summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/a1policymanagement/Chart.yaml3
-rw-r--r--kubernetes/a1policymanagement/resources/config/application.yaml19
-rw-r--r--kubernetes/a1policymanagement/resources/config/application_configuration.json2
-rw-r--r--kubernetes/a1policymanagement/templates/ingress.yaml17
-rw-r--r--kubernetes/a1policymanagement/templates/statefulset.yaml14
-rw-r--r--kubernetes/a1policymanagement/values.yaml47
-rw-r--r--kubernetes/cps/components/cps-core/values.yaml2
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml5
-rw-r--r--kubernetes/cps/components/ncmp-dmi-plugin/values.yaml2
-rw-r--r--kubernetes/nbi/Chart.yaml3
-rw-r--r--kubernetes/nbi/templates/deployment.yaml37
-rw-r--r--kubernetes/nbi/tests/deployment_test.yaml4
-rw-r--r--kubernetes/nbi/values.yaml35
-rwxr-xr-xkubernetes/policy/Chart.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/Chart.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json2
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/templates/service.yaml28
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml43
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/values.yaml43
-rwxr-xr-xkubernetes/policy/components/policy-api/Chart.yaml4
-rw-r--r--kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml3
-rwxr-xr-xkubernetes/policy/components/policy-api/templates/deployment.yaml37
-rwxr-xr-xkubernetes/policy/components/policy-api/templates/service.yaml27
-rwxr-xr-xkubernetes/policy/components/policy-api/values.yaml44
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml5
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml17
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml3
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml14
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml37
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml3
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml14
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml36
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml36
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml112
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/logback.xml103
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/configmap.yaml32
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml108
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml18
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/secrets.yaml17
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml38
-rwxr-xr-xkubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml130
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml3
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml6
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml14
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml37
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml3
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml14
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml40
-rwxr-xr-xkubernetes/policy/components/policy-distribution/Chart.yaml3
-rwxr-xr-xkubernetes/policy/components/policy-distribution/resources/config/config.json6
-rwxr-xr-xkubernetes/policy/components/policy-distribution/templates/deployment.yaml34
-rwxr-xr-xkubernetes/policy/components/policy-distribution/templates/service.yaml19
-rwxr-xr-xkubernetes/policy/components/policy-distribution/values.yaml38
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/Chart.yaml3
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf10
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf6
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/templates/service.yaml33
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml32
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/values.yaml43
-rw-r--r--kubernetes/policy/components/policy-gui/Chart.yaml3
-rw-r--r--kubernetes/policy/components/policy-gui/resources/config/application.yml12
-rw-r--r--kubernetes/policy/components/policy-gui/templates/deployment.yaml41
-rw-r--r--kubernetes/policy/components/policy-gui/templates/service.yaml27
-rw-r--r--kubernetes/policy/components/policy-gui/values.yaml52
-rwxr-xr-xkubernetes/policy/components/policy-nexus/templates/deployment.yaml18
-rwxr-xr-xkubernetes/policy/components/policy-nexus/templates/service.yaml26
-rwxr-xr-xkubernetes/policy/components/policy-nexus/values.yaml6
-rwxr-xr-xkubernetes/policy/components/policy-pap/Chart.yaml3
-rw-r--r--kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml6
-rwxr-xr-xkubernetes/policy/components/policy-pap/templates/deployment.yaml16
-rwxr-xr-xkubernetes/policy/components/policy-pap/values.yaml38
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/Chart.yaml3
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/resources/config/config.json4
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml32
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/templates/service.yaml20
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/values.yaml41
-rwxr-xr-xkubernetes/policy/templates/job.yaml84
-rwxr-xr-xkubernetes/policy/values.yaml3
-rw-r--r--kubernetes/sdc/components/sdc-be/Chart.yaml3
-rw-r--r--kubernetes/sdc/components/sdc-be/templates/deployment.yaml63
-rw-r--r--kubernetes/sdc/components/sdc-be/templates/ingress.yaml17
-rw-r--r--kubernetes/sdc/components/sdc-be/templates/job.yaml5
-rw-r--r--kubernetes/sdc/components/sdc-be/values.yaml55
-rw-r--r--kubernetes/sdc/components/sdc-cs/templates/job.yaml9
-rw-r--r--kubernetes/sdc/components/sdc-fe/Chart.yaml3
-rw-r--r--kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml4
-rw-r--r--kubernetes/sdc/components/sdc-fe/templates/deployment.yaml86
-rw-r--r--kubernetes/sdc/components/sdc-fe/templates/ingress.yaml17
-rw-r--r--kubernetes/sdc/components/sdc-fe/templates/service.yaml38
-rw-r--r--kubernetes/sdc/components/sdc-fe/values.yaml55
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml3
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml109
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml11
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/templates/pv.yaml41
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/templates/pvc.yaml40
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml34
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/values.yaml45
-rw-r--r--kubernetes/sdc/components/sdc-wfd-be/Chart.yaml3
-rw-r--r--kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml61
-rw-r--r--kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml17
-rw-r--r--kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml11
-rw-r--r--kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml27
-rw-r--r--kubernetes/sdc/components/sdc-wfd-be/values.yaml37
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml3
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml91
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml17
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml38
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/values.yaml57
-rwxr-xr-xkubernetes/sdc/resources/config/environments/AUTO.json9
-rw-r--r--kubernetes/sdc/values.yaml1
-rwxr-xr-xkubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml3
-rw-r--r--kubernetes/uui/Chart.yaml3
-rw-r--r--kubernetes/uui/components/uui-nlp/templates/ingress.yaml16
-rw-r--r--kubernetes/uui/components/uui-server/Chart.yaml3
-rw-r--r--kubernetes/uui/components/uui-server/resources/config/application.properties7
-rw-r--r--kubernetes/uui/components/uui-server/templates/deployment.yaml6
-rw-r--r--kubernetes/uui/components/uui-server/templates/ingress.yaml16
-rw-r--r--kubernetes/uui/components/uui-server/values.yaml40
-rw-r--r--kubernetes/uui/resources/config/server.xml15
-rw-r--r--kubernetes/uui/templates/deployment.yaml15
-rw-r--r--kubernetes/uui/templates/ingress.yaml16
-rw-r--r--kubernetes/uui/values.yaml45
125 files changed, 1027 insertions, 2105 deletions
diff --git a/kubernetes/a1policymanagement/Chart.yaml b/kubernetes/a1policymanagement/Chart.yaml
index 1fa512a50d..c6798d15b4 100644
--- a/kubernetes/a1policymanagement/Chart.yaml
+++ b/kubernetes/a1policymanagement/Chart.yaml
@@ -26,9 +26,6 @@ dependencies:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/a1policymanagement/resources/config/application.yaml b/kubernetes/a1policymanagement/resources/config/application.yaml
index 29b0b9ad16..789f3eb673 100644
--- a/kubernetes/a1policymanagement/resources/config/application.yaml
+++ b/kubernetes/a1policymanagement/resources/config/application.yaml
@@ -49,26 +49,23 @@ logging:
server:
