diff options
Diffstat (limited to 'kubernetes/dcaegen2-services/components/dcae-pmsh')
7 files changed, 0 insertions, 439 deletions
diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml deleted file mode 100644 index f721f0aba4..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/Chart.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# ================================ LICENSE_START ============================= -# ============================================================================ -# Copyright (C) 2021 Nordix Foundation. -# Copyright (c) 2021 AT&T. All rights reserved. -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ================================= LICENSE_END ============================== - -apiVersion: v2 -appVersion: "Kohn" -description: DCAE PMSH Service -name: dcae-pmsh -version: 13.0.0 - -dependencies: - - name: common - version: ~13.x-0 - repository: '@local' - - name: postgres - version: ~13.x-0 - repository: '@local' - - name: readinessCheck - version: ~13.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~13.x-0 - repository: '@local' - - name: dcaegen2-services-common - version: ~13.x-0 - repository: '@local' - - name: serviceAccount - version: ~13.x-0 - repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/authorizationpolicy.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/authorizationpolicy.yaml deleted file mode 100644 index 30d173c2d8..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/authorizationpolicy.yaml +++ /dev/null @@ -1,136 +0,0 @@ -{{/* -# Copyright © 2023 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{ include "common.authorizationPolicy" . }} ---- -{{- $dot := default . .dot -}} -{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}} -{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}} -{{- $defaultOperationPorts := list "5432" -}} -{{- $relName := include "common.release" . -}} -{{- $postgresName := $dot.Values.postgres.service.name -}} -{{- if (include "common.useAuthorizationPolicies" .) }} -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: {{ $relName }}-{{ $postgresName }}-authz - namespace: {{ include "common.namespace" . }} -spec: - selector: - matchLabels: - app: {{ $postgresName }} - action: ALLOW - rules: -{{- if $authorizedPrincipalsPostgres }} -{{- range $principal := $authorizedPrincipalsPostgres }} - - from: - - source: - principals: -{{- $namespace := default "onap" $principal.namespace -}} -{{- if eq "onap" $namespace }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}" -{{- else }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}" -{{- end }} - to: - - operation: - ports: -{{- range $port := $defaultOperationPorts }} - - "{{ $port }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} ---- -{{- $dot := default . .dot -}} -{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}} -{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}} -{{- $defaultOperationPorts := list "5432" -}} -{{- $relName := include "common.release" . -}} -{{- $postgresName := $dot.Values.postgres.service.name -}} -{{- $pgHost := "primary" -}} -{{- if (include "common.useAuthorizationPolicies" .) }} -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz - namespace: {{ include "common.namespace" . }} -spec: - selector: - matchLabels: - app: {{ $postgresName }}-{{ $pgHost }} - action: ALLOW - rules: -{{- if $authorizedPrincipalsPostgres }} -{{- range $principal := $authorizedPrincipalsPostgres }} - - from: - - source: - principals: -{{- $namespace := default "onap" $principal.namespace -}} -{{- if eq "onap" $namespace }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}" -{{- else }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}" -{{- end }} - to: - - operation: - ports: -{{- range $port := $defaultOperationPorts }} - - "{{ $port }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }} ---- -{{- $dot := default . .dot -}} -{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}} -{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}} -{{- $defaultOperationPorts := list "5432" -}} -{{- $relName := include "common.release" . -}} -{{- $postgresName := $dot.Values.postgres.service.name -}} -{{- $pgHost := "replica" -}} -{{- if (include "common.useAuthorizationPolicies" .) }} -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz - namespace: {{ include "common.namespace" . }} -spec: - selector: - matchLabels: - app: {{ $postgresName }}-{{ $pgHost }} - action: ALLOW - rules: -{{- if $authorizedPrincipalsPostgres }} -{{- range $principal := $authorizedPrincipalsPostgres }} - - from: - - source: - principals: -{{- $namespace := default "onap" $principal.namespace -}} -{{- if eq "onap" $namespace }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}" -{{- else }} - - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}" -{{- end }} - to: - - operation: - ports: -{{- range $port := $defaultOperationPorts }} - - "{{ $port }}" -{{- end }} -{{- end }} -{{- end }} -{{- end }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/configmap.yaml deleted file mode 100644 index b4b8e59b2e..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/configmap.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 Nordix Foundation. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "dcaegen2-services-common.configMap" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/deployment.yaml deleted file mode 100644 index 60fce4a7be..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/deployment.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 Nordix Foundation. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "dcaegen2-services-common.microserviceDeployment" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/secret.yaml deleted file mode 100644 index 0f1129cfb4..