diff options
Diffstat (limited to 'kubernetes/sdnc')
| -rw-r--r-- | kubernetes/sdnc/components/dmaap-listener/values.yaml | 2 | ||||
| -rw-r--r-- | kubernetes/sdnc/components/sdnc-ansible-server/values.yaml | 2 | ||||
| -rw-r--r-- | kubernetes/sdnc/components/sdnc-web/values.yaml | 2 | ||||
| -rw-r--r-- | kubernetes/sdnc/components/ueb-listener/values.yaml | 2 | ||||
| -rw-r--r-- | kubernetes/sdnc/requirements.yaml | 4 | ||||
| -rwxr-xr-x | kubernetes/sdnc/resources/config/bin/createLinks.sh | 69 | ||||
| -rw-r--r-- | kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties | 14 | ||||
| -rw-r--r-- | kubernetes/sdnc/templates/pv-data.yaml | 57 | ||||
| -rw-r--r-- | kubernetes/sdnc/templates/statefulset.yaml | 87 | ||||
| -rw-r--r-- | kubernetes/sdnc/values.yaml | 55 |
10 files changed, 160 insertions, 134 deletions
diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml index 27876cb47b..5378d64e9f 100644 --- a/kubernetes/sdnc/components/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-dmaap-listener-image:2.0.4 +image: onap/sdnc-dmaap-listener-image:2.0.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml index 858ff71d31..6c32c9036e 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ansible-server-image:2.0.4 +image: onap/sdnc-ansible-server-image:2.0.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml index f040736794..8648ac4dcc 100644 --- a/kubernetes/sdnc/components/sdnc-web/values.yaml +++ b/kubernetes/sdnc/components/sdnc-web/values.yaml @@ -23,7 +23,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: "onap/sdnc-web-image:2.0.4" +image: "onap/sdnc-web-image:2.0.5" pullPolicy: Always config: diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml index 6de8947d77..96b37092f9 100644 --- a/kubernetes/sdnc/components/ueb-listener/values.yaml +++ b/kubernetes/sdnc/components/ueb-listener/values.yaml @@ -55,7 +55,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ueb-listener-image:2.0.4 +image: onap/sdnc-ueb-listener-image:2.0.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml index 57c165c4c0..f58ecb16be 100644 --- a/kubernetes/sdnc/requirements.yaml +++ b/kubernetes/sdnc/requirements.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada, # Copyright © 2020 highstreet technologies GmbH +# Copyright © 2021 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,6 +21,9 @@ dependencies: - name: certInitializer version: ~7.x-0 repository: '@local' + - name: cmpv2Certificate + version: ~7.x-0 + repository: '@local' - name: logConfiguration version: ~7.x-0 repository: '@local' diff --git a/kubernetes/sdnc/resources/config/bin/createLinks.sh b/kubernetes/sdnc/resources/config/bin/createLinks.sh new file mode 100755 index 0000000000..1999dabb37 --- /dev/null +++ b/kubernetes/sdnc/resources/config/bin/createLinks.sh @@ -0,0 +1,69 @@ +#!/bin/sh + +### +# ============LICENSE_START======================================================= +# ONAP : SDN-C +# ================================================================================ +# Copyright (C) 2017 AT&T Intellectual Property. All rights +# reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + + +if [ "$MDSAL_PATH" = "" ] +then + MDSAL_PATH=/opt/opendaylight/mdsal +fi + +if [ "$DAEXIM_PATH" = "" ] +then + DAEXIM_PATH=/opt/opendaylight/daexim +fi + +if [ "$JOURNAL_PATH" = "" ] +then + JOURNAL_PATH=/opt/opendaylight/journal +fi + +if [ "$SNAPSHOTS_PATH" = "" ] +then + SNAPSHOTS_PATH=/opt/opendaylight/snapshots +fi + + +if [ ! -L $DAEXIM_PATH ] +then + ln -s $MDSAL_PATH/daexim $DAEXIM_PATH +fi + +if [ ! -L $JOURNAL_PATH ] +then + if [ -d $JOURNAL_PATH ] + then + mv $JOURNAL_PATH/* $MDSAL_PATH/journal + rm -f $JOURNAL_PATH + fi + ln -s $MDSAL_PATH/journal $JOURNAL_PATH +fi + +if [ ! -L $SNAPSHOTS_PATH ] +then + if [ -d $SNAPSHOTS_PATH ] + then + mv $SNAPSHOTS_PATH/* $MDSAL_PATH/snapshots + rm -f $SNAPSHOTS_PATH + fi + ln -s $MDSAL_PATH/snapshots $SNAPSHOTS_PATH +fi diff --git a/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties b/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties index a21ac0441c..57a16bd488 100644 --- a/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties +++ b/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties @@ -12,6 +12,13 @@ sdnrPasswd=${ODL_ADMIN_PASSWORD} faultConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPFaultVESMsgConsumer TransportType=HTTPNOAUTH host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}} +{{- if .Values.config.sdnr.dmaapProxy.enabled }} +{{- if .Values.config.sdnr.dmaapProxy.usepwd }} +jersey.config.client.proxy.username=${DMAAP_HTTP_PROXY_USERNAME} +jersey.config.client.proxy.password=${DMAAP_HTTP_PROXY_PASSWORD} +{{- end }} +jersey.config.client.proxy.uri={{ .Values.config.sdnr.dmaapProxy.url }} +{{- end }} topic=unauthenticated.SEC_FAULT_OUTPUT contenttype=application/json group=myG @@ -23,6 +30,13 @@ limit=10000 pnfRegConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPPNFRegVESMsgConsumer TransportType=HTTPNOAUTH host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}} +{{- if .Values.config.sdnr.dmaapProxy.enabled }} +{{- if .Values.config.sdnr.dmaapProxy.usepwd }} +jersey.config.client.proxy.username=${DMAAP_HTTP_PROXY_USERNAME} +jersey.config.client.proxy.password=${DMAAP_HTTP_PROXY_PASSWORD} +{{- end }} +jersey.config.client.proxy.uri={{ .Values.config.sdnr.dmaapProxy.url }} +{{- end }} topic=unauthenticated.VES_PNFREG_OUTPUT contenttype=application/json group=myG diff --git a/kubernetes/sdnc/templates/pv-data.yaml b/kubernetes/sdnc/templates/pv-data.yaml index e40bdd6ea3..a0d998cd07 100644 --- a/kubernetes/sdnc/templates/pv-data.yaml +++ b/kubernetes/sdnc/templates/pv-data.yaml @@ -1,46 +1,17 @@ {{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. */}} -{{- $global := . }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -{{- range $i := until (int $global.Values.replicaCount)}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-data-{{ $i }} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.fullname" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }} -spec: - capacity: - storage: {{ $global.Values.persistence.size}} - accessModes: - - {{ $global.Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" $global }}-data" - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} +{{ include "common.replicaPV" . }} diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index c61e1e35c9..2158fefe19 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2020 Samsung Electronics # Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2021 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -66,6 +67,13 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }} - name: ODL_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} + {{ if and .Values.config.sdnr.dmaapProxy.enabled .Values.config.sdnr.dmaapProxy.usepwd }} + - name: DMAAP_HTTP_PROXY_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "login") | indent 10 }} + - name: DMAAP_HTTP_PROXY_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "password") | indent 10 }} + {{- end }} + volumeMounts: - mountPath: /config-input @@ -98,58 +106,20 @@ spec: name: {{ include "common.name" . }}-readiness {{ end -}} {{ include "common.certInitializer.initContainer" . | indent 6 }} - - {{ if .Values.global.cmpv2Enabled }} - - name: certs-init - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.platform.certServiceClient.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: REQUEST_URL - value: {{ .Values.global.platform.certServiceClient.envVariables.requestURL }} - - name: REQUEST_TIMEOUT - value: "30000" - - name: OUTPUT_PATH - value: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }} - - name: CA_NAME - value: {{ .Values.global.platform.certServiceClient.envVariables.caName }} - - name: COMMON_NAME - value: {{ .Values.global.platform.certServiceClient.envVariables.common_name }} - - name: ORGANIZATION - value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Organization }} - - name: ORGANIZATION_UNIT - value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }} - - name: LOCATION - value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Location }} - - name: STATE - value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2State }} - - name: COUNTRY - value: {{ .Values.global.platform.certServiceClient.envVariables.cmpv2Country }} - - name: KEYSTORE_PATH - value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePath }} - - name: KEYSTORE_PASSWORD - value: {{ .Values.global.platform.certServiceClient.envVariables.keystorePassword }} - - name: TRUSTSTORE_PATH - value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePath }} - - name: TRUSTSTORE_PASSWORD - value: {{ .Values.global.platform.certServiceClient.envVariables.truststorePassword }} - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }} - name: certs - - mountPath: {{ .Values.global.platform.certServiceClient.secret.mountPath }} - name: certservice-tls-volume - {{ end }} - +{{ include "common.certServiceClient.initContainer" . | indent 6 }} - name: {{ include "common.name" . }}-chown image: {{ include "repositoryGenerator.image.busybox" . }} command: - sh args: - -c - - chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} + - | + mkdir {{ .Values.persistence.mdsalPath }}/daexim + mkdir {{ .Values.persistence.mdsalPath }}/journal + mkdir {{ .Values.persistence.mdsalPath }}/snapshots + chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }} {{- if .Values.global.aafEnabled }} - - chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }} + chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }} {{- end }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | indent 10 }} @@ -160,7 +130,7 @@ spec: image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/bin/bash"] - args: ["-c", "/opt/onap/sdnc/bin/startODL.sh"] + args: ["-c", "/opt/onap/sdnc/bin/createLinks.sh ; /opt/onap/sdnc/bin/startODL.sh"] ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} @@ -200,6 +170,14 @@ spec: value: "{{ .Values.replicaCount }}" - name: MYSQL_HOST value: {{ include "common.mariadbService" . }} + - name: MDSAL_PATH + value: {{ .Values.persistence.mdsalPath }} + - name: DAEXIM_PATH + value: {{ .Values.persistence.daeximPath }} + - name: JOURNAL_PATH + value: {{ .Values.persistence.journalPath }} + - name: SNAPSHOTS_PATH + value: {{ .Values.persistence.snapshotsPath }} - name: JAVA_HOME value: "{{ .Values.config.javaHome}}" - name: JAVA_OPTS @@ -224,6 +202,7 @@ spec: volumeMounts: {{ include "common.certInitializer.volumeMount" . | indent 10 }} +{{ include "common.certServiceClient.volumeMounts" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -233,6 +212,9 @@ spec: - mountPath: {{ .Values.config.binDir }}/installSdncDb.sh name: bin subPath: installSdncDb.sh + - mountPath: {{ .Values.config.binDir }}/createLinks.sh + name: bin + subPath: createLinks.sh - mountPath: {{ .Values.config.ccsdkConfigDir }}/aaiclient.properties name: properties subPath: aaiclient.properties @@ -279,10 +261,6 @@ spec: - mountPath: {{ .Values.config.odl.etcDir }}/mountpoint-state-provider.properties name: properties subPath: mountpoint-state-provider.properties - {{ if .Values.global.cmpv2Enabled }} - - mountPath: {{ .Values.global.platform.certServiceClient.envVariables.cert_path }} - name: certs - {{- end }} resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -333,19 +311,12 @@ spec: - name: properties emptyDir: medium: Memory - {{ if .Values.global.cmpv2Enabled }} - - name: certs - emptyDir: - medium: Memory - - name: certservice-tls-volume - secret: - secretName: {{ .Values.global.platform.certServiceClient.secret.name }} - {{- end }} {{ if not .Values.persistence.enabled }} - name: {{ include "common.fullname" . }}-data emptyDir: {} {{ else }} {{ include "common.certInitializer.volumes" . | nindent 8 }} +{{ include "common.certServiceClient.volumes" . | nindent 8 }} volumeClaimTemplates: - metadata: name: {{ include "common.fullname" . }}-data diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index b5fe599ee7..c02d5592e6 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2020 Samsung Electronics, highstreet technologies GmbH # Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2021 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -29,33 +30,8 @@ global: service: mariadb-galera internalPort: 3306 nameOverride: mariadb-galera - service: mariadb-galera - # Enabling CMPv2 - cmpv2Enabled: true + # Enabling CMPv2 with CertManager CMPv2CertManagerIntegration: false - platform: - certServiceClient: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.2 - secret: - name: oom-cert-service-client-tls-secret - mountPath: /etc/onap/oom/certservice/certs/ - envVariables: - # Certificate related - cert_path: /var/custom-certs - cmpv2Organization: "Linux-Foundation" - cmpv2OrganizationalUnit: "ONAP" - cmpv2Location: "San-Francisco" - cmpv2Country: "US" - # Client configuration related - caName: "RA" - common_name: "sdnc.simpledemo.onap.org" - requestURL: "https://oom-cert-service:8443/v1/certificate/" - requestTimeout: "30000" - keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks" - outputType: "P12" - keystorePassword: "secret" - truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks" - truststorePassword: "secret" ################################################################# # Secrets metaconfig @@ -97,6 +73,14 @@ secrets: password: '{{ .Values.config.odlPassword }}' # For now this is left hardcoded but should be revisited in a future passwordPolicy: required + - uid: dmaap-proxy-creds + name: &dmaapProxyCredsSecretName '{{ include "common.release" . }}-sdnc-dmaap-proxy-creds' + type: basicAuth + externalSecret: '{{ .Values.config.dmaapProxyCredsExternalSecret }}' + login: '{{ .Values.config.sdnr.dmaapProxy.user }}' + password: '{{ .Values.config.sdnr.dmaapProxy.password }}' + # For now this is left hardcoded but should be revisited in a future + passwordPolicy: required - uid: netbox-apikey type: password externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}' @@ -141,7 +125,8 @@ secrets: # Certificates ################################################################# certificates: - - commonName: sdnc.simpledemo.onap.org + - mountPath: /var/custom-certs + commonName: sdnc.simpledemo.onap.org dnsNames: - sdnc.simpledemo.onap.org p12Keystore: @@ -160,7 +145,7 @@ certificates: # application images pullPolicy: Always -image: onap/sdnc-image:2.0.4 +image: onap/sdnc-image:2.0.5 # flag to enable debugging - application support required debugEnabled: false @@ -250,6 +235,15 @@ config: sdnrdbTrustAllCerts: true mountpointRegistrarEnabled: false mountpointStateProviderEnabled: false + # enable and set dmaap-proxy for mountpointRegistrar + dmaapProxy: + enabled: false + usepwd: true + user: addUserHere + password: addPasswordHere + url: addProxyUrlHere + + @@ -469,7 +463,10 @@ persistence: size: 1Gi mountPath: /dockerdata-nfs mountSubPath: sdnc/mdsal - mdsalPath: /opt/opendaylight/current/daexim + mdsalPath: /opt/opendaylight/mdsal + daeximPath: /opt/opendaylight/daexim + journalPath: /opt/opendaylight/journal + snapshotsPath: /opt/opendaylight/snapshots certpersistence: enabled: true |