diff options
Diffstat (limited to 'kubernetes/cds')
20 files changed, 325 insertions, 83 deletions
diff --git a/kubernetes/cds/Chart.yaml b/kubernetes/cds/Chart.yaml index 2659767929..7115e9e39f 100644 --- a/kubernetes/cds/Chart.yaml +++ b/kubernetes/cds/Chart.yaml @@ -17,32 +17,32 @@ apiVersion: v2 description: ONAP Controller Design Studio (CDS) name: cds -version: 10.0.0 +version: 11.0.0 dependencies: - name: common - version: ~10.x-0 + version: ~11.x-0 repository: '@local' - name: mariadb-galera - version: ~10.x-0 + version: ~11.x-0 repository: '@local' - name: cds-blueprints-processor - version: ~10.x-0 + version: ~11.x-0 repository: 'file://components/cds-blueprints-processor' condition: cds-blueprints-processor.enabled - name: cds-command-executor - version: ~10.x-0 + version: ~11.x-0 repository: 'file://components/cds-command-executor' condition: cds-command-executor.enabled - name: cds-py-executor - version: ~10.x-0 + version: ~11.x-0 repository: 'file://components/cds-py-executor' condition: cds-py-executor.enabled - name: cds-sdc-listener - version: ~10.x-0 + version: ~11.x-0 repository: 'file://components/cds-sdc-listener' condition: cds-sdc-listener.enabled - name: cds-ui - version: ~10.x-0 + version: ~11.x-0 repository: 'file://components/cds-ui' condition: cds-ui.enabled diff --git a/kubernetes/cds/components/cds-blueprints-processor/Chart.yaml b/kubernetes/cds/components/cds-blueprints-processor/Chart.yaml index 4374926e40..2002e5695b 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/Chart.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/Chart.yaml @@ -17,18 +17,18 @@ apiVersion: v2 description: ONAP CDS Blueprints Processor name: cds-blueprints-processor -version: 10.0.0 +version: 11.0.0 dependencies: - name: common - version: ~10.x-0 + version: ~11.x-0 repository: '@local' - name: repositoryGenerator - version: ~10.x-0 + version: ~11.x-0 repository: '@local' - name: serviceAccount - version: ~10.x-0 + version: ~11.x-0 repository: '@local' - name: certInitializer - version: ~10.x-0 + version: ~11.x-0 repository: '@local' diff --git a/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties index ea799e2119..2818fd99b4 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties +++ b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties @@ -1,6 +1,6 @@ {{/* # -# Copyright (c) 2017-2019 AT&T, IBM, Bell Canada, Nordix Foundation. +# Copyright (c) 2017-2022 AT&T, IBM, Bell Canada, Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +18,7 @@ ### START -Controller Blueprints Properties # Load Resource Source Mappings */}} -resourceSourceMappings=processor-db=source-db,input=source-input,default=source-default,sdnc=source-rest,aai-data=source-rest,capability=source-capability,rest=source-rest,vault-data=source-rest,script=source-capability +resourceSourceMappings=processor-db=source-db,input=source-input,default=source-default,sdnc=source-rest,aai-data=source-rest,capability=source-capability,rest=source-rest,vault-data=source-rest,script=source-capability,cps-data=source-rest # Blueprint Processor File Execution and Handling Properties blueprintsprocessor.blueprintDeployPath=/opt/app/onap/blueprints/deploy @@ -101,27 +101,90 @@ blueprintsprocessor.restclient.sdnc.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoG # AAI Data REST Client settings blueprintsprocessor.restclient.aai-data.type=basic-auth -blueprintsprocessor.restclient.aai-data.url=https://aai:8443 +{{ if ( include "common.needTLS" .) }} +blueprintsprocessor.restclient.aai-data.url=https://{{ .Values.global.aaiData.ServiceName }}:8443 +{{- else -}} +blueprintsprocessor.restclient.aai-data.url=http://{{ .Values.global.aaiData.ServiceName }}:{{ .Values.global.aaiData.ExternalPlainPort }} +{{- end }} blueprintsprocessor.restclient.aai-data.username=aai@aai.onap.org blueprintsprocessor.restclient.aai-data.password=demo123456! blueprintsprocessor.restclient.aai-data.additionalHeaders.X-TransactionId=cds-transaction-id