# Configuration of the HTTP/REST server. The parameters are defined and handeled by the springboot framework.
# See springboot documentation.
- port: 8433
+ #port: 8081
http-port: 8081
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
key-store-type: PKCS12
- key-store-password: ${KEYSTORE_PASSWORD}
- key-store: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
- key-password: ${KEYSTORE_PASSWORD}
- key-alias: {{ .Values.certInitializer.fqi }}
+ key-store-password: ""
+ key-store: ""
+ key-password: ""
+ key-alias: ""
app:
# Location of the component configuration file. The file will only be used if the Consul database is not used;
# configuration from the Consul will override the file.
filepath: /opt/app/policy-agent/data/application_configuration.json
webclient:
- # Configuration of the trust store used for the HTTP client (outgoing requests)
- # The file location and the password for the truststore is only relevant if trust-store-used == true
- # Note that the same keystore as for the server is used.
trust-store-used: false
- trust-store-password: ${TRUSTSORE_PASSWORD}
- trust-store: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+ trust-store-password: ""
+ trust-store: ""
# Configuration of usage of HTTP Proxy for the southbound accesses.
# The HTTP proxy (if configured) will only be used for accessing NearRT RIC:s
http.proxy-host:
diff --git a/kubernetes/a1policymanagement/resources/config/application_configuration.json b/kubernetes/a1policymanagement/resources/config/application_configuration.json
index 5ee3f7d75d..837ce0c5b8 100644
--- a/kubernetes/a1policymanagement/resources/config/application_configuration.json
+++ b/kubernetes/a1policymanagement/resources/config/application_configuration.json
@@ -3,7 +3,7 @@
"controller": [
{
"name": "controller1",
- "baseUrl": "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.sdncLink .Values.sdncLinkHttp }}",
+ "baseUrl": "{{ .Values.sdncLink }}",
"userName": "${A1CONTROLLER_USER}",
"password": "${A1CONTROLLER_PASSWORD}"
}
diff --git a/kubernetes/a1policymanagement/templates/ingress.yaml b/kubernetes/a1policymanagement/templates/ingress.yaml
new file mode 100644
index 0000000000..bcc60a0953
--- /dev/null
+++ b/kubernetes/a1policymanagement/templates/ingress.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
diff --git a/kubernetes/a1policymanagement/templates/statefulset.yaml b/kubernetes/a1policymanagement/templates/statefulset.yaml
index 89d131e26c..b1d04074f7 100644
--- a/kubernetes/a1policymanagement/templates/statefulset.yaml
+++ b/kubernetes/a1policymanagement/templates/statefulset.yaml
@@ -30,7 +30,7 @@ spec:
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- name: {{ include "common.name" . }}-bootstrap-config
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
@@ -39,10 +39,6 @@ spec:
args:
- -c
- |
- {{- if (include "common.needTLS" .) }}
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop\
- | xargs -0)
- {{- end }}
cd /config-input
for PFILE in `ls -1`
do
@@ -55,7 +51,7 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
- name: A1CONTROLLER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- mountPath: /config-input
name: {{ include "common.fullname" . }}-policy-conf-input
- mountPath: /config
@@ -97,10 +93,10 @@ spec:
httpGet:
path: /status
port: {{ .Values.liveness.port }}
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+ scheme: HTTP
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: config
mountPath: /opt/app/policy-agent/data/application_configuration.json
subPath: application_configuration.json
@@ -111,7 +107,7 @@ spec:
mountPath: "/var/policy-management-service/database"
resources: {{ include "common.resources" . | nindent 10 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ volumes:
- name: {{ include "common.fullname" . }}-policy-conf-input
configMap:
name: {{ include "common.fullname" . }}-policy-conf
diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml
index bf49313787..93f57d3587 100644
--- a/kubernetes/a1policymanagement/values.yaml
+++ b/kubernetes/a1policymanagement/values.yaml
@@ -30,39 +30,6 @@ secrets:
password: '{{ .Values.a1controller.password }}'
passwordPolicy: required
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: a1p-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: a1p
- fqi: a1p@a1p.onap.org
- public_fqdn: a1p.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- fqi_namespace: org.onap.a1p
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 .
