diff options
Diffstat (limited to 'kubernetes/dmaap/components')
22 files changed, 234 insertions, 94 deletions
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env index cde43f95b7..84a42d6436 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env +++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env @@ -14,4 +14,4 @@ # Environment settings for starting a container DMAAPBC_WAIT_TO_EXIT=Y - +DMAAPBC_KSTOREFILE=/opt/app/osaaf/local/org.onap.dmaap-bc.jks diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties index e43182daa3..59f64bd99c 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties +++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties @@ -12,43 +12,47 @@ # See the License for the specific language governing permissions and # limitations under the License. -##################################################### -# -# ONAP Casablanca oom configurable deployment params: -# -##################################################### - ##################################################### # # Hooks for specific environment configurations # ##################################################### -# Indicator for whether to use AAF +# Indicator for whether to use AAF for authentication UseAAF: {{ .Values.global.aafEnabled }} -# csit: stubs out some southbound APIs for csit -csit: No +# Stub out southbound calls for Unit Test cases to run. e.g. not timeout +# Comment out in other environments to get default (No) +#UnitTest: Yes -# name of this DMaaP instance (deprecated) -#DmaapName: demo ##################################################### # # Settings for Southbound API: Datarouter # ##################################################### -# FQDN of DR Prov Server (deprecated) -#DR.provhost: dcae-drps.domain.not.set # URI to retrieve dynamic DR configuration ProvisioningURI: /internal/prov # indicator for handling feed delete: # DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility) -# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cfy environments. +# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cloudify environments. Feed.deleteHandling: SimulateDelete +########################################################### +# The following properties default to match ONAP DR instance. +# However, there are some non-ONAP DR instances that require other values. +# Sets the X-DR-ON-BEHALF-OF HTTP Header value +#DR.onBehalfHeader: +# Value for the Content-Type Header in DR Feed API +#DR.feedContentType: +# Value for the Content-Type Header in DR Subscription API +#DR.subContentType: +# +# END OF properties helpful for non-ONAP DR instance. +############################################################ + ##################################################### # # Settings for Soutbound API: Postgresql @@ -86,6 +90,9 @@ MR.multisite: false # In a multi-site, MR cluster deployment, use the CNAME DNS entry which resolves to the primary central MR MR.CentralCname: {{ .Values.dmaapMessageRouterService }} +# Indicator for whether we want hostname verification on SSL connection to MR +MR.hostnameVerify: false + # MR Client Delete Level thoroughness: # 0 = don't delete # 1 = delete from persistent store @@ -104,6 +111,12 @@ MR.projectID: mr # Use Basic Authentication when provisioning topics MR.authentication: basicAuth +# MR topic name style (default is FQTN_LEGACY_FORMAT) +#MR.topicStyle: FQTN_LEGACY_FORMAT +# +# end of MR Related Properties +################################################################################ + ##################################################### # @@ -136,14 +149,20 @@ aaf.AdminPassword: {{ .Values.adminPwd }} # Identity that is owner of any created namespaces for topics aaf.NsOwnerIdentity: {{ .Values.adminUser }} -# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF -CredentialCodeKeyfile: etc/LocalKey # this overrides the Class used for Decryption. # This allows for a plugin encryption/decryption method if needed. # Call this Class for decryption at runtime. #AafDecryption.Class: com.company.proprietaryDecryptor +# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF +# Not used in ONAP, but possibly used with Decryption override class. +#CredentialCodeKeyfile: etc/LocalKey + +# +# endof AAF Properties +#################################################### + ##################################################### # @@ -172,11 +191,53 @@ MM.ProvUserMechId: dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org # pwd for Identity used to publish MM prov cmds MM.ProvUserPwd: demo123456! -# AAF Role of MirrorMaker agent subscribed to prov cmds +# AAF Role of MirrorMaker