summaryrefslogtreecommitdiffstats
path: root/kubernetes/onap
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/onap')
-rwxr-xr-xkubernetes/onap/requirements.yaml21
-rw-r--r--kubernetes/onap/resources/environments/dev.yaml5
-rw-r--r--kubernetes/onap/resources/environments/public-cloud.yaml11
-rw-r--r--kubernetes/onap/resources/overrides/environment.yaml8
-rw-r--r--kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml7
-rw-r--r--kubernetes/onap/resources/overrides/onap-all.yaml6
-rw-r--r--kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml (renamed from kubernetes/onap/resources/overrides/aaf-cert-service-environment.yaml)3
-rw-r--r--kubernetes/onap/templates/clusterrolebinding.yaml4
-rw-r--r--kubernetes/onap/templates/secrets.yaml27
-rwxr-xr-xkubernetes/onap/values.yaml143
10 files changed, 153 insertions, 82 deletions
diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml
index 9385adea9a..51f1743773 100755
--- a/kubernetes/onap/requirements.yaml
+++ b/kubernetes/onap/requirements.yaml
@@ -1,4 +1,6 @@
# Copyright © 2019 Amdocs, Bell Canada
+# Copyright (c) 2020 Nordix Foundation, Modifications
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -96,10 +98,6 @@ dependencies:
version: ~6.x-0
repository: '@local'
condition: nbi.enabled
- - name: pnda
- version: ~6.x-0
- repository: '@local'
- condition: pnda.enabled
- name: policy
version: ~6.x-0
repository: '@local'
@@ -116,6 +114,9 @@ dependencies:
version: ~6.x-0
repository: '@local'
condition: oof.enabled
+ - name: repository-wrapper
+ version: ~6.x-0
+ repository: '@local'
- name: robot
version: ~6.x-0
repository: '@local'
@@ -152,3 +153,15 @@ dependencies:
version: ~6.x-0
repository: '@local'
condition: modeling.enabled
+ - name: platform
+ version: ~6.x-0
+ repository: '@local'
+ condition: platform.enabled
+ - name: a1policymanagement
+ version: ~6.x-0
+ repository: '@local'
+ condition: a1policymanagement.enabled
+ - name: cert-wrapper
+ version: ~6.x-0
+ repository: '@local'
+ condition: cert-wrapper.enabled
diff --git a/kubernetes/onap/resources/environments/dev.yaml b/kubernetes/onap/resources/environments/dev.yaml
index fa8619ed93..dd22d8fc75 100644
--- a/kubernetes/onap/resources/environments/dev.yaml
+++ b/kubernetes/onap/resources/environments/dev.yaml
@@ -31,8 +31,9 @@ global:
# any other repository that hosts images for ONAP components.
#repository: nexus3.onap.org:10001
- # readiness check - temporary repo until images migrated to nexus3
- readinessRepository: oomk8s
+ # readiness check
+ readinessImage: onap/oom/readiness:3.0.1
+
# logging agent - temporary repo until images migrated to nexus3
loggingRepository: docker.elastic.co
diff --git a/kubernetes/onap/resources/environments/public-cloud.yaml b/kubernetes/onap/resources/environments/public-cloud.yaml
index 3062e4e3fa..4a910987a9 100644
--- a/kubernetes/onap/resources/environments/public-cloud.yaml
+++ b/kubernetes/onap/resources/environments/public-cloud.yaml
@@ -1,4 +1,5 @@
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright (c) 2020 Nordix Foundation, Modifications
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -146,9 +147,6 @@ sdnc:
sdnc-ansible-server:
readiness:
initialDelaySeconds: 120
- sdnc-portal:
- readiness:
- initialDelaySeconds: 120
ueb-listener:
liveness:
initialDelaySeconds: 60
@@ -177,3 +175,10 @@ mariadb-galera:
readiness:
initialDelaySeconds: 120
+a1policymanagement:
+ liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
diff --git a/kubernetes/onap/resources/overrides/environment.yaml b/kubernetes/onap/resources/overrides/environment.yaml
index 2788e244e2..61b1838b83 100644
--- a/kubernetes/onap/resources/overrides/environment.yaml
+++ b/kubernetes/onap/resources/overrides/environment.yaml
@@ -92,6 +92,11 @@ clamp:
initialDelaySeconds: 60
readiness:
initialDelaySeconds: 60
+ clamp-mariadb:
+ liveness:
+ initialDelaySeconds: 30
+ readiness:
+ initialDelaySeconds: 30
dcaegen2:
dcae-cloudify-manager:
liveness:
@@ -213,9 +218,6 @@ sdnc:
sdnc-ansible-server:
readiness:
initialDelaySeconds: 120
- sdnc-portal:
- readiness:
- initialDelaySeconds: 120
ueb-listener:
liveness:
initialDelaySeconds: 60
diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
index 5b59c65db7..be052996b7 100644
--- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
+++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
