diff options
Diffstat (limited to 'kubernetes/aai')
45 files changed, 390 insertions, 1229 deletions
diff --git a/kubernetes/aai/Chart.yaml b/kubernetes/aai/Chart.yaml index 77078332c9..e9dac7a47f 100644 --- a/kubernetes/aai/Chart.yaml +++ b/kubernetes/aai/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: ONAP Active and Available Inventory name: aai -version: 15.0.1 +version: 15.0.2 dependencies: - name: common diff --git a/kubernetes/aai/components/aai-babel/Chart.yaml b/kubernetes/aai/components/aai-babel/Chart.yaml index 2d0a78bde4..376a7dd0f3 100644 --- a/kubernetes/aai/components/aai-babel/Chart.yaml +++ b/kubernetes/aai/components/aai-babel/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: Babel microservice name: aai-babel -version: 15.0.1 +version: 15.0.2 dependencies: - name: common diff --git a/kubernetes/aai/components/aai-babel/resources/config/application.properties b/kubernetes/aai/components/aai-babel/resources/config/application.properties index b28a4e7c6c..8c7e91ab84 100644 --- a/kubernetes/aai/components/aai-babel/resources/config/application.properties +++ b/kubernetes/aai/components/aai-babel/resources/config/application.properties @@ -25,11 +25,11 @@ logging.config=${CONFIG_HOME}/logback.xml tosca.mappings.config=${CONFIG_HOME}/tosca-mappings.json spring.application.name=aai-babel -spring.sleuth.enabled=true -spring.zipkin.baseUrl={{ .Values.tracing.collector.baseUrl }} +spring.sleuth.enabled={{ default .Values.global.tracing.enabled .Values.tracing.enabled }} +spring.zipkin.baseUrl={{ default .Values.global.tracing.collector.baseUrl .Values.tracing.collector.baseUrl }} spring.sleuth.messaging.jms.enabled = false spring.sleuth.trace-id128=true -spring.sleuth.sampler.probability={{ .Values.tracing.sampling.probability }} +spring.sleuth.sampler.probability={{ default .Values.global.tracing.sampling.probability .Values.tracing.collector.baseUrl }} spring.sleuth.propagation.type=w3c, b3 spring.sleuth.supports-join=false diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml index 782ed1226c..57f770b845 100644 --- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml @@ -19,7 +19,7 @@ apiVersion: apps/v1 kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }} spec: selector: {{- include "common.selectors" . | nindent 4 }} {{- if .Values.debug.enabled }} diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index 2a57bb23cc..cfe70ffc76 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -18,7 +18,13 @@ ################################################################# # Global configuration defaults. ################################################################# -global: {} +global: + tracing: + enabled: false + collector: + baseUrl: http://jaeger-collector.istio-system:9411 + sampling: + probability: 1.0 ################################################################# # Application configuration defaults. @@ -33,7 +39,7 @@ flavor: small replicaCount: 1 # number of ReplicaSets that should be retained for the Deployment -revisionHistoryLimit: 2 +revisionHistoryLimit: 1 updateStrategy: type: RollingUpdate @@ -84,24 +90,27 @@ resources: small: limits: cpu: "1" - memory: "3Gi" + memory: "2500Mi" requests: - cpu: "200m" + cpu: "100m" memory: "1Gi" large: limits: cpu: "4" - memory: "6Gi" + memory: "4Gi" requests: cpu: "1" - memory: "2Gi" + memory: "1Gi" unlimited: {} +## +## Use this to override the global defaults tracing: - collector: - baseUrl: http://jaeger-collector.istio-system:9411 - sampling: - probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) +# enabled: false + collector: {} +# baseUrl: http://jaeger-collector.istio-system:9411 + sampling: {} +# probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) # adds jvm args for remote debugging the application debug: diff --git a/kubernetes/aai/components/aai-graphadmin/Chart.yaml b/kubernetes/aai/components/aai-graphadmin/Chart.yaml index 13315415f2..4a7df8e94b 100644 --- a/kubernetes/aai/components/aai-graphadmin/Chart.yaml +++ b/kubernetes/aai/components/aai-graphadmin/Chart.yaml @@ -22,7 +22,7 @@ apiVersion: v2 description: ONAP AAI GraphAdmin name: aai-graphadmin -version: 15.0.1 +version: 15.0.2 dependencies: - name: common diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties index cf9164295a..ae49aa03a9 100644 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties @@ -31,8 +31,8 @@ aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/ {{- if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }} aai.tools.enableBasicAuth=true -aai.tools.username={{ .Values.global.config.basic.auth.username }} -aai.tools.password={{ .Values.global.config.basic.auth.passwd }} +aai.tools.username={{ (index .Values.global.config.basic.auth.users 0).username }} +aai.tools.password={{ (index .Values.global.config.basic.auth.users 0).password }} {{- end }} aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} @@ -94,6 +94,7 @@ aai.datagrooming.enabledupecheckoff=false aai.datagrooming.enableghost2checkoff=false aai.datagrooming.enableghost2fixon=false aai.datagrooming.enablef=false +aai.datagrooming.enableskipindexupdatefix=true # used by the dataGrooming to set values aai.datagrooming.timewindowminutesvalue=10500 diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties index cc6b5677c5..50c320ab30 100644 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties @@ -38,24 +38,18 @@ spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSou spring.profiles.active={{ .Values.config.profiles.active }} spring.jersey.application-path=${schema.uri.base.path} #The max number of active threads in this pool -server.tomcat.max-threads=200 +server.tomcat.max-threads=50 #The minimum number of threads always kept alive -server.tomcat.min-Spare-Threads=25 +server.tomcat.min-Spare-Threads=5 #The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads server.tomcat.max-idle-time=60000 # If you get an application startup failure that the port is already taken # If thats not it, please check if the key-store file path makes sense server.local.startpath=/opt/app/aai-graphadmin/resources/ -server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8449 -security.require-ssl=false -server.ssl.enabled=false -# JMS bind address host port -jms.bind.address=tcp://localhost:61649 -# dmaap is deprecated now kafka is used spring.kafka.producer.bootstrap-servers=${BOOTSTRAP_SERVERS} spring.kafka.producer.properties.security.protocol=SASL_PLAINTEXT spring.kafka.producer.properties.sasl.mechanism=SCRAM-SHA-512 @@ -119,3 +113,10 @@ management.security.enabled=false # This does the same as the /echo endpoint, # but doesn't show up in micrometer metrics aai.actuator.echo.enabled={{ .Values.actuator.echo.enabled }} + +aai.graph.properties.path=${server.local.startpath}/etc/appprops/janusgraph-realtime.properties +aai.basic-auth.enabled={{ .Values.global.config.basic.auth.enabled }} +{{- range $index, $user := .Values.global.config.basic.auth.users }} +aai.basic-auth.users[{{ $index }}].username={{ $user.username }} +aai.basic-auth.users[{{ $index }}].password={{ $user.password }} +{{- end }} diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml b/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml index 5825a722ae..55ed90daf5 100644 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml @@ -1171,6 +1171,7 @@ <logger name="org.zookeeper" level="WARN"/> <logger name="com.netflix" level="WARN"/> <logger name="org.janusgraph" level="WARN"/> + <logger name="org.janusgraph.graphdb.transaction" level="ERROR" /> <logger name="com.att.aft.dme2" level="WARN"/> <!-- ============================================================================ --> <!-- General EELF logger --> diff --git a/kubernetes/aai/components/aai-graphadmin/templates/_helpers.tpl b/kubernetes/aai/components/aai-graphadmin/templates/_helpers.tpl new file mode 100644 index 0000000000..a6c414517b --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/templates/_helpers.tpl @@ -0,0 +1,42 @@ +{{- define "aai.waitForSchemaCreation" -}} +- name: wait-for-schema-creation + image: "{{ include "repositoryGenerator.image.curl" . }}" + imagePullPolicy: IfNotPresent + command: ["/bin/sh", "-c"] + args: + - | + URL="{{ required "URL is required" (.Values.schemaInitCheckURL | default "http://aai-graphadmin:8449/isSchemaInitialized") }}" + AUTH="{{ printf "%s:%s" (index .Values.global.config.basic.auth.users 0).username (index .Values.global.config.basic.auth.users 0).password }}" + while true; do + RESPONSE=$(curl -u $AUTH -s $URL) + if [ "$RESPONSE" = "true" ]; then + echo "Request successful. Schema is initialized." + exit 0 + else + echo "Request unsuccessful. Schema is not yet initialized. Retrying in 3 seconds..." + sleep 3 + fi + done + {{ include "common.containerSecurityContext" . | indent 2 | trim }} +{{- end -}} + +{{- define "aai.waitForSchemaService" -}} +- name: wait-for-schema-service + image: "{{ include "repositoryGenerator.image.curl" . }}" + imagePullPolicy: IfNotPresent + command: ["/bin/sh", "-c"] + args: + - | + URL="{{ required "URL is required" (.Values.schemaInitCheckURL | default "http://aai-schema-service:8452/aai/schema-service/util/echo") }}" + AUTH="{{ printf "%s:%s" (index .Values.global.config.basic.auth.users 0).username (index .Values.global.config.basic.auth.users 0).password }}" + while true; do + if curl --fail --header 'X-FromAppId: graphadmin' --header 'X-TransactionId: someTransaction' -u $AUTH -s $URL; then + echo "Request successful. Schema-service is available" + exit 0 + else + echo "Request unsuccessful. Schema-service is not available yet. Retrying in 3 seconds..." + sleep 3 + fi + done + {{ include "common.containerSecurityContext" . | indent 2 | trim }} +{{- end -}} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml index 991727d7c6..92fea15055 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml @@ -23,7 +23,7 @@ */}} apiVersion: apps/v1 kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }} spec: {{- if .Values.config.debug.enabled }} replicas: 1 @@ -47,7 +47,64 @@ spec: terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} {{- if .Values.global.initContainers.enabled }} initContainers: - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForWithCreateSchemaDisabled ) | indent 6 | trim}} + {{- if not .Values.createDbSchemaViaJob.enabled }} + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForCassandraService ) | indent 8 | trim }} + - name: {{ include "common.name" . }}-create-db-schema + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{ include "common.containerSecurityContext" . | nindent 10 | trim }} + command: + - sh + args: + - -c + - | + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} + sh docker-entrypoint.sh createDBSchema.sh; + {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }} + env: + {{- if .Values.config.debug.enabled }} + - name: JVM_OPTS + value: {{ .Values.config.debug.args | quote }} + {{- end }} + {{- if .Values.config.env }} + {{- range $key,$value := .Values.config.env }} + - name: {{ $key | upper | quote}} + value: {{ $value | quote}} + {{- end }} + {{- end }} + - name: BOOTSTRAP_SERVERS + value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 + - name: JAAS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-{{ .Values.global.aaiGraphKafkaUser }} + key: sasl.jaas.config + {{- if .Values.config.debug.enabled }} + ports: + - containerPort: {{ .Values.service.debugPort }} + name: {{ .Values.service.debugPortName }} + {{- end }} + volumeMounts: + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties + name: config + subPath: janusgraph-realtime.