blueprintsprocessor.restclient.aai-data.additionalHeaders.X-FromAppId=cds-app-id blueprintsprocessor.restclient.aai-data.additionalHeaders.Accept=application/json +# CPS Data +blueprintsprocessor.restclient.cps-data.type=basic-auth +blueprintsprocessor.restclient.cps-data.url=http://cps-core:8080 +blueprintsprocessor.restclient.cps-data.username=${CPS_USER} +blueprintsprocessor.restclient.cps-data.password=${CPS_PASS_PLAIN} +blueprintsprocessor.restclient.cps-data.additionalHeaders.Accept=application/json +blueprintsprocessor.restclient.cps-data.additionalHeaders.Content-Type=application/json + # Self Service Request Kafka Message Consumer -blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable=false -blueprintsprocessor.messageconsumer.self-service-api.type=kafka-basic-auth -blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers=message-router-kafka:9092 -blueprintsprocessor.messageconsumer.self-service-api.groupId=cds-consumer-group -blueprintsprocessor.messageconsumer.self-service-api.topic=cds-consumer -blueprintsprocessor.messageconsumer.self-service-api.clientId=cds-client -blueprintsprocessor.messageconsumer.self-service-api.pollMillSec=1000 +blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable={{ .Values.kafkaRequestConsumer.enabled }} +blueprintsprocessor.messageconsumer.self-service-api.type={{ .Values.kafkaRequestConsumer.type }} +{{ if eq .Values.useStrimziKafka true }} +blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 +{{- else -}} +blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ .Values.kafkaRequestConsumer.bootstrapServers }} +{{- end }} +blueprintsprocessor.messageconsumer.self-service-api.groupId={{ .Values.kafkaRequestConsumer.groupId }} +blueprintsprocessor.messageconsumer.self-service-api.topic={{ .Values.kafkaRequestConsumer.topic }} +blueprintsprocessor.messageconsumer.self-service-api.clientId={{ .Values.kafkaRequestConsumer.clientId }} +blueprintsprocessor.messageconsumer.self-service-api.pollMillSec={{ .Values.kafkaRequestConsumer.pollMillSec }} +{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }} +# SCRAM +blueprintsprocessor.messageconsumer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }} +blueprintsprocessor.messageconsumer.self-service-api.scramPassword=${JAAS_PASS} +{{ end }} # Self Service Response Kafka Message Producer -blueprintsprocessor.messageproducer.self-service-api.bootstrapServers=message-router-kafka:9092 - -# Kafka Audit Service Configurations -blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable=false +blueprintsprocessor.messageproducer.self-service-api.type={{ .Values.kafkaRequestProducer.type }} +{{ if eq .Values.useStrimziKafka true }} +blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 +{{- else -}} +blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ .Values.kafkaRequestProducer.bootstrapServers }} +{{- end }} +blueprintsprocessor.messageproducer.self-service-api.clientId={{ .Values.kafkaRequestProducer.clientId }} +blueprintsprocessor.messageproducer.self-service-api.topic={{ .Values.kafkaRequestProducer.topic }} +{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }} +# SCRAM +blueprintsprocessor.messageproducer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }} +blueprintsprocessor.messageproducer.self-service-api.scramPassword=${JAAS_PASS} +{{ end }} + +# AUDIT KAFKA FEATURE CONFIGURATION +# Audit feature dumps CDS request to a topic as well as a truncated response message to another topic. +## Audit request +blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable={{ .Values.kafkaAuditRequest.enabled }} +blueprintsprocessor.messageproducer.self-service-api.audit.request.type={{ .Values.kafkaAuditRequest.type }} +{{ if eq .Values.useStrimziKafka true }} +blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 +{{- else -}} +blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers }} +{{- end }} +blueprintsprocessor.messageproducer.self-service-api.audit.request.clientId={{ .Values.kafkaAuditRequest.clientId }} +blueprintsprocessor.messageproducer.self-service-api.audit.request.topic={{ .Values.kafkaAuditRequest.topic }} +{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }} +# SCRAM +blueprintsprocessor.messageproducer.self-service-api.audit.request.