@@ -34,8 +34,9 @@ global:
user: docker
password: docker
- # readiness check - temporary repo until images migrated to nexus3
- readinessRepository: oomk8s
+ # readiness check
+ readinessImage: onap/oom/readiness:3.0.1
+
# logging agent - temporary repo until images migrated to nexus3
loggingRepository: docker.elastic.co
@@ -95,8 +96,6 @@ contrib:
enabled: false
dcaegen2:
enabled: false
-pnda:
- enabled: false
dmaap:
enabled: true
esr:
diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml
index 86f898d18c..1d0663ea65 100644
--- a/kubernetes/onap/resources/overrides/onap-all.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all.yaml
@@ -1,4 +1,6 @@
# Copyright © 2019 Amdocs, Bell Canada
+# Copyright (c) 2020 Nordix Foundation, Modifications
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -79,3 +81,7 @@ vnfsdk:
enabled: true
modeling:
enabled: true
+platform:
+ enabled: true
+a1policymanagement:
+ enabled: true \ No newline at end of file
diff --git a/kubernetes/onap/resources/overrides/aaf-cert-service-environment.yaml b/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml
index da00f61e2f..9914e1496e 100644
--- a/kubernetes/onap/resources/overrides/aaf-cert-service-environment.yaml
+++ b/kubernetes/onap/resources/overrides/oom-cert-service-environment.yaml
@@ -1,4 +1,5 @@
# Copyright © 2020 Nordix Foundation
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -34,7 +35,7 @@
#################################################################
global:
cmpv2Enabled: true
- aaf:
+ platform:
certServiceClient:
envVariables:
# Certificate related
diff --git a/kubernetes/onap/templates/clusterrolebinding.yaml b/kubernetes/onap/templates/clusterrolebinding.yaml
index 2367143b11..d8584db65a 100644
--- a/kubernetes/onap/templates/clusterrolebinding.yaml
+++ b/kubernetes/onap/templates/clusterrolebinding.yaml
@@ -1,3 +1,4 @@
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -11,8 +12,9 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "common.namespace" . }}-binding
diff --git a/kubernetes/onap/templates/secrets.yaml b/kubernetes/onap/templates/secrets.yaml
deleted file mode 100644
index 42a263db97..0000000000
--- a/kubernetes/onap/templates/secrets.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.namespace" . }}-docker-registry-key
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
- .dockercfg: {{ include "common.repository.secret" . }}
-type: kubernetes.io/dockercfg
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index b96385cf07..3c8b1e9d90 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -1,4 +1,6 @@
# Copyright © 2019 Amdocs, Bell Canada
+# Copyright (c) 2020 Nordix Foundation, Modifications
+# Modifications Copyright © 2020 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -38,35 +40,73 @@ global:
addTestingComponents: &testing false
# ONAP Repository
- # Uncomment the following to enable the use of a single docker
- # repository but ONLY if your repository mirrors all ONAP
- # docker images. This includes all images from dockerhub and
- # any other repository that hosts images for ONAP components.
- #repository: nexus3.onap.org:10001
+ # Four different repositories are used
+ # You can change individually these repositories to ones that will serve the
+ # right images. If credentials are needed for one of them, see below.
+ repository: nexus3.onap.org:10001
+ dockerHubRepository: &dockerHubRepository docker.io
+ elasticRepository: &elasticRepository docker.elastic.co
+ googleK8sRepository: k8s.gcr.io
+
+
+ #/!\ DEPRECATED /!\
+ # Legacy repositories which will be removed at the end of migration.
+ # Please don't use
+ loggingRepository: *elasticRepository
+ busyboxRepository: *dockerHubRepository
+
+ # Default credentials
+ # they're optional. If the target repository doesn't need them, comment them
repositoryCred:
user: docker
password: docker
- dockerHubRepository: docker.io
-
- # readiness check - temporary repo until images migrated to nexus3
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.2.2
+ # If you want / need authentication on the repositories, please set
+ # Don't set them if the target repo is the same than others
+ # so id you've set repository to value `my.private.repo` and same for
+ # dockerHubRepository, you'll have to configure only repository (exclusive) OR
+ # dockerHubCred.
