summaryrefslogtreecommitdiffstats
path: root/kubernetes/dcaegen2-services
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/dcaegen2-services')
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/deployment.yaml14
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/secrets.yaml16
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/ves-openapi-sdc-dist-kafka-user.yaml36
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml27
-rw-r--r--kubernetes/dcaegen2-services/values.yaml3
5 files changed, 90 insertions, 6 deletions
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/deployment.yaml
index 1c6e3593ac..a2c15450bf 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/deployment.yaml
@@ -45,10 +45,16 @@ spec:
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
env:
- - name: ASDC_ADDRESS
- value: {{ .Values.externalServices.sdc_be_https }}
- - name: SCHEMA_MAP_PATH
- value: {{ .Values.schemaMap.directory }}/{{ .Values.schemaMap.filename }}
+ - name: SDC_ADDRESS
+ value: {{ .Values.externalServices.sdc_be_https }}
+ - name: SCHEMA_MAP_PATH
+ value: {{ .Values.schemaMap.directory }}/{{ .Values.schemaMap.filename }}
+ - name: SECURITY_PROTOCOL
+ value: {{ .Values.config.kafka.securityProtocol }}
+ - name: SASL_MECHANISM
+ value: {{ .Values.config.kafka.saslMechanism }}
+ - name: SASL_JAAS_CONFIG
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ves-openapi-kafka-secret" "key" "sasl.jaas.config") | indent 12 }}
volumeMounts:
- name: schema-map
mountPath: {{ .Values.schemaMap.directory }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/secrets.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/secrets.yaml
new file mode 100644
index 0000000000..6ff81501a4
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/secrets.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright (C) 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/ves-openapi-sdc-dist-kafka-user.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/ves-openapi-sdc-dist-kafka-user.yaml
new file mode 100644
index 0000000000..3f9d0ca123
--- /dev/null
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/ves-openapi-sdc-dist-kafka-user.yaml
@@ -0,0 +1,36 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.release" . }}-{{ .Values.vesOpenApiKafkaUser }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: {{ .Values.config.kafka.saslMechanism | lower }}
+ authorization:
+ type: {{ .Values.config.kafka.authType }}
+ acls:
+ - resource:
+ type: group
+ name: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
+ operation: Read
+ - resource:
+ type: topic
+ patternType: prefix
+ name: {{ .Values.config.kafka.sdcTopic.pattern }}
+ operation: All
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml
index c07bd529cc..a9763c9483 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml
@@ -18,9 +18,33 @@
# Global values
global:
pullPolicy: Always
-image: onap/org.onap.dcaegen2.platform.ves-openapi-manager:1.2.0
+image: onap/org.onap.dcaegen2.platform.ves-openapi-manager:1.3.0
containerPort: &svc_port 8080
+secrets:
+ - uid: ves-openapi-kafka-secret
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
+
+# application configuration
+config:
+ someConfig: blah
+ kafka:
+ bootstrapServer: strimzi-kafka-bootstrap:9092
+ securityProtocol: SASL_PLAINTEXT
+ saslMechanism: SCRAM-SHA-512
+ authType: simple
+ sdcTopic:
+ pattern: SDC-DIST
+ consumerGroup: dcaegen2
+ clientId: ves-openapi-manager
+
+vesOpenApiKafkaUser: ves-open-api-kafka-user
+
service:
ports:
- name: &port http
@@ -45,7 +69,6 @@ liveness:
readinessCheck:
wait_for:
- - message-router
- sdc-be
flavor: small
diff --git a/kubernetes/dcaegen2-services/values.yaml b/kubernetes/dcaegen2-services/values.yaml
index 1652f04f0f..a73fceb529 100644
--- a/kubernetes/dcaegen2-services/values.yaml
+++ b/kubernetes/dcaegen2-services/values.yaml
@@ -17,6 +17,7 @@
global:
centralizedLoggingEnabled: true
hvVesKafkaUser: dcae-hv-ves-kafka-user
+ vesOpenApiKafkaUser: ves-open-api-kafka-user
#################################################################
# Filebeat Configuration Defaults.
@@ -29,6 +30,8 @@ filebeatConfig:
# Control deployment of DCAE microservices at ONAP installation time
dcae-ves-openapi-manager:
enabled: true
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.vesOpenApiKafkaUser }}'
dcae-datafile-collector:
enabled: false
logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'