agent subscribed to prov cmds. MM.AgentRole: org.onal.dmaap-bc-mm-prov.agent ##################################################### # +# Certificate Management +# +##################################################### + +# Indicates how we are expecting certificates to be provided: +# cadi - a set of artifacts will be downloaded from AAF at deployment time, and details will be in a cadi properties file +# legacy (default) - artifacts will be installed manually or some other way and details will be in this file +CertificateManagement: cadi + +# When CertificateManagement is cadi, then this is where all the cadi properties will be. +# Note that the cadi properties include where the cert is, and the encrypted passwords to read. +cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props + +########################################################################################### +# When CertificateManagement is legacy, we need to provide more details about cert handling: +#CertificateManagement: legacy +# the type of keystore for https (for legacy CertificateManagment only) +#KeyStoreType: jks + +# path to the keystore file (for legacy CertificateManagment only) +#KeyStoreFile: etc/keystore + +# password for the https keystore (for legacy CertificateManagment only) +#KeyStorePassword: Y@Y5f&gm?PAz,CVQL,lk[VAF +# password for the private key in the https keystore (for legacy CertificateManagment only) +#KeyPassword: changeit + +# type of truststore for https (for legacy CertificateManagment only) +#TrustStoreType: jks + +# path to the truststore for https (for legacy CertificateManagment only) +#TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks + +# password for the https truststore (for legacy CertificateManagment only) +#TrustStorePassword: changeit +# +# END OF legacy CertificateManagement properties +########################################################################################### + + +##################################################### +# # HTTP Server Configuration # ##################################################### @@ -191,30 +252,24 @@ IntHttpPort: 8080 # set to 0 if no certificates are available. IntHttpsPort: 8443 -# external port number for https taking port mapping into account -ExtHttpsPort: 443 - -# the type of keystore for https -KeyStoreType: jks - -# path to the keystore file -KeyStoreFile: etc/keystore - -# password for the https keystore -KeyStorePassword: Y@Y5f&gm?PAz,CVQL,lk[VAF -# password for the private key in the https keystore -KeyPassword: Y@Y5f&gm?PAz,CVQL,lk[VAF -# type of truststore for https -TrustStoreType: jks - -# path to the truststore for https -TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks - -# password for the https truststore -TrustStorePassword: 8b&R5%l$l:@jSWz@FCs;rhY* - -# path to the file used to trigger an orderly shutdown -QuiesceFile: etc/SHUTDOWN inHttpsPort: 0 + +##################################################### +# +# Deprecated +# +##################################################### +# csit: stubs out some southbound APIs for csit (deprecated) +#csit: No +# name of this DMaaP instance (deprecated) +#DmaapName: demo +# external port number for https taking port mapping into account (deprecated) +#ExtHttpsPort: 443 +# path to the file used to trigger an orderly shutdown (deprecated) +#QuiesceFile: etc/SHUTDOWN +# FQDN of DR Prov Server (deprecated) +#DR.provhost: dcae-drps.domain.not.set +# root of topic namespace (decrecated) +#topicNsRoot: org.onap.dcae.dmaap diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml index 3e08185a20..ea2720f9ce 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml @@ -48,7 +48,7 @@ spec: command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"] volumeMounts: - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.name" . }}-aaf-config + name: {{ include "common.name" . }}-aaf-config-vol env: - name: APP_FQI value: "{{ .Values.aafConfig.fqi }}" @@ -75,6 +75,26 @@ spec: value: "{{ .Values.aafConfig.cadiLongitude }}" - name: cadi_latitude value: "{{ .Values.aafConfig.cadiLatitude }}" + - name: {{ include "common.name" . }}-permission-fixer + image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: {{ .Values.persistence.aafCredsPath }} + name: {{ include "common.name" . }}-aaf-config-vol + command: ["chown","-Rf","1000:1001", "/opt/app/"] +# See AAF-425 for explanation of why this is needed. +# This artifact is provisioned in AAF for both pks12 and jks format and apparently +# the cadi library is not using the jks password on the jks keystore. +# So, this attempts to "fix" the credential