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties + name: properties + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-GA + name: logs + - mountPath: /opt/app/aai-graphadmin/resources/logback.xml + name: config + subPath: logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml + name: config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/application.properties + name: properties + subPath: application.properties + resources: {{ include "common.resources" . | nindent 12 }} + {{- end }} {{- end }} {{ include "common.podSecurityContext" . | indent 6 | trim }} containers: @@ -62,13 +119,6 @@ spec: value: {{ $value | quote}} {{- end }} {{- end }} - {{- if eq .Values.flavor "small" }} - - name: MAX_HEAP_SIZE - value: {{ .Values.small.maxHeapSize | quote }} - {{- else if eq .Values.flavor "large" }} - - name: MAX_HEAP_SIZE - value: {{ .Values.large.maxHeapSize | quote }} - {{- end }} - name: INTERNAL_PORT_1 value: {{ .Values.service.appPort | quote }} - name: INTERNAL_PORT_2 @@ -170,13 +220,12 @@ spec: resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} + {{ toYaml .Values.nodeSelector | indent 8 }} {{- end -}} {{- if .Values.affinity }} affinity: -{{ toYaml .Values.affinity | indent 8 }} + {{ toYaml .Values.affinity | indent 8 }} {{- end }} - # side car containers {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml index 1cc431c94f..6366e0626b 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml @@ -42,10 +42,9 @@ metadata: name: {{ include "common.fullname" . }}-db-backup namespace: {{ include "common.namespace" . }} labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 4 }} - annotations: - "helm.sh/hook": pre-upgrade,pre-install - "helm.sh/hook-weight": "2" - "helm.sh/hook-delete-policy": before-hook-creation + {{- if .Values.jobAnnotations.backup }} + annotations: {{- include "common.tplValue" (dict "value" .Values.jobAnnotations.backup "context" $) | nindent 4 }} + {{- end }} spec: backoffLimit: 20 template: diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml index 19e62ae7c4..fc35966f79 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml @@ -34,6 +34,8 @@ # then it is your job to ensure that there are no connections to the database */}} +{{/* the new default is schema creation via graphadmin init container. This will be removed in the future. */}} +{{- if .Values.createDbSchemaViaJob.enabled }} {{- if and ( not .Values.global.jobs.migration.enabled ) ( .Values.global.jobs.createSchema.enabled ) }} apiVersion: batch/v1 kind: Job @@ -41,6 +43,9 @@ metadata: name: {{ include "common.fullname" . }}-create-db-schema namespace: {{ include "common.namespace" . }} labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 4 }} + {{- if .Values.jobAnnotations.createDBSchema }} + annotations: {{- include "common.tplValue" (dict "value" .Values.jobAnnotations.createDBSchema "context" $) | nindent 4 }} + {{- end }} spec: backoffLimit: 20 template: @@ -48,14 +53,12 @@ spec: labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 8 }} name: {{ include "common.name" . }} spec: - initContainers: - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForWithCreateSchemaDisabled) | indent 6 | trim }} {{ include "common.podSecurityContext" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }}-job image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - {{ include "common.containerSecurityContext" . | indent 8 | trim }} + {{ include "common.containerSecurityContext" . | nindent 8 | trim }} command: - sh args: @@ -81,8 +84,8 @@ spec: secretKeyRef: name: {{ include "common.release" . }}-{{ .Values.global.aaiGraphKafkaUser }} key: sasl.jaas.config - ports: {{- if .Values.config.debug.enabled }} + ports: - containerPort: {{ .Values.service.debugPort }} name: {{ .Values.service.debugPortName }} {{- end }} @@ -125,4 +128,5 @@ spec: name: {{ include "common.fullname" . }}-properties restartPolicy: Never {{- include "common.imagePullSecrets" . | nindent 6 }} -{{ end }} +{{- end }} +{{- end }} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml index f6f2f8b1a7..fcfb479965 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml @@ -42,10 +42,9 @@ metadata: name: {{ include "common.fullname" . }}-migration namespace: {{ include "common.namespace" . }} labels: {{- include "common.labels" (dict "labels" .Values.labels "ignoreHelmChart" .Values.ignoreHelmChart "dot" . "suffix" "job") | nindent 4 }} - annotations: - "helm.sh/hook": post-upgrade,post-rollback,post-install - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": before-hook-creation + {{- if .Values.jobAnnotations.migration }} + annotations: {{- include "common.tplValue" (dict "value" .Values.jobAnnotations.migration "context" $) | nindent 4 }} + {{- end }} spec: backoffLimit: 20 template: diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index a2727757cf..ca8cc5829c 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -55,8 +55,11 @@ global: # global defaults basic: auth: enabled: true - username: AAI - passwd: AAI + users: + - username: aai@aai.onap.org + password: demo123456! + - username: AAI + password: AAI # Notification event specific properties notification: eventType: AAI-EVENT @@ -81,11 +84,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v29 + default: v30 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30 # Specifies from which version related link should appear related: link: v11 @@ -103,7 +106,7 @@ global: # global defaults clients: SDNC,-1|MSO,-1|SO,-1|robot-ete,-1 # application image -image: onap/aai-graphadmin:1.15.2 +image: onap/aai-graphadmin:1.15.6 pullPolicy: Always restartPolicy: Always flavor: small @@ -112,7 +115,7 @@ flavor: small replicaCount: 1 # number of ReplicaSets that should be retained for the Deployment -revisionHistoryLimit: 2 +revisionHistoryLimit: 1 # the minimum number of seconds that a newly created Pod should be ready minReadySeconds: 30 @@ -141,7 +144,7 @@ config: # config override for the cassandra driver # see: https://docs.janusgraph.org/master/configs/configuration-reference/#storagecqlinternal cassandraDriver: - configuration: advanced.metadata.schema.debouncer.window = 1 second + configuration: advanced.metadata.schema.debouncer.window = 2 second # Default maximum records to fix for the data grooming and dupeTool maxFix: dataGrooming: 150 @@ -196,7 +199,9 @@ config: - "-Djava.rmi.server.hostname=127.0.0.1" env: BOOTSTRAP_SERVERS: onap-strimzi-kafka-bootstrap:9092 - + DATA_SNAPSHOT_TASKS_ENABLED: false + DATA_SNAPSHOT_CLEANUP_ENABLED: false + HISTORY_TRUNCATE_TASK_ENABLED: false nodeSelector: {} @@ -205,7 +210,7 @@ affinity: {} # probe configuration parameters liveness: enabled: true - path: /actuator/health/liveness + path: /actuator/health periodSeconds: 10 readiness: @@ -221,19 +226,14 @@ actuator: echo: enabled: true +## Can be used to restore the old behaviour of having a separate job for schema creation +createDbSchemaViaJob: + enabled: false + readinessCheck: - waitForWithCreateSchemaEnabled: + waitForSchemaCreationJob: jobs: - '{{ include "common.release" . }}-aai-graphadmin-create-db-schema' - waitForWithCreateSchemaDisabled: - services: - - '{{ .Values.global.cassandra.serviceName }}' - - aai-schema-service - waitForCassandra: - containers: - - aai-schema-service - apps: - - cassandra waitForLocalCassandra: containers: - aai-schema-service @@ -319,13 +319,6 @@ resources: memory: "4Gi" unlimited: {} -# define the heap size for the JVM -# according to the resource flavor -small: - maxHeapSize: "1g" -large: - maxHeapSize: "5g" - metrics: serviceMonitor: enabled: true @@ -394,3 +387,13 @@ volumes: podAnnotations: checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}' + +jobAnnotations: + backup: + "helm.sh/hook": pre-upgrade,pre-rollback,post-install + "helm.sh/hook-weight": "2" + "helm.sh/hook-delete-policy": before-hook-creation + migration: + "helm.sh/hook": pre-upgrade,pre-rollback,post-install + "helm.sh/hook-weight": "2" + "helm.sh/hook-delete-policy": before-hook-creation diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml index 6c8cdb7d31..eae505458e 100644 --- a/kubernetes/aai/components/aai-modelloader/values.yaml +++ b/kubernetes/aai/components/aai-modelloader/values.yaml @@ -109,7 +109,7 @@ resources: unlimited: {} tracing: - enabled: true + enabled: false collector: baseUrl: http://jaeger-collector.istio-system:9411 sampling: diff --git a/kubernetes/aai/components/aai-resources/Chart.yaml b/kubernetes/aai/components/aai-resources/Chart.yaml index c83a28671c..44b54bc3d3 100644 --- a/kubernetes/aai/components/aai-resources/Chart.yaml +++ b/kubernetes/aai/components/aai-resources/Chart.yaml @@ -18,7 +18,7 @@ apiVersion: v2 description: ONAP AAI resources name: aai-resources -version: 15.0.1 +version: 15.0.2 dependencies: - name: common @@ -32,4 +32,4 @@ dependencies: repository: '@local' - name: readinessCheck version: ~13.x-0 - repository: '@local'
