diff options
Diffstat (limited to 'kubernetes/dmaap')
42 files changed, 1006 insertions, 984 deletions
diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env index cde43f95b7..84a42d6436 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env +++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/buscontroller.env @@ -14,4 +14,4 @@ # Environment settings for starting a container DMAAPBC_WAIT_TO_EXIT=Y - +DMAAPBC_KSTOREFILE=/opt/app/osaaf/local/org.onap.dmaap-bc.jks diff --git a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties index e43182daa3..59f64bd99c 100644 --- a/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties +++ b/kubernetes/dmaap/components/dmaap-bc/resources/config/dmaapbc.properties @@ -12,43 +12,47 @@ # See the License for the specific language governing permissions and # limitations under the License. -##################################################### -# -# ONAP Casablanca oom configurable deployment params: -# -##################################################### - ##################################################### # # Hooks for specific environment configurations # ##################################################### -# Indicator for whether to use AAF +# Indicator for whether to use AAF for authentication UseAAF: {{ .Values.global.aafEnabled }} -# csit: stubs out some southbound APIs for csit -csit: No +# Stub out southbound calls for Unit Test cases to run. e.g. not timeout +# Comment out in other environments to get default (No) +#UnitTest: Yes -# name of this DMaaP instance (deprecated) -#DmaapName: demo ##################################################### # # Settings for Southbound API: Datarouter # ##################################################### -# FQDN of DR Prov Server (deprecated) -#DR.provhost: dcae-drps.domain.not.set # URI to retrieve dynamic DR configuration ProvisioningURI: /internal/prov # indicator for handling feed delete: # DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility) -# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cfy environments. +# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cloudify environments. Feed.deleteHandling: SimulateDelete +########################################################### +# The following properties default to match ONAP DR instance. +# However, there are some non-ONAP DR instances that require other values. +# Sets the X-DR-ON-BEHALF-OF HTTP Header value +#DR.onBehalfHeader: +# Value for the Content-Type Header in DR Feed API +#DR.feedContentType: +# Value for the Content-Type Header in DR Subscription API +#DR.subContentType: +# +# END OF properties helpful for non-ONAP DR instance. +############################################################ + ##################################################### # # Settings for Soutbound API: Postgresql @@ -86,6 +90,9 @@ MR.multisite: false # In a multi-site, MR cluster deployment, use the CNAME DNS entry which resolves to the primary central MR MR.CentralCname: {{ .Values.dmaapMessageRouterService }} +# Indicator for whether we want hostname verification on SSL connection to MR +MR.hostnameVerify: false + # MR Client Delete Level thoroughness: # 0 = don't delete # 1 = delete from persistent store @@ -104,6 +111,12 @@ MR.projectID: mr # Use Basic Authentication when provisioning topics MR.authentication: basicAuth +# MR topic name style (default is FQTN_LEGACY_FORMAT) +#MR.topicStyle: FQTN_LEGACY_FORMAT +# +# end of MR Related Properties +################################################################################ + ##################################################### # @@ -136,14 +149,20 @@ aaf.AdminPassword: {{ .Values.adminPwd }} # Identity that is owner of any created namespaces for topics aaf.NsOwnerIdentity: {{ .Values.adminUser }} -# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF -CredentialCodeKeyfile: etc/LocalKey # this overrides the Class used for Decryption. # This allows for a plugin encryption/decryption method if needed. # Call this Class for decryption at runtime. #AafDecryption.Class: com.company.proprietaryDecryptor +# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF +# Not used in ONAP, but possibly used with Decryption override class. +#CredentialCodeKeyfile: etc/LocalKey + +# +# endof AAF Properties +#################################################### + ##################################################### # @@ -172,11 +191,53 @@ MM.ProvUserMechId: dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org # pwd for Identity used to publish MM prov cmds MM.ProvUserPwd: demo123456! -# AAF Role of MirrorMaker agent subscribed to prov cmds +# AAF Role of MirrorMaker agent subscribed to prov cmds. MM.AgentRole: org.onal.dmaap-bc-mm-prov.agent ##################################################### # +# Certificate Management +# +##################################################### + +# Indicates how we are expecting certificates to be provided: +# cadi - a set of artifacts will be downloaded from AAF at deployment time, and details will be in a cadi properties file +# legacy (default) - artifacts will be installed manually or some other way and details will be in this file +CertificateManagement: cadi + +# When CertificateManagement is cadi, then this is where all the cadi properties will be. +# Note that the cadi properties include where the cert is, and the encrypted passwords to read. +cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props + +########################################################################################### +# When CertificateManagement is legacy, we need to provide more details about cert handling: +#CertificateManagement: legacy +# the type of keystore for https (for legacy CertificateManagment only) +#KeyStoreType: jks + +# path to the keystore file (for legacy CertificateManagment only) +#KeyStoreFile: etc/keystore + +# password for the https keystore (for legacy CertificateManagment only) +#KeyStorePassword: Y@Y5f&gm?PAz,CVQL,lk[VAF +# password for the private key in the https keystore (for legacy CertificateManagment only) +#KeyPassword: changeit + +# type of truststore for https (for legacy CertificateManagment only) +#TrustStoreType: jks + +# path to the truststore for https (for legacy CertificateManagment only) +#TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks + +# password for the https truststore (for legacy CertificateManagment only) +#TrustStorePassword: changeit +# +# END OF legacy CertificateManagement properties +########################################################################################### + + +##################################################### +# # HTTP Server Configuration # ##################################################### @@ -191,30 +252,24 @@ IntHttpPort: 8080 # set to 0 if no certificates are available. IntHttpsPort: 8443 -# external port number for https taking port mapping into account -ExtHttpsPort: 443 - -# the type of keystore for https -KeyStoreType: jks - -# path to the keystore file -KeyStoreFile: etc/keystore - -# password for the https keystore -KeyStorePassword: Y@Y5f&gm?PAz,CVQL,lk[VAF -# password for the private key in the https keystore -KeyPassword: Y@Y5f&gm?PAz,CVQL,lk[VAF -# type of truststore for https -TrustStoreType: jks - -# path to the truststore for https -TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks - -# password for the https truststore -TrustStorePassword: 8b&R5%l$l:@jSWz@FCs;rhY* - -# path to the file used to trigger an orderly shutdown -QuiesceFile: etc/SHUTDOWN inHttpsPort: 0 + +##################################################### +# +# Deprecated +# +##################################################### +# csit: stubs out some southbound APIs for csit (deprecated) +#csit: No +# name of this DMaaP instance (deprecated) +#DmaapName: demo +# external port number for https taking port mapping into account (deprecated) +#ExtHttpsPort: 443 +# path to the file used to trigger an orderly shutdown (deprecated) +#QuiesceFile: etc/SHUTDOWN +# FQDN of DR Prov Server (deprecated) +#DR.provhost: dcae-drps.domain.not.set +# root of topic namespace (decrecated) +#topicNsRoot: org.onap.dcae.dmaap diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml index a434439b14..ea2720f9ce 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml @@ -12,31 +12,28 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: +{{- if or .Values.global.aafEnabled .Values.PG.enabled }} initContainers: {{- if .Values.global.aafEnabled }} - - command: + - name: {{ include "common.name" . }}-aaf-readiness + command: - /root/ready.py args: - --container-name - aaf-locate + - --container-name + - aaf-cm + - --container-name + - aaf-service env: - name: NAMESPACE valueFrom: @@ -45,14 +42,13 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-aaf-readiness - - name: {{ include "common.name" . }}-dbc-aaf-config + - name: {{ include "common.name" . }}-aaf-config image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"] volumeMounts: - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.name" . }}-aaf-config + name: {{ include "common.name" . }}-aaf-config-vol env: - name: APP_FQI value: "{{ .Values.aafConfig.fqi }}" @@ -79,9 +75,30 @@ spec: value: "{{ .Values.aafConfig.cadiLongitude }}" - name: cadi_latitude value: "{{ .Values.aafConfig.cadiLatitude }}" + - name: {{ include "common.name" . }}-permission-fixer + image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: {{ .Values.persistence.aafCredsPath }} + name: {{ include "common.name" . }}-aaf-config-vol + command: ["chown","-Rf","1000:1001", "/opt/app/"] +# See AAF-425 for explanation of why this is needed. +# This artifact is provisioned in AAF for both pks12 and jks format and apparently +# the cadi library is not using the jks password on the jks keystore. +# So, this attempts to "fix" the credential property file until this is fixed properly. + - name: {{ include "common.name" . }}-cred-fixer + image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: {{ .Values.persistence.aafCredsPath }} + name: {{ include "common.name" . }}-aaf-config-vol + command: ["/bin/sh"] + args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ] + {{- end }} {{- if .Values.PG.enabled }} - - command: + - name: {{ include "common.name" . }}-postgres-readiness + command: - /root/ready.py args: - --container-name @@ -94,50 +111,45 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-postgres-readiness -{{- end}} +{{- end }} +{{- end }} containers: - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + image: "{{ .Values.repository }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort2 }} + ports: {{ include "common.containerPorts" . | nindent 10 }} {{ if eq .Values.liveness.enabled true -}} livenessProbe: httpGet: - port: {{ .Values.service.internalPort }} - path: /webapi/info + port: {{ .Values.liveness.port }} + path: /webapi/topics + scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} readinessProbe: httpGet: - host: {{ .Values.dmaapMessageRouterService }} - port: 3904 - path: /topics + port: {{ .Values.readiness.port }} + path: /webapi/topics + scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - {{ end -}} volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true + - mountPath: {{ .Values.persistence.aafCredsPath }} + name: {{ include "common.name" . }}-aaf-config-vol # NOTE: on the following several configMaps, careful to include / at end # since there may be more than one file in each mountPath - name: {{ include "common.name" . }}-config mountPath: /opt/app/config/conf/ - - name: {{ include "common.name" . }}-aaf-config - mountPath: /opt/app/dmaapbc/etc/org.onap.dmaap-bc.props - subPath: org.onap.dmaap-bc.props - resources: -{{ include "common.resources" . }} + resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} volumes: - name: localtime @@ -146,8 +158,7 @@ spec: - name: {{ include "common.name" . }}-config configMap: name: {{ include "common.fullname" . }}-config - - name: {{ include "common.name" . }}-aaf-config - configMap: - name: {{ include "common.fullname" . }}-aaf-config + - name: {{ include "common.name" . }}-aaf-config-vol + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/post-install-job.