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }} +blueprintsprocessor.messageproducer.self-service-api.audit.request.scramPassword=${JAAS_PASS} +{{ end }} + +## Audit response +blueprintsprocessor.messageproducer.self-service-api.audit.response.type={{ .Values.kafkaAuditResponse.type }} +{{ if eq .Values.useStrimziKafka true }} +blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 +{{- else -}} +blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers }} +{{- end }} +blueprintsprocessor.messageproducer.self-service-api.audit.response.clientId={{ .Values.kafkaAuditResponse.clientId }} +blueprintsprocessor.messageproducer.self-service-api.audit.response.topic={{ .Values.kafkaAuditResponse.topic }} +{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }} +# SCRAM +blueprintsprocessor.messageproducer.self-service-api.audit.response.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }} +blueprintsprocessor.messageproducer.self-service-api.audit.response.scramPassword=${JAAS_PASS} +{{ end }} # Executor Options blueprintsprocessor.resourceResolution.enabled=true @@ -132,10 +195,10 @@ blueprintsprocessor.remoteScriptCommand.enabled=true ## Enable py-executor blueprintsprocessor.streamingRemoteExecution.enabled=true -# Used in Health Check -blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth -blueprintsprocessor.messageproducer.self-service-api.clientId=cds-client -blueprintsprocessor.messageproducer.self-service-api.topic=cds-producer +## Used in Health Check +#blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth +#blueprintsprocessor.messageproducer.self-service-api.clientId=cds-client +#blueprintsprocessor.messageproducer.self-service-api.topic=cds-producer #Encrypted username and password for health check service @@ -143,7 +206,7 @@ endpoints.user.name=eHbVUbJAj4AG2522cSbrOQ== endpoints.user.password=eHbVUbJAj4AG2522cSbrOQ== #BaseUrls for health check blueprint processor services -blueprintprocessor.healthcheck.baseUrl=http://localhost:8080/ +blueprintprocessor.healthcheck.baseUrl=http://cds-blueprints-processor-http:8080/ blueprintprocessor.healthcheck.mapping-service-name-with-service-link=[Execution service,/api/v1/execution-service/health-check],[Resources service,/api/v1/resources/health-check],[Template service,/api/v1/template/health-check] #BaseUrls for health check Cds Listener services diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml new file mode 100644 index 0000000000..555f4d4e60 --- /dev/null +++ b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml @@ -0,0 +1,68 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if eq .Values.useStrimziKafka true }} +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: {{ .Values.kafkaRequestConsumer.topic }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + partitions: 10 + replicas: 2 + config: + retention.ms: 7200000 + segment.bytes: 1073741824 +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: {{ .Values.kafkaRequestProducer.topic }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + partitions: 10 + replicas: 2 + config: + retention.ms: 7200000 + segment.bytes: 1073741824 +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: {{ .Values.kafkaAuditRequest.topic }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + partitions: 10 + replicas: 2 + config: + retention.ms: 7200000 + segment.bytes: 1073741824 +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: {{ .Values.kafkaAuditResponse.topic }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + partitions: 10 + replicas: 2 + config: + retention.ms: 7200000 + segment.bytes: 1073741824 +{{ end }}
