitude
+ protocol text, // Protocol (i.e. http https)
+ subprotocol set<text>, // Accepted SubProtocols, ie. TLS1.1 for https
+ port_key uuid, // Key into locate_ports
+ PRIMARY KEY(name,hostname,port)
+) with default_time_to_live = 1200; // 20 mins
+
+CREATE TABLE locate_ports (
+ id uuid, // Id into locate
+ port int, // SubPort
+ name text, // Name of Other Port
+ protocol text, // Protocol of Other (i.e. JMX, DEBUG)
+ subprotocol set<text>, // Accepted sub protocols or versions
+ PRIMARY KEY(id, port)
+) with default_time_to_live = 1200; // 20 mins;
+
+//
+// Used by authz-batch processes to ensure only 1 runs at a time
+//
+CREATE TABLE run_lock (
+ class text,
+ host text,
+ start timestamp,
+ PRIMARY KEY ((class))
+);
diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/keyspace.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/keyspace.cql
new file mode 100644
index 0000000000..52dc5ea77e
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/keyspace.cql
@@ -0,0 +1,11 @@
+// For Developer Machine single instance
+// CREATE KEYSPACE authz
+// WITH REPLICATION = {'class' : 'SimpleStrategy','replication_factor':1};
+//
+//
+
+// Example of Network Topology, with Datacenter dc1 & dc2
+// CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'dc1': '2', 'dc2': '2' };
+// Out of the box Docker Cassandra comes with "datacenter1", one instance
+CREATE KEYSPACE authz WITH replication = { 'class': 'NetworkTopologyStrategy', 'datacenter1': '1' };
+//
diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/osaaf.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/osaaf.cql
new file mode 100644
index 0000000000..e7385ab69d
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/osaaf.cql
@@ -0,0 +1,122 @@
+USE authz;
+
+// Create 'org' root NS
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org','Root Namespace','.',1,1);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org','admin',{'org.access|*|*'},'Org Admins');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org','owner',{'org.access|*|read,approve'},'Org Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org','access','*','read,approve',{'org.owner'},'Org Read Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org','access','*','*',{'org.admin'},'Org Write Access');
+
+// Create Root pass
+INSERT INTO cred (id,ns,type,cred,expires)
+ VALUES ('initial@osaaf.org','org.osaaf',1,0x008c5926ca861023c1d2a36653fd88e2,'2099-12-31') using TTL 14400;
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('initial@osaaf.org','org.admin','2099-12-31','org','admin') using TTL 14400;
+
+
+// Create org.osaaf
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org.osaaf','OSAAF Namespace','org',2,2);
+
+INSERT INTO role(ns, name, perms,description)
+ VALUES('org.osaaf','admin',{'org.osaaf.access|*|*'},'OSAAF Admins');
+
+INSERT INTO perm(ns, type, instance, action, roles,description)
+ VALUES ('org.osaaf','access','*','*',{'org.osaaf.admin'},'OSAAF Write Access');
+
+INSERT INTO role(ns, name, perms,description)
+ VALUES('org.osaaf','owner',{'org.osaaf.access|*|read,approve'},'OSAAF Owners');
+
+INSERT INTO perm(ns, type, instance, action, roles,description)
+ VALUES ('org.osaaf','access','*','read,appove',{'org.osaaf.owner'},'OSAAF Read Access');
+
+// Create org.osaaf.aaf
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org.osaaf.aaf','Application Authorization Framework','org.osaaf',3,3);
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.osaaf.aaf','admin',{'org.osaaf.aaf.access|*|*'},'AAF Admins');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.osaaf.aaf','access','*','*',{'org.osaaf.aaf.admin'},'AAF Write Access');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.osaaf.aaf','access','*','read,approve',{'org.osaaf.aaf.owner'},'AAF Read Access');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.osaaf.aaf','owner',{'org.osaaf.aaf.access|*|read,approve'},'AAF Owners');
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('initial@osaaf.org','org.osaaf.aaf.admin','2099-12-31','org.osaaf.aaf','admin') using TTL 14400;
+
+
+// ONAP Specific Entities
+// ONAP initial env Namespace
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org.onap','ONAP','org',2,2);
+
+INSERT INTO ns (name,description,parent,scope,type)
+ VALUES('org.onap.portal','ONAP Portal','org.onap.portal',3,3);
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.onap.portal','access','*','read',{
+ 'org.onap.portal.owner','org.onap.portal.designer','org.onap.portal.tester','org.onap.portal.ops','org.onap.portal.governor'
+ },'Portal Read Access');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','owner',{'org.onap.portal.access|*|read'},'Portal Owner');
+
+INSERT INTO perm(ns, type, instance, action, roles, description)
+ VALUES ('org.onap.portal','access','*','*',{'org.onap.portal.admin'},'Portal Write Access');
+
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','admin',{'org.onap.portal.access|*|*'},'Portal Admins');
+
+// DEMO ID (OPS)
+insert into cred (id,type,expires,cred,notes,ns,other) values('demo@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('demo@people.osaaf.org','org.onap.portal.admin','2018-10-31','org.onap.portal','admin');
+
+// ADMIN
+insert into cred (id,type,expires,cred,notes,ns,other) values('jh0003@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('jh0003@people.osaaf.org','org.onap.portal.admin','2018-10-31','org.onap.portal','admin');
+
+// DESIGNER
+INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('cs0008@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','designer',{'org.onap.portal.access|*|read'},'Portal Designer');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('cs0008@people.osaaf.org','org.onap.portal.designer','2018-10-31','org.onap.portal','designer');
+
+// TESTER
+INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('jm0007@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','tester',{'org.onap.portal.access|*|read'},'Portal Tester');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('jm0007@people.osaaf.org','org.onap.portal.tester','2018-10-31','org.onap.portal','tester');
+
+// OPS
+INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('op0001@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','ops',{'org.onap.portal.access|*|read'},'Portal Operations');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('op0001@people.osaaf.org','org.onap.portal.ops','2018-10-31','org.onap.portal','ops');
+
+// GOVERNOR
+INSERT INTO cred (id,type,expires,cred,notes,ns,other) values('gv0001@people.osaaf.org',2,'2019-05-01',0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95,'Initial ID','org.osaaf.people',53344);
+INSERT INTO role(ns, name, perms, description)
+ VALUES('org.onap.portal','governor',{'org.onap.portal.access|*|read'},'Portal Governor');
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('gv0001@people.osaaf.org','org.onap.portal.governor','2018-10-31','org.onap.portal','governor');
+
diff --git a/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/temp_identity.cql b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/temp_identity.cql
new file mode 100644
index 0000000000..5e7cfe1741
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-cs/resources/config/aaf-cs-data/temp_identity.cql
@@ -0,0 +1,8 @@
+USE authz;
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('demo@people.osaaf.org','org.admin','2099-12-31','org','admin') ;
+
+INSERT INTO user_role(user,role,expires,ns,rname)
+ VALUES ('demo@people.osaaf.org','org.osaaf.aaf.admin','2099-12-31','org.osaaf.aaf','admin') ;
+
diff --git a/kubernetes/aaf/charts/aaf-cs/templates/NOTES.txt b/kubernetes/aaf/charts/aaf-cs/templates/NOTES.txt
new file mode 100644
index 0000000000..c60c745ca3
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-cs/templates/NOTES.txt
@@ -0,0 +1,19 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+ http://{{ . }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ echo "Visit http://127.0.0.1:8080 to use your application"
+ kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
+{{- end }}
diff --git a/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml b/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml
new file mode 100644
index 0000000000..4253d2fb71
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-cs/templates/deployment.yaml
@@ -0,0 +1,95 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ hostname: {{ include "common.name" . }}
+ containers:
+ - args:
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}
+ ports:
+ - containerPort: {{ .Values.service.externalPort }}
+ - containerPort: {{ .Values.service.externalPort2 }}
+ - containerPort: {{ .Values.service.externalPort3 }}
+ - containerPort: {{ .Values.service.externalPort4 }}
+ volumeMounts:
+ - mountPath: /data
+ name: aaf-cs-data
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort3 }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort3 }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ lifecycle:
+ postStart:
+ exec:
+ command:
+ - /bin/sh
+ - -c
+ - >
+ /bin/sleep 30;
+ cd /data/;
+ cqlsh -u root -p root -f keyspace.cql ;
+ cqlsh -u root -p root -f init.cql ;
+ cqlsh -u root -p root -f osaaf.cql ;
+ cqlsh -u root -p root -f temp_identity.cql
+ resources:
+{{ toYaml .Values.resources | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: aaf-cs-data
+ secret:
+ secretName: {{ include "common.fullname" . }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aaf/charts/aaf-cs/templates/secret.yaml b/kubernetes/aaf/charts/aaf-cs/templates/secret.yaml
new file mode 100644
index 0000000000..4ae60f17c9
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-cs/templates/secret.yaml
@@ -0,0 +1,22 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+{{ (.Files.Glob "resources/config/aaf-cs-data/*").AsSecrets | indent 2 }}
diff --git a/kubernetes/aaf/charts/aaf-cs/templates/service.yaml b/kubernetes/aaf/charts/aaf-cs/templates/service.yaml
new file mode 100644
index 0000000000..b1716e4936
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-cs/templates/service.yaml
@@ -0,0 +1,62 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+# annotations:
+# service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ #Example internal target port if required
+ #targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.externalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName }}2
+ - port: {{ .Values.service.externalPort3 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
+ name: {{ .Values.service.portName }}3
+ - port: {{ .Values.service.externalPort4 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+ name: {{ .Values.service.portName }}4
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName }}2
+ - port: {{ .Values.service.externalPort3 }}
+ targetPort: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.portName }}3
+ - port: {{ .Values.service.externalPort4 }}
+ targetPort: {{ .Values.service.internalPort4 }}
+ name: {{ .Values.service.portName }}4
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ clusterIP: None
diff --git a/kubernetes/aaf/charts/aaf-cs/values.yaml b/kubernetes/aaf/charts/aaf-cs/values.yaml
new file mode 100644
index 0000000000..6d5ed6c2ad
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-cs/values.yaml
@@ -0,0 +1,91 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: library/cassandra:3.11
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config: {}
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ name: aaf-cass
+ type: ClusterIP
+ portName: aaf-cs
+ #targetPort
+ internalPort: 7000
+ #port
+ externalPort: 7000
+
+ internalPort2: 7001
+ externalPort2: 7001
+ internalPort3: 9042
+ externalPort3: 9042
+ internalPort4: 9160
+ externalPort4: 9160
+
+ingress:
+ enabled: false
+
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+#resources:
+# limits:
+# cpu: 2
+# memory: 4Gi
+# requests:
+# cpu: 2
+# memory: 4Gi