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/post-install-job.yaml index a8833c11c9..c06d4e1130 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/post-install-job.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/post-install-job.yaml @@ -2,11 +2,8 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ include "common.fullname" . }}-post-install - labels: - app.kubernetes.io/managed-by: {{.Release.Service | quote }} - app.kubernetes.io/instance: {{include "common.release" . | quote }} - helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" - release: {{ include "common.release" . }} + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} annotations: # This is what defines this resource as a hook. Without this line, the # job is considered part of the release. @@ -15,16 +12,9 @@ metadata: "helm.sh/hook-delete-policy": hook-succeeded spec: template: - metadata: - name: {{ include "common.fullname" . }} - labels: - app.kubernetes.io/managed-by: {{.Release.Service | quote }} - app.kubernetes.io/instance: {{include "common.release" . | quote }} - helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: restartPolicy: Never - containers: - name: post-install-job image: "{{ include "common.repository" . }}/{{ .Values.global.clientImage }}" @@ -33,9 +23,15 @@ spec: - name: DELAY value: "0" - name: PROTO +{{- if (include "common.needTLS" .) }} value: "https" - name: PORT value: "8443" +{{- else }} + value: "http" + - name: PORT + value: "8080" +{{- end }} - name: REQUESTID value: "{{.Chart.Name}}-post-install" volumeMounts: @@ -50,15 +46,12 @@ spec: mountPath: /opt/app/config/dmaap/ - name: {{ include "common.fullname" . }}-dbc-dcaelocations mountPath: /opt/app/config/dcaeLocations/ - resources: -{{ include "common.resources" . | indent 10 }} + resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} volumes: - name: localtime diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml index ea26452c01..9c9414f48d 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml @@ -13,38 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - {{- if .Values.global.allow_http }} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.name }} - {{- end}} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.name }}2 - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.name }}2 - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }} diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml index 513963067f..3a18787826 100644 --- a/kubernetes/dmaap/components/dmaap-bc/values.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml @@ -30,7 +30,8 @@ pullPolicy: Always # application images repository: nexus3.onap.org:10001 -image: onap/dmaap/dmaap-bc:1.1.5 +#repository: 10.12.7.57:5000 +image: onap/dmaap/dmaap-bc:2.0.4 # application configuration @@ -49,7 +50,7 @@ adminPwd: demo123456! #AAF local config aafConfig: - aafDeployFqi: dmaap-bc@dmaap-bc.onap.org + aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! fqdn: dmaap-bc fqi: dmaap-bc@dmaap-bc.onap.org @@ -58,7 +59,7 @@ aafConfig: cadiLongitude: 0.0 persistence: - aafCredsPath: /opt/app/osaaf/local + aafCredsPath: /opt/app/osaaf/local/ # for Casablanca default deployment, leave this true to # get a topic namespace that matches MR. When set to false, @@ -79,24 +80,24 @@ liveness: periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container - enabled: false + port: api + enabled: true readiness: initialDelaySeconds: 10 periodSeconds: 10 + port: api service: type: NodePort name: dmaap-bc - portName: dmaap-bc - portName2: dmaap-bc - externalPort: 8080 - internalPort: 8080 - externalPort2: 8443 - internalPort2: 8443 - nodePort: 41 - nodePort2: 42 + ports: + - name: api + port: 8443 + plain_port: 8080 + port_protocol: http + nodePort: 42 # application configuration override for postgres diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml index 47427737f5..4c30f58a6c 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml @@ -22,7 +22,7 @@ {{- if .Values.global.aafEnabled }} {{- $global := . }} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) -}} +{{- if (include "common.needPV" .) -}} {{- range $i := until (int $global.Values.replicaCount)}} --- kind: PersistentVolume @@ -33,7 +33,7 @@ metadata: labels: app: {{ include "common.name" $global }} chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" + release: "{{ include "common.release" $global }}" heritage: "{{ $global.Release.Service }}" name: {{ include "common.fullname" $global }}-aaf-props spec: @@ -44,7 +44,7 @@ spec: storageClassName: "{{ include "common.fullname" $global }}-data-aaf-props" persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ $global.Values.persistence.aafCredsMountSubPath }}-{{$i}} + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.aafCredsMountSubPath }}-{{$i}} {{if ne $i (int $global.Values.replicaCount) }} --- {{- end -}} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml index c1d8c8fdb3..c7ecb07452 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml @@ -21,7 +21,7 @@ --- {{- $global := . }} {{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) -}} +{{- if (include "common.needPV" .) -}} {{- range $i := until (int $global.Values.replicaCount)}} kind: PersistentVolume apiVersion: v1 @@ -31,7 +31,7 @@ metadata: labels: app: {{ include "common.fullname" $global }} chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" + release: "{{ include "common.release" $global }}" heritage: "{{ $global.Release.Service }}" name: {{ include "common.fullname" $global }}-event-logs spec: @@ -42,7 +42,7 @@ spec: persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} storageClassName: "{{ include "common.fullname" $global }}-data-event-logs" hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ $global.Values.persistence.eventLogsMountSubPath }}-{{$i}} + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.eventLogsMountSubPath }}-{{$i}} {{if ne $i (int $global.Values.replicaCount) }} --- {{- end -}} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml index 280e034f3a..094e92a4ad 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml @@ -20,7 +20,7 @@ {{- $global := . }} {{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) -}} +{{- if (include "common.needPV" .) -}} {{- range $i := until (int $global.Values.replicaCount)}} kind: PersistentVolume apiVersion: v1 @@ -30,7 +30,7 @@ metadata: labels: app: {{ include "common.fullname" $global }} chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" + release: "{{ include "common.release" $global }}" heritage: "{{ $global.Release.Service }}" name: {{ include "common.fullname" $global }}-spool-data spec: @@ -41,7 +41,7 @@ spec: persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} storageClassName: "{{ include "common.fullname" $global }}-data" hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ $global.Values.persistence.spoolMountSubPath }}-{{$i}} + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.spoolMountSubPath }}-{{$i}} {{if ne $i (int $global.Values.replicaCount) }} --- {{- end -}} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index 871a4228a2..9478a762ff 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -17,12 +17,13 @@ ################################################################# global: loggingDirectory: /var/log/onap/datarouter + persistence: {} ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-node:2.1.4 +image: onap/dmaap/datarouter-node:2.1.5 pullPolicy: Always # flag to enable debugging - application support required @@ -51,6 +52,7 @@ readiness: ## Persist data to a persitent volume persistence: + enabled: true volumeReclaimPolicy: Retain accessMode: ReadWriteOnce mountPath: /dockerdata-nfs @@ -69,7 +71,7 @@ persistence: #AAF local config aafConfig: - aafDeployFqi: dmaap-dr@dmaap-dr.onap.org + aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! fqdn: dmaap-dr-node fqi: dmaap-dr-node@dmaap-dr.onap.org diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index 104fcdc54a..adbdb688c2 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -122,9 +122,9 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: DB_USERNAME - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }} volumeMounts: {{- if .Values.global.aafEnabled }} - mountPath: {{ .Values.persistence.aafCredsPath }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml index dee311c336..bd7eb8ea40 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index 6165568971..06f68e7ca9 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -18,6 +18,7 @@ global: nodePortPrefix: 302 loggingDirectory: /opt/app/datartr/logs + persistence: {} ################################################################# # Secrets metaconfig @@ -34,7 +35,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-prov:2.1.4 +image: onap/dmaap/datarouter-prov:2.1.5 pullPolicy: Always # flag to enable debugging - application support required @@ -63,6 +64,7 @@ readiness: ## Persist data to a persitent volume persistence: + enabled: true volumeReclaimPolicy: Retain accessMode: ReadWriteOnce mountPath: /dockerdata-nfs @@ -122,7 +124,7 @@ mariadb: #AAF local config aafConfig: - aafDeployFqi: dmaap-dr@dmaap-dr.onap.org + aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! fqdn: dmaap-dr-prov fqi: dmaap-dr-prov@dmaap-dr.onap.org diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties index 1e7d7d38ac..2bee404c0b 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties @@ -2,17 +2,16 @@ aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 aaf_env=DEV aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm -cadi_truststore=/opt/kafka/config/org.onap.dmaap.mr.trust.jks -cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw +cadi_truststore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.trust.jks +cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ -cadi_keyfile=/opt/kafka/config/org.onap.dmaap.mr.keyfile +cadi_keyfile=/etc/kafka/secrets/cert/org.onap.dmaap.mr.keyfile cadi_alias=dmaapmr@mr.dmaap.onap.org -cadi_keystore=/opt/kafka/config/org.onap.dmaap.mr.p12 -cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht +cadi_keystore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.p12 +cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US - cadi_loglevel=INFO cadi_protocols=TLSv1.1,TLSv1.2 cadi_latitude=37.78187 diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/jmx-kafka-prometheus.yml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/jmx-kafka-prometheus.yml new file mode 100644 index 0000000000..2ab713e789 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/jmx-kafka-prometheus.yml @@ -0,0 +1,23 @@ +jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.jmx.port }}/jmxrmi +lowercaseOutputName: true +lowercaseOutputLabelNames: true +ssl: false +rules: +- pattern : kafka.server<type=ReplicaManager, name=(.+)><>(Value|OneMinuteRate) + name: "cp_kafka_server_replicamanager_$1" +- pattern : kafka.controller<type=KafkaController, name=(.+)><>Value + name: "cp_kafka_controller_kafkacontroller_$1" +- pattern : kafka.server<type=BrokerTopicMetrics, name=(.+)><>OneMinuteRate + name: "cp_kafka_server_brokertopicmetrics_$1" +- pattern : kafka.network<type=RequestMetrics, name=RequestsPerSec, request=(.+)><>OneMinuteRate + name: "cp_kafka_network_requestmetrics_requestspersec_$1" +- pattern : kafka.network<type=SocketServer, name=NetworkProcessorAvgIdlePercent><>Value + name: "cp_kafka_network_socketserver_networkprocessoravgidlepercent" +- pattern : kafka.server<type=ReplicaFetcherManager, name=MaxLag, clientId=(.+)><>Value + name: "cp_kafka_server_replicafetchermanager_maxlag_$1" +- pattern : kafka.server<type=KafkaRequestHandlerPool, name=RequestHandlerAvgIdlePercent><>OneMinuteRate + name: "cp_kafka_kafkarequesthandlerpool_requesthandleravgidlepercent" +- pattern : kafka.controller<type=ControllerStats, name=(.+)><>OneMinuteRate + name: "cp_kafka_controller_controllerstats_$1" +- pattern : kafka.server<type=SessionExpireListener, name=(.+)><>OneMinuteRate + name: "cp_kafka_server_sessionexpirelistener_$1" diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/log4j.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/log4j.properties deleted file mode 100644 index 8e20fa48aa..0000000000 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/log4j.properties +++ /dev/null @@ -1,74 +0,0 @@ -log4j.rootLogger=INFO, stdout, kafkaAppender - -log4j.appender.stdout=org.apache.log4j.ConsoleAppender -log4j.appender.stdout.layout=org.apache.log4j.PatternLayout -log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n - -log4j.appender.kafkaAppender=org.apache.log4j.DailyRollingFileAppender -log4j.appender.kafkaAppender.DatePattern='.'yyyy-MM-dd-HH -log4j.appender.kafkaAppender.File=${kafka.logs.dir}/server.log -log4j.appender.kafkaAppender.layout=org.apache.log4j.PatternLayout -log4j.appender.kafkaAppender.layout.ConversionPattern=[%d] %p %m (%c)%n - -log4j.appender.stateChangeAppender=org.apache.log4j.DailyRollingFileAppender -log4j.appender.stateChangeAppender.DatePattern='.'yyyy-MM-dd-HH -log4j.appender.stateChangeAppender.File=${kafka.logs.dir}/state-change.log -log4j.appender.stateChangeAppender.layout=org.apache.log4j.PatternLayout -log4j.appender.stateChangeAppender.layout.ConversionPattern=[%d] %p %m (%c)%n - -log4j.appender.requestAppender=org.apache.log4j.DailyRollingFileAppender -log4j.appender.requestAppender.DatePattern='.'yyyy-MM-dd-HH -log4j.appender.requestAppender.File=${kafka.logs.dir}/kafka-request.log -log4j.appender.requestAppender.layout=org.apache.log4j.PatternLayout -log4j.appender.requestAppender.layout.ConversionPattern=[%d] %p %m (%c)%n - -log4j.appender.cleanerAppender=org.apache.log4j.DailyRollingFileAppender -log4j.appender.cleanerAppender.DatePattern='.'yyyy-MM-dd-HH -log4j.appender.cleanerAppender.File=${kafka.logs.dir}/log-cleaner.log -log4j.appender.cleanerAppender.layout=org.apache.log4j.PatternLayout -log4j.appender.cleanerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n - -log4j.appender.controllerAppender=org.apache.log4j.DailyRollingFileAppender -log4j.appender.controllerAppender.DatePattern='.'yyyy-MM-dd-HH -log4j.appender.controllerAppender.File=${kafka.logs.dir}/controller.log -log4j.appender.controllerAppender.layout=org.apache.log4j.PatternLayout -log4j.appender.controllerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n - -log4j.appender.authorizerAppender=org.apache.log4j.DailyRollingFileAppender -log4j.appender.authorizerAppender.DatePattern='.'yyyy-MM-dd-HH -log4j.appender.authorizerAppender.File=${kafka.logs.dir}/kafka-authorizer.log -log4j.appender.authorizerAppender.layout=org.apache.log4j.PatternLayout -log4j.appender.authorizerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n - -# Change the two lines below to adjust ZK client logging -log4j.logger.org.I0Itec.zkclient.ZkClient=INFO -log4j.logger.org.apache.zookeeper=INFO - -# Change the two lines below to adjust the general broker logging level (output to server.log and stdout) -log4j.logger.kafka=INFO -log4j.logger.org.apache.kafka=INFO - -# Change to DEBUG or TRACE to enable request logging -log4j.logger.kafka.request.logger=WARN, requestAppender -log4j.additivity.kafka.request.logger=false - -# Uncomment the lines below and change log4j.logger.kafka.network.RequestChannel$ to TRACE for additional output -# related to the handling of requests -#log4j.logger.kafka.network.Processor=TRACE, requestAppender -#log4j.logger.kafka.server.KafkaApis=TRACE, requestAppender -#log4j.additivity.kafka.server.KafkaApis=false -log4j.logger.kafka.network.RequestChannel$=WARN, requestAppender -log4j.additivity.kafka.network.RequestChannel$=false - -log4j.logger.kafka.controller=TRACE, controllerAppender -log4j.additivity.kafka.controller=false - -log4j.logger.kafka.log.LogCleaner=INFO, cleanerAppender -log4j.additivity.kafka.log.LogCleaner=false - -log4j.logger.state.change.logger=TRACE, stateChangeAppender -log4j.additivity.state.change.logger=false - -# Access denials are logged at INFO level, change to DEBUG to also log allowed accesses -log4j.logger.kafka.authorizer.logger=INFO, authorizerAppender -log4j.additivity.kafka.authorizer.logger=false diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/server.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/server.properties deleted file mode 100644 index 5016507bfd..0000000000 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/server.properties +++ /dev/null @@ -1,122 +0,0 @@ -############################# Socket Server Settings ############################# - -# The address the socket server listens on. It will get the value returned from -# java.net.InetAddress.getCanonicalHostName() if not configured. -# FORMAT: -# listeners = listener_name://host_name:port -# EXAMPLE: -# listeners = PLAINTEXT://your.host.name:9092 -listeners=EXTERNAL_SASL_PLAINTEXT://0.0.0.0:9093,INTERNAL_SASL_PLAINTEXT://0.0.0.0:9092 - -# Maps listener names to security protocols, the default is for them to be the same. See the config documentation for more details -listener.security.protocol.map=INTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT - -# The number of threads that the server uses for receiving requests from the network and sending responses to the network -num.network.threads=3 - -# The number of threads that the server uses for processing requests, which may include disk I/O -num.io.threads=8 - -# The send buffer (SO_SNDBUF) used by the socket server -socket.send.buffer.bytes=102400 - -#The number of hours to keep a log file before deleting it -log.retention.hours=168 -#The maximum size of the log before deleting it -log.retention.bytes=21474836480 - -# The receive buffer (SO_RCVBUF) used by the socket server -socket.receive.buffer.bytes=102400 - -# The maximum size of a request that the socket server will accept (protection against OOM) -socket.request.max.bytes=104857600 - - -############################# Log Basics ############################# - -# A comma separated list of directories under which to store log files -log.dirs=/opt/kafka/data - -# The default number of log partitions per topic. More partitions allow greater -# parallelism for consumption, but this will also result in more files across -# the brokers. -num.partitions={{ .Values.defaultpartitions }} - -# The number of threads per data directory to be used for log recovery at startup and flushing at shutdown. -# This value is recommended to be increased for installations with data dirs located in RAID array. -num.recovery.threads.per.data.dir=1 - -############################# Internal Topic Settings ############################# -# The replication factor for the group metadata internal topics "__consumer_offsets" and "__transaction_state" -# For anything other than development testing, a value greater than 1 is recommended for to ensure availability such as 3. -offsets.topic.replication.factor={{ .Values.replicaCount }} -transaction.state.log.replication.factor=1 -transaction.state.log.min.isr=1 - -############################# Log Flush Policy ############################# - -# Messages are immediately written to the filesystem but by default we only fsync() to sync -# the OS cache lazily. The following configurations control the flush of data to disk. -# There are a few important trade-offs here: -# 1. Durability: Unflushed data may be lost if you are not using replication. -# 2. Latency: Very large flush intervals may lead to latency spikes when the flush does occur as there will be a lot of data to flush. -# 3. Throughput: The flush is generally the most expensive operation, and a small flush interval may lead to excessive seeks. -# The settings below allow one to configure the flush policy