diff options
Diffstat (limited to 'kubernetes/onap')
-rwxr-xr-x | kubernetes/onap/requirements.yaml | 21 | ||||
-rw-r--r-- | kubernetes/onap/resources/environments/dev.yaml | 5 | ||||
-rw-r--r-- | kubernetes/onap/resources/environments/public-cloud.yaml | 11 | ||||
-rw-r--r-- | kubernetes/onap/resources/overrides/environment.yaml | 8 | ||||
-rw-r--r-- | kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml | 7 | ||||
-rw-r--r-- | kubernetes/onap/resources/overrides/onap-all.yaml | 6 | ||||
-rw-r--r-- | kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml (renamed from kubernetes/onap/resources/overrides/aaf-cert-service-environment.yaml) | 3 | ||||
-rw-r--r-- | kubernetes/onap/templates/clusterrolebinding.yaml | 4 | ||||
-rw-r--r-- | kubernetes/onap/templates/secrets.yaml | 27 | ||||
-rwxr-xr-x | kubernetes/onap/values.yaml | 143 |
10 files changed, 153 insertions, 82 deletions
diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml index 9385adea9a..51f1743773 100755 --- a/kubernetes/onap/requirements.yaml +++ b/kubernetes/onap/requirements.yaml @@ -1,4 +1,6 @@ # Copyright © 2019 Amdocs, Bell Canada +# Copyright (c) 2020 Nordix Foundation, Modifications +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -96,10 +98,6 @@ dependencies: version: ~6.x-0 repository: '@local' condition: nbi.enabled - - name: pnda - version: ~6.x-0 - repository: '@local' - condition: pnda.enabled - name: policy version: ~6.x-0 repository: '@local' @@ -116,6 +114,9 @@ dependencies: version: ~6.x-0 repository: '@local' condition: oof.enabled + - name: repository-wrapper + version: ~6.x-0 + repository: '@local' - name: robot version: ~6.x-0 repository: '@local' @@ -152,3 +153,15 @@ dependencies: version: ~6.x-0 repository: '@local' condition: modeling.enabled + - name: platform + version: ~6.x-0 + repository: '@local' + condition: platform.enabled + - name: a1policymanagement + version: ~6.x-0 + repository: '@local' + condition: a1policymanagement.enabled + - name: cert-wrapper + version: ~6.x-0 + repository: '@local' + condition: cert-wrapper.enabled diff --git a/kubernetes/onap/resources/environments/dev.yaml b/kubernetes/onap/resources/environments/dev.yaml index fa8619ed93..dd22d8fc75 100644 --- a/kubernetes/onap/resources/environments/dev.yaml +++ b/kubernetes/onap/resources/environments/dev.yaml @@ -31,8 +31,9 @@ global: # any other repository that hosts images for ONAP components. #repository: nexus3.onap.org:10001 - # readiness check - temporary repo until images migrated to nexus3 - readinessRepository: oomk8s + # readiness check + readinessImage: onap/oom/readiness:3.0.1 + # logging agent - temporary repo until images migrated to nexus3 loggingRepository: docker.elastic.co diff --git a/kubernetes/onap/resources/environments/public-cloud.yaml b/kubernetes/onap/resources/environments/public-cloud.yaml index 3062e4e3fa..4a910987a9 100644 --- a/kubernetes/onap/resources/environments/public-cloud.yaml +++ b/kubernetes/onap/resources/environments/public-cloud.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Copyright (c) 2020 Nordix Foundation, Modifications # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -146,9 +147,6 @@ sdnc: sdnc-ansible-server: readiness: initialDelaySeconds: 120 - sdnc-portal: - readiness: - initialDelaySeconds: 120 ueb-listener: liveness: initialDelaySeconds: 60 @@ -177,3 +175,10 @@ mariadb-galera: readiness: initialDelaySeconds: 120 +a1policymanagement: + liveness: + initialDelaySeconds: 60 + periodSeconds: 10 + readiness: + initialDelaySeconds: 60 + periodSeconds: 10 diff --git a/kubernetes/onap/resources/overrides/environment.yaml b/kubernetes/onap/resources/overrides/environment.yaml index 2788e244e2..61b1838b83 100644 --- a/kubernetes/onap/resources/overrides/environment.yaml +++ b/kubernetes/onap/resources/overrides/environment.yaml @@ -92,6 +92,11 @@ clamp: initialDelaySeconds: 60 readiness: initialDelaySeconds: 60 + clamp-mariadb: + liveness: + initialDelaySeconds: 30 + readiness: + initialDelaySeconds: 30 dcaegen2: dcae-cloudify-manager: liveness: @@ -213,9 +218,6 @@ sdnc: sdnc-ansible-server: readiness: initialDelaySeconds: 120 - sdnc-portal: - readiness: - initialDelaySeconds: 120 ueb-listener: liveness: initialDelaySeconds: 60 diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml index 5b59c65db7..be052996b7 100644 --- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml +++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml @@ -34,8 +34,9 @@ global: user: docker