-
image: onap/ccsdk-oran-a1policymanagementservice:1.3.2
userID: 1000 #Should match with image-defined user ID
groupID: 999 #Should match with image-defined group ID
@@ -72,21 +39,25 @@ replicaCount: 1
service:
type: NodePort
name: a1policymanagement
- both_tls_and_plain: true
ports:
- name: api
- port: 8433
- plain_port: 8081
+ port: 8081
port_protocol: http
nodePort: '94'
+ingress:
+ enabled: false
+ service:
+ - baseaddr: 'a1policymanagement-api'
+ name: 'a1policymanagement'
+ port: 8081
+
# SDNC Credentials are used here
a1controller:
user: admin
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-sdncLink: https://sdnc.onap:8443
-sdncLinkHttp: http://sdnc.onap:8282
+sdncLink: http://sdnc.onap:8282
# The information about A1-Mediator/RICs can be added here.
# The A1 policy management service supports both STD & OSC versions.
# Alternatively, the A1 simulator from ORAN-SC can also be used. It provides STD & OSC versions for A1 termination.
diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml
index a016574dc5..7bdb79d8f9 100644
--- a/kubernetes/cps/components/cps-core/values.yaml
+++ b/kubernetes/cps/components/cps-core/values.yaml
@@ -182,7 +182,7 @@ config:
# spring.config.min-size: 10
additional:
- notification.data-updated.enabled: true
+ notification.enabled: true
notification.data-updated.topic: &dataUpdatedTopic cps.data-updated-events
notification.data-updated.filters.enabled-dataspaces: ""
notification.async.enabled: false
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml
index 8e71114c8c..2a31c73303 100644
--- a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml
@@ -49,6 +49,11 @@ logging:
onap:
cps: {{ .Values.logging.cps }}
+spring.kafka.bootstrap-servers: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+spring.kafka.security.protocol: SASL_PLAINTEXT
+spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512
+spring.kafka.properties.sasl.jaas.config: ${SASL_JAAS_CONFIG}
+
{{- if .Values.config.additional }}
{{ toYaml .Values.config.additional | nindent 2 }}
diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml
index c35519b5fc..44f11f5b9c 100644
--- a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml
+++ b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml
@@ -164,7 +164,7 @@ config:
# spring.config.min-size: 10
logging:
- level: INFO
+ level: DEBUG
cps: DEBUG
path: /tmp
diff --git a/kubernetes/nbi/Chart.yaml b/kubernetes/nbi/Chart.yaml
index ee1e330072..5f277876a3 100644
--- a/kubernetes/nbi/Chart.yaml
+++ b/kubernetes/nbi/Chart.yaml
@@ -26,9 +26,6 @@ dependencies:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: mongo
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml
index 9bab15f30c..fcb9b6e1bd 100644
--- a/kubernetes/nbi/templates/deployment.yaml
+++ b/kubernetes/nbi/templates/deployment.yaml
@@ -25,9 +25,6 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
-{{- if .Values.global.aafEnabled }}
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
-{{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -35,36 +32,20 @@ spec:
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
- -Dserver.ssl.key-store={{ .Values.certInitializer.credsPath }}/org.onap.nbi.p12 \
- -Dserver.ssl.key-store-type=PKCS12 \
- -Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/org.onap.nbi.trust.jks \
- -Dserver.ssl.key-store-password=$cadi_keystore_password_p12 \
- -Djavax.net.ssl.trustStoreType=jks\
- -Djava.security.egd=file:/dev/./urandom -Dserver.port=8443"
- exec java -XX:+UseContainerSupport $JAVA_OPTS -jar /opt/onap/app.jar
- {{- end }}
{{ if .Values.liveness.enabled }}
livenessProbe:
httpGet:
- port: {{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }}
+ port: {{ .Values.service.internalPort }}
path: {{ .Values.liveness.path }}
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+ scheme: HTTP
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
httpGet:
- port: {{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }}
+ port: {{ .Values.service.internalPort }}
path: {{ .Values.readiness.path }}
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+ scheme: HTTP
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
@@ -91,15 +72,15 @@ spec:
- name: ONAP_K8SCLOUDOWNER
value: {{ .Values.config.k8sCloudOwner }}
- name: NBI_URL
- value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://nbi.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }}/nbi/api/v4"
+ value: "http://nbi.{{ include "common.namespace" . }}:{{ .Values.service.internalPort }}/nbi/api/v4"
- name: SDC_HOST
- value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://sdc-be.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}8443{{ else }}8080{{ end }}"
+ value: "http://sdc-be.{{ include "common.namespace" . }}:8080"
- name: SDC_HEADER_ECOMPINSTANCEID
value: {{ .Values.config.ecompInstanceId }}
- name: SDC_HEADER_AUTHORIZATION
value: {{ .Values.sdc_authorization }}
- name: AAI_HOST
- value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://aai.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}8443{{ else }}80{{ end }}"
+ value: "http://aai.{{ include "common.namespace" . }}:80"
- name: AAI_HEADER_AUTHORIZATION
value: {{ .Values.aai_authorization }}
- name: SO_HOST
@@ -118,7 +99,7 @@ spec:
value: "msb-discovery.{{ include "common.namespace" . }}"
- name: MSB_DISCOVERY_PORT
value: "10081"
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }}
+ volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -132,7 +113,7 @@ spec:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/nbi/tests/deployment_test.yaml b/kubernetes/nbi/tests/deployment_test.yaml
index 7c8a1b0dbb..fe9d0d2977 100644
--- a/kubernetes/nbi/tests/deployment_test.yaml
+++ b/kubernetes/nbi/tests/deployment_test.yaml
@@ -98,7 +98,7 @@ tests:
path: spec.template.spec.containers[0].env
content:
name: SDC_HOST
- value: https://sdc-be.NAMESPACE:8443
+ value: http://sdc-be.NAMESPACE:8080
- contains:
path: spec.template.spec.containers[0].env
content:
@@ -113,7 +113,7 @@ tests:
path: spec.template.spec.containers[0].env
content:
name: AAI_HOST
- value: https://aai.NAMESPACE:8443
+ value: http://aai.NAMESPACE:80
- contains:
path: spec.template.spec.containers[0].env
content:
diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml
index dc323675ad..e2b7341b7c 100644
--- a/kubernetes/nbi/values.yaml
+++ b/kubernetes/nbi/values.yaml
@@ -24,31 +24,7 @@ global:
service: mariadb-galera
internalPort: 3306
nameOverride: mariadb-galera
- aafEnabled: true
- msbEnabled: true
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: nbi-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: nbi