to flush data after a period of time or -# every N messages (or both). This can be done globally and overridden on a per-topic basis. - -# The number of messages to accept before forcing a flush of data to disk -#log.flush.interval.messages=10000 - -# The maximum amount of time a message can sit in a log before we force a flush -#log.flush.interval.ms=1000 - -############################# Log Retention Policy ############################# - -# The following configurations control the disposal of log segments. The policy can -# be set to delete segments after a period of time, or after a given size has accumulated. -# A segment will be deleted whenever *either* of these criteria are met. Deletion always happens -# from the end of the log. - -# The minimum age of a log file to be eligible for deletion due to age -log.retention.hours=168 - -# A size-based retention policy for logs. Segments are pruned from the log unless the remaining -# segments drop below log.retention.bytes. Functions independently of log.retention.hours. -#log.retention.bytes=1073741824 - -# The maximum size of a log segment file. When this size is reached a new log segment will be created. -log.segment.bytes=1073741824 - -# The interval at which log segments are checked to see if they can be deleted according -# to the retention policies -log.retention.check.interval.ms=300000 - -############################# Zookeeper ############################# - -# Zookeeper connection string (see zookeeper docs for details). -# This is a comma separated host:port pairs, each corresponding to a zk -# server. e.g. "127.0.0.1:3000,127.0.0.1:3001,127.0.0.1:3002". -# You can also append an optional chroot string to the urls to specify the -# root directory for all kafka znodes. -zookeeper.connect={{ include "common.release" . }}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}} - -# Timeout in ms for connecting to zookeeper -zookeeper.connection.timeout.ms=6000 - - -############################# Group Coordinator Settings ############################# - -# The following configuration specifies the time, in milliseconds, that the GroupCoordinator will delay the initial consumer rebalance. -# The rebalance will be further delayed by the value of group.initial.rebalance.delay.ms as new members join the group, up to a maximum of max.poll.interval.ms. -# The default value for this is 3 seconds. -# We override this to 0 here as it makes for a better out-of-the-box experience for development and testing. -# However, in production environments the default value of 3 seconds is more suitable as this will help to avoid unnecessary, and potentially expensive, rebalances during application startup. -group.initial.rebalance.delay.ms=0 - -inter.broker.listener.name=INTERNAL_SASL_PLAINTEXT -default.replication.factor={{ .Values.replicaCount }} -delete.topic.enable=true -sasl.enabled.mechanisms=PLAIN -authorizer.class.name=org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer -version=1.1.1 -sasl.mechanism.inter.broker.protocol=PLAIN diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/kafka_server_jaas.conf b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/kafka_server_jaas.conf new file mode 100644 index 0000000000..ff43fbb141 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/kafka_server_jaas.conf @@ -0,0 +1,11 @@ +KafkaServer { + org.onap.dmaap.kafkaAuthorize.PlainLoginModule1 required + username="${KAFKA_ADMIN}" + password="${KAFKA_PSWD}" + user_${KAFKA_ADMIN}="${KAFKA_PSWD}"; +}; +Client { + org.apache.zookeeper.server.auth.DigestLoginModule required + username="${ZK_ADMIN}" + password="${ZK_PSWD}"; + }; diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/zk_client_jaas.conf b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/zk_client_jaas.conf new file mode 100644 index 0000000000..0755c1e2b7 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/zk_client_jaas.conf @@ -0,0 +1,5 @@ +Client { + org.apache.zookeeper.server.auth.DigestLoginModule required + username="${ZK_ADMIN}" + password="${ZK_PSWD}"; + };
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml index e579d82780..1a86f18e77 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml @@ -12,10 +12,11 @@ # See the License for the specific language governing permissions and # limitations under the License. +{{- if .Values.global.aafEnabled }} apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-server-prop-configmap + name: {{ include "common.fullname" . }}-cadi-prop-configmap namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -23,12 +24,12 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/server.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/cadi.properties").AsConfig . | indent 2 }} --- apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-cadi-prop-configmap + name: {{ include "common.fullname" . }}-jaas-configmap namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -36,13 +37,14 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/cadi.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/jaas/kafka_server_jaas.conf").AsConfig . | indent 2 }} --- +{{- else }} apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-log4j-prop-configmap + name: {{ include "common.fullname" . }}-jaas-configmap namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -50,6 +52,22 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/log4j.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/jaas/zk_client_jaas.conf").AsConfig . | indent 2 }} --- +{{- end }} +{{- if .Values.prometheus.jmx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-prometheus-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig . | indent 2 }} +--- +{{- end }}
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/Chart.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml index 921865dcbe..428eebcc3e 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/Chart.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml @@ -1,5 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Copyright © 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,8 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -description: ONAP Message Router Kafka Service -name: message-router-mirrormaker -version: 5.0.0 - +{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml index aa97e32a9a..4ba11ec8c7 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml @@ -1,4 +1,3 @@ -# Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -32,6 +31,11 @@ spec: labels: app: {{ include "common.name" . }} release: {{ include "common.release" . }} + {{- if .Values.prometheus.jmx.enabled }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }} + {{- end }} spec: podAntiAffinity: {{if eq .Values.podAntiAffinityType "hard" -}} @@ -47,10 +51,14 @@ spec: operator: In values: - {{ include "common.name" . }} + - key: "release" + operator: In + values: + - {{ include "common.release" . }} topologyKey: "kubernetes.io/hostname" {{- if .Values.nodeAffinity }} nodeAffinity: - {{ toYaml .Values.nodeAffinity | indent 10 }} + {{ toYaml .Values.nodeAffinity | indent 10 }} {{- end }} initContainers: - name: {{ include "common.name" . }}-initcontainer @@ -74,24 +82,58 @@ spec: - sh - -exec - | - chown -R 1000:1000 /opt/kafka/data; - rm -rf '/opt/kafka/data/lost+found'; - cp /opt/kafka/tmpconfig/server.properties /opt/kafka/config/; - chown 1000:1000 /opt/kafka/config/server.properties; - cd /opt/kafka/config; - ls; + chown -R 1000:0 /var/lib/kafka/data; image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - - mountPath: /opt/kafka/data + - mountPath: /var/lib/kafka/data name: kafka-data - - mountPath: /opt/kafka/tmpconfig/server.properties - subPath: server.properties - name: server - - mountPath: /opt/kafka/config - name: config-data name: {{ include "common.name" . }}-permission-fixer + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/kafka/secrets/jaas/${PFILE}; done" + env: + - name: ZK_ADMIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "login") | indent 10 }} + - name: ZK_PSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "password") | indent 10 }} + - name: KAFKA_ADMIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "login") | indent 10 }} + - name: KAFKA_PSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /etc/kafka/secrets/jaas + name: jaas-config + - mountPath: /config-input + name: jaas + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config containers: + {{- if .Values.prometheus.jmx.enabled }} + - name: prometheus-jmx-exporter + image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - java + - -XX:+UnlockExperimentalVMOptions + - -XX:+UseCGroupMemoryLimitForHeap + - -XX:MaxRAMFraction=1 + - -XshowSettings:vm + - -jar + - jmx_prometheus_httpserver.jar + - {{ .Values.prometheus.jmx.port | quote }} + - /etc/jmx-kafka/jmx-kafka-prometheus.yml + ports: + - containerPort: {{ .Values.prometheus.jmx.port }} + resources: +{{ toYaml .Values.prometheus.jmx.resources | indent 10 }} + volumeMounts: + - name: jmx-config + mountPath: /etc/jmx-kafka + {{- end }} - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -100,14 +142,21 @@ spec: - -exc - | export KAFKA_BROKER_ID=${HOSTNAME##*-} && \ - export ENDPOINT_PORT=$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )) && \ + {{- if .Values.global.aafEnabled }} export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_SASL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_SASL_PLAINTEXT://:{{ .Values.service.internalPort }} && \ - exec start-kafka.sh + {{ else }} + export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_PLAINTEXT://:{{ .Values.service.internalPort }} && \ + {{- end }} + exec /etc/confluent/docker/run resources: {{ include "common.resources" . | indent 12 }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.externalPort }} + {{- if .Values.prometheus.jmx.enabled }} + - containerPort: {{ .Values.jmx.port }} + name: jmx + {{- end }} {{ if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: @@ -128,28 +177,63 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.hostIP + - name: KAFKA_ZOOKEEPER_CONNECT + value: {{ include "common.release" . }}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}} + - name: KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE + value: "{{ .Values.kafka.enableSupport }}" + - name: KAFKA_OPTS + value: "{{ .Values.kafka.jaasOptions }}" + {{- if .Values.global.aafEnabled }} + - name: KAFKA_OPTS + value: "{{ .Values.kafka.jaasOptionsAaf }}" - name: aaf_locate_url value: https://aaf-locate.