\ No newline at end of file + repository: '@local' diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties index 6392a8e0b0..4985a97dba 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties @@ -45,8 +45,8 @@ aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/ {{ if .Values.global.config.basic.auth.enabled }} aai.tools.enableBasicAuth=true -aai.tools.username={{ .Values.global.config.basic.auth.username }} -aai.tools.password={{ .Values.global.config.basic.auth.passwd }} +aai.tools.username={{ (index .Values.global.config.basic.auth.users 0).username }} +aai.tools.password={{ (index .Values.global.config.basic.auth.users 0).password }} {{ end }} aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} diff --git a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties deleted file mode 100644 index 738634d230..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties +++ /dev/null @@ -1,14 +0,0 @@ - -spring.autoconfigure.exclude=\ - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\ - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration - -multi.tenancy.enabled={{ .Values.config.keycloak.multiTenancy.enabled }} -keycloak.auth-server-url=http://{{ .Values.config.keycloak.host }}:{{ .Values.config.keycloak.port }}/auth -keycloak.realm={{ .Values.config.keycloak.realm }} -keycloak.resource={{ .Values.config.keycloak.resource }} -keycloak.public-client=true -keycloak.principal-attribute=preferred_username - -keycloak.ssl-required=external -keycloak.bearer-only=true diff --git a/kubernetes/aai/components/aai-resources/resources/config/application.properties b/kubernetes/aai/components/aai-resources/resources/config/application.properties index eae146b845..6c34705e8a 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/application.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/application.properties @@ -28,6 +28,7 @@ spring.jersey.type=filter spring.main.allow-bean-definition-overriding=true server.servlet.context-path=/ +spring.sleuth.enabled={{ .Values.tracing.enabled }} spring.zipkin.baseUrl={{ .Values.tracing.collector.baseUrl }} spring.sleuth.messaging.jms.enabled = false spring.sleuth.trace-id128=true @@ -50,16 +51,9 @@ server.tomcat.max-idle-time=60000 # If you get an application startup failure that the port is already taken # If thats not it, please check if the key-store file path makes sense server.local.startpath=aai-resources/src/main/resources/ -server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8447 -security.require-ssl=false -server.ssl.enabled=false -# JMS bind address host port -jms.bind.address=tcp://localhost:61647 - -# dmaap is deprecated now kafka is used spring.kafka.producer.bootstrap-servers=${BOOTSTRAP_SERVERS} spring.kafka.producer.properties.security.protocol=SASL_PLAINTEXT spring.kafka.producer.properties.sasl.mechanism=SCRAM-SHA-512 @@ -125,3 +119,10 @@ scrape.uri.metrics=false # This does the same as the /echo endpoint, # but doesn't show up in micrometer metrics aai.actuator.echo.enabled={{ .Values.actuator.echo.enabled }} +aai.graph.properties.path=${server.local.startpath}/etc/appprops/janusgraph-realtime.properties + +aai.basic-auth.enabled={{ .Values.global.config.basic.auth.enabled }} +{{- range $index, $user := .Values.global.config.basic.auth.users }} +aai.basic-auth.users[{{ $index }}].username={{ $user.username }} +aai.basic-auth.users[{{ $index }}].password={{ $user.password }} +{{- end }} diff --git a/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml deleted file mode 100644 index 54c3d81e05..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml +++ /dev/null @@ -1,108 +0,0 @@ -{{/*
-<!--
-
- ============LICENSE_START=======================================================
- org.onap.aai
- ================================================================================
- Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- Modifications Copyright © 2018 Amdocs, Bell Canada
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- ============LICENSE_END=========================================================
-
- ECOMP is a trademark and service mark of AT&T Intellectual Property.
-
--->
-*/}}
-<configuration>
- <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
-
- <property name="logToFileEnabled" value='{{.Values.accessLogback.logToFileEnabled}}' />
- <property name="maxHistory" value='{{.Values.accessLogback.maxHistory}}' />
- <property name="totalSizeCap" value='{{.Values.accessLogback.totalSizeCap}}' />
- <property name="livenessAccessLogEnabled"
- value='{{.Values.accessLogback.livenessAccessLogEnabled}}' />
-
-
- <if condition='property("logToFileEnabled").contains("true")'>
- <then>
- <appender name="ACCESS"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}.zip
- </fileNamePattern>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
- <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId}
- %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU}
- %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST}
- %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter}
- %i{X-AAI-SSL-Client-DN} %D</Pattern>
- </encoder>
- </appender>
- <appender-ref ref="ACCESS" />
- </then>
- </if>
-
- <appender name="STDOUTACCESS" class="ch.qos.logback.core.ConsoleAppender">
- <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
- <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId}
- %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O}
- %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C}
- %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D -
- "logType": "access"</Pattern>
- </encoder>
- <if condition='property("livenessAccessLogEnabled").contains("false")'>
- <then>
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.access.net.URLEvaluator">
- <URL>/aai/util/echo</URL>
- </evaluator>
- <OnMismatch>NEUTRAL</OnMismatch>
- <OnMatch>DENY</OnMatch>
- </filter>
- </then>
- </if>
- </appender>
-
- <appender-ref ref="STDOUTACCESS" />
-
-</configuration>
-{{/*
-<!--
-%a - Remote IP address
-%A - Local IP address
-%b - Bytes sent, excluding HTTP headers, or '-' if no bytes were sent
-%B - Bytes sent, excluding HTTP headers
-%h - Remote host name
-%H - Request protocol
-%l - Remote logical username from identd (always returns '-')
-%m - Request method
-%p - Local port
-%q - Query string (prepended with a '?' if it exists, otherwise an empty string
-%r - First line of the request
-%s - HTTP status code of the response
-%S - User session ID
-%t - Date and time, in Common Log Format format
-%u - Remote user that was authenticated
-%U - Requested URL path
-%v - Local server name
-%I - current request thread name (can compare later with stacktraces)
-
-%z - Custom pattern that parses the cert for the subject
-%y - Custom pattern determines rest or dme2
--->
-*/}}
diff --git a/kubernetes/aai/components/aai-resources/resources/config/logback.xml b/kubernetes/aai/components/aai-resources/resources/config/logback.xml index a90f354cbe..32334d0c5c 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/logback.xml +++ b/kubernetes/aai/components/aai-resources/resources/config/logback.xml @@ -29,24 +29,12 @@ <property resource="application.properties" /> - <property name="maxHistory" value='{{.Values.logback.maxHistory}}' /> - <property name="totalSizeCap" value='{{.Values.logback.totalSizeCap}}' /> - <property name="queueSize" value='{{.Values.logback.queueSize}}'/> - - <property name="logToFileEnabled" value='{{.Values.logback.logToFileEnabled}}'/> - <property name="namespace" value="aai-resources"/> <property name="AJSC_HOME" value="${AJSC_HOME:-.}" /> <jmxConfigurator /> <property name="logDirectory" value="${AJSC_HOME}/logs" /> - <!-- Old patterns - <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> - <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> - <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> - <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> - <property name="eelfTransLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{partnerName}:%m%n"/> - --> + <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/> <property name="p_lvl" value="%level"/> <property name="p_log" value="%logger"/> @@ -66,284 +54,22 @@ <conversionRule conversionWord="wex" converterClass="org.springframework.boot.logging.logback.WhitespaceThrowableProxyConverter" /> <conversionRule conversionWord="wEx" converterClass="org.springframework.boot.logging.logback.ExtendedWhitespaceThrowableProxyConverter" /> - <if condition='property("logToFileEnabled").contains("true")'> - <then> - <appender name="SANE" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/rest/sane.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/rest/sane.log.%d{yyyy-MM-dd}.zip</fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n - </pattern> - </encoder> - </appender> - - <appender name="asyncSANE" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <includeCallerData>true</includeCallerData> - <appender-ref ref="SANE"/> - </appender> - <appender name="METRIC" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/rest/metrics.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd}.zip</fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${metricPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncMETRIC" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <includeCallerData>true</includeCallerData> - <appender-ref ref="METRIC"/> - </appender> - - <appender name="DEBUG" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>DEBUG</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - <file>${logDirectory}/rest/debug.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/rest/debug.log.%d{yyyy-MM-dd}.zip</fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${debugPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncDEBUG" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="DEBUG"/> - <includeCallerData>true</includeCallerData> - </appender> - <appender name="ERROR" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/rest/error.log</file> - <rollingPolicy - class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/rest/error.log.%d{yyyy-MM-dd}.zip</fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>WARN</level> - </filter> - <encoder> - <pattern>${errorPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncERROR" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="ERROR"/> - </appender> - - <appender name="AUDIT" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/rest/audit.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/rest/audit.log.%d{yyyy-MM-dd}.zip - </fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${auditPattern}</pattern> - </encoder> - </appender> - - <appender name="asyncAUDIT" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <includeCallerData>true</includeCallerData> - <appender-ref ref="AUDIT"/> - </appender> - - <appender name="translog" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>DEBUG</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - <file>${logDirectory}/rest/translog.