property file until this is fixed properly. + - name: {{ include "common.name" . }}-cred-fixer + image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: {{ .Values.persistence.aafCredsPath }} + name: {{ include "common.name" . }}-aaf-config-vol + command: ["/bin/sh"] + args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ] + {{- end }} {{- if .Values.PG.enabled }} - name: {{ include "common.name" . }}-postgres-readiness @@ -95,7 +115,7 @@ spec: {{- end }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: "{{ .Values.repository }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 10 }} {{ if eq .Values.liveness.enabled true -}} @@ -118,13 +138,12 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true + - mountPath: {{ .Values.persistence.aafCredsPath }} + name: {{ include "common.name" . }}-aaf-config-vol # NOTE: on the following several configMaps, careful to include / at end # since there may be more than one file in each mountPath - name: {{ include "common.name" . }}-config mountPath: /opt/app/config/conf/ - - name: {{ include "common.name" . }}-aaf-config - mountPath: /opt/app/dmaapbc/etc/org.onap.dmaap-bc.props - subPath: org.onap.dmaap-bc.props resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} @@ -139,8 +158,7 @@ spec: - name: {{ include "common.name" . }}-config configMap: name: {{ include "common.fullname" . }}-config - - name: {{ include "common.name" . }}-aaf-config - configMap: - name: {{ include "common.fullname" . }}-aaf-config + - name: {{ include "common.name" . }}-aaf-config-vol + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml index 28c77eb54c..3a18787826 100644 --- a/kubernetes/dmaap/components/dmaap-bc/values.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml @@ -30,7 +30,8 @@ pullPolicy: Always # application images repository: nexus3.onap.org:10001 -image: onap/dmaap/dmaap-bc:2.0.3 +#repository: 10.12.7.57:5000 +image: onap/dmaap/dmaap-bc:2.0.4 # application configuration @@ -49,7 +50,7 @@ adminPwd: demo123456! #AAF local config aafConfig: - aafDeployFqi: dmaap-bc@dmaap-bc.onap.org + aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! fqdn: dmaap-bc fqi: dmaap-bc@dmaap-bc.onap.org @@ -58,7 +59,7 @@ aafConfig: cadiLongitude: 0.0 persistence: - aafCredsPath: /opt/app/osaaf/local + aafCredsPath: /opt/app/osaaf/local/ # for Casablanca default deployment, leave this true to # get a topic namespace that matches MR. When set to false, diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml index 3f2d39e0d1..c7ecb07452 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml @@ -21,7 +21,7 @@ --- {{- $global := . }} {{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) -}} +{{- if (include "common.needPV" .) -}} {{- range $i := until (int $global.Values.replicaCount)}} kind: PersistentVolume apiVersion: v1 diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index 104fcdc54a..adbdb688c2 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -122,9 +122,9 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: DB_USERNAME - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }} volumeMounts: {{- if .Values.global.aafEnabled }} - mountPath: {{ .Values.persistence.aafCredsPath }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml index dee311c336..bd7eb8ea40 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties index 977699d83a..2bee404c0b 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties @@ -3,16 +3,15 @@ aaf_env=DEV aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm cadi_truststore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.trust.jks -cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw +cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ cadi_keyfile=/etc/kafka/secrets/cert/org.onap.dmaap.mr.keyfile cadi_alias=dmaapmr@mr.dmaap.onap.org cadi_keystore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.p12 -cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht +cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US - cadi_loglevel=INFO cadi_protocols=TLSv1.1,TLSv1.2 cadi_latitude=37.78187 diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml index 50398987d2..1a86f18e77 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml @@ -38,8 +38,8 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/jaas/kafka_server_jaas.conf").AsConfig . | indent 2 }} - -{{ else }} +--- +{{- else }} apiVersion: v1 kind: ConfigMap @@ -53,7 +53,7 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/jaas/zk_client_jaas.conf").AsConfig . | indent 2 }} - +--- {{- end }} {{- if .Values.prometheus.jmx.enabled }} @@ -68,6 +68,6 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig | indent 2 }} +{{ tpl (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig . | indent 2 }} --- {{- end }}