{{ include "common.namespace" . }}:8095 - + - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP + value: "{{ .Values.kafka.protocolMapAaf }}" + - name: KAFKA_LISTENERS + value: "{{ .Values.kafka.listenersAaf }}" + - name: KAFKA_SASL_ENABLED_MECHANISMS + value: "{{ .Values.kafka.saslMech }}" + - name: KAFKA_INTER_BROKER_LISTENER_NAME + value: "{{ .Values.kafka.interBrokerListernerAaf }}" + - name: KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL + value: "{{ .Values.kafka.saslInterBrokerProtocol }}" + - name: KAFKA_AUTHORIZER_CLASS_NAME + value: "{{ .Values.kafka.authorizer }}" + {{ else }} + - name: KAFKA_OPTS + value: "{{ .Values.kafka.jaasOptions }}" + - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP + value: "{{ .Values.kafka.protocolMap }}" + - name: KAFKA_LISTENERS + value: "{{ .Values.kafka.listeners }}" + - name: KAFKA_INTER_BROKER_LISTENER_NAME + value: "{{ .Values.kafka.interBrokerListerner }}" + {{- end }} + {{- range $key, $value := .Values.configurationOverrides }} + - name: {{ printf "KAFKA_%s" $key | replace "." "_" | upper | quote }} + value: {{ $value | quote }} + {{- end }} + {{- if .Values.jmx.port }} + - name: KAFKA_JMX_PORT + value: "{{ .Values.jmx.port }}" + {{- end }} + - name: enableCadi + value: "{{ .Values.global.aafEnabled }}" volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /var/run/docker.sock name: docker-socket - - mountPath: /opt/kafka/tmpconfig/server.properties - subPath: server.properties - name: server - - mountPath: /opt/kafka/config/server.properties - subPath: server.properties - name: config-data - - mountPath: /opt/kafka/config/log4j.properties - subPath: log4j.properties - name: log4j - - mountPath: /opt/kafka/config/cadi.properties + {{- if .Values.global.aafEnabled }} + - mountPath: /etc/kafka/data/cadi.properties subPath: cadi.properties name: cadi - - mountPath: /opt/kafka/data + {{ end }} + - name: jaas-config + mountPath: /etc/kafka/secrets/jaas + - mountPath: /var/lib/kafka/data name: kafka-data {{- if .Values.tolerations }} tolerations: @@ -159,20 +243,25 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: config-data - emptyDir: {} + - name: jaas-config + emptyDir: + medium: Memory - name: docker-socket hostPath: path: /var/run/docker.sock - - name: server - configMap: - name: {{ include "common.fullname" . }}-server-prop-configmap - - name: log4j - configMap: - name: {{ include "common.fullname" . }}-log4j-prop-configmap + {{- if .Values.global.aafEnabled }} - name: cadi configMap: name: {{ include "common.fullname" . }}-cadi-prop-configmap + {{ end }} + - name: jaas + configMap: + name: {{ include "common.fullname" . }}-jaas-configmap + {{- if .Values.prometheus.jmx.enabled }} + - name: jmx-config + configMap: + name: {{ include "common.fullname" . }}-prometheus-configmap + {{- end }} {{ if not .Values.persistence.enabled }} - name: kafka-data emptyDir: {} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml index 873e72e0d2..4d87c0655e 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml @@ -24,13 +24,14 @@ global: loggingImage: beats/filebeat:5.5.0 persistence: {} ubuntuInitRepository: registry.hub.docker.com + envsubstImage: dibi/envsubst ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/kafka111:1.0.1 +image: onap/dmaap/kafka111:1.0.4 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 busyBoxImage: busybox:1.30 @@ -41,15 +42,76 @@ zookeeper: name: message-router-zookeeper port: 2181 +kafka: + heapOptions: -Xmx5G -Xms1G + jaasOptions: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf + jaasOptionsAaf: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/kafka_server_jaas.conf + enableSupport: false + protocolMapAaf: INTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT + protocolMap: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT + listenersAaf: EXTERNAL_SASL_PLAINTEXT://0.0.0.0:9091,INTERNAL_SASL_PLAINTEXT://0.0.0.0:9092 + listeners: EXTERNAL_PLAINTEXT://0.0.0.0:9091,INTERNAL_PLAINTEXT://0.0.0.0:9092 + authorizer: org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer + saslInterBrokerProtocol: PLAIN + saslMech: PLAIN + interBrokerListernerAaf: INTERNAL_SASL_PLAINTEXT + interBrokerListerner: INTERNAL_PLAINTEXT + + +configurationOverrides: + "offsets.topic.replication.factor": "3" + "log.dirs": "/var/lib/kafka/data" + "log.retention.hours": "168" + "num.partitions": "3" + "offsets.topic.replication.factor": "3" + "transaction.state.log.replication.factor": "1" + "transaction.state.log.min.isr": "1" + "num.recovery.threads.per.data.dir": "5" + "log.retention.hours": "168" + "zookeeper.connection.timeout.ms": "6000" + "default.replication.factor": "3" + +jmx: + port: 5555 + +prometheus: + jmx: + enabled: false + image: solsson/kafka-prometheus-jmx-exporter@sha256 + imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143 + imageRepository: docker.io + port: 5556 + +jaas: + config: + zkClient: kafka + zkClientPassword: kafka_secret + kafkaAdminUser: admin + kafkaAdminPassword: admin_secret + #kafkaAdminUserExternal: some secret + #zkClientPasswordExternal: some secret + + +secrets: + - uid: zk-client + type: basicAuth + externalSecret: '{{ .Values.jaas.config.zkClientPasswordExternal}}' + login: '{{ .Values.jaas.config.zkClient }}' + password: '{{ .Values.jaas.config.zkClientPassword }}' + passwordPolicy: required + - uid: kafka-admin + type: basicAuth + externalSecret: '{{ .Values.jaas.config.kafkaAdminUserExternal}}' + login: '{{ .Values.jaas.config.kafkaAdminUser }}' + password: '{{ .Values.jaas.config.kafkaAdminPassword }}' + passwordPolicy: required + # flag to enable debugging - application support required debugEnabled: false # default number of instances replicaCount: 3 -#Kafka custom authorizer class name -kafkaCustomAuthorizer: org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer -deleteTopicEnable: true # To access Kafka outside cluster, this value must be set to hard and the number of nodes in K8S cluster must be equal or greater then replica count podAntiAffinityType: soft @@ -69,17 +131,17 @@ tolerations: {} # probe configuration parameters liveness: - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 1 + initialDelaySeconds: 70 + periodSeconds: 20 + timeoutSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 1 + initialDelaySeconds: 90 + periodSeconds: 20 + timeoutSeconds: 100 ## Persist data to a persitent volume persistence: @@ -109,7 +171,8 @@ service: name: message-router-kafka portName: message-router-kafka internalPort: 9092 - externalPort: 9093 + internalSSLPort: 9093 + externalPort: 9091 baseNodePort: 30490 diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/templates/NOTES.txt b/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/templates/NOTES.txt deleted file mode 100644 index a44d0f76ee..0000000000 --- a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/templates/NOTES.txt +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright © 2018 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/templates/deployment.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/templates/deployment.yaml deleted file mode 100644 index 9c8a43b96a..0000000000 --- a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/templates/deployment.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - serviceName: {{ .Values.service.name }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: {{ include "common.name" . }}-initcontainer - image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - command: - - /root/ready.py - args: - - --container-name - - {{ .Values.messagerouter.container }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - - -exc - - | - exec start-mirrormaker.sh - resources: -{{ include "common.resources" . | indent 12 }} - ports: - - containerPort: {{ .Values.service.internalPort }} - {{ if eq .Values.liveness.enabled true }} - livenessProbe: - exec: - command: - - sh - - -c - - "touch /tmp/lprobe.txt" - - "rm /tmp/lprobe.txt" - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - {{ end }} - readinessProbe: - exec: - command: - - sh - - -c - - "touch /tmp/rprobe.txt" - - "rm /tmp/rprobe.txt" - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} - env: - - name: KAFKA_HEAP_OPTS - value: "{{ .Values.kafkaHeapOptions }}" - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/run/docker.sock - name: docker-socket - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: docker-socket - hostPath: - path: /var/run/docker.sock - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/values.yaml deleted file mode 100644 index 676f6342f4..0000000000 --- a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/values.yaml +++ /dev/null @@ -1,100 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - persistence: {} - ubuntuInitRepository: registry.hub.docker.com - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/dmaap/kafka111:1.0.1 -pullPolicy: Always -ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - -zookeeper: - name: message-router-zookeeper - port: 2181 - -messagerouter: - container: message-router - -# flag to enable debugging - application support required -debugEnabled: false - -# default number of instances -replicaCount: 1 -kafkaHeapOptions: -Xmx4G -Xms2G - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 60 - periodSeconds: 20 - timeoutSeconds: 5 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 60 - periodSeconds: 20 - timeoutSeconds: 5 - - -service: - type: NodePort - name: message-router-mirrormaker - portName: message-router-mirrormaker - internalPort: 9092 - - - -ingress: - enabled: false - -# Resource Limit flavor -By Default using small -flavor: large -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 2000m - memory: 4Gi - requests: - cpu: 500m - memory: 1Gi - large: - limits: - cpu: 4000m - memory: 8Gi - requests: - cpu: 1000m - memory: 2Gi - unlimited: {} - diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml new file mode 100644 index 0000000000..a75b644c5f --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml @@ -0,0 +1,21 @@ +jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.jmx.port }}/jmxrmi +lowercaseOutputName: true +lowercaseOutputLabelNames: true +ssl: false +rules: +- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+)><>(\\w+)" + name: "message-router-zookeeper_$2" +- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+)><>(\\w+)" + name: "message-router-zookeeper_$3" + labels: + replicaId: "$2" +- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+)><>(\\w+)" + name: "message-router-zookeeper_$4" + labels: + replicaId: "$2" + memberType: "$3" +- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+), name3=(\\w+)><>(\\w+)" + name: "message-router-zookeeper_$4_$5" + labels: + replicaId: "$2" + memberType: "$3" diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/zk_server_jaas.conf b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/zk_server_jaas.conf new file mode 100644 index 0000000000..8266f6b2c6 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/zk_server_jaas.conf @@ -0,0 +1,4 @@ +Server { + org.apache.zookeeper.server.auth.DigestLoginModule required + user_${ZK_ADMIN}="${ZK_PSWD}"; +};