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/rest/translog.log.%d{yyyy-MM-dd}.zip - </fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${transLogPattern}</pattern> - </encoder> - </appender> - - <appender name="asynctranslog" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <includeCallerData>true</includeCallerData> - <appender-ref ref="translog"/> - </appender> - - <appender name="kafkaAAIEventConsumer" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>WARN</level> - </filter> - <File>${logDirectory}/kafkaAAIEventConsumer/error.log</File> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/kafkaAAIEventConsumer/error.log.%d{yyyy-MM-dd}.zip - </fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${errorPattern}</pattern> - </encoder> - - </appender> - - <appender name="kafkaAAIEventConsumerDebug" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>DEBUG</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - <File>${logDirectory}/kafkaAAIEventConsumer/debug.log</File> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/kafkaAAIEventConsumer/debug.log.%d{yyyy-MM-dd}.zip - </fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${debugPattern}</pattern> - </encoder> - </appender> - <appender name="kafkaAAIEventConsumerInfo" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>INFO</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - <File>${logDirectory}/kafkaAAIEventConsumer/kafka-transaction.log</File> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/kafkaAAIEventConsumer/kafka-transaction.log.%d{yyyy-MM-dd}.zip - </fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${auditPattern}</pattern> - </encoder> - </appender> - <appender name="kafkaAAIEventConsumerMetric" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>INFO</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - <File>${logDirectory}/kafkaAAIEventConsumer/metrics.log</File> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/kafkaAAIEventConsumer/metrics.log.%d{yyyy-MM-dd}.zip - </fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${metricPattern}</pattern> - </encoder> - </appender> - <appender name="external" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>WARN</level> - </filter> - <file>${logDirectory}/external/external.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/external/external.log.%d{yyyy-MM-dd}.zip - </fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${debugPattern}</pattern> - </encoder> - </appender> - <appender name="auth" - class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>DEBUG</level> - </filter> - <file>${logDirectory}/auth/auth.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/auth/auth.log.%d{yyyy-MM-dd}.zip - </fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>%d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n</pattern> - </encoder> - </appender> - <appender name="asyncAUTH" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <includeCallerData>true</includeCallerData> - <appender-ref ref="auth"/> - </appender> - </then> - </if> + <property name="CONSOLE_LOG_PATTERN" + value="%clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} [%X{traceId},%X{spanId}] [%thread] %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}" /> + <!-- Appender to log to console --> <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <encoder class="net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder"> - <providers> - <timestamp><fieldName>timestamp</fieldName></timestamp> - <message/> - <mdc> - <fieldName>context</fieldName> - <excludeMdcKeyName>ServerIPAddress</excludeMdcKeyName> - <excludeMdcKeyName>EntryTimestamp</excludeMdcKeyName> - <excludeMdcKeyName>InvokeTimestamp</excludeMdcKeyName> - <excludeMdcKeyName>ErrorCode</excludeMdcKeyName> - <excludeMdcKeyName>ErrorDesc</excludeMdcKeyName> - </mdc> - <stackTrace> - <fieldName>exception</fieldName> - <throwableConverter class="net.logstash.logback.stacktrace.ShortenedThrowableConverter"> - <exclude>^sun\.reflect\..*\.invoke</exclude> - <exclude>^net\.sf\.cglib\.proxy\.MethodProxy\.invoke</exclude> - <rootCauseFirst>true</rootCauseFirst> - </throwableConverter> - </stackTrace> - <threadName><fieldName>thread</fieldName></threadName> - <loggerName> - <fieldName>logger</fieldName> - <shortenedLoggerNameLength>36</shortenedLoggerNameLength> - </loggerName> - <logLevel/> - <pattern> - <pattern>{"logType":"app"}</pattern> - </pattern> - </providers> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <!-- Minimum logging level to be presented in the console logs--> + <level>DEBUG</level> + </filter> + <encoder> + <pattern>${CONSOLE_LOG_PATTERN}</pattern> + <charset>utf8</charset> </encoder> </appender> <!-- logback internals logging --> - <logger name="ch.qos.logback.classic" level="WARN" /> <logger name="ch.qos.logback.core" level="WARN" /> @@ -360,77 +86,26 @@ <logger name="org.springframework.beans" level="WARN" /> <logger name="org.springframework.web" level="WARN" /> <logger name="org.janusgraph" level="WARN" /> + <logger name="org.janusgraph.graphdb.transaction" level="ERROR" /> <logger name="org.zookeeper" level="OFF" /> <logger name="org.onap.aai" level={{ .Values.log.level.base | upper | quote }} additivity="false"> - <if condition='property("logToFileEnabled").contains("true")'> - <then> - <appender-ref ref="asyncDEBUG"/> - <appender-ref ref="asyncSANE"/> - </then> - </if> <appender-ref ref="STDOUT"/> </logger> <logger name="org.onap.aai.aaf.auth" level="DEBUG" additivity="false"> - <if condition='property("logToFileEnabled").contains("true")'> - <then> - <appender-ref ref="asyncAUTH"/> - </then> - </if> <appender-ref ref="STDOUT"/> </logger> - <if condition='property("logToFileEnabled").contains("true")'> - <then> - <!-- These loggers are not additive and will be redirected to the parent logger. - Sending events to log is handled by parent loggers--> - <logger name="org.onap.aai.aailog.logs.AaiScheduledTaskAuditLog" level="INFO"> - <appender-ref ref="asyncAUDIT"/> - </logger> - <logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level={{ .Values.log.level.audit | upper | quote }}> - <appender-ref ref="asyncAUDIT"/> - </logger> - <logger name="org.onap.aai.aailog.logs.AaiDBMetricLog" level={{ .Values.log.level.dbMetric | upper | quote }}> - <appender-ref ref="asyncMETRIC"/> - </logger> - <logger name="org.onap.aai.aailog.logs.AaiDmaapMetricLog" level="INFO"> - <appender-ref ref="kafkaAAIEventConsumerMetric"/> - </logger> - <logger name="org.onap.aai.logging.ErrorLogHelper" level="WARN"> - <appender-ref ref="asyncERROR"/> - </logger> - <logger name="com.att.nsa.mr" level="INFO"> - <appender-ref ref="kafkaAAIEventConsumerInfo"/> - </logger> - </then> - </if> - <logger name="org.onap.aai.interceptors.post" level="DEBUG" additivity="false"> - <if condition='property("logToFileEnabled").contains("true")'> - <then> - <appender-ref ref="asynctranslog"/> - </then> - </if> <appender-ref ref="STDOUT"/> </logger> <logger name="org.onap.aai.kafka" level="DEBUG" additivity="false"> - <if condition='property("logToFileEnabled").contains("true")'> - <then> - <appender-ref ref="kafkaAAIEventConsumer"/> - <appender-ref ref="kafkaAAIEventConsumerDebug"/> - </then> - </if> <appender-ref ref="STDOUT"/> </logger> <root level={{ .Values.log.level.root | upper | quote }}> - <if condition='property("logToFileEnabled").contains("true")'> - <then> - <appender-ref ref="external"/> - </then> - </if> <appender-ref ref="STDOUT"/> </root> </configuration> diff --git a/kubernetes/aai/components/aai-resources/resources/config/realm.properties b/kubernetes/aai/components/aai-resources/resources/config/realm.properties deleted file mode 100644 index f254d03631..0000000000 --- a/kubernetes/aai/components/aai-resources/resources/config/realm.properties +++ /dev/null @@ -1,35 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada, AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# format : username: password[,rolename ...] -# default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader... -*/ -}} -AAI:OBF:1gfr1ev31gg7,admin -MSO:OBF:1jzx1lz31k01,admin -SDNC:OBF:1itr1i0l1i151isv,admin -DCAE:OBF:1g8u1f9d1f991g8w,admin -POLICY:OBF:1mk61i171ima1im41i0j1mko,admin -ASDC:OBF:1f991j0u1j001f9d,admin -ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin -AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin -OOF:OBF:1img1ke71ily,admin -aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin -so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin -sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin -dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin -policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin -sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin -oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin -pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin -vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin diff --git a/kubernetes/aai/components/aai-resources/templates/_helpers.tpl b/kubernetes/aai/components/aai-resources/templates/_helpers.tpl new file mode 100644 index 0000000000..003be58409 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/templates/_helpers.tpl @@ -0,0 +1,21 @@ +{{- define "aai.waitForSchemaCreation" -}} +- name: wait-for-schema-creation + image: "{{ include "repositoryGenerator.image.curl" . }}" + imagePullPolicy: IfNotPresent + command: ["/bin/sh", "-c"] + args: + - | + URL="{{ required "URL is required" (.Values.schemaInitCheckURL | default "http://aai-graphadmin:8449/isSchemaInitialized") }}" + AUTH="{{ printf "%s:%s" (index .Values.global.config.basic.auth.users 0).username (index .Values.global.config.basic.auth.users 0).password }}" + while true; do + RESPONSE=$(curl -u $AUTH -s $URL) + if [ "$RESPONSE" = "true" ]; then + echo "Request successful. Schema is initialized." + exit 0 + else + echo "Request unsuccessful. Schema is not yet initialized. Retrying in 3 seconds..." + sleep 3 + fi + done + {{ include "common.containerSecurityContext" . | indent 2 | trim }} +{{- end -}} diff --git a/kubernetes/aai/components/aai-resources/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/configmap.yaml index 8e13c8c90d..73723a1270 100644 --- a/kubernetes/aai/components/aai-resources/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-resources/templates/configmap.yaml @@ -23,9 +23,6 @@ metadata: labels: {{- include "common.labels" . | nindent 4 }} data: {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/application-keycloak.