\ No newline at end of file diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml new file mode 100644 index 0000000000..65ee1d2a96 --- /dev/null +++ b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml @@ -0,0 +1,49 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if eq .Values.useStrimziKafka true }} +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaUser +metadata: + name: {{ include "common.release" . }}-{{ .Values.cdsKafkaUser }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + authentication: + type: scram-sha-512 + authorization: + type: simple + acls: + - resource: + type: group + name: {{ .Values.kafkaRequestConsumer.groupId }} + operation: All + - resource: + type: topic + name: {{ .Values.kafkaRequestConsumer.topic }} + operation: All + - resource: + type: topic + name: {{ .Values.kafkaRequestProducer.topic }} + operation: All + - resource: + type: topic + name: {{ .Values.kafkaAuditRequest.topic }} + operation: All + - resource: + type: topic + name: {{ .Values.kafkaAuditResponse.topic }} + operation: All +{{ end }}
\ No newline at end of file diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml index d92f09a4c8..1e4f5e10a0 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # Copyright (c) 2019 IBM, Bell Canada # Copyright (c) 2020 Samsung Electronics +# Modification Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -78,10 +79,6 @@ spec: args: - --container-name - cds-db - {{- if .Values.dmaapEnabled }} - - --container-name - - message-router - {{ end }} env: - name: NAMESPACE valueFrom: @@ -121,6 +118,14 @@ spec: fieldPath: metadata.name - name: CLUSTER_CONFIG_FILE value: {{ .Values.config.appConfigDir }}/hazelcast.yaml + - name: CPS_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "login") | indent 12 }} + - name: CPS_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "password") | indent 12 }} + {{ if .Values.useStrimziKafka }} + - name: JAAS_PASS + value: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-kafka-secret" "key" "password") | indent 12 }} + {{ end }} ports: - containerPort: {{ .Values.service.http.internalPort }} - containerPort: {{ .Values.service.grpc.internalPort }} diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/service.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/service.yaml index 5d2e438e1e..153740c553 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/templates/service.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/templates/service.yaml @@ -33,7 +33,7 @@ spec: {{- if eq .Values.service.http.type "NodePort"}} nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.http.nodePort }} {{- end}} - name: {{ .Values.service.http.portName | default "http" }} + name: {{ .Values.service.http.portName | default "http" }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml index a5180c53c6..023bf4917b 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml @@ -1,5 +1,6 @@ # Copyright (c) 2019 IBM, Bell Canada # Copyright (c) 2020 Samsung Electronics +# Modification Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,10 +28,17 @@ global: persistence: mountPath: /dockerdata-nfs - #This configuration specifies Service and port for SDNC OAM interface + # This configuration specifies Service and port for SDNC OAM interface sdncOamService: sdnc-oam sdncOamPort: 8282 + # This concerns CDS/AAI communication through HTTP when TLS is not being needed + # Port value should match the one in aai/values.yml : service.externalPlainPort + aaiData: + ExternalPlainPort: 80 # when TLS is not needed + ServiceName: aai # domain + # http://aai:80 or https://aai:443 + #AAF is enabled by default #aafEnabled: true @@ -57,6 +65,19 @@ secrets: externalSecret: '{{ tpl (default "" .Values.config.sdncDB.dbRootPassExternalSecret) . }}' password: '{{ .Values.config.sdncDB.dbRootPass }}' passwordPolicy: required + - uid: cds-kafka-secret + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: password + value: '{{ .Values.config.someConfig }}' + policy: generate + - uid: cps-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.cps.cpsUserExternalSecret) . }}' + login: '{{ .Values.config.cps.cpsUsername }}' + password: '{{ .Values.config.cps.cpsPassword }}' + passwordPolicy: required ################################################################# # AAF part @@ -100,7 +121,7 @@ config: dbService: mariadb-galera dbPort: 3306 dbName: sdnctl - #dbRootPass: Custom root password + # dbRootPass: Custom root password dbRootPassExternalSecret: '{{ include "common.mariadb.secret.rootPassSecretName" ( dict "dot" . "chartName" .Values.config.sdncDB.dbService ) }}' cdsDB: dbServer: cds-db @@ -111,6 +132,11 @@ config: # dbCredsExternalSecret: <some secret name> # dbRootPassword: password # dbRootPassExternalSecret + someConfig: blah + cps: + cpsUsername: '' + cpsPassword: '' + cpsUserExternalSecret: '{{ include "common.release" . }}-cps-core-app-user-creds' # default number of instances replicaCount: 1 @@ -119,10 +145,40 @@ nodeSelector: {} affinity: {} -# flag for kafka-listener dependency. Set to true if you are using message-router otherwise set to false if you are using -# custom kafka cluster. -dmaapEnabled: true +# If useStrimziKafka is true, the following also applies: +# strimzi will create an associated kafka user and the topics defined for Request and Audit elements below. +# The connection type must be kafka-scram-plain-text-auth +# The bootstrapServers will target the strimzi kafka cluster by default +useStrimziKafka: false +cdsKafkaUser: cds-kafka-user +kafkaRequestConsumer: + enabled: false + type: kafka-scram-plain-text-auth + bootstrapServers: host:port + groupId: cds-consumer + topic: cds.blueprint-processor.self-service-api.request + clientId: request-receiver-client-id + pollMillSec: 1000 +kafkaRequestProducer: + type: kafka-scram-plain-text-auth + bootstrapServers: host:port + clientId: request-producer-client-id + topic: cds.blueprint-processor.self-service-api.response + enableIdempotence: false +kafkaAuditRequest: + enabled: false + type: kafka-scram-plain-text-auth + bootstrapServers: host:port + clientId: audit-request-producer-client-id + topic: cds.blueprint-processor.self-service-api.audit.request + enableIdempotence: false +kafkaAuditResponse: + type: kafka-scram-plain-text-auth + bootstrapServers: host:port + clientId: audit-response-producer-client-id + topic: cds.blueprint-processor.self-service-api.audit.response + enableIdempotence: false # probe configuration parameters startup: @@ -131,12 +187,12 @@ startup: periodSeconds: 10 liveness: - initialDelaySeconds: 0 + initialDelaySeconds: 1 periodSeconds: 20 - timeoutSeconds: 20 + timeoutSeconds: 30 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container - enabled: true + enabled: false readiness: initialDelaySeconds: 120 @@ -146,17 +202,17 @@ readiness: service: http: type: ClusterIP - portName: blueprints-processor-http + portName: http internalPort: 8080 externalPort: 8080 grpc: type: ClusterIP - portName: blueprints-processor-grpc + portName: grpc internalPort: 9111 externalPort: 9111 cluster: type: ClusterIP - portName: blueprints-processor-cluster + portName: tcp-cluster internalPort: 5701 externalPort: 5701 @@ -184,8 +240,8 @@ ingress: - baseaddr: "blueprintsprocessorhttp" name: "cds-blueprints-processor-http" port: 8080 - config: - ssl: "none" + config: + ssl: "none" logback: rootLogLevel: INFO diff --git a/kubernetes/cds/components/cds-command-executor/Chart.yaml b/kubernetes/cds/components/cds-command-executor/Chart.yaml index e6b87930e3..6749d8d9e8 100755 --- a/kubernetes/cds/components/cds-command-executor/Chart.yaml +++ b/kubernetes/cds/components/cds-command-executor/Chart.yaml @@ -17,15 +17,15 @@ apiVersion: v2 description: ONAP CDS Command Executor name: cds-command-executor -version: 10.0.0 +version: 11.0.0 dependencies: - name: common - version: ~10.x-0 + version: ~11.x-0 repository: '@local' - name: repositoryGenerator - version: ~10.x-0 + version: ~11.x-0 repository: '@local' - name: serviceAccount - version: ~10.x-0 + version: ~11.x-0 repository: '@local'