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 Nordix Foundation. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "common.secretFast" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/service.yaml deleted file mode 100644 index fedb766524..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 Nordix Foundation. # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml deleted file mode 100644 index 0f7289cc07..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml +++ /dev/null @@ -1,182 +0,0 @@ -# ================================ LICENSE_START ============================= -# ============================================================================ -# Copyright (C) 2021 Nordix Foundation. -# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ================================= LICENSE_END ============================== - -################################################################# -# Global Configuration Defaults. -################################################################# -global: - nodePortPrefix: 302 - nodePortPrefixExt: 304 - centralizedLoggingEnabled: true - -################################################################# -# Filebeat Configuration Defaults. -################################################################# -filebeatConfig: - logstashServiceName: log-ls - logstashPort: 5044 - -################################################################# -# Secrets Configuration. -################################################################# -secrets: - - uid: &pgUserCredsSecretUid pg-user-creds - name: &pgUserCredsSecretName '{{ include "common.release" . }}-pmsh-pg-user-creds' - type: basicAuth - externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "pmsh-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' - login: '{{ .Values.postgres.config.pgUserName }}' - password: '{{ .Values.postgres.config.pgUserPassword }}' - passwordPolicy: generate - -################################################################# -# Application Configuration Defaults. -################################################################# -# Application Image -image: onap/org.onap.dcaegen2.services.pmsh:2.2.3 -pullPolicy: Always - -# Log directory where logging sidecar should look for log files -# if path is set to null sidecar won't be deployed in spite of -# global.centralizedLoggingEnabled setting. -log: - path: /var/log/ONAP/dcaegen2/services/pmsh -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' - -# Probe Configuration -readiness: - initialDelaySeconds: 10 - periodSeconds: 15 - timeoutSeconds: 1 - path: /healthcheck - scheme: HTTP - port: 8080 - -# Service Configuration -service: - type: ClusterIP - name: dcae-pmsh - ports: - - name: http - port: 8080 - plain_port: 8080 - port_protocol: http - -serviceMesh: - authorizationPolicy: - authorizedPrincipals: - - serviceAccount: message-router-read - authorizedPrincipalsPostgres: - - serviceAccount: dcae-pmsh-read - -# Initial Application Configuration -applicationConfig: - enable_tls: false - aaf_identity: dummy_value - aaf_password: dummy_value - key_path: /opt/app/pmsh/etc/certs/key.pem - cert_path: /opt/app/pmsh/etc/certs/cert.pem - ca_cert_path: /opt/app/pmsh/etc/certs/cacert.pem - control_loop_name: pmsh-control-loop - operational_policy_name: pmsh-operational-policy - pmsh_policy: - subscription: - subscriptionName: ExtraPM-All-gNB-R2B - administrativeState: LOCKED - fileBasedGP: 15 - fileLocation: "/pm/pm.xml" - nfFilter: { "nfNames": [ "^pnf.*","^vnf.*" ],"modelInvariantIDs": [ ],"modelVersionIDs": [ ],"modelNames": [ ] } - measurementGroups: [ { "measurementGroup": { "measurementTypes": [ { "measurementType": "countera" },{ "measurementType": "counterb" } ],"managedObjectDNsBasic": [ { "DN": "dna" },{ "DN": "dnb" } ] } },{ "measurementGroup": { "measurementTypes": [ { "measurementType": "counterc" },{ "measurementType": "counterd" } ],"managedObjectDNsBasic": [ { "DN": "dnc" },{ "DN": "dnd" } ] } } ] - streams_publishes: - policy_pm_publisher: - type: message_router - dmaap_info: - topic_url: "http://message-router:3904/events/unauthenticated.DCAE_CL_OUTPUT" - streams_subscribes: - policy_pm_subscriber: - type: message_router - dmaap_info: - topic_url: "http://message-router:3904/events/unauthenticated.PMSH_CL_INPUT" - aai_subscriber: - type: message_router - dmaap_info: - topic_url: "http://message-router:3904/events/AAI-EVENT" - -applicationEnv: - PMSH_PG_URL: &dcaePmshPgPrimary dcae-pmsh-pg-primary - PMSH_PG_USERNAME: - secretUid: *pgUserCredsSecretUid - key: login - PMSH_PG_PASSWORD: - secretUid: *pgUserCredsSecretUid - key: password - PMSH_API_PORT: '8080' - -# Resource Limit Flavor -By Default Using Small -flavor: small - -# Segregation for Different Environment (Small and Large) -resources: - small: - limits: - cpu: "1" - memory: "1Gi" - requests: - cpu: "1" - memory: "1Gi" - large: - limits: - cpu: "2" - memory: "2Gi" - requests: - cpu: "2" - memory: "2Gi" - unlimited: {} - -################################################################# -# Application configuration Overriding Defaults in the Postgres. -################################################################# -postgres: - nameOverride: &postgresName dcae-pmsh-postgres - service: - name: *postgresName - name2: *dcaePmshPgPrimary - name3: dcae-pmsh-pg-replica - container: - name: - primary: dcae-pmsh-pg-primary - replica: dcae-pmsh-pg-replica - persistence: - mountSubPath: pmsh/data - mountInitPath: pmsh - config: - pgUserName: pmsh - pgDatabase: pmsh - pgUserExternalSecret: *pgUserCredsSecretName - -# Dependencies -readinessCheck: - wait_for: - services: - - '{{ .Values.postgres.service.name2 }}' - - message-router - -#Pods Service Account -serviceAccount: - nameOverride: dcae-pmsh - roles: - - read |