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }} diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index cb434ed2cd..35378fd83c 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -20,7 +20,7 @@ apiVersion: apps/v1 kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }} spec: {{- if or .Values.config.debug.enabled .Values.config.profiling.enabled }} replicas: 1 @@ -41,36 +41,6 @@ spec: app: {{ include "common.name" . }} template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} - {{- if .Values.global.msbEnabled }} - {{ $values := .Values }} - msb.onap.org/service-info: '[ - {{- range $api_endpoint := $values.aai_enpoints -}} - {{- range $api_version := $values.api_list }} - { - "serviceName": "_{{ $api_endpoint.name }}", - "version": "v{{ $api_version }}", - "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}" - }, - { - "serviceName": "{{ $api_endpoint.name }}", - "version": "v{{ $api_version }}", - "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}", - "protocol": "REST", - "port": "8447", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - {{- end }} - {{- end }} - ]' - {{- end }} spec: hostname: aai-resources terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} @@ -79,9 +49,7 @@ spec: {{- if .Values.global.jobs.migration.enabled }} {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_migration) | nindent 8 }} {{- else if .Values.global.jobs.createSchema.enabled }} - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_createSchema) | nindent 8 }} - {{- else }} - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_cassandra) | nindent 8 }} + {{ include "aai.waitForSchemaCreation" . | nindent 6 }} {{- end }} containers: - name: {{ include "common.name" . }} @@ -128,18 +96,9 @@ spec: - mountPath: /opt/app/aai-resources/resources/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml - - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml - name: {{ include "common.fullname" . }}-config - subPath: localhost-access-logback.xml - - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties - name: {{ include "common.fullname" . }}-config - subPath: realm.properties - mountPath: /opt/app/aai-resources/resources/application.properties name: {{ include "common.fullname" . }}-config subPath: application.properties - - mountPath: /opt/app/aai-resources/resources/application-keycloak.properties - name: {{ include "common.fullname" . }}-config - subPath: application-keycloak.properties - mountPath: /tmp name: tmp ports: @@ -178,6 +137,7 @@ spec: initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} {{- end }} periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{- end }} readinessProbe: httpGet: @@ -187,12 +147,14 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} {{- end }} periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} startupProbe: httpGet: port: {{ .Values.service.metricsPort }} path: {{ .Values.startup.path }} failureThreshold: {{ .Values.startup.failureThreshold }} periodSeconds: {{ .Values.startup.periodSeconds }} + timeoutSeconds: {{ .Values.startup.timeoutSeconds }} resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} diff --git a/kubernetes/aai/components/aai-resources/templates/servicemonitor.yaml b/kubernetes/aai/components/aai-resources/templates/servicemonitor.yaml index c0d9f212b4..dc706029bf 100644 --- a/kubernetes/aai/components/aai-resources/templates/servicemonitor.yaml +++ b/kubernetes/aai/components/aai-resources/templates/servicemonitor.yaml @@ -1,3 +1,3 @@ {{- if .Values.metrics.serviceMonitor.enabled }} {{ include "common.serviceMonitor" . }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index 7cba7a425e..625267b318 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -47,8 +47,33 @@ global: # global defaults basic: auth: enabled: true - username: AAI - passwd: AAI + users: + - username: aai@aai.onap.org + password: demo123456! + - username: so@so.onap.org + password: demo123456! + - username: sdnc@sdnc.onap.org + password: demo123456! + - username: dcae@dcae.onap.org + password: demo123456! + - username: policy@policy.onap.org + password: demo123456! + - username: sdc@sdc.onap.org + password: demo123456! + - username: AAI + password: AAI + - username: DCAE + password: DCAE + - username: MSO + password: MSO + - username: POLICY + password: POLICY + - username: ASDC + password: ASDC + - username: ModelLoader + password: ModelLoader + - username: AaiUI + password: AaiUI # Active spring profiles for the resources microservice profiles: @@ -77,11 +102,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v29 + default: v30 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30 # Specifies from which version related link should appear related: link: v11 @@ -134,7 +159,7 @@ aai_enpoints: url: external-system # application image -image: onap/aai-resources:1.15.2 +image: onap/aai-resources:1.15.5 pullPolicy: Always restartPolicy: Always flavor: small @@ -142,7 +167,7 @@ flavor: small replicaCount: 1 # number of ReplicaSets that should be retained for the Deployment -revisionHistoryLimit: 2 +revisionHistoryLimit: 1 # the minimum number of seconds that a newly created Pod should be ready minReadySeconds: 30 @@ -155,19 +180,6 @@ updateStrategy: # Configuration for the resources deployment config: - # configure keycloak according to your environment. - # don't forget to add keycloak in active profiles above (global.config.profiles) - keycloak: - host: keycloak.your.domain - port: 8180 - # Specifies a set of users, credentials, roles, and groups - realm: aai-resources - # Used by any client application for enabling fine-grained authorization for their protected resources - resource: aai-resources-app - # If set to true, additional criteria will be added that match the data-owner property with the given role - # to the user in keycloak - multiTenancy: - enabled: true janusgraph: caching: # enable when running read-heavy workloads @@ -207,7 +219,6 @@ config: # environment variables added to the launch of the image in deployment env: - MIN_HEAP_SIZE: "512m" MAX_METASPACE_SIZE: "512m" # adds jvm args for remote debugging the application @@ -238,17 +249,20 @@ affinity: {} # probe configuration parameters liveness: enabled: true - path: /actuator/health/liveness + path: /actuator/health periodSeconds: 10 + timeoutSeconds: 3 readiness: path: /actuator/health/readiness periodSeconds: 10 + timeoutSeconds: 3 startup: path: /actuator/health/liveness failureThreshold: 60 periodSeconds: 5 + timeoutSeconds: 3 actuator: echo: @@ -304,6 +318,7 @@ resources: unlimited: {} tracing: + enabled: false collector: baseUrl: http://jaeger-collector.istio-system:9411 sampling: @@ -392,18 +407,6 @@ log: dbMetric: WARN logConfigMapNamePrefix: '{{ include "common.fullname" . }}' -# To make logback capping values configurable -logback: - logToFileEnabled: false - maxHistory: 7 - totalSizeCap: 1GB - queueSize: 1000 - -accessLogback: - livenessAccessLogEnabled: false # false: do not log kubernetes liveness probes - logToFileEnabled: false - maxHistory: 7 - totalSizeCap: 1GB ################################################################# # Secrets metaconfig ################################################################# diff --git a/kubernetes/aai/components/aai-schema-service/config/application.properties b/kubernetes/aai/components/aai-schema-service/config/application.properties index 5d55923021..fc7bd40892 100644 --- a/kubernetes/aai/components/aai-schema-service/config/application.properties +++ b/kubernetes/aai/components/aai-schema-service/config/application.properties @@ -23,8 +23,13 @@ info.build.version=1.1.0 spring.application.name=aai-schema-service spring.jersey.type=filter - spring.main.allow-bean-definition-overriding=true +spring.sleuth.enabled={{ .Values.tracing.enabled }} +spring.zipkin.baseUrl={{ .Values.tracing.collector.baseUrl }} +spring.sleuth.trace-id128=true +spring.sleuth.sampler.probability={{ .Values.tracing.sampling.probability }} +spring.sleuth.propagation.type=w3c, b3 +spring.sleuth.supports-join=false server.servlet.context-path=/ spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml index 9fadcd7077..45130d0f54 100644 --- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml @@ -130,9 +130,6 @@ spec: {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - - name: aai-common-aai-auth-mount - secret: - secretName: aai-common-aai-auth - name: aai-schema-service emptyDir: sizeLimit: {{ .Values.volumes.aaiSizeLimit }} diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index 3763db940e..f1227835b6 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -41,11 +41,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v29 + default: v30 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30 # Specifies from which version related link should appear related: link: v11 @@ -60,7 +60,7 @@ global: # global defaults label: v12 # application image -image: onap/aai-schema-service:1.12.5 +image: onap/aai-schema-service:1.12.9 pullPolicy: Always restartPolicy: Always flavor: small @@ -85,7 +85,7 @@ profiling: - "-Djava.rmi.server.hostname=127.0.0.1" # number of ReplicaSets that should be retained for the Deployment -revisionHistoryLimit: 2 +revisionHistoryLimit: 1 updateStrategy: type: RollingUpdate @@ -98,11 +98,9 @@ affinity: {} # probe configuration parameters liveness: + enabled: true initialDelaySeconds: 60 periodSeconds: 60 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: false readiness: initialDelaySeconds: 60 @@ -177,6 +175,7 @@ log: path: /var/log/onap level: root: INFO + base: INFO # base package (org.onap.aai) logConfigMapNamePrefix: '{{ include "common.fullname" . }}' volumes: @@ -185,3 +184,10 @@ volumes: podAnnotations: checksum/config: '{{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}' + +tracing: + enabled: false + collector: + baseUrl: http://jaeger-collector.istio-system:9411 + sampling: + probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%) diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index ede5b60676..7248bb38f0 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -1,7 +1,7 @@ {{/* -# Copyright (c) 2017 Amdocs, Bell Canada -# Modifications Copyright (c) 2018 AT&T -# Modifications Copyright (c) 2020 Nokia +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2020 Nokia # Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,7 +19,7 @@ apiVersion: apps/v1 kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }} spec: selector: {{- include "common.selectors" . | nindent 