diff options
Diffstat (limited to 'kubernetes/dmaap')
17 files changed, 101 insertions, 35 deletions
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index 104fcdc54a..adbdb688c2 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -122,9 +122,9 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: DB_USERNAME - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }} - name: DB_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }} volumeMounts: {{- if .Values.global.aafEnabled }} - mountPath: {{ .Values.persistence.aafCredsPath }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml index dee311c336..bd7eb8ea40 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties index 977699d83a..2bee404c0b 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties @@ -3,16 +3,15 @@ aaf_env=DEV aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm cadi_truststore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.trust.jks -cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw +cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ cadi_keyfile=/etc/kafka/secrets/cert/org.onap.dmaap.mr.keyfile cadi_alias=dmaapmr@mr.dmaap.onap.org cadi_keystore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.p12 -cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht +cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US - cadi_loglevel=INFO cadi_protocols=TLSv1.1,TLSv1.2 cadi_latitude=37.78187 diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml index 50398987d2..1a86f18e77 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml @@ -38,8 +38,8 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/jaas/kafka_server_jaas.conf").AsConfig . | indent 2 }} - -{{ else }} +--- +{{- else }} apiVersion: v1 kind: ConfigMap @@ -53,7 +53,7 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/jaas/zk_client_jaas.conf").AsConfig . | indent 2 }} - +--- {{- end }} {{- if .Values.prometheus.jmx.enabled }} @@ -68,6 +68,6 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig | indent 2 }} +{{ tpl (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig . | indent 2 }} --- {{- end }}
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml index 58a10662e8..428eebcc3e 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }}
\ No newline at end of file +{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml index ab3a6bf852..4ba11ec8c7 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml @@ -96,13 +96,13 @@ spec: - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/kafka/secrets/jaas/${PFILE}; done" env: - name: ZK_ADMIN - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-client" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "login") | indent 10 }} - name: ZK_PSWD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-client" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "password") | indent 10 }} - name: KAFKA_ADMIN - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "kafka-admin" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "login") | indent 10 }} - name: KAFKA_PSWD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "kafka-admin" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "password") | indent 10 }} volumeMounts: - mountPath: /etc/kafka/secrets/jaas name: jaas-config @@ -201,7 +201,7 @@ spec: - name: KAFKA_AUTHORIZER_CLASS_NAME value: "{{ .Values.kafka.authorizer }}" {{ else }} - - name: KAFKA_OPTS + - name: KAFKA_OPTS value: "{{ .Values.kafka.jaasOptions }}" - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP value: "{{ .Values.kafka.protocolMap }}" @@ -283,4 +283,4 @@ spec: storage: {{ .Values.persistence.size | quote }} {{ end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml index 0399c3aefb..45dc30e4ee 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml @@ -31,7 +31,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/kafka111:1.0.3 +image: onap/dmaap/kafka111:1.0.4 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 busyBoxImage: busybox:1.30 @@ -70,6 +70,7 @@ configurationOverrides: "log.retention.hours": "168" "zookeeper.connection.timeout.ms": "6000" "default.replication.factor": "3" + "zookeeper.set.acl": "true" jmx: port: 5555 diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml index 907111d898..50091bd387 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml @@ -24,7 +24,7 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ (.Files.Glob "resources/config/jmx-zookeeper-prometheus.yml").AsConfig | indent 2 }} +{{ tpl (.Files.Glob "resources/config/jmx-zookeeper-prometheus.yml").AsConfig . | indent 2 }} --- {{ end }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml index 729cad4cac..428eebcc3e 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml @@ -12,4 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -{{ include "common.secret" . }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml index e98e614d93..e48982319f 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml @@ -80,9 +80,9 @@ spec: - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/zookeeper/secrets/jaas/${PFILE}; done" env: - name: ZK_ADMIN - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-admin" "key" "login") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "login") | indent 10 }} - name: ZK_PSWD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-admin" "key" "password") | indent 10 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "password") | indent 10 }} volumeMounts: - mountPath: /etc/zookeeper/secrets/jaas name: jaas-config @@ -171,8 +171,6 @@ spec: value: "{{ .Values.zkConfig.clientPort }}" - name: KAFKA_OPTS