- fqi: nbi@nbi.onap.org
- public_fqdn: nbi.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: >
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
-
-aafConfig:
- permission_user: 1000
- permission_group: 999
+ msbEnabled: false
#################################################################
# Secrets metaconfig
@@ -150,12 +126,10 @@ service:
type: NodePort
portName: api
name: nbi
- internalPort: 8443
- internalPlainPort: 8080
+ internalPort: 8080
ports:
- name: http
- port: 8443
- plain_port: 8080
+ port: 8080
nodePort: '74'
ingress:
@@ -163,8 +137,7 @@ ingress:
service:
- baseaddr: "nbi-api"
name: "nbi"
- port: 8443
- plain_port: 8080
+ port: 8080
config:
ssl: "redirect"
# Resource Limit flavor -By Default using small
diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml
index 8c41754da5..c9d29ce2ca 100755
--- a/kubernetes/policy/Chart.yaml
+++ b/kubernetes/policy/Chart.yaml
@@ -67,6 +67,10 @@ dependencies:
version: ~12.x-0
repository: 'file://components/policy-clamp-ac-a1pms-ppnt'
condition: policy-clamp-ac-a1pms-ppnt.enabled
+ - name: policy-clamp-ac-kserve-ppnt
+ version: ~12.x-0
+ repository: 'file://components/policy-clamp-ac-kserve-ppnt'
+ condition: policy-clamp-ac-kserve-ppnt.enabled
- name: policy-clamp-ac-pf-ppnt
version: ~12.x-0
repository: 'file://components/policy-clamp-ac-pf-ppnt'
diff --git a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml
index c91569f1ed..f7f0757558 100755
--- a/kubernetes/policy/components/policy-apex-pdp/Chart.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/Chart.yaml
@@ -2,6 +2,7 @@
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,9 +28,6 @@ dependencies:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
index 9136b6ed91..2fe354e2c0 100755
--- a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
+++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json
@@ -5,7 +5,7 @@
"port": 6969,
"userName": "${RESTSERVER_USER}",
"password": "${RESTSERVER_PASSWORD}",
- "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "https": "false",
"prometheus": true
},
"pdpStatusParameters":{
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml
index 6a4d28bc4b..f96e81074e 100755
--- a/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml
@@ -1,6 +1,7 @@
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,29 +19,4 @@
# ============LICENSE_END=========================================================
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- sessionAffinity: None
+{{ include "common.service" . }}
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
index dd1c047aad..6213fecb31 100755
--- a/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/statefulset.yaml
@@ -3,6 +3,7 @@
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# Modifications Copyright © 2022 Nordix Foundation
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -22,25 +23,13 @@
apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
serviceName: {{ include "common.servicename" . }}
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
@@ -49,10 +38,6 @@ spec:
- -c
- "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- - name: TRUSTSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }}
- - name: KEYSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 10 }}
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
@@ -69,40 +54,29 @@ spec:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["sh","-c"]
- args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
- . {{ .Values.certInitializer.credsPath }}/.ci; fi;\
- /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"]
- ports:
- - containerPort: {{ .Values.service.externalPort }}
+ args: ["/opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"]
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.externalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{- end }}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.externalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: REPLICAS
value: "{{ .Values.replicaCount }}"
-{{- if not .Values.global.aafEnabled }}
- - name: KEYSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 12 }}
-{{- end }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -121,7 +95,6 @@ spec:
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
index 10e4da4a99..3ea694fb06 100755
--- a/kubernetes/policy/components/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -2,6 +2,7 @@
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
# Modifications Copyright © 2022 Nordix Foundation
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -23,7 +24,6 @@
#################################################################
global:
nodePortPrefix: 302
- aafEnabled: true
persistence: {}
#################################################################
@@ -35,16 +35,6 @@ secrets:
externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
- - uid: truststore-pass
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
- - uid: keystore-pass
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- uid: policy-kafka-user
externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
type: genericKV
@@ -68,29 +58,6 @@ debugEnabled: false
restServer:
user: healthcheck
password: zb!XztG34
-truststore:
- password: Pol1cy_0nap
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-apex-pdp-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 101
- gid: 102
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWORD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
# default number of instances
replicaCount: 1
@@ -114,10 +81,10 @@ readiness:
service:
type: ClusterIP
name: policy-apex-pdp
- portName: http
- externalPort: 6969
internalPort: 6969
- nodePort: 37
+ ports:
+ - name: http
+ port: 6969
ingress:
enabled: false
@@ -157,7 +124,7 @@ metrics:
enabled: true
port: policy-apex-pdp
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-apex-pdp-restserver-creds
diff --git a/kubernetes/policy/components/policy-api/Chart.yaml b/kubernetes/policy/components/policy-api/Chart.yaml
index 49c067b639..1ce7d969f5 100755
--- a/kubernetes/policy/components/policy-api/Chart.yaml
+++ b/kubernetes/policy/components/policy-api/Chart.yaml
@@ -2,6 +2,7 @@
# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -27,9 +28,6 @@ dependencies:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
index 53ab355332..269ecd5f5f 100644
--- a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
+++ b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
@@ -1,6 +1,7 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2022 Bell Canada. All rights reserved.