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml new file mode 100644 index 0000000000..50091bd387 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml @@ -0,0 +1,42 @@ +# Copyright © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{- if .Values.prometheus.jmx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-prometheus-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/jmx-zookeeper-prometheus.yml").AsConfig . | indent 2 }} +--- +{{ end }} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-jaas-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ (.Files.Glob "resources/config/zk_server_jaas.conf").AsConfig | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml new file mode 100644 index 0000000000..428eebcc3e --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml index af4c1719fb..30f4abd588 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml @@ -36,6 +36,11 @@ spec: labels: app: {{ include "common.name" . }} release: {{ include "common.release" . }} + {{- if .Values.prometheus.jmx.enabled }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }} + {{- end }} spec: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -47,6 +52,10 @@ spec: operator: In values: - {{ include "common.name" . }} + - key: "release" + operator: In + values: + - {{ include "common.release" . }} topologyKey: "kubernetes.io/hostname" {{- if .Values.nodeAffinity }} nodeAffinity: @@ -58,13 +67,53 @@ spec: - sh - -exec - > - chown -R 1000:1000 /tmp/zookeeper/apikeys; + chown -R 1000:0 /tmp/zookeeper/apikeys; image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /tmp/zookeeper/apikeys name: zookeeper-data + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/zookeeper/secrets/jaas/${PFILE}; done" + env: + - name: ZK_ADMIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "login") | indent 10 }} + - name: ZK_PSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /etc/zookeeper/secrets/jaas + name: jaas-config + - mountPath: /config-input + name: jaas + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config containers: + {{- if .Values.prometheus.jmx.enabled }} + - name: prometheus-jmx-exporter + image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - java + - -XX:+UnlockExperimentalVMOptions + - -XX:+UseCGroupMemoryLimitForHeap + - -XX:MaxRAMFraction=1 + - -XshowSettings:vm + - -jar + - jmx_prometheus_httpserver.jar + - {{ .Values.prometheus.jmx.port | quote }} + - /etc/jmx-zookeeper/jmx-zookeeper-prometheus.yml + ports: + - containerPort: {{ .Values.prometheus.jmx.port }} + resources: +{{ toYaml .Values.prometheus.jmx.resources | indent 10 }} + volumeMounts: + - name: jmx-config + mountPath: /etc/jmx-zookeeper + {{- end }} - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -77,39 +126,71 @@ spec: name: {{ .Values.service.serverPortName }} - containerPort: {{ .Values.service.leaderElectionPort }} name: {{ .Values.service.leaderElectionPortName }} + {{- if .Values.prometheus.jmx.enabled }} + - containerPort: {{ .Values.jmx.port }} + name: jmx + {{- end }} {{ if eq .Values.liveness.enabled true }} livenessProbe: exec: - command: - - sh - - -c - - "zookeeper-ready.sh 2181" + command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 -q 2 localhost 2181 | grep imok'] initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{ end }} readinessProbe: exec: - command: - - sh - - -c - - "zookeeper-ready.sh 2181" + command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 -q 2 localhost 2181 | grep imok'] initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} + resources: +{{ toYaml .Values.resources | indent 10 }} env: - - name: ZK_REPLICAS + - name : KAFKA_HEAP_OPTS + value: "{{ .Values.zkConfig.heapOptions }}" + {{- if .Values.jmx.port }} + - name : KAFKA_JMX_PORT + value: "{{ .Values.jmx.port }}" + {{- end }} + - name : ZOOKEEPER_REPLICAS value: "{{ .Values.replicaCount }}" - - name: ZK_INIT_LIMIT - value: "{{ .Values.zk.initLimit }}" - - name: ZK_SYNC_LIMIT - value: "{{ .Values.zk.syncLimit }}" + - name : ZOOKEEPER_TICK_TIME + value: "{{ .Values.zkConfig.tickTime }}" + - name : ZOOKEEPER_SYNC_LIMIT + value: "{{ .Values.zkConfig.syncLimit }}" + - name : ZOOKEEPER_INIT_LIMIT + value: "{{ .Values.zkConfig.initLimit }}" + - name : ZOOKEEPER_MAX_CLIENT_CNXNS + value: "{{ .Values.zkConfig.maxClientCnxns }}" + - name : ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT + value: "{{ .Values.zkConfig.autoPurgeSnapRetainCount}}" + - name : ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL + value: "{{ .Values.zkConfig.autoPurgePurgeInterval}}" + - name: ZOOKEEPER_CLIENT_PORT + value: "{{ .Values.zkConfig.clientPort }}" + - name: KAFKA_OPTS + value: "{{ .Values.zkConfig.kafkaOpts }}" + - name: EXTRA_ARGS + value: "{{ .Values.zkConfig.extraArgs }}" + - name: ZOOKEEPER_SERVER_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + command: + - "bash" + - "-c" + - | + ZOOKEEPER_SERVER_ID=$((${HOSTNAME##*-}+1)) \ + /etc/confluent/docker/run volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /var/lib/zookeeper/data name: zookeeper-data + - name: jaas-config + mountPath: /etc/zookeeper/secrets/jaas {{- if .Values.tolerations }} tolerations: {{ toYaml .Values.tolerations | indent 10 }} @@ -118,15 +199,29 @@ spec: - name: localtime hostPath: path: /etc/localtime + - name: jaas-config + emptyDir: + medium: Memory + - name: docker-socket + hostPath: + path: /var/run/docker.sock + - name: jaas + configMap: + name: {{ include "common.fullname" . }}-jaas-configmap + {{- if .Values.prometheus.jmx.enabled }} + - name: jmx-config + configMap: + name: {{ include "common.fullname" . }}-prometheus-configmap + {{- end }} {{ if not .Values.persistence.enabled }} - name: zookeeper-data emptyDir: {} {{ else }} volumeClaimTemplates: - metadata: - name: zookeeper-data + name: zookeeper-data labels: - app: {{ include "common.fullname" . }} + app: {{ include "common.fullname" . }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: "{{ include "common.release" . }}" heritage: "{{ .Release.Service }}" diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml index eeb77ba7fd..4abb6e3c4a 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml @@ -24,13 +24,14 @@ global: loggingImage: beats/filebeat:5.5.0 ubuntuInitRepository: registry.hub.docker.com persistence: {} + envsubstImage: dibi/envsubst ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/zookeeper:6.0.0 +image: onap/dmaap/zookeeper:6.0.2 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 busyBoxImage: busybox:1.30 @@ -39,12 +40,6 @@ busyBoxRepository: docker.io # flag to enable debugging - application support required debugEnabled: false -# application configuration -config: - # gerrit branch where the latest code is checked in - gerritBranch: master - # gerrit project where the latest code is checked in - gerritProject: http://gerrit.onap.org/r/dmaap/messagerouter/messageservice.git # default number of instances replicaCount: 3 @@ -59,22 +54,55 @@ tolerations: {} # probe configuration parameters liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 + initialDelaySeconds: 40 + periodSeconds: 20 + timeoutSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 + initialDelaySeconds: 40 + periodSeconds: 20 + timeoutSeconds: 10 #Zookeeper properties -zk: - initLimit: 5 - syncLimit: 2 +zkConfig: + tickTime: 2000 + syncLimit: 5 + initLimit: 10 + maxClientCnxns: 200 + autoPurgeSnapRetainCount: 3 + autoPurgePurgeInterval: 24 + heapOptions: -Xmx2G -Xms2G + kafkaOpts: -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider + extraArgs: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf + clientPort: 2181 + +jmx: + port: 5555 + +prometheus: + jmx: + enabled: false + image: solsson/kafka-prometheus-jmx-exporter@sha256 + imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143 + imageRepository: docker.io + port: 5556 + +jaas: + config: + zkAdminUser: kafka + zkAdminPassword: kafka_secret + #zkAdminPasswordExternal= some password + +secrets: + - uid: zk-admin + type: basicAuth + externalSecret: '{{ .Values.jaas.config.zkAdminPasswordExternal}}' + login: '{{ .Values.jaas.config.zkAdminUser }}' + password: '{{ .Values.jaas.config.zkAdminPassword }}' + passwordPolicy: required ## Persist data to a persitent volume persistence: diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties index 36dafce986..dca56c823d 100755 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties @@ -4,17 +4,16 @@ aaf_env=DEV aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm cadi_truststore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.trust.jks -cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw +cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ cadi_keyfile=/appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile cadi_alias=dmaapmr@mr.dmaap.onap.org cadi_keystore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.p12 -cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht +cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US - cadi_loglevel=INFO cadi_protocols=TLSv1.1,TLSv1.2 cadi_latitude=37.78187 -cadi_longitude=-122.26147 +cadi_longitude=-122.26147
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml new file mode 100644 index 0000000000..3ee9fc5fe6 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml @@ -0,0 +1,4 @@ +jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.prometheus.jmx.targetPort }}/jmxrmi +lowercaseOutputName: true +lowercaseOutputLabelNames: true +ssl: false