value: "{{ .Values.zkConfig.kafkaOpts }}" - - name: EXTRA_ARGS - value: "{{ .Values.zkConfig.extraArgs }}" - name: ZOOKEEPER_SERVER_ID valueFrom: fieldRef: @@ -210,7 +208,7 @@ spec: name: {{ include "common.fullname" . }}-jaas-configmap {{- if .Values.prometheus.jmx.enabled }} - name: jmx-config - configMap: + configMap: name: {{ include "common.fullname" . }}-prometheus-configmap {{- end }} {{ if not .Values.persistence.enabled }} @@ -234,4 +232,4 @@ spec: storage: {{ .Values.persistence.size | quote }} {{ end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml index 4abb6e3c4a..4f861f8789 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml @@ -31,7 +31,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/zookeeper:6.0.2 +image: onap/dmaap/zookeeper:6.0.3 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 busyBoxImage: busybox:1.30 @@ -75,8 +75,7 @@ zkConfig: autoPurgeSnapRetainCount: 3 autoPurgePurgeInterval: 24 heapOptions: -Xmx2G -Xms2G - kafkaOpts: -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider - extraArgs: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf + kafkaOpts: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl clientPort: 2181 jmx: diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties index 36dafce986..dca56c823d 100755 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/cadi.properties @@ -4,17 +4,16 @@ aaf_env=DEV aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm cadi_truststore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.trust.jks -cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw +cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ cadi_keyfile=/appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile cadi_alias=dmaapmr@mr.dmaap.onap.org cadi_keystore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.p12 -cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht +cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US - cadi_loglevel=INFO cadi_protocols=TLSv1.1,TLSv1.2 cadi_latitude=37.78187 -cadi_longitude=-122.26147 +cadi_longitude=-122.26147
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml new file mode 100644 index 0000000000..3ee9fc5fe6 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/jmx-mrservice-prometheus.yml @@ -0,0 +1,4 @@ +jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.prometheus.jmx.targetPort }}/jmxrmi +lowercaseOutputName: true +lowercaseOutputLabelNames: true +ssl: false
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/templates/configmap.yaml index 9a2dea88e8..f981d6f7a6 100644 --- a/kubernetes/dmaap/components/message-router/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/templates/configmap.yaml @@ -12,7 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - apiVersion: v1 kind: ConfigMap metadata: @@ -79,4 +78,21 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }} +--- +{{- if .Values.prometheus.jmx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-prometheus-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/dmaap/jmx-mrservice-prometheus.yml").AsConfig . | indent 2 }} +--- +{{ end }} + diff --git a/kubernetes/dmaap/components/message-router/templates/post-install-job.yaml b/kubernetes/dmaap/components/message-router/templates/post-install-job.yaml index 4b45352ed0..26f38c9a4f 100644 --- a/kubernetes/dmaap/components/message-router/templates/post-install-job.yaml +++ b/kubernetes/dmaap/components/message-router/templates/post-install-job.yaml @@ -1,3 +1,17 @@ +{{- if .Values.global.aafEnabled }} +# Copyright © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. apiVersion: batch/v1 kind: Job metadata: @@ -73,3 +87,4 @@ spec: name: {{ include "common.fullname" . }}-dbc-topics imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{- end }}
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml index c17fda1108..695a816693 100644 --- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml @@ -41,6 +41,27 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness containers: + {{- if .Values.prometheus.jmx.enabled }} + - name: prometheus-jmx-exporter + image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - java + - -XX:+UnlockExperimentalVMOptions + - -XX:+UseCGroupMemoryLimitForHeap + - -XX:MaxRAMFraction=1 + - -XshowSettings:vm + - -jar + - jmx_prometheus_httpserver.jar + - {{ .Values.prometheus.jmx.port | quote }} + - /etc/jmx-kafka/jmx-mrservice-prometheus.yml + ports: + - containerPort: {{ .Values.prometheus.jmx.port }} + resources: + volumeMounts: + - name: jmx-config + mountPath: /etc/jmx-kafka + {{- end }} - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -92,6 +113,11 @@ spec: - name: cadi configMap: name: {{ include "common.fullname" . }}-cadi-prop-configmap + {{- if .Values.prometheus.jmx.enabled }} + - name: jmx-config + configMap: + name: {{ include "common.fullname" . }}-prometheus-configmap + {{- end }} - name: mykey secret: secretName: {{ include "common.fullname" . }}-secret diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml index b14c35f183..da9e41eebf 100644 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ b/kubernetes/dmaap/components/message-router/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/dmaap-mr:1.1.17 +image: onap/dmaap/dmaap-mr:1.1.18 pullPolicy: Always kafka: @@ -84,6 +84,15 @@ service: port_protocol: http nodePort: 26 +prometheus: + jmx: + enabled: false + image: solsson/kafka-prometheus-jmx-exporter@sha256 + imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143 + imageRepository: docker.io + port: 5556 + targetPort: 5555 + ingress: enabled: false |