# Modifications Copyright (C) 2022 AT&T Intellectual Property.
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -20,7 +21,7 @@
server:
port: {{ .Values.service.internalPort }}
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
servlet:
context-path: /policy/api/v1
diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml
index b791614b92..580dcdde86 100755
--- a/kubernetes/policy/components/policy-api/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml
@@ -1,23 +1,11 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
@@ -56,26 +44,13 @@ spec:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 8 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/apiParameters.yaml"]
-{{- else }}
command: ["/opt/app/policy/api/bin/policy-api.sh"]
args: ["/opt/app/policy/api/etc/mounted/apiParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
@@ -92,14 +67,13 @@ spec:
httpHeaders:
- name: Authorization
value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+ scheme: HTTP
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeout }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -116,7 +90,6 @@ spec:
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/policy/components/policy-api/templates/service.yaml b/kubernetes/policy/components/policy-api/templates/service.yaml
index b5dee39e60..abb9a44bbe 100755
--- a/kubernetes/policy/components/policy-api/templates/service.yaml
+++ b/kubernetes/policy/components/policy-api/templates/service.yaml
@@ -1,6 +1,7 @@
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,28 +19,4 @@
# ============LICENSE_END=========================================================
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml
index 429e9eaf2b..2ec88ee82e 100755
--- a/kubernetes/policy/components/policy-api/values.yaml
+++ b/kubernetes/policy/components/policy-api/values.yaml
@@ -1,6 +1,7 @@
# ============LICENSE_START=======================================================
# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright (C) 2022 Bell Canada. All rights reserved.
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -23,7 +24,6 @@
global:
nodePortPrefix: 304
persistence: {}
- aafEnabled: true
#################################################################
# Secrets metaconfig
@@ -41,39 +41,6 @@ secrets:
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-api-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
#################################################################
# Application configuration defaults.
@@ -123,10 +90,11 @@ readiness:
service:
type: ClusterIP
name: policy-api
- portName: http
- externalPort: 6969
internalPort: 6969
- nodePort: 40
+ ports:
+ - name: http
+ port: 6969
+
ingress:
enabled: false
@@ -164,7 +132,7 @@ metrics:
enabled: true
port: policy-api
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-api-user-creds
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml
index a4810bae57..1c3c100022 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/templates/deployment.yaml
@@ -62,11 +62,6 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/clamp/bin/a1pms-participant.sh"]
args: ["/opt/app/policy/clamp/etc/mounted/A1pmsParticipantParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
diff --git a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
index 885f2c9793..b90c33766e 100755
--- a/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-a1pms-ppnt/values.yaml
@@ -21,7 +21,6 @@
#################################################################
global:
persistence: {}
- aafEnabled: false
#Strimzi Kafka properties
useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
@@ -38,20 +37,6 @@ secrets:
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
#################################################################
# Application configuration defaults.
@@ -109,8 +94,6 @@ service:
ports:
- name: a1pms-api
port: 8086
- nodePort: 42
-
flavor: small
resources:
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml
index 65126ca6b6..d9af15f0cd 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml
@@ -25,9 +25,6 @@ dependencies:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
index bae543e187..6cc45cc5c6 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml
@@ -91,5 +91,5 @@ server:
servlet:
context-path: /onap/httpparticipant
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml
index 550957b717..dddae1da50 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml
@@ -56,24 +56,12 @@ spec:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/clamp/bin/http-participant.sh /opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"]
-{{- else }}
command: ["/opt/app/policy/clamp/bin/http-participant.sh"]
args: ["/opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
@@ -90,7 +78,6 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -107,7 +94,6 @@ spec:
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
index 5c897c23e4..6f60fec111 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
@@ -21,7 +21,6 @@
#################################################################
global:
persistence: {}
- aafEnabled: false
#Strimzi Kafka properties
useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
@@ -38,39 +37,6 @@ secrets:
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-clamp-ac-http-ppnt-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
#################################################################
# Application configuration defaults.
@@ -115,12 +81,9 @@ readiness:
service:
type: ClusterIP
name: *componentName
- useNodePortExt: true
ports:
- name: http-api
port: 8084
- nodePort: 42
-
flavor: small
resources:
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml
index c979d7de4a..a547bc143a 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml
@@ -27,9 +27,6 @@ dependencies:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
index 30df5df082..761f19c5e3 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml
@@ -95,7 +95,7 @@ server:
servlet:
context-path: /onap/policy/clamp/acm/k8sparticipant
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
logging:
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml
index 0baf6c73b3..df454485c8 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml
@@ -56,24 +56,12 @@ spec:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/clamp/bin/kubernetes-participant.sh /opt/app/policy/clamp/etc/mounted/KubernetesParticipantParameters.yaml"]
-{{- else }}
command: ["/opt/app/policy/clamp/bin/kubernetes-participant.sh"]
args: ["/opt/app/policy/clamp/etc/mounted/KubernetesParticipantParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
@@ -90,7 +78,6 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -107,7 +94,6 @@ spec:
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
index 8682d147b4..985399a893 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
@@ -22,7 +22,6 @@
global:
nodePortPrefixExt: 304
persistence: {}
- aafEnabled: false
#Strimzi Kafka properties
useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
@@ -39,39 +38,6 @@ secrets:
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-clamp-ac-k8s-ppnt-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