4 }} {{- if .Values.debug.enabled }} @@ -116,7 +116,7 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} + {{- end }} readinessProbe: tcpSocket: port: {{ .Values.service.internalPort }} diff --git a/kubernetes/aai/components/aai-traversal/Chart.yaml b/kubernetes/aai/components/aai-traversal/Chart.yaml index f4e458f0fb..d23237577d 100644 --- a/kubernetes/aai/components/aai-traversal/Chart.yaml +++ b/kubernetes/aai/components/aai-traversal/Chart.yaml @@ -17,7 +17,7 @@ apiVersion: v2 description: ONAP AAI traversal name: aai-traversal -version: 15.0.1 +version: 15.0.2 dependencies: - name: common diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties index c844b3d194..0c10b9462f 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties @@ -34,8 +34,8 @@ aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/ {{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }} aai.tools.enableBasicAuth=true -aai.tools.username={{ .Values.global.config.basic.auth.username }} -aai.tools.password={{ .Values.global.config.basic.auth.passwd }} +aai.tools.username={{ (index .Values.global.config.basic.auth.users 0).username }} +aai.tools.password={{ (index .Values.global.config.basic.auth.users 0).password }} {{ end }} aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application-keycloak.properties b/kubernetes/aai/components/aai-traversal/resources/config/application-keycloak.properties deleted file mode 100644 index dd1956b63f..0000000000 --- a/kubernetes/aai/components/aai-traversal/resources/config/application-keycloak.properties +++ /dev/null @@ -1,13 +0,0 @@ -spring.autoconfigure.exclude=\ - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\ - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration - -multi.tenancy.enabled={{ .Values.config.keycloak.multiTenancy.enabled }} -keycloak.auth-server-url=http://{{ .Values.config.keycloak.host }}:{{ .Values.config.keycloak.port }}/auth -keycloak.realm={{ .Values.config.keycloak.realm }} -keycloak.resource={{ .Values.config.keycloak.resource }} -keycloak.public-client=false -keycloak.principal-attribute=preferred_username - -keycloak.ssl-required=external -keycloak.bearer-only=true diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties index fff5d5d3d0..f6fad88c19 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/application.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties @@ -1,7 +1,7 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada, AT&T # Modifications Copyright © 2020 Orange -# Modifications Copyright � 2023 Nordix Foundation +# Modifications Copyright © 2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,10 +28,11 @@ spring.jersey.type=filter spring.main.allow-bean-definition-overriding=true server.servlet.context-path=${schema.uri.base.path} -spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration +spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration spring.profiles.active={{ .Values.global.config.profiles.active }} spring.jersey.application-path=/ +spring.sleuth.enabled={{ .Values.tracing.enabled }} spring.zipkin.baseUrl={{ .Values.tracing.collector.baseUrl }} spring.sleuth.messaging.jms.enabled = false spring.sleuth.trace-id128=true @@ -51,15 +52,9 @@ server.tomcat.max-idle-time=60000 # If you get an application startup failure that the port is already taken # If thats not it, please check if the key-store file path makes sense server.local.startpath=aai-traversal/src/main/resources/ -server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8446 -security.require-ssl=false -server.ssl.enabled=false -# JMS bind address host port -jms.bind.address=tcp://localhost:61647 -# dmaap is deprecated now kafka is used spring.kafka.producer.bootstrap-servers=${BOOTSTRAP_SERVERS} spring.kafka.producer.properties.security.protocol=SASL_PLAINTEXT spring.kafka.producer.properties.sasl.mechanism=SCRAM-SHA-512 @@ -129,3 +124,10 @@ scrape.uri.metrics=false # This does the same as the /echo endpoint, # but doesn't show up in micrometer metrics aai.actuator.echo.enabled={{ .Values.actuator.echo.enabled }} +aai.graph.properties.path=${server.local.startpath}/etc/appprops/janusgraph-realtime.properties + +aai.basic-auth.enabled={{ .Values.global.config.basic.auth.enabled }} +{{- range $index, $user := .Values.global.config.basic.auth.users }} +aai.basic-auth.users[{{ $index }}].username={{ $user.username }} +aai.basic-auth.users[{{ $index }}].password={{ $user.password }} +{{- end }} diff --git a/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml deleted file mode 100644 index 1e3756adc9..0000000000 --- a/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml +++ /dev/null @@ -1,97 +0,0 @@ -{{/*<!--
- ============LICENSE_START=======================================================
- org.onap.aai
- ================================================================================
- Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- Modifications Copyright © 2018 Amdocs, Bell Canada
- Modifications Copyright © 2020 Orange
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- ============LICENSE_END=========================================================
--->
-*/}}
-<configuration scan="true" scanPeriod="60 seconds" debug="false">
- <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />
- <property name="maxHistory" value='{{.Values.accessLogback.maxHistory}}' />
- <property name="totalSizeCap" value='{{.Values.accessLogback.totalSizeCap}}' />
- <property name="logToFileEnabled" value='{{.Values.accessLogback.logToFileEnabled}}' />
- <property name="livenessAccessLogEnabled"
- value='{{.Values.accessLogback.livenessAccessLogEnabled}}' />
-
- <if condition='property("logToFileEnabled").contains("true")'>
- <then>
- <appender name="ACCESS" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}
- </fileNamePattern>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
- <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId}
- %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU}
- %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST}
- %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter}
- %i{X-AAI-SSL-Client-DN} %D</Pattern>
- </encoder>
- </appender>
- <appender-ref ref="ACCESS" />
- </then>
- </if>
-
- <appender name="STDOUTACCESS" class="ch.qos.logback.core.ConsoleAppender">
- <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">
- <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId}
- %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O}
- %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C}
- %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D -
- "logType": "access"</Pattern>
- </encoder>
- <if condition='property("livenessAccessLogEnabled").contains("false")'>
- <then>
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.access.net.URLEvaluator">
- <URL>/aai/util/echo</URL>
- </evaluator>
- <OnMismatch>NEUTRAL</OnMismatch>
- <OnMatch>DENY</OnMatch>
- </filter>
- </then>
- </if>
- </appender>
- <appender-ref ref="STDOUTACCESS" />
-</configuration>
-{{/*<!--
-%a - Remote IP address
-%A - Local IP address
-%b - Bytes sent, excluding HTTP headers, or '-' if no bytes were sent
-%B - Bytes sent, excluding HTTP headers
-%h - Remote host name
-%H - Request protocol
-%l - Remote logical username from identd (always returns '-')
-%m - Request method
-%p - Local port
-%q - Query string (prepended with a '?' if it exists, otherwise an empty string
-%r - First line of the request
-%s - HTTP status code of the response
-%S - User session ID
-%t - Date and time, in Common Log Format format
-%u - Remote user that was authenticated
-%U - Requested URL path
-%v - Local server name
-%I - current request thread name (can compare later with stacktraces)
-
-%z - Custom pattern that parses the cert for the subject
-%y - Custom pattern determines rest or dme2
--->*/}}
diff --git a/kubernetes/aai/components/aai-traversal/resources/config/logback.xml b/kubernetes/aai/components/aai-traversal/resources/config/logback.xml index faae0ee518..5e5eff5848 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/logback.xml +++ b/kubernetes/aai/components/aai-traversal/resources/config/logback.xml @@ -25,23 +25,12 @@ <property resource="application.properties" /> - <property name="maxHistory" value='{{.Values.logback.maxHistory}}' /> - <property name="totalSizeCap" value='{{.Values.logback.totalSizeCap}}' /> - <property name="queueSize" value='{{.Values.logback.queueSize}}'/> - <property name="logToFileEnabled" value='{{.Values.logback.logToFileEnabled}}'/> - <property name="namespace" value="aai-traversal" /> <property name="AJSC_HOME" value="${AJSC_HOME:-.}" /> <jmxConfigurator /> <property name="logDirectory" value="${AJSC_HOME}/logs" /> - <!-- Old patterns - <property name="eelfLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> - <property name="eelfAuditLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n|\r\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> - <property name="eelfMetricLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{targetVirtualEntity}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> - <property name="eelfErrorLogPattern" value="%ecompStartTime|%X{requestId}|%-10t|%ecompServiceName|%X{partnerName}|%X{targetEntity}|%X{targetServiceName}|%ecompErrorCategory|%ecompResponseCode|%ecompResponseDescription|co=%X{component}:%replace(%replace(%m){'\\|', '!'}){'\r|\n', '^'}%n"/> - <property name="eelfTransLogPattern" value="%ecompStartTime|%date{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}|%X{requestId}|%X{serviceInstanceId}|%-10t|%X{serverName}|%ecompServiceName|%X{partnerName}|%ecompStatusCode|%X{responseCode}|%replace(%replace(%X{responseDescription}){'\\|', '!'}){'\r|\n', '^'}|%X{instanceUUID}|%level|%X{severity}|%X{serverIpAddress}|%ecompElapsedTime|%X{server}|%X{clientIpAddress}|%eelfClassOfCaller|%X{unused}|%X{processKey}|%X{customField1}|%X{customField2}|%X{customField3}|%X{customField4}|co=%X{partnerName}:%m%n"/> - --> + <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}" /> <property name="p_lvl" value="%level" /> <property name="p_log" value="%logger" /> @@ -95,223 +84,6 @@ </encoder> </appender> - <if condition='property("logToFileEnabled").contains("true")'> - <then> - <appender name="SANE" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/rest/sane.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/rest/sane.log.