\ No newline at end of file diff --git a/kubernetes/cds/components/cds-command-executor/values.yaml b/kubernetes/cds/components/cds-command-executor/values.yaml index b0c1e35cba..e2511401f3 100755 --- a/kubernetes/cds/components/cds-command-executor/values.yaml +++ b/kubernetes/cds/components/cds-command-executor/values.yaml @@ -63,11 +63,11 @@ readiness: service: type: ClusterIP grpc: - portName: command-executor-grpc + portName: grpc internalPort: 50051 externalPort: 50051 metrics: - portName: command-executor-metrics + portName: tcp-metrics internalPort: 10005 externalPort: 10005 @@ -105,7 +105,7 @@ serviceAccount: metrics: serviceMonitor: enabled: false - port: command-executor-metrics + port: tcp-metrics path: /actuator/prometheus basicAuth: enabled: false diff --git a/kubernetes/cds/components/cds-py-executor/Chart.yaml b/kubernetes/cds/components/cds-py-executor/Chart.yaml index 702d183555..cf09b56b96 100755 --- a/kubernetes/cds/components/cds-py-executor/Chart.yaml +++ b/kubernetes/cds/components/cds-py-executor/Chart.yaml @@ -17,15 +17,15 @@ apiVersion: v2 description: ONAP CDS Py Executor name: cds-py-executor -version: 10.0.0 +version: 11.0.0 dependencies: - name: common - version: ~10.x-0 + version: ~11.x-0 repository: '@local' - name: repositoryGenerator - version: ~10.x-0 + version: ~11.x-0 repository: '@local' - name: serviceAccount - version: ~10.x-0 + version: ~11.x-0 repository: '@local' diff --git a/kubernetes/cds/components/cds-py-executor/values.yaml b/kubernetes/cds/components/cds-py-executor/values.yaml index 9dc4a3181e..a1eb0a0818 100755 --- a/kubernetes/cds/components/cds-py-executor/values.yaml +++ b/kubernetes/cds/components/cds-py-executor/values.yaml @@ -60,9 +60,9 @@ service: type: ClusterIP ports: - port: 50052 - name: executor-grpc + name: grpc-executor - port: 50053 - name: manager-grpc + name: grpc-manager secrets: - uid: api-credentials diff --git a/kubernetes/cds/components/cds-sdc-listener/Chart.yaml b/kubernetes/cds/components/cds-sdc-listener/Chart.yaml index 3c547b9c76..14cd147255 100755 --- a/kubernetes/cds/components/cds-sdc-listener/Chart.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/Chart.yaml @@ -17,15 +17,15 @@ apiVersion: v2 description: ONAP CDS SDC listener microservice name: cds-sdc-listener -version: 10.0.0 +version: 11.0.0 dependencies: - name: common - version: ~10.x-0 + version: ~11.x-0 repository: '@local' - name: repositoryGenerator - version: ~10.x-0 + version: ~11.x-0 repository: '@local' - name: serviceAccount - version: ~10.x-0 + version: ~11.x-0 repository: '@local'
\ No newline at end of file diff --git a/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml b/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml index 7ef5959a1b..3710f5f510 100644 --- a/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml @@ -1,6 +1,6 @@ listenerservice: config: - asdcAddress: sdc-be.{{include "common.namespace" .}}:8443 #SDC-BE + asdcAddress: sdc-be.{{include "common.namespace" .}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }} #SDC-BE messageBusAddress: message-router.{{include "common.namespace" .