diff options
Diffstat (limited to 'kubernetes/dcaegen2-services')
5 files changed, 90 insertions, 6 deletions
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/deployment.yaml index 1c6e3593ac..a2c15450bf 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/deployment.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/deployment.yaml @@ -45,10 +45,16 @@ spec: periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end }} env: - - name: ASDC_ADDRESS - value: {{ .Values.externalServices.sdc_be_https }} - - name: SCHEMA_MAP_PATH - value: {{ .Values.schemaMap.directory }}/{{ .Values.schemaMap.filename }} + - name: SDC_ADDRESS + value: {{ .Values.externalServices.sdc_be_https }} + - name: SCHEMA_MAP_PATH + value: {{ .Values.schemaMap.directory }}/{{ .Values.schemaMap.filename }} + - name: SECURITY_PROTOCOL + value: {{ .Values.config.kafka.securityProtocol }} + - name: SASL_MECHANISM + value: {{ .Values.config.kafka.saslMechanism }} + - name: SASL_JAAS_CONFIG + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ves-openapi-kafka-secret" "key" "sasl.jaas.config") | indent 12 }} volumeMounts: - name: schema-map mountPath: {{ .Values.schemaMap.directory }} diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/secrets.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/secrets.yaml new file mode 100644 index 0000000000..6ff81501a4 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/secrets.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright (C) 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/ves-openapi-sdc-dist-kafka-user.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/ves-openapi-sdc-dist-kafka-user.yaml new file mode 100644 index 0000000000..3f9d0ca123 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/ves-openapi-sdc-dist-kafka-user.yaml @@ -0,0 +1,36 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaUser +metadata: + name: {{ include "common.release" . }}-{{ .Values.vesOpenApiKafkaUser }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + authentication: + type: {{ .Values.config.kafka.saslMechanism | lower }} + authorization: + type: {{ .Values.config.kafka.authType }} + acls: + - resource: + type: group + name: {{ .Values.config.kafka.sdcTopic.consumerGroup }} + operation: Read + - resource: + type: topic + patternType: prefix + name: {{ .Values.config.kafka.sdcTopic.pattern }} + operation: All diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml index c07bd529cc..a9763c9483 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml @@ -18,9 +18,33 @@ # Global values global: pullPolicy: Always -image: onap/org.onap.dcaegen2.platform.ves-openapi-manager:1.2.0 +image: onap/org.onap.dcaegen2.platform.ves-openapi-manager:1.3.0 containerPort: &svc_port 8080 +secrets: + - uid: ves-openapi-kafka-secret + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: sasl.jaas.config + value: '{{ .Values.config.someConfig }}' + policy: generate + +# application configuration +config: + someConfig: blah + kafka: + bootstrapServer: strimzi-kafka-bootstrap:9092 + securityProtocol: SASL_PLAINTEXT + saslMechanism: SCRAM-SHA-512 + authType: simple + sdcTopic: + pattern: SDC-DIST + consumerGroup: dcaegen2 + clientId: ves-openapi-manager + +vesOpenApiKafkaUser: ves-open-api-kafka-user + service: ports: - name: &port http @@ -45,7 +69,6 @@ liveness: readinessCheck: wait_for: - - message-router - sdc-be flavor: small diff --git a/kubernetes/dcaegen2-services/values.yaml b/kubernetes/dcaegen2-services/values.yaml index 1652f04f0f..a73fceb529 100644 --- a/kubernetes/dcaegen2-services/values.yaml +++ b/kubernetes/dcaegen2-services/values.yaml @@ -17,6 +17,7 @@ global: centralizedLoggingEnabled: true hvVesKafkaUser: dcae-hv-ves-kafka-user + vesOpenApiKafkaUser: ves-open-api-kafka-user ################################################################# # Filebeat Configuration Defaults. @@ -29,6 +30,8 @@ filebeatConfig: # Control deployment of DCAE microservices at ONAP installation time dcae-ves-openapi-manager: enabled: true + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.vesOpenApiKafkaUser }}' dcae-datafile-collector: enabled: false logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' |