#################################################################
# Application configuration defaults.
@@ -113,11 +79,9 @@ readiness:
service:
type: ClusterIP
name: *componentName
- useNodePortExt: true
ports:
- name: http-api
port: 8083
- nodePort: 42
ingress:
enabled: false
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml
new file mode 100755
index 0000000000..f62c37aa2f
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/Chart.yaml
@@ -0,0 +1,36 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy Clamp Kserve Participant
+name: policy-clamp-ac-kserve-ppnt
+version: 12.0.0
+
+dependencies:
+ - name: common
+ version: ~12.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~12.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~12.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~12.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml
new file mode 100755
index 0000000000..af9d46a807
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/KserveParticipantParameters.yaml
@@ -0,0 +1,112 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+spring:
+ cloud:
+ kubernetes:
+ enabled: false
+ discovery:
+ enabled: false
+ security:
+ user:
+ name: ${RESTSERVER_USER}
+ password: ${RESTSERVER_PASSWORD}
+ autoconfigure:
+ exclude:
+ - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+ - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration
+ - org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
+ - org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration
+ - io.kubernetes.client.spring.extended.manifests.config.KubernetesManifestsAutoConfiguration
+ - io.kubernetes.client.spring.extended.network.config.KubernetesLoadBalancerAutoConfiguration
+
+security:
+ enable-csrf: false
+
+participant:
+ intermediaryParameters:
+ reportingTimeIntervalMs: 120000
+ description: Participant Description
+ participantId: 101c62b3-8918-41b9-a747-d21eb79c6c04
+ clampAutomationCompositionTopics:
+ topicSources:
+ -
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ group.id: {{ (first .Values.kafkaUser.acls).name }}
+ allow.auto.create.topics: false
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
+ topicCommInfrastructure: dmaap
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
+ topicSinks:
+ -
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ {{ if .Values.global.useStrimziKafka }}
+ topicCommInfrastructure: kafka
+ servers:
+ - {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+ additionalProps:
+ client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ {{ else }}
+ topicCommInfrastructure: dmaap
+ servers:
+ - ${topicServer:message-router}
+ {{ end }}
+ participantSupportedElementTypes:
+ -
+ typeName: org.onap.policy.clamp.acm.KserveAutomationCompositionElement
+ typeVersion: 1.0.1
+ -
+ typeName: org.onap.policy.clamp.acm.AutomationCompositionElement
+ typeVersion: 1.0.0
+
+customresourcedefinition:
+ group: serving.kserve.io
+ version: v1beta1
+ plural: inferenceservices
+ grace-period: 10
+
+management:
+ endpoints:
+ web:
+ base-path: /
+ exposure:
+ include: health, metrics, prometheus
+server:
+ port: 8087
+ servlet:
+ context-path: /onap/policy/clamp/acm/kserveparticipant
+ ssl:
+ enabled: false
+
+
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/logback.xml
new file mode 100755
index 0000000000..897d62a487
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/resources/config/logback.xml
@@ -0,0 +1,103 @@
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2023 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/kserve-participant/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/kserve-participant/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/kserve-participant/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/kserve-participant/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/kserve-participant/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/kserve-participant/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/configmap.yaml
new file mode 100755
index 0000000000..d3e2833904
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/configmap.yaml
@@ -0,0 +1,32 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml
new file mode 100755
index 0000000000..1067a7e24a
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/deployment.yaml
@@ -0,0 +1,108 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+{{- if not .Values.global.useStrimziKafka }}
+{{ include "common.readinessCheck.waitFor" . | nindent 6 }}
+{{- end }}
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
+{{- if .Values.global.useStrimziKafka }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+{{- end }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: ac-kserve-ppnt-config
+ - mountPath: /config
+ name: ac-kserve-ppnt-config-processed
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/opt/app/policy/clamp/bin/kserve-participant.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/KserveParticipantParameters.yaml"]
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: ac-kserve-ppnt-config-processed
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: ac-kserve-ppnt-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: ac-kserve-ppnt-config-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml
new file mode 100755
index 0000000000..16a3f72049
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/kafkauser.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkauser" . }}
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/secrets.yaml
new file mode 100755
index 0000000000..339fe339c5
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/secrets.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml
new file mode 100644
index 0000000000..ac5ee0b72f
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/templates/service.yaml
@@ -0,0 +1,38 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "common.namespace" . }}-policy-clamp-ac-kserve-ppnt-binding
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cluster-admin
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
+ namespace: {{ include "common.namespace" . }}
diff --git a/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
new file mode 100755
index 0000000000..cef5200eb6
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-ac-kserve-ppnt/values.yaml
@@ -0,0 +1,130 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ #Strimzi Kafka properties
+ useStrimziKafka: set-via-parent-chart-global-value
+ kafkaTopics:
+ acRuntimeTopic:
+ name: &acRuntimeTopic policy.clamp-runtime-acm
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: restserver-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/policy-clamp-ac-kserve-ppnt:6.4.1
+pullPolicy: Always
+
+componentName: &componentName policy-clamp-ac-kserve-ppnt
+
+# application configuration
+restServer:
+ user: participantUser
+ password: zb!XztG34
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+ingress:
+ enabled: false
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: kserve-api
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ port: kserve-api
+
+service:
+ type: ClusterIP
+ name: *componentName
+ ports:
+ - name: kserve-api
+ port: 8087
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: *componentName
+ roles:
+ - create
+
+config:
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
+# additional:
+# spring.config.max-size: 200
+# spring.config.min-size: 10
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: *componentName
+ type: group
+ operations: [Read]
+ - name: *acRuntimeTopic
+ type: topic
+ operations: [Read, Write]
+
+readinessCheck:
+ wait_for:
+ - message-router \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml
index a7b7ba8cd8..3d56b169d4 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml
@@ -25,9 +25,6 @@ dependencies:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
index 9bfeefaf76..f4c26e430a 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml
@@ -39,7 +39,7 @@ participant:
port: 6969
userName: ${API_USER}
password: ${API_PASSWORD}
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
allowSelfSignedCerts: true
policyPapParameters:
clientName: pap
@@ -47,7 +47,7 @@ participant:
port: 6969
userName: ${PAP_USER}
password: ${PAP_PASSWORD}
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
allowSelfSignedCerts: true
intermediaryParameters:
reportingTimeIntervalMs: 120000
@@ -109,5 +109,5 @@ server:
servlet:
context-path: /onap/policyparticipant
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml
index 726daf1180..a13b9f712f 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml
@@ -64,24 +64,12 @@ spec:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/clamp/bin/policy-participant.sh /opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"]
-{{- else }}
command: ["/opt/app/policy/clamp/bin/policy-participant.sh"]
args: ["/opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
@@ -98,7 +86,6 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -115,7 +102,6 @@ spec:
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
index 206d6e37fa..83839f80bf 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
@@ -21,7 +21,6 @@
#################################################################
global:
persistence: {}
- aafEnabled: false
#Strimzi Kafka properties
useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
@@ -50,39 +49,6 @@ secrets:
login: '{{ .Values.restServer.pap.user }}'
password: '{{ .Values.restServer.pap.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-clamp-ac-pf-ppnt-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