}} #Message-Router user: cds #SDC-username password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U #SDC-password @@ -14,7 +14,7 @@ listenerservice: keyStorePath: activateServerTLSAuth : false isUseHttpsWithDmaap: false - isUseHttpsWithSDC: true + isUseHttpsWithSDC: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} archivePath: /opt/app/onap/sdc-listener/ grpcAddress: cds-blueprints-processor-grpc grpcPort: 9111 @@ -24,14 +24,11 @@ listenerservice: httpsProxyPort: 0 httpProxyPort: 0 - - cdslistener: healthcheck: baseUrl: http://localhost:9000/ mapping-service-name-with-service-link: "[SDC Listener service,/api/v1/sdclistener/healthcheck]" - management: endpoint: health: diff --git a/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml b/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml index 4ac847005e..3a6d76165b 100644 --- a/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/templates/deployment.yaml @@ -63,18 +63,19 @@ spec: value: {{ .Values.config.appConfigDir }} ports: - containerPort: {{ .Values.service.http.internalPort }} + name: {{ .Values.service.http.portName }} {{ if .Values.liveness.enabled }} livenessProbe: httpGet: path: /api/v1/sdclistener/healthcheck - port: {{ .Values.service.http.internalPort }} + port: {{ .Values.service.http.portName }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{end}} readinessProbe: httpGet: path: /api/v1/sdclistener/healthcheck - port: {{ .Values.service.http.internalPort }} + port: {{ .Values.service.http.portName }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: diff --git a/kubernetes/cds/components/cds-sdc-listener/templates/service.yaml b/kubernetes/cds/components/cds-sdc-listener/templates/service.yaml index af837f2b3a..42bd2b33e9 100644 --- a/kubernetes/cds/components/cds-sdc-listener/templates/service.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/templates/service.yaml @@ -31,7 +31,7 @@ spec: {{- if eq .Values.service.type "NodePort"}} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} {{- end}} - name: {{ .Values.service.http.portName | default "http" }} + name: {{ .Values.service.http.portName | default "http" }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/cds/components/cds-sdc-listener/values.yaml b/kubernetes/cds/components/cds-sdc-listener/values.yaml index ac1e3b4dde..1499ad5b04 100644 --- a/kubernetes/cds/components/cds-sdc-listener/values.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/values.yaml @@ -62,7 +62,7 @@ readiness: service: type: ClusterIP http: - portName: cds-sdc-listener-http + portName: http internalPort: 8080 externalPort: 8080 diff --git a/kubernetes/cds/components/cds-ui/Chart.yaml b/kubernetes/cds/components/cds-ui/Chart.yaml index e220b0ceab..c356a0f9b0 100644 --- a/kubernetes/cds/components/cds-ui/Chart.yaml +++ b/kubernetes/cds/components/cds-ui/Chart.yaml @@ -17,18 +17,18 @@ apiVersion: v2 description: ONAP CDS UI name: cds-ui -version: 10.0.0 +version: 11.0.0 dependencies: - name: common - version: ~10.x-0 + version: ~11.x-0 repository: '@local' - name: certInitializer - version: ~10.x-0 + version: ~11.x-0 repository: '@local' - name: repositoryGenerator - version: ~10.x-0 + version: ~11.x-0 repository: '@local' - name: serviceAccount - version: ~10.x-0 + version: ~11.x-0 repository: '@local' diff --git a/kubernetes/cds/components/cds-ui/values.yaml b/kubernetes/cds/components/cds-ui/values.yaml index 05f766e186..14fc014920 100644 --- a/kubernetes/cds/components/cds-ui/values.yaml +++ b/kubernetes/cds/components/cds-ui/values.yaml @@ -105,8 +105,8 @@ ingress: - baseaddr: "cdsui" name: "cds-ui" port: 3000 - config: - ssl: "redirect" + config: + ssl: "redirect" # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml index edac066f6f..58e6b65c6f 100644 --- a/kubernetes/cds/values.yaml +++ b/kubernetes/cds/values.yaml @@ -1,6 +1,7 @@ # Copyright © 2020 Samsung Electronics # Copyright © 2019 Orange, Bell Canada # Copyright © 2017 Amdocs, Bell Canada +# Modification Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,6 +23,7 @@ global: nodePortPrefixExt: 304 persistence: mountPath: /dockerdata-nfs + cdsKafkaUser: cds-kafka-user ################################################################# # Secrets metaconfig @@ -212,6 +214,7 @@ cds-blueprints-processor: dbPort: 3306 dbName: *mysqlDbName dbCredsExternalSecret: *dbUserSecretName + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.kafkaUser }}' cds-command-executor: enabled: true |