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml index 5dac1c0de7..f02a2db764 100644 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml @@ -6,207 +6,203 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 - + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - ============LICENSE_END========================================================= + ============LICENSE_END========================================================= --> <configuration scan="true" scanPeriod="3 seconds" debug="false"> - <contextName>${module.ajsc.namespace.name}</contextName> - <jmxConfigurator /> - <property name="logDirectory" value="${AJSC_HOME}/log" /> - <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>ERROR</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - <encoder> - <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n - </pattern> - </encoder> - </appender> - - <appender name="INFO" - class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>INFO</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - </appender> - - <appender name="DEBUG" class="ch.qos.logback.core.ConsoleAppender"> - - <encoder> - <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> - </encoder> - </appender> - - <appender name="ERROR" class="ch.qos.logback.core.ConsoleAppender"> - class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>ERROR</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - <encoder> - <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> - </encoder> - </appender> - - - <!-- Msgrtr related loggers --> - <logger name="org.onap.dmaap.dmf.mr.service" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.service.impl" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.resources" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.resources.streamReaders" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.backends" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.backends.kafka" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.backends.memory" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.beans" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.constants" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.exception" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.listener" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.metrics.publisher" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.metrics.publisher.impl" level="INFO" /> - - - - <logger name="org.onap.dmaap.dmf.mr.security" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.security.impl" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.transaction" level="INFO" /> - <logger name="com.att.dmf.mr.transaction.impl" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.utils" level="INFO" /> - <logger name="org.onap.dmaap.mr.filter" level="INFO" /> - - <!--<logger name="com.att.nsa.cambria.*" level="INFO" />--> - - <!-- Msgrtr loggers in ajsc --> - <logger name="org.onap.dmaap.service" level="INFO" /> - <logger name="org.onap.dmaap" level="INFO" /> - - - <!-- Spring related loggers --> - <logger name="org.springframework" level="WARN" additivity="false"/> - <logger name="org.springframework.beans" level="WARN" additivity="false"/> - <logger name="org.springframework.web" level="WARN" additivity="false" /> - <logger name="com.blog.spring.jms" level="WARN" additivity="false" /> - - <!-- AJSC Services (bootstrap services) --> - <logger name="ajsc" level="WARN" additivity="false"/> - <logger name="ajsc.RouteMgmtService" level="INFO" additivity="false"/> - <logger name="ajsc.ComputeService" level="INFO" additivity="false" /> - <logger name="ajsc.VandelayService" level="WARN" additivity="false"/> - <logger name="ajsc.FilePersistenceService" level="WARN" additivity="false"/> - <logger name="ajsc.UserDefinedJarService" level="WARN" additivity="false" /> - <logger name="ajsc.UserDefinedBeansDefService" level="WARN" additivity="false" /> - <logger name="ajsc.LoggingConfigurationService" level="WARN" additivity="false" /> - - <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet - logging) --> - <logger name="ajsc.utils" level="WARN" additivity="false"/> - <logger name="ajsc.utils.DME2Helper" level="INFO" additivity="false" /> - <logger name="ajsc.filters" level="DEBUG" additivity="false" /> - <logger name="ajsc.beans.interceptors" level="DEBUG" additivity="false" /> - <logger name="ajsc.restlet" level="DEBUG" additivity="false" /> - <logger name="ajsc.servlet" level="DEBUG" additivity="false" /> - <logger name="com.att" level="WARN" additivity="false" /> - <logger name="com.att.ajsc.csi.logging" level="WARN" additivity="false" /> - <logger name="com.att.ajsc.filemonitor" level="WARN" additivity="false"/> - - <logger name="com.att.nsa.dmaap.util" level="INFO" additivity="false"/> - <logger name="com.att.cadi.filter" level="INFO" additivity="false" /> - - - <!-- Other Loggers that may help troubleshoot --> - <logger name="net.sf" level="WARN" additivity="false" /> - <logger name="org.apache.commons.httpclient" level="WARN" additivity="false"/> - <logger name="org.apache.commons" level="WARN" additivity="false" /> - <logger name="org.apache.coyote" level="WARN" additivity="false"/> - <logger name="org.apache.jasper" level="WARN" additivity="false"/> - - <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. - May aid in troubleshooting) --> - <logger name="org.apache.camel" level="WARN" additivity="false" /> - <logger name="org.apache.cxf" level="WARN" additivity="false" /> - <logger name="org.apache.camel.processor.interceptor" level="WARN" additivity="false"/> - <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" additivity="false" /> - <logger name="org.apache.cxf.service" level="WARN" additivity="false" /> - <logger name="org.restlet" level="DEBUG" additivity="false" /> - <logger name="org.apache.camel.component.restlet" level="DEBUG" additivity="false" /> - <logger name="org.apache.kafka" level="DEBUG" additivity="false" /> - <logger name="org.apache.zookeeper" level="INFO" additivity="false" /> - <logger name="org.I0Itec.zkclient" level="DEBUG" additivity="false" /> - - <!-- logback internals logging --> - <logger name="ch.qos.logback.classic" level="INFO" additivity="false"/> - <logger name="ch.qos.logback.core" level="INFO" additivity="false" /> - - <!-- logback jms appenders & loggers definition starts here --> - <!-- logback jms appenders & loggers definition starts here --> - <appender name="auditLogs" - class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - </filter> - <encoder> - <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> - </encoder> - </appender> - <appender name="perfLogs" - class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - </filter> - <encoder> - <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> - </encoder> - </appender> - <appender name="ASYNC-audit" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>1000</queueSize> - <discardingThreshold>0</discardingThreshold> - <appender-ref ref="Audit-Record-Queue" /> - </appender> - - <logger name="AuditRecord" level="INFO" additivity="FALSE"> - <appender-ref ref="STDOUT" /> - </logger> - <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE"> - <appender-ref ref="STDOUT" /> - </logger> - <appender name="ASYNC-perf" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>1000</queueSize> - <discardingThreshold>0</discardingThreshold> - <appender-ref ref="Performance-Tracker-Queue" /> - </appender> - <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE"> - <appender-ref ref="ASYNC-perf" /> - <appender-ref ref="perfLogs" /> - </logger> - <!-- logback jms appenders & loggers definition ends here --> - - <root level="DEBUG"> - <appender-ref ref="DEBUG" /> - <appender-ref ref="ERROR" /> - <appender-ref ref="INFO" /> - <appender-ref ref="STDOUT" /> - </root> - -</configuration>
\ No newline at end of file + <contextName>${module.ajsc.namespace.name}</contextName> + <jmxConfigurator /> + <property name="logDirectory" value="${AJSC_HOME}/log" /> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>ERROR</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <encoder> + <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n + </pattern> + </encoder> + </appender> + + <appender name="INFO" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>INFO</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + </appender> + + <appender name="DEBUG" class="ch.qos.logback.core.ConsoleAppender"> + + <encoder> + <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> + </encoder> + </appender> + + <appender name="ERROR" class="ch.qos.logback.core.ConsoleAppender"> class="ch.qos.logback.core.ConsoleAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>ERROR</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <encoder> + <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> + </encoder> + </appender> + + + <!-- Msgrtr related loggers --> + <logger name="org.onap.dmaap.dmf.mr.service" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.service.impl" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.resources" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.resources.streamReaders" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.backends" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.backends.kafka" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.backends.memory" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.beans" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.constants" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.exception" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.listener" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.metrics.publisher" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.metrics.publisher.impl" level="INFO" /> + + + + <logger name="org.onap.dmaap.dmf.mr.security" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.security.impl" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.transaction" level="INFO" /> + <logger name="com.att.dmf.mr.transaction.impl" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.utils" level="INFO" /> + <logger name="org.onap.dmaap.mr.filter" level="INFO" /> + + <!--<logger name="com.att.nsa.cambria.*" level="INFO" />--> + + <!-- Msgrtr loggers in ajsc --> + <logger name="org.onap.dmaap.service" level="INFO" /> + <logger name="org.onap.dmaap" level="INFO" /> + + + <!-- Spring related loggers --> + <logger name="org.springframework" level="WARN" additivity="false"/> + <logger name="org.springframework.beans" level="WARN" additivity="false"/> + <logger name="org.springframework.web" level="WARN" additivity="false" /> + <logger name="com.blog.spring.jms" level="WARN" additivity="false" /> + + <!-- AJSC Services (bootstrap services) --> + <logger name="ajsc" level="WARN" additivity="false"/> + <logger name="ajsc.RouteMgmtService" level="INFO" additivity="false"/> + <logger name="ajsc.ComputeService" level="INFO" additivity="false" /> + <logger name="ajsc.VandelayService" level="WARN" additivity="false"/> + <logger name="ajsc.FilePersistenceService" level="WARN" additivity="false"/> + <logger name="ajsc.UserDefinedJarService" level="WARN" additivity="false" /> + <logger name="ajsc.UserDefinedBeansDefService" level="WARN" additivity="false" /> + <logger name="ajsc.LoggingConfigurationService" level="WARN" additivity="false" /> + + <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet + logging) --> + <logger name="ajsc.utils" level="WARN" additivity="false"/> + <logger name="ajsc.utils.DME2Helper" level="INFO" additivity="false" /> + <logger name="ajsc.filters" level="DEBUG" additivity="false" /> + <logger name="ajsc.beans.interceptors" level="DEBUG" additivity="false" /> + <logger name="ajsc.restlet" level="DEBUG" additivity="false" /> + <logger name="ajsc.servlet" level="DEBUG" additivity="false" /> + <logger name="com.att" level="WARN" additivity="false" /> + <logger name="com.att.ajsc.csi.logging" level="WARN" additivity="false" /> + <logger name="com.att.ajsc.filemonitor" level="WARN" additivity="false"/> + + <logger name="com.att.nsa.dmaap.util" level="INFO" additivity="false"/> + <logger name="com.att.cadi.filter" level="INFO" additivity="false" /> + + + <!