#################################################################
# Application configuration defaults.
@@ -135,11 +101,10 @@ readiness:
service:
type: ClusterIP
name: *componentName
- useNodePortExt: true
+ internalPort: 8085
ports:
- name: http-api
port: 8085
- nodePort: 42
flavor: small
resources:
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml
index e08bd4d490..798dd21a38 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml
@@ -27,9 +27,6 @@ dependencies:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
index e9adad70cb..28faa7feed 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml
@@ -55,7 +55,7 @@ server:
error:
path: /error
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
runtime:
participantParameters:
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml
index 5ec20ca7a3..27bc013f0e 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/templates/deployment.yaml
@@ -74,24 +74,12 @@ spec:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/clamp/bin/acm-runtime.sh /opt/app/policy/clamp/etc/mounted/acRuntimeParameters.yaml"]
-{{- else }}
command: ["/opt/app/policy/clamp/bin/acm-runtime.sh"]
args: ["/opt/app/policy/clamp/etc/mounted/acRuntimeParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
@@ -108,7 +96,6 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -125,7 +112,6 @@ spec:
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
index e35a6c00a8..0ec4be4726 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
@@ -22,7 +22,6 @@
global:
nodePortPrefixExt: 304
persistence: {}
- aafEnabled: false
#Strimzi Kafka properties
useStrimziKafka: set-via-parent-chart-global-value
kafkaTopics:
@@ -39,16 +38,6 @@ secrets:
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
- uid: runtime-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
@@ -56,29 +45,6 @@ secrets:
password: '{{ .Values.config.policyAppUserPassword }}'
passwordPolicy: required
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-clamp-runtime-acm-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
-
#################################################################
# Application configuration defaults.
#################################################################
@@ -131,7 +97,7 @@ affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 20
+ initialDelaySeconds: 60
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
@@ -139,18 +105,16 @@ liveness:
port: http-api
readiness:
- initialDelaySeconds: 20
+ initialDelaySeconds: 60
periodSeconds: 10
port: http-api
service:
type: ClusterIP
name: *componentName
- useNodePortExt: true
ports:
- name: http-api
port: 6969
- nodePort: 42
ingress:
enabled: false
diff --git a/kubernetes/policy/components/policy-distribution/Chart.yaml b/kubernetes/policy/components/policy-distribution/Chart.yaml
index 778bfb60c8..8d5790804b 100755
--- a/kubernetes/policy/components/policy-distribution/Chart.yaml
+++ b/kubernetes/policy/components/policy-distribution/Chart.yaml
@@ -27,9 +27,6 @@ dependencies:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/policy/components/policy-distribution/resources/config/config.json b/kubernetes/policy/components/policy-distribution/resources/config/config.json
index 0db30b2fdd..8def9aebd8 100755
--- a/kubernetes/policy/components/policy-distribution/resources/config/config.json
+++ b/kubernetes/policy/components/policy-distribution/resources/config/config.json
@@ -27,7 +27,7 @@
"port":6969,
"userName":"${RESTSERVER_USER}",
"password":"${RESTSERVER_PASSWORD}",
- "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "https": "false",
"prometheus": true
},
"receptionHandlerParameters":{
@@ -98,7 +98,7 @@
"port": 6969,
"userName": "${API_USER}",
"password": "${API_PASSWORD}",
- "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ "useHttps": "false"
},
"papParameters": {
"clientName": "policy-pap",
@@ -106,7 +106,7 @@
"port": 6969,
"userName": "${PAP_USER}",
"password": "${PAP_PASSWORD}",
- "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ "useHttps": "false"
},
"deployPolicies": true
}
diff --git a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml
index 7a3f6d78a3..f11fe83ba9 100755
--- a/kubernetes/policy/components/policy-distribution/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-distribution/templates/deployment.yaml
@@ -20,24 +20,12 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
@@ -70,7 +58,6 @@ spec:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -81,20 +68,9 @@ spec:
secretKeyRef:
name: {{ include "common.name" . }}-ku
key: sasl.jaas.config
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/distribution/bin/policy-dist.sh /opt/app/policy/distribution/etc/mounted/config.json"]
-{{- else }}
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
command: ["/opt/app/policy/distribution/bin/policy-dist.sh"]
args: ["/opt/app/policy/distribution/etc/mounted/config.json"]
-{{- end }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
@@ -110,7 +86,6 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -127,7 +102,6 @@ spec:
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/policy/components/policy-distribution/templates/service.yaml b/kubernetes/policy/components/policy-distribution/templates/service.yaml
index f8fa5415ba..ef4f2613cf 100755
--- a/kubernetes/policy/components/policy-distribution/templates/service.yaml
+++ b/kubernetes/policy/components/policy-distribution/templates/service.yaml
@@ -19,21 +19,4 @@
# ============LICENSE_END=========================================================
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index 457f5b3c77..e744d09920 100755
--- a/kubernetes/policy/components/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -46,16 +46,6 @@ secrets:
login: '{{ .Values.sdcBe.user }}'
password: '{{ .Values.sdcBe.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