%d{yyyy-MM-dd}</fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n - </pattern> - </encoder> - </appender> - <appender name="asyncSANE" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <includeCallerData>true</includeCallerData> - <appender-ref ref="SANE" /> - </appender> - <appender name="METRIC" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/rest/metrics.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd}</fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${metricPattern}</pattern> - </encoder> - </appender> - <appender name="asyncMETRIC" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <includeCallerData>true</includeCallerData> - <appender-ref ref="METRIC" /> - </appender> - <appender name="DEBUG" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>DEBUG</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - <file>${logDirectory}/rest/debug.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/rest/debug.log.%d{yyyy-MM-dd}</fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${debugPattern}</pattern> - </encoder> - </appender> - <appender name="asyncDEBUG" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="DEBUG" /> - <includeCallerData>true</includeCallerData> - </appender> - <appender name="ERROR" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/rest/error.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/rest/error.log.%d{yyyy-MM-dd}</fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>WARN</level> - </filter> - <encoder> - <pattern>${errorPattern}</pattern> - </encoder> - </appender> - <appender name="asyncERROR" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <appender-ref ref="ERROR" /> - </appender> - <appender name="AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>${logDirectory}/rest/audit.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/rest/audit.log.%d{yyyy-MM-dd} - </fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${auditPattern}</pattern> - </encoder> - </appender> - <appender name="asyncAUDIT" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <includeCallerData>true</includeCallerData> - <appender-ref ref="AUDIT" /> - </appender> - <appender name="translog" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>DEBUG</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - <file>${logDirectory}/rest/translog.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/rest/translog.log.%d{yyyy-MM-dd} - </fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${transLogPattern}</pattern> - </encoder> - </appender> - <appender name="asynctranslog" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <includeCallerData>true</includeCallerData> - <appender-ref ref="translog" /> - </appender> - <appender name="kafkaAAIEventConsumer" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>WARN</level> - </filter> - <File>${logDirectory}/kafkaAAIEventConsumer/error.log</File> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/kafkaAAIEventConsumer/error.log.%d{yyyy-MM-dd} - </fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${errorPattern}</pattern> - </encoder> - </appender> - <appender name="kafkaAAIEventConsumerDebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>DEBUG</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - <File>${logDirectory}/kafkaAAIEventConsumer/debug.log</File> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/kafkaAAIEventConsumer/debug.log.%d{yyyy-MM-dd} - </fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${debugPattern}</pattern> - </encoder> - </appender> - <appender name="kafkaAAIEventConsumerInfo" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>INFO</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - <File>${logDirectory}/kafkaAAIEventConsumer/kafka-transaction.log</File> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/kafkaAAIEventConsumer/kafka-transaction.log.%d{yyyy-MM-dd} - </fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${auditPattern}</pattern> - </encoder> - </appender> - <appender name="kafkaAAIEventConsumerMetric" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>INFO</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - <File>${logDirectory}/kafkaAAIEventConsumer/metrics.log</File> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/kafkaAAIEventConsumer/metrics.log.%d{yyyy-MM-dd} - </fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${metricPattern}</pattern> - </encoder> - </appender> - <appender name="external" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>WARN</level> - </filter> - <file>${logDirectory}/external/external.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/external/external.log.%d{yyyy-MM-dd} - </fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>${debugPattern}</pattern> - </encoder> - </appender> - <appender name="auth" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - <level>DEBUG</level> - </filter> - <file>${logDirectory}/auth/auth.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>${logDirectory}/auth/auth.log.%d{yyyy-MM-dd} - </fileNamePattern> - <maxHistory>${maxHistory}</maxHistory> - <totalSizeCap>${totalSizeCap}</totalSizeCap> - </rollingPolicy> - <encoder> - <pattern>%d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n</pattern> - </encoder> - </appender> - <appender name="asyncAUTH" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>${queueSize}</queueSize> - <includeCallerData>true</includeCallerData> - <appender-ref ref="auth" /> - </appender> - </then> - </if> - <!-- logback internals logging --> <logger name="ch.qos.logback.classic" level="WARN" /> <logger name="ch.qos.logback.core" level="WARN" /> @@ -329,107 +101,43 @@ <logger name="org.springframework.beans" level="WARN" /> <logger name="org.springframework.web" level="WARN" /> <logger name="org.janusgraph" level="WARN" /> + <logger name="org.janusgraph.graphdb.transaction" level="ERROR" /> <logger name="org.zookeeper" level="OFF" /> <logger name="org.onap.aai" level={{ .Values.log.level.base | upper | quote }} additivity="false"> - <if condition='property("logToFileEnabled").contains("true")'> - <then> - <appender-ref ref="asyncDEBUG" /> - <appender-ref ref="asyncSANE" /> - </then> - </if> - <appender-ref ref="STDOUT" /> - </logger> - - <logger name="org.onap.aai.aaf.auth" level="DEBUG" additivity="false"> - <if condition='property("logToFileEnabled").contains("true")'> - <then> - <appender-ref ref="asyncAUTH" /> - </then> - </if> <appender-ref ref="STDOUT" /> </logger> <logger name="org.onap.aai.aailog.logs.AaiScheduledTaskAuditLog" level="INFO" additivity="false"> - <if condition='property("logToFileEnabled").contains("true")'> - <then> - <appender-ref ref="asyncAUDIT" /> - </then> - </if> <appender-ref ref="STDOUT" /> </logger> <logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level="INFO" additivity="false"> - <if condition='property("logToFileEnabled").contains("true")'> - <then> - <appender-ref ref="asyncAUDIT" /> - </then> - </if> <appender-ref ref="STDOUT" /> </logger> <logger name="org.onap.aai.aailog.logs.AaiDBMetricLog" level="INFO" additivity="false"> - <if condition='property("logToFileEnabled").contains("true")'> - <then> - <appender-ref ref="asyncMETRIC" /> - </then> - </if> <appender-ref ref="STDOUT" /> </logger> <logger name="org.onap.aai.aailog.logs.AaiDmaapMetricLog" level="INFO" additivity="false"> - <if condition='property("logToFileEnabled").contains("true")'> - <then> - <appender-ref ref="kafkaAAIEventConsumerMetric" /> - </then> - </if> <appender-ref ref="STDOUT" /> </logger> - <logger name="org.onap.aai.logging.ErrorLogHelper" level="WARN" additivity="false"> - <if condition='property("logToFileEnabled").contains("true")'> - <then> - <appender-ref ref="asyncERROR" /> - </then> - </if> + <logger name="org.onap.aai.logging.ErrorLogHelper" level="INFO" additivity="false"> <appender-ref ref="STDOUT" /> </logger> <logger name="org.onap.aai.interceptors.post" level="DEBUG" additivity="false"> - <if condition='property("logToFileEnabled").contains("true")'> - <then> - <appender-ref ref="asynctranslog" /> - </then> - </if> <appender-ref ref="STDOUT" /> </logger> <logger name="org.onap.aai.kafka" level="DEBUG" additivity="false"> - <if condition='property("logToFileEnabled").contains("true")'> - <then> - <appender-ref ref="kafkaAAIEventConsumer" /> - <appender-ref ref="kafkaAAIEventConsumerDebug" /> - </then> - </if> - <appender-ref ref="STDOUT" /> - </logger> - - <logger name="com.att.nsa.mr" level="INFO"> - <if condition='property("logToFileEnabled").contains("true")'> - <then> - <appender-ref ref="kafkaAAIEventConsumerInfo" /> - </then> - </if> <appender-ref ref="STDOUT" /> </logger> <root level={{ .Values.log.level.root | upper | quote }}> - <if condition='property("logToFileEnabled").contains("true")'> - <then> - <appender-ref ref="external" /> - </then> - </if> <appender-ref ref="STDOUT" /> </root> </configuration> diff --git a/kubernetes/aai/components/aai-traversal/templates/_helpers.tpl b/kubernetes/aai/components/aai-traversal/templates/_helpers.tpl new file mode 100644 index 0000000000..003be58409 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/templates/_helpers.tpl @@ -0,0 +1,21 @@ +{{- define "aai.waitForSchemaCreation" -}} +- name: wait-for-schema-creation + image: "{{ include "repositoryGenerator.image.curl" . }}" + imagePullPolicy: IfNotPresent + command: ["/bin/sh", "-c"] + args: + - | + URL="{{ required "URL is required" (.Values.schemaInitCheckURL | default "http://aai-graphadmin:8449/isSchemaInitialized") }}" + AUTH="{{ printf "%s:%s" (index .Values.global.config.basic.auth.users 0).username (index .Values.global.config.basic.auth.users 0).password }}" + while true; do + RESPONSE=$(curl -u $AUTH -s $URL) + if [ "$RESPONSE" = "true" ]; then + echo "Request successful. Schema is initialized." + exit 0 + else + echo "Request unsuccessful. Schema is not yet initialized. Retrying in 3 seconds..." + sleep 3 + fi + done + {{ include "common.containerSecurityContext" . | indent 2 | trim }} +{{- end -}} diff --git a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml index e9415df278..5db7fb117c 100644 --- a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml @@ -21,9 +21,6 @@ kind: ConfigMap metadata: {{- include "common.resourceMetadata" . | nindent 2 }} data: {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }} {{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/application-keycloak.properties").AsConfig . | indent 2 }} -{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }} diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml index d12fc6b702..36e1cbea78 100644 --- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml @@ -20,7 +20,7 @@ apiVersion: apps/v1 kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }} spec: {{- if or .Values.config.debug.enabled .Values.config.profiling.enabled }} replicas: 1 @@ -41,55 +41,6 @@ spec: app: {{ include "common.name" . }} template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} - {{- if .Values.global.msbEnabled }} - {{ $values := .Values }} - msb.onap.org/service-info: '[ - {{- range $api_endpoint := $values.aai_enpoints -}} - {{- range $api_version := $values.api_list }} - { - "serviceName": "_{{ $api_endpoint.name }}", - "version": "v{{ $api_version }}", - "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}" - }, - { - "serviceName": "{{ $api_endpoint.name }}", - "version": "v{{ $api_version }}", - "url": "/aai/v{{ $api_version }}/{{ $api_endpoint.url }}", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - }, - {{- end }} - {{- end }} - { - "serviceName": "_aai-named-query", - "url": "/aai/search", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1", - "path": "/aai/search" - }, - { - "serviceName": "aai-named-query", - "url": "/aai/search", - "protocol": "REST", - "port": "8446", - "enable_ssl": true, - "lb_policy":"ip_hash", - "visualRange": "1" - } - ]' - {{- end }} spec: hostname: aai-traversal terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} @@ -97,7 +48,7 @@ spec: {{- if .Values.global.jobs.migration.enabled }} {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_migration) | nindent 8 }} {{- else if .Values.global.jobs.createSchema.enabled }} - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_createSchema) | nindent 8 }} + {{ include "aai.waitForSchemaCreation" . | nindent 6 }} {{- else }} {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_cassandra) | nindent 8 }} {{- end }} @@ -158,18 +109,9 @@ spec: - mountPath: /opt/app/aai-traversal/resources/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml - - mountPath: /opt/app/aai-traversal/resources/localhost-access-logback.xml - name: {{ include "common.fullname" . }}-config - subPath: localhost-access-logback.xml - - mountPath: /opt/app/aai-traversal/resources/etc/auth/realm.properties - name: {{ include "common.fullname" . }}-config - subPath: realm.properties - mountPath: /opt/app/aai-traversal/resources/application.properties name: {{ include "common.fullname" . }}-config subPath: application.properties - - mountPath: /opt/app/aai-traversal/resources/application-keycloak.properties - name: {{ include "common.fullname" . }}-config - subPath: application-keycloak.properties - mountPath: /tmp name: tmp ports: @@ -195,7 +137,7 @@ spec: - -c - | while (netstat -an | grep ESTABLISHED | grep -e $INTERNAL_PORT_1) - do sleep 10 + do sleep 3 done # disable liveness probe when # debugging.enable=true or profiling.enabled=true diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml index 3ea973fb99..2e51fd0a81 100644 --- a/kubernetes/aai/components/aai-traversal/templates/job.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml @@ -26,10 +26,9 @@ metadata: namespace: {{ include "common.namespace" . }} labels: {{- include "common.labels" . | nindent 4 }} {{ if .Values.global.jobs.migration.enabled }} - annotations: - "helm.sh/hook": post-upgrade,post-rollback,post-install - "helm.sh/hook-weight": "2" - "helm.sh/hook-delete-policy": before-hook-creation + {{- if .Values.jobAnnotations }} + annotations: {{- include "common.tplValue" (dict "value" .Values.jobAnnotations "context" $) | nindent 4 }} + {{- end }} {{ end }} spec: template: @@ -39,10 +38,20 @@ spec: spec: {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_service) | nindent 6 }} + {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_traversal) | nindent 6 }} - name: {{ include "common.name" . }}-wait-for-aai-haproxy image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + runAsUser: 100 + runAsGroup: 65533 + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - CAP_NET_RAW command: - sh - "-c" @@ -60,16 +69,6 @@ spec: requests: cpu: "3m" memory: "20Mi" - securityContext: - runAsUser: 100 - runAsGroup: 65533 - readOnlyRootFilesystem: true - privileged: false - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - - CAP_NET_RAW containers: - name: {{ include "common.name" . }}-job image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -102,9 +101,6 @@ spec: - mountPath: /opt/app/aai-traversal/resources/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml - - mountPath: /opt/app/aai-traversal/resources/localhost-access-logback.xml - name: {{ include "common.fullname" . }}-config - subPath: localhost-access-logback.xml - mountPath: /opt/app/aai-traversal/resources/application.properties name: {{ include "common.fullname" . }}-config subPath: application.properties diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index fd8206865e..81f8e668c1 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -56,8 +56,23 @@ global: # global defaults basic: auth: enabled: true - username: AAI - passwd: AAI + users: + - username: aai@aai.onap.org + password: demo123456! + - username: AAI + password: AAI + - username: DCAE + password: DCAE + - username: MSO + password: MSO + - username: POLICY + password: POLICY + - username: ASDC + password: ASDC + - username: ModelLoader + password: ModelLoader + - username: AaiUI + password: AaiUI # Active spring profiles for the resources microservice profiles: @@ -86,11 +101,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v29 + default: v30 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30 # Specifies from which version related link should appear related: link: v11 @@ -111,7 +126,7 @@ global: # global defaults someConfig: random # application image -image: onap/aai-traversal:1.15.2 +image: onap/aai-traversal:1.15.5 pullPolicy: Always restartPolicy: Always flavor: small @@ -155,20 +170,6 @@ aai_enpoints: # application configuration config: - - # configure keycloak according to your environment. - # don't forget to add keycloak in active profiles above (global.config.profiles) - keycloak: - host: keycloak.your.domain - port: 8180 - # Specifies a set of users, credentials, roles, and groups - realm: aai-traversal - # Used by any client application for enabling fine-grained authorization for their protected resources - resource: aai-traversal-app - # If set to true, additional criteria will be added into traversal query to returns all the vertices that match - # the data-owner property with the given role to the user in keycloak - multiTenancy: - enabled: true janusgraph: caching: # enable when running read-heavy workloads @@ -249,7 +250,7 @@ persistence: replicaCount: 1 # number of ReplicaSets that should be retained for the Deployment -revisionHistoryLimit: 2 +revisionHistoryLimit: 1 nodeSelector: {} @@ -257,7 +258,7 @@ affinity: {} # probe configuration parameters liveness: - path: /actuator/health/liveness + path: /actuator/health initialDelaySeconds: 60 periodSeconds: 60 enabled: true @@ -339,6 +340,7 @@ autoscaling: targetCPUUtilizationPercentage: 80 tracing: + enabled: false collector: baseUrl: http://jaeger-collector.istio-system:9411 sampling: @@ -442,9 +444,14 @@ readinessCheck: services: - '{{ .Values.global.cassandra.serviceName }}' - aai-schema-service - wait_for_service: + wait_for_traversal: services: - - aai + - aai-traversal + +jobAnnotations: + "helm.sh/hook": pre-upgrade,pre-rollback,post-install + "helm.sh/hook-weight": "2" + "helm.sh/hook-delete-policy": before-hook-creation ################################################################# # Secrets metaconfig ################################################################# diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml index a743592036..160d8cf823 100644 --- a/kubernetes/aai/templates/deployment.yaml +++ b/kubernetes/aai/templates/deployment.yaml @@ -18,7 +18,7 @@ apiVersion: apps/v1 kind: Deployment -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +metadata: {{- include "common.resourceMetadata" (dict "annotations" .Values.annotations "dot" .) | nindent 2 }} spec: selector: matchLabels: @@ -38,7 +38,6 @@ spec: terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} {{ include "common.podSecurityContext" . | indent 6 | trim }} initContainers: - {{ include "common.readinessCheck.waitFor" . | indent 6 | trim}} - command: ["/bin/sh","-c"] args: ['cp -R /usr/local/etc/haproxy /usr/local/etc/haproxy_rw/'] image: '{{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}' @@ -94,21 +93,8 @@ spec: readinessProbe: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - httpGet: - path: /aai/util/echo + tcpSocket: port: {{ .Values.service.internalPort }} - scheme: HTTP - httpHeaders: - - name: X-FromAppId - value: OOM_ReadinessCheck - {{ if .Values.global.installSidecarSecurity }} - - name: Authorization - value: Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ== - {{ end }} - - name: X-TransactionId - value: OOM_ReadinessCheck_TID - - name: Accept - value: application/json {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index a000d2f934..f2363b7915 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -25,14 +25,13 @@ global: # global defaults dockerhubRepository: docker.io busyboxImage: busybox - readinessImage: onap/oom/readiness:6.0.3 + readinessImage: onap/oom/readiness:6.1.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 restartPolicy: Always - msbEnabled: false centralizedLoggingEnabled: false cassandra: @@ -246,11 +245,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v29 + default: v30 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30 # Specifies from which version related link should appear related: link: v11 @@ -324,12 +323,14 @@ config: # IP address of name server is needed in nginx configuration. The secure endpoint for logging with Keycloak need the ip address in the config file. # You can find this ip address in the /etc/resolv.conf This file is generated by k8s. The name server ip address is in all k8s cluster the same. NAME_SERVER: coredns.kube-system + # hold interval in seconds + DNS_REFRESH_INTERVAL: 5 # default number of instances replicaCount: 1 # number of ReplicaSets that should be retained for the Deployment -revisionHistoryLimit: 2 +revisionHistoryLimit: 1 updateStrategy: type: RollingUpdate @@ -483,13 +484,6 @@ securityContext: user_id: 99 group_id: 99 -readinessCheck: - wait_for: - services: - - aai-resources - - aai-traversal - - aai-graphadmin - volumes: haProxySizeLimit: 20Mi |