password: docker - # readiness check - temporary repo until images migrated to nexus3 - readinessRepository: oomk8s + # readiness check + readinessImage: onap/oom/readiness:3.0.1 + # logging agent - temporary repo until images migrated to nexus3 loggingRepository: docker.elastic.co @@ -95,8 +96,6 @@ contrib: enabled: false dcaegen2: enabled: false -pnda: - enabled: false dmaap: enabled: true esr: diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index 86f898d18c..1d0663ea65 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -1,4 +1,6 @@ # Copyright © 2019 Amdocs, Bell Canada +# Copyright (c) 2020 Nordix Foundation, Modifications +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -79,3 +81,7 @@ vnfsdk: enabled: true modeling: enabled: true +platform: + enabled: true +a1policymanagement: + enabled: true
\ No newline at end of file diff --git a/kubernetes/onap/resources/overrides/aaf-cert-service-environment.yaml b/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml index da00f61e2f..9914e1496e 100644 --- a/kubernetes/onap/resources/overrides/aaf-cert-service-environment.yaml +++ b/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml @@ -1,4 +1,5 @@ # Copyright © 2020 Nordix Foundation +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -34,7 +35,7 @@ ################################################################# global: cmpv2Enabled: true - aaf: + platform: certServiceClient: envVariables: # Certificate related diff --git a/kubernetes/onap/templates/clusterrolebinding.yaml b/kubernetes/onap/templates/clusterrolebinding.yaml index 2367143b11..d8584db65a 100644 --- a/kubernetes/onap/templates/clusterrolebinding.yaml +++ b/kubernetes/onap/templates/clusterrolebinding.yaml @@ -1,3 +1,4 @@ +{{/* # Copyright © 2017 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -11,8 +12,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ include "common.namespace" . }}-binding diff --git a/kubernetes/onap/templates/secrets.yaml b/kubernetes/onap/templates/secrets.yaml deleted file mode 100644 index 42a263db97..0000000000 --- a/kubernetes/onap/templates/secrets.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.namespace" . }}-docker-registry-key - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: - .dockercfg: {{ include "common.repository.secret" . }} -type: kubernetes.io/dockercfg diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index b96385cf07..3c8b1e9d90 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -1,4 +1,6 @@ # Copyright © 2019 Amdocs, Bell Canada +# Copyright (c) 2020 Nordix Foundation, Modifications +# Modifications Copyright © 2020 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,35 +40,73 @@ global: addTestingComponents: &testing false # ONAP Repository - # Uncomment the following to enable the use of a single docker - # repository but ONLY if your repository mirrors all ONAP - # docker images. This includes all images from dockerhub and - # any other repository that hosts images for ONAP components. - #repository: nexus3.onap.org:10001 + # Four different repositories are used + # You can change individually these repositories to ones that will serve the + # right images. If credentials are needed for one of them, see below. + repository: nexus3.onap.org:10001 + dockerHubRepository: &dockerHubRepository docker.io + elasticRepository: &elasticRepository docker.elastic.co + googleK8sRepository: k8s.gcr.io + + + #/!\ DEPRECATED /!\ + # Legacy repositories which will be removed at the end of migration. + # Please don't use + loggingRepository: *elasticRepository + busyboxRepository: *dockerHubRepository + + # Default credentials + # they're optional. If the target repository doesn't need them, comment them repositoryCred: user: docker password: docker - dockerHubRepository: docker.io - - # readiness check - temporary repo until images migrated to nexus3 - readinessRepository: oomk8s - readinessImage: readiness-check:2.2.2 + # If you want / need authentication on the repositories, please set + # Don't set them if the target repo is the same than others + # so id you've set repository to value `my.private.repo` and same for + # dockerHubRepository, you'll have to configure only repository (exclusive) OR + # dockerHubCred. + # dockerHubCred: + # user: myuser + # password: mypassord + # elasticCred: + # user: myuser + # password: mypassord + # googleK8sCred: + # user: myuser + # password: mypassord + + + # common global images + # Busybox for simple shell manipulation + busyboxImage: busybox:1.32 # curl image curlImage: curlimages/curl:7.69.1 - # logging agent - temporary repo until images migrated to nexus3 - loggingRepository: docker.elastic.co + # env substitution image + envsubstImage: dibi/envsubst:1 + + # generate htpasswd files image + # there's only latest image for htpasswd + htpasswdImage: xmartlabs/htpasswd:latest + + # kubenretes client image + kubectlImage: bitnami/kubectl:1.19 + + # logging agent + loggingImage: beats/filebeat:5.5.0 - # dockerHub main repository - dockerHubRepository: docker.io + # mariadb client image + mariadbImage: mariadb:10.1.48 - # busybox repo and image - busyboxRepository: docker.io - busyboxImage: busybox:1.30 + # nginx server image + nginxImage: bitnami/nginx:1.18-debian-10 - # kubeclt image - kubectlImage: "bitnami/kubectl:1.15" + # postgreSQL client and server image + postgresImage: crunchydata/crunchy-postgres:centos7-10.11-4.2.1 + + # readiness check image + readinessImage: onap/oom/readiness:3.0.1 # image pull policy pullPolicy: Always @@ -90,12 +130,23 @@ global: # flag to enable debugging - application support required debugEnabled: false + # default password complexity + # available options: phrase, name, pin, basic, short, medium, long, maximum security + # More datails: https://masterpassword.app/masterpassword-algorithm.pdf + passwordStrength: long + + # configuration to set log level to all components (the one that are using + # "common.log.level" to set this) + # can be overrided per components by setting logConfiguration.logLevelOverride + # to the desired value + # logLevel: DEBUG + #Global ingress configuration ingress: enabled: false virtualhost: - enabled: true - baseurl: "simpledemo.onap.org" + enabled: true + baseurl: "simpledemo.onap.org" # Global Service Mesh configuration # POC Mode, don't use it in production @@ -111,12 +162,12 @@ global: # Enabling CMPv2 cmpv2Enabled: true - aaf: + platform: certServiceClient: - image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.2.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0 secret: - name: aaf-cert-service-client-tls-secret - mountPath: /etc/onap/aaf/certservice/certs/ + name: oom-cert-service-client-tls-secret + mountPath: /etc/onap/oom/certservice/certs/ envVariables: # Certificate related cmpv2Organization: "Linux-Foundation" @@ -126,13 +177,19 @@ global: cmpv2Country: "US" # Client configuration related caName: "RA" - requestURL: "https://aaf-cert-service:8443/v1/certificate/" + requestURL: "https://oom-cert-service:8443/v1/certificate/" requestTimeout: "30000" - keystorePath: "/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks" + keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks" + outputType: "P12" keystorePassword: "secret" - truststorePath: "/etc/onap/aaf/certservice/certs/truststore.jks" + truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks" truststorePassword: "secret" + # Indicates offline deployment build + # Set to true if you are rendering helm charts for offline deployment + # Otherwise keep it disabled + offlineDeploymentBuild: false + # TLS # Set to false if you want to disable TLS for NodePorts. Be aware that this # will loosen your security. @@ -144,13 +201,12 @@ global: # default centralizedLoggingEnabled: ¢ralizedLogging false - -# Example of specific for the components where you want to disable TLS only for -# it: -# if set this element will force or not tls even if global.serviceMesh.tls and -# global.tlsEnabled is set otherwise. -# robot: -# tlsOverride: false + # Example of specific for the components where you want to disable TLS only for + # it: + # if set this element will force or not tls even if global.serviceMesh.tls and + # global.tlsEnabled is set otherwise. + # robot: + # tlsOverride: false # Global storage configuration # Set to "-" for default, or with the name of the storage class @@ -215,8 +271,6 @@ dcaegen2: enabled: false dcaemod: enabled: false -pnda: - enabled: false dmaap: enabled: false esr: @@ -283,6 +337,12 @@ so: openStackServiceTenantName: "service" openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" + # in order to enable static password for so-monitoring uncomment: + # so-monitoring: + # server: + # monitoring: + # password: demo123456! + # configure embedded mariadb mariadb: config: @@ -297,3 +357,12 @@ vnfsdk: enabled: false modeling: enabled: false +platform: + enabled: false +a1policymanagement: + enabled: false + +cert-wrapper: + enabled: true +repository-wrapper: + enabled: true |