-- Other Loggers that may help troubleshoot --> + <logger name="net.sf" level="WARN" additivity="false" /> + <logger name="org.apache.commons.httpclient" level="WARN" additivity="false"/> + <logger name="org.apache.commons" level="WARN" additivity="false" /> + <logger name="org.apache.coyote" level="WARN" additivity="false"/> + <logger name="org.apache.jasper" level="WARN" additivity="false"/> + + <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. + May aid in troubleshooting) --> + <logger name="org.apache.camel" level="WARN" additivity="false" /> + <logger name="org.apache.cxf" level="WARN" additivity="false" /> + <logger name="org.apache.camel.processor.interceptor" level="WARN" additivity="false"/> + <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" additivity="false" /> + <logger name="org.apache.cxf.service" level="WARN" additivity="false" /> + <logger name="org.restlet" level="DEBUG" additivity="false" /> + <logger name="org.apache.camel.component.restlet" level="DEBUG" additivity="false" /> + <logger name="org.apache.kafka" level="DEBUG" additivity="false" /> + <logger name="org.apache.zookeeper" level="INFO" additivity="false" /> + <logger name="org.I0Itec.zkclient" level="DEBUG" additivity="false" /> + + <!-- logback internals logging --> + <logger name="ch.qos.logback.classic" level="INFO" additivity="false"/> + <logger name="ch.qos.logback.core" level="INFO" additivity="false" /> + + <!-- logback jms appenders & loggers definition starts here --> + <!-- logback jms appenders & loggers definition starts here --> + <appender name="auditLogs" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + </filter> + <encoder> + <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> + </encoder> + </appender> + <appender name="perfLogs" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + </filter> + <encoder> + <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> + </encoder> + </appender> + <appender name="ASYNC-audit" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <discardingThreshold>0</discardingThreshold> + <appender-ref ref="Audit-Record-Queue" /> + </appender> + + <logger name="AuditRecord" level="INFO" additivity="FALSE"> + <appender-ref ref="STDOUT" /> + </logger> + <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE"> + <appender-ref ref="STDOUT" /> + </logger> + <appender name="ASYNC-perf" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <discardingThreshold>0</discardingThreshold> + <appender-ref ref="Performance-Tracker-Queue" /> + </appender> + <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE"> + <appender-ref ref="ASYNC-perf" /> + <appender-ref ref="perfLogs" /> + </logger> + <!-- logback jms appenders & loggers definition ends here --> + + <root level="DEBUG"> + <appender-ref ref="DEBUG" /> + <appender-ref ref="ERROR" /> + <appender-ref ref="INFO" /> + <appender-ref ref="STDOUT" /> + </root> + +</configuration> diff --git a/kubernetes/dmaap/components/message-router/resources/topics/mirrormakeragent.json b/kubernetes/dmaap/components/message-router/resources/topics/mirrormakeragent.json index 7ae77cd8a8..ff1a5732e2 100644 --- a/kubernetes/dmaap/components/message-router/resources/topics/mirrormakeragent.json +++ b/kubernetes/dmaap/components/message-router/resources/topics/mirrormakeragent.json @@ -1,7 +1,7 @@ { "topicName": "mirrormakeragent", "topicDescription": "the topic used to provision the MM agent whitelist", - "replicationCase": "REPLICATION_NONE", + "replicationCase": "REPLICATION_NONE", "owner": "dmaap", "txenabled": false, "partitionCount": "1", @@ -10,33 +10,28 @@ "dcaeLocationName": "san-francisco", "clientIdentity": "dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org", "action": [ - "pub", + "pub", "sub", - "view" + "view" ] - }, - { + { "dcaeLocationName": "san-francisco", "clientIdentity": "dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org", "action": [ - "pub", + "pub", "sub", - "view" + "view" ] - }, - { + { "dcaeLocationName": "san-francisco", "clientIdentity": "demo@people.osaaf.org", "action": [ - "pub", + "pub", "sub", - "view" + "view" ] - } - ] -} - +}
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/templates/configmap.yaml index 9a2dea88e8..f981d6f7a6 100644 --- a/kubernetes/dmaap/components/message-router/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/templates/configmap.yaml @@ -12,7 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - apiVersion: v1 kind: ConfigMap metadata: @@ -79,4 +78,21 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }} +--- +{{- if .Values.prometheus.jmx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-prometheus-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/dmaap/jmx-mrservice-prometheus.yml").AsConfig . | indent 2 }} +--- +{{ end }} + diff --git a/kubernetes/dmaap/components/message-router/templates/post-install-job.yaml b/kubernetes/dmaap/components/message-router/templates/post-install-job.yaml index 4b45352ed0..26f38c9a4f 100644 --- a/kubernetes/dmaap/components/message-router/templates/post-install-job.yaml +++ b/kubernetes/dmaap/components/message-router/templates/post-install-job.yaml @@ -1,3 +1,17 @@ +{{- if .Values.global.aafEnabled }} +# Copyright © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. apiVersion: batch/v1 kind: Job metadata: @@ -73,3 +87,4 @@ spec: name: {{ include "common.fullname" . }}-dbc-topics imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{- end }}
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/templates/service.yaml b/kubernetes/dmaap/components/message-router/templates/service.yaml index db3bc76c6a..2b0b44e246 100644 --- a/kubernetes/dmaap/components/message-router/templates/service.yaml +++ b/kubernetes/dmaap/components/message-router/templates/service.yaml @@ -13,45 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "{{ include "common.servicename" . }}", - "version": "v1", - "url": "/", - "protocol": "REST", - "port": "{{.Values.service.internalPort}}", - "visualRange":"1" - } - ]' - -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - {{- if .Values.global.allow_http }} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }} - {{- end}} - - port: {{ .Values.service.externalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }} diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml index 35cc5e7405..695a816693 100644 --- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml @@ -12,23 +12,16 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: apps/v1beta1 + +apiVersion: apps/v1 kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + selector: {{- include "common.selectors" . | nindent 4 }} + serviceName: {{ include "common.servicename" . }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - command: @@ -48,23 +41,42 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: + {{- if .Values.prometheus.jmx.enabled }} + - name: prometheus-jmx-exporter + image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - java + - -XX:+UnlockExperimentalVMOptions + - -XX:+UseCGroupMemoryLimitForHeap + - -XX:MaxRAMFraction=1 + - -XshowSettings:vm + - -jar + - jmx_prometheus_httpserver.jar + - {{ .Values.prometheus.jmx.port | quote }} + - /etc/jmx-kafka/jmx-mrservice-prometheus.yml + ports: + - containerPort: {{ .Values.prometheus.jmx.port }} + resources: + volumeMounts: + - name: jmx-config + mountPath: /etc/jmx-kafka + {{- end }} - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.externalPort }} - - containerPort: {{ .Values.service.externalPort2 }} + ports: {{ include "common.containerPorts" . | nindent 10 }} {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.externalPort }} + port: {{ .Values.liveness.port }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{ .Values.service.externalPort }} + port: {{ .Values.readiness.port }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} @@ -87,8 +99,7 @@ spec: - mountPath: /appl/dmaapMR1/etc/keyfile subPath: mykey name: mykey - resources: -{{ include "common.resources" . }} + resources: {{ include "common.resources" . | nindent 12 }} volumes: - name: localtime hostPath: @@ -102,6 +113,11 @@ spec: - name: cadi configMap: name: {{ include "common.fullname" . }}-cadi-prop-configmap + {{- if .Values.prometheus.jmx.enabled }} + - name: jmx-config + configMap: + name: {{ include "common.fullname" . }}-prometheus-configmap + {{- end }} - name: mykey secret: secretName: {{ include "common.fullname" . }}-secret diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml index 935c090751..da9e41eebf 100644 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ b/kubernetes/dmaap/components/message-router/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/dmaap-mr:1.1.17 +image: onap/dmaap/dmaap-mr:1.1.18 pullPolicy: Always kafka: @@ -58,21 +58,40 @@ liveness: timeoutSeconds: 1 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container + port: api enabled: true readiness: initialDelaySeconds: 70 periodSeconds: 10 timeoutSeconds: 1 + port: api service: type: NodePort name: message-router - portName: message-router - externalPort: 3904 - nodePort: 27 - externalPort2: 3905 - nodePort2: 26 + both_tls_and_plain: true + msb: + port: api + url: "/" + version: "v1" + protocol: "REST" + visualRange: "1" + ports: + - name: api + port: 3905 + plain_port: 3904 + port_protocol: http + nodePort: 26 + +prometheus: + jmx: + enabled: false + image: solsson/kafka-prometheus-jmx-exporter@sha256 + imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143 + imageRepository: docker.io + port: 5556 + targetPort: 5555 ingress: enabled: false diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml index 4c0d8d584e..ecc5689668 100644 --- a/kubernetes/dmaap/values.yaml +++ b/kubernetes/dmaap/values.yaml @@ -29,7 +29,7 @@ global: busyBoxRepository: docker.io #Global DMaaP app config - allow_http: true + allow_http: false #Logstash config logstashServiceName: log-ls |