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml index 58a10662e8..428eebcc3e 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }}
\ No newline at end of file +{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml index ab3a6bf852..4ba11ec8c7 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml @@ -96,13 +96,13 @@ spec: - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/kafka/secrets/jaas/${PFILE}; done" env: - name: ZK_ADMIN - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-client" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "login") | indent 10 }} - name: ZK_PSWD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-client" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "password") | indent 10 }} - name: KAFKA_ADMIN - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "kafka-admin" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "login") | indent 10 }} - name: KAFKA_PSWD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "kafka-admin" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "password") | indent 10 }} volumeMounts: - mountPath: /etc/kafka/secrets/jaas name: jaas-config @@ -201,7 +201,7 @@ spec: - name: KAFKA_AUTHORIZER_CLASS_NAME value: "{{ .Values.kafka.authorizer }}" {{ else }} - - name: KAFKA_OPTS + - name: KAFKA_OPTS value: "{{ .Values.kafka.jaasOptions }}" - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP value: "{{ .Values.kafka.protocolMap }}" @@ -283,4 +283,4 @@ spec: storage: {{ .Values.persistence.size | quote }} {{ end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml index 0399c3aefb..45dc30e4ee 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml @@ -31,7 +31,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/kafka111:1.0.3 +image: onap/dmaap/kafka111:1.0.4 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 busyBoxImage: busybox:1.30 @@ -70,6 +70,7 @@ configurationOverrides: "log.retention.hours": "168" "zookeeper.connection.timeout.ms": "6000" "default.replication.factor": "3" + "zookeeper.set.acl": "true" jmx: port: 5555 diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml index 907111d898..50091bd387 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml @@ -24,7 +24,7 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ (.Files.Glob "resources/config/jmx-zookeeper-prometheus.yml").AsConfig | indent 2 }} +{{ tpl (.Files.Glob "resources/config/jmx-zookeeper-prometheus.yml").AsConfig . | indent 2 }} --- {{ end }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml index 729cad4cac..428eebcc3e 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml index e98e614d93..e48982319f 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml @@ -80,9 +80,9 @@ spec: - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/zookeeper/secrets/jaas/${PFILE}; done" env: - name: ZK_ADMIN - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-admin" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "login") | indent 10 }} - name: ZK_PSWD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-admin" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "password") | indent 10 }} volumeMounts: - mountPath: /etc/zookeeper/secrets/jaas name: jaas-config @@ -171,8 +171,6 @@ spec: value: "{{ .Values.zkConfig.clientPort }}" - name: KAFKA_OPTS value: "{{ .Values.zkConfig.kafkaOpts }}" - - name: EXTRA_ARGS - value: "{{ .Values.zkConfig.extraArgs }}" - name: ZOOKEEPER_SERVER_ID valueFrom: fieldRef: @@ -210,7 +208,7 @@ spec: name: {{ include "common.fullname" . }}-jaas-configmap {{- if .Values.prometheus.jmx.enabled }} - name: jmx-config - configMap: + configMap: name: {{ include "common.fullname" . }}-prometheus-configmap {{- end }} {{ if not .Values.persistence.enabled }} @@ -234,4 +232,4 @@ spec: storage: {{ .Values.persistence.size | quote }} {{ end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml index 4abb6e3c4a..4f861f8789 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml @@ -31,7 +31,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/zookeeper:6.0.2 +image: onap/dmaap/zookeeper:6.0.3 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 busyBoxImage: busybox:1.30 @@ -75,8 +75,7 @@ zkConfig: autoPurgeSnapRetainCount: 3 autoPurgePurgeInterval: 24 heapOptions: -Xmx2G -Xms2G - kafkaOpts: -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider - extraArgs: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf + kafkaOpts: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl clientPort: 2181 jmx: diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties index 36dafce986..dca56c823d 100755 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties @@ -4,17 +4,16 @@ aaf_env=DEV aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm cadi_truststore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.trust.jks -cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw +cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ cadi_keyfile=/appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile cadi_alias=dmaapmr@mr.dmaap.onap.org cadi_keystore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.p12 -cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht +cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US - cadi_loglevel=INFO cadi_protocols=TLSv1.1,TLSv1.2 cadi_latitude=37.78187 -cadi_longitude=-122.26147 +cadi_longitude=-122.26147
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml new file mode 100644 index 0000000000..3ee9fc5fe6 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml @@ -0,0 +1,4 @@ +jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.prometheus.jmx.targetPort }}/jmxrmi +lowercaseOutputName: true +lowercaseOutputLabelNames: true +ssl: false
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/templates/configmap.yaml index 9a2dea88e8..f981d6f7a6 100644 --- a/kubernetes/dmaap/components/message-router/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/templates/configmap.yaml @@ -12,7 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - apiVersion: v1 kind: ConfigMap metadata: @@ -79,4 +78,21 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }} +--- +{{- if .Values.prometheus.jmx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-prometheus-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/dmaap/jmx-mrservice-prometheus.yml").AsConfig . | indent 2 }} +--- +{{ end }} + diff --git a/kubernetes/dmaap/components/message-router/templates/post-install-job.yaml b/kubernetes/dmaap/components/message-router/templates/post-install-job.yaml index 4b45352ed0..26f38c9a4f 100644 --- a/kubernetes/dmaap/components/message-router/templates/post-install-job.yaml +++ b/kubernetes/dmaap/components/message-router/templates/post-install-job.yaml @@ -1,3 +1,17 @@ +{{- if .Values.global.aafEnabled }} +# Copyright © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. apiVersion: batch/v1 kind: Job metadata: @@ -73,3 +87,4 @@ spec: name: {{ include "common.fullname" . }}-dbc-topics imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{- end }}
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml index c17fda1108..695a816693 100644 --- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml @@ -41,6 +41,27 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: + {{- if .Values.prometheus.jmx.enabled }} + - name: prometheus-jmx-exporter + image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - java + - -XX:+UnlockExperimentalVMOptions + - -XX:+UseCGroupMemoryLimitForHeap + - -XX:MaxRAMFraction=1 + - -XshowSettings:vm + - -jar + - jmx_prometheus_httpserver.jar + - {{ .Values.prometheus.jmx.port | quote }} + - /etc/jmx-kafka/jmx-mrservice-prometheus.yml + ports: + - containerPort: {{ .Values.prometheus.jmx.port }} + resources: + volumeMounts: + - name: jmx-config + mountPath: /etc/jmx-kafka + {{- end }} - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -92,6 +113,11 @@ spec: - name: cadi configMap: name: {{ include "common.fullname" . }}-cadi-prop-configmap + {{- if .Values.prometheus.jmx.enabled }} + - name: jmx-config + configMap: + name: {{ include "common.fullname" . }}-prometheus-configmap + {{- end }} - name: mykey secret: secretName: {{ include "common.fullname" . }}-secret diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml index b14c35f183..78721169d4 100644 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ b/kubernetes/dmaap/components/message-router/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/dmaap-mr:1.1.17 +image: onap/dmaap/dmaap-mr:1.1.18 pullPolicy: Always kafka: @@ -72,11 +72,11 @@ service: name: message-router both_tls_and_plain: true msb: - port: api - url: "/" - version: "v1" - protocol: "REST" - visualRange: "1" + - port: 3904 + url: "/" + version: "v1" + protocol: "REST" + visualRange: "1" ports: - name: api port: 3905 @@ -84,6 +84,15 @@ service: port_protocol: http nodePort: 26 +prometheus: + jmx: + enabled: false + image: solsson/kafka-prometheus-jmx-exporter@sha256 + imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143 + imageRepository: docker.io + port: 5556 + targetPort: 5555 + ingress: enabled: false |