+ # dockerHubCred:
+ # user: myuser
+ # password: mypassord
+ # elasticCred:
+ # user: myuser
+ # password: mypassord
+ # googleK8sCred:
+ # user: myuser
+ # password: mypassord
+
+
+ # common global images
+ # Busybox for simple shell manipulation
+ busyboxImage: busybox:1.32
# curl image
curlImage: curlimages/curl:7.69.1
- # logging agent - temporary repo until images migrated to nexus3
- loggingRepository: docker.elastic.co
+ # env substitution image
+ envsubstImage: dibi/envsubst:1
+
+ # generate htpasswd files image
+ # there's only latest image for htpasswd
+ htpasswdImage: xmartlabs/htpasswd:latest
+
+ # kubenretes client image
+ kubectlImage: bitnami/kubectl:1.19
+
+ # logging agent
+ loggingImage: beats/filebeat:5.5.0
- # dockerHub main repository
- dockerHubRepository: docker.io
+ # mariadb client image
+ mariadbImage: mariadb:10.1.48
- # busybox repo and image
- busyboxRepository: docker.io
- busyboxImage: busybox:1.30
+ # nginx server image
+ nginxImage: bitnami/nginx:1.18-debian-10
- # kubeclt image
- kubectlImage: "bitnami/kubectl:1.15"
+ # postgreSQL client and server image
+ postgresImage: crunchydata/crunchy-postgres:centos7-10.11-4.2.1
+
+ # readiness check image
+ readinessImage: onap/oom/readiness:3.0.1
# image pull policy
pullPolicy: Always
@@ -90,12 +130,23 @@ global:
# flag to enable debugging - application support required
debugEnabled: false
+ # default password complexity
+ # available options: phrase, name, pin, basic, short, medium, long, maximum security
+ # More datails: https://masterpassword.app/masterpassword-algorithm.pdf
+ passwordStrength: long
+
+ # configuration to set log level to all components (the one that are using
+ # "common.log.level" to set this)
+ # can be overrided per components by setting logConfiguration.logLevelOverride
+ # to the desired value
+ # logLevel: DEBUG
+
#Global ingress configuration
ingress:
enabled: false
virtualhost:
- enabled: true
- baseurl: "simpledemo.onap.org"
+ enabled: true
+ baseurl: "simpledemo.onap.org"
# Global Service Mesh configuration
# POC Mode, don't use it in production
@@ -111,12 +162,12 @@ global:
# Enabling CMPv2
cmpv2Enabled: true
- aaf:
+ platform:
certServiceClient:
- image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.2.0
+ image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.1.0
secret:
- name: aaf-cert-service-client-tls-secret
- mountPath: /etc/onap/aaf/certservice/certs/
+ name: oom-cert-service-client-tls-secret
+ mountPath: /etc/onap/oom/certservice/certs/
envVariables:
# Certificate related
cmpv2Organization: "Linux-Foundation"
@@ -126,13 +177,19 @@ global:
cmpv2Country: "US"
# Client configuration related
caName: "RA"
- requestURL: "https://aaf-cert-service:8443/v1/certificate/"
+ requestURL: "https://oom-cert-service:8443/v1/certificate/"
requestTimeout: "30000"
- keystorePath: "/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks"
+ keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
+ outputType: "P12"
keystorePassword: "secret"
- truststorePath: "/etc/onap/aaf/certservice/certs/truststore.jks"
+ truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
truststorePassword: "secret"
+ # Indicates offline deployment build
+ # Set to true if you are rendering helm charts for offline deployment
+ # Otherwise keep it disabled
+ offlineDeploymentBuild: false
+
# TLS
# Set to false if you want to disable TLS for NodePorts. Be aware that this
# will loosen your security.
@@ -144,13 +201,12 @@ global:
# default
centralizedLoggingEnabled: &centralizedLogging false
-
-# Example of specific for the components where you want to disable TLS only for
-# it:
-# if set this element will force or not tls even if global.serviceMesh.tls and
-# global.tlsEnabled is set otherwise.
-# robot:
-# tlsOverride: false
+ # Example of specific for the components where you want to disable TLS only for
+ # it:
+ # if set this element will force or not tls even if global.serviceMesh.tls and
+ # global.tlsEnabled is set otherwise.
+ # robot:
+ # tlsOverride: false
# Global storage configuration
# Set to "-" for default, or with the name of the storage class
@@ -215,8 +271,6 @@ dcaegen2:
enabled: false
dcaemod:
enabled: false
-pnda:
- enabled: false
dmaap:
enabled: false
esr:
@@ -283,6 +337,12 @@ so:
openStackServiceTenantName: "service"
openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
+ # in order to enable static password for so-monitoring uncomment:
+ # so-monitoring:
+ # server:
+ # monitoring:
+ # password: demo123456!
+
# configure embedded mariadb
mariadb:
config:
@@ -297,3 +357,12 @@ vnfsdk:
enabled: false
modeling:
enabled: false
+platform:
+ enabled: false
+a1policymanagement:
+ enabled: false
+
+cert-wrapper:
+ enabled: true
+repository-wrapper:
+ enabled: true