#################################################################
# Global configuration defaults.
@@ -97,27 +87,6 @@ papParameters:
sdcBe:
user: policy
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-distribution-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
# default number of instances
replicaCount: 1
@@ -141,9 +110,10 @@ readiness:
service:
type: ClusterIP
name: policy-distribution
- portName: http
- externalPort: 6969
internalPort: 6969
+ ports:
+ - name: http
+ port: 6969
ingress:
enabled: false
@@ -181,7 +151,7 @@ metrics:
enabled: true
port: policy-distribution
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-distribution-restserver-creds
diff --git a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml
index 465d16bdf0..37a8f85c15 100755
--- a/kubernetes/policy/components/policy-drools-pdp/Chart.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/Chart.yaml
@@ -24,9 +24,6 @@ dependencies:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
index a0b8bc7c4a..cf3c54aab4 100755
--- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
@@ -49,15 +49,9 @@ MYSQL_CMD=
# Liveness
LIVENESS_CONTROLLERS=*
-# AAF
-
-AAF={{.Values.aaf.enabled}}
-AAF_NAMESPACE=org.onap.policy
-AAF_HOST=aaf-locate.{{.Release.Namespace}}
-
# HTTP Servers
-HTTP_SERVER_HTTPS={{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+HTTP_SERVER_HTTPS="false"
PROMETHEUS=true
# PDP-D DMaaP configuration channel
@@ -103,7 +97,7 @@ DMAAP_HTTPS="false"
# AAI
AAI_HOST=aai.{{.Release.Namespace}}
-AAI_PORT={{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}
+AAI_PORT=8080
AAI_CONTEXT_URI=
# MSO
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf b/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf
index a2a34056f1..c535a950b5 100755
--- a/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/secrets/credentials.conf
@@ -18,12 +18,6 @@
# ============LICENSE_END=========================================================
*/}}
-{{- if not .Values.global.aafEnabled }}
-KEYSTORE_PASSWD={{.Values.keystore.password}}
-{{- end }}
-
-TRUSTSTORE_PASSWD={{.Values.truststore.password}}
-
TELEMETRY_USER={{.Values.telemetry.user}}
TELEMETRY_PASSWORD={{.Values.telemetry.password}}
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml
index 619d0d4441..c7322b1f94 100755
--- a/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml
@@ -15,34 +15,5 @@
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort }}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
+
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
index b11dedf201..4ce90dad1a 100755
--- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
@@ -17,25 +17,13 @@
apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
serviceName: {{ include "common.servicename" . }}
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
@@ -68,19 +56,13 @@ spec:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
{{- end }}
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["sh","-c"]
- args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
- source {{ .Values.certInitializer.credsPath }}/.ci; fi;\
- cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
- /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"]
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- - containerPort: {{ .Values.service.externalPort2 }}
+ args: ["/opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"]
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
httpGet:
@@ -92,7 +74,7 @@ spec:
{{- end }}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.externalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
@@ -103,7 +85,6 @@ spec:
- name: SQL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -128,7 +109,6 @@ spec:
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml
index ec31bfb7d9..7cc347c519 100755
--- a/kubernetes/policy/components/policy-drools-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml
@@ -70,50 +70,19 @@ readiness:
service:
type: ClusterIP
name: policy-drools-pdp
- portName: http
internalPort: 6969
- externalPort: 6969
- nodePort: 17
- internalPort2: 9696
- externalPort2: 9696
- nodePort2: 21
+ ports:
+ - name: http
+ port: 6969
+ - name: http-2
+ port: 9696
ingress:
enabled: false
-# Default installation values to be overridden
-
-certInitializer:
- nameOverride: policy-drools-pdp-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- echo "export CADI_KEYFILE='{{ .Values.credsPath }}/org.onap.policy.keyfile'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
server:
jvmOpts: -server -XshowSettings:vm
-aaf:
- enabled: "false"
-
-keystore:
- password: Pol1cy_0nap
-
-truststore:
- password: Pol1cy_0nap
-
telemetry:
user: demo@people.osaaf.org
password: demo123456!
@@ -212,7 +181,7 @@ metrics:
enabled: true
port: policy-drools-pdp-9696
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-drools-pdp-telemetry-creds
diff --git a/kubernetes/policy/components/policy-gui/Chart.yaml b/kubernetes/policy/components/policy-gui/Chart.yaml
index b2769c3e7a..e1d809d41b 100644
--- a/kubernetes/policy/components/policy-gui/Chart.yaml
+++ b/kubernetes/policy/components/policy-gui/Chart.yaml
@@ -24,9 +24,6 @@ name: policy-gui
version: 12.0.0
dependencies:
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/policy/components/policy-gui/resources/config/application.yml b/kubernetes/policy/components/policy-gui/resources/config/application.yml
index 9be81d8ddd..f81a1b452a 100644
--- a/kubernetes/policy/components/policy-gui/resources/config/application.yml
+++ b/kubernetes/policy/components/policy-gui/resources/config/application.yml
@@ -1,18 +1,12 @@
server:
port: 2443
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
-# enabled-protocols: TLSv1.2
-# client-auth: want
-# key-store: file:${KEYSTORE}
-# key-store-password: ${KEYSTORE_PASSWD}
-# trust-store: file:${TRUSTSTORE}
-# trust-store-password: ${TRUSTSTORE_PASSWD}
+ enabled: false
clamp:
url:
- disable-ssl-validation: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }}
- disable-ssl-hostname-check: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }}
+ disable-ssl-validation: true
+ disable-ssl-hostname-check: true
apex-editor:
upload-url:
diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
index 8513943150..7a573d0356 100644
--- a/kubernetes/policy/components/policy-gui/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
@@ -20,24 +20,12 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
@@ -46,14 +34,6 @@ spec:
- -c
- "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- - name: KEYSTORE
- value: {{ .Values.certStores.keystoreLocation }}
- - name: KEYSTORE_PASSWD
- value: {{ .Values.certStores.keyStorePassword }}
- - name: TRUSTSTORE
- value: {{ .Values.certStores.truststoreLocation }}
- - name: TRUSTSTORE_PASSWD
- value: {{ .Values.certStores.trustStorePassword }}
- name: POLICY_LOGS
value: {{ .Values.log.path }}
volumeMounts:
@@ -78,7 +58,6 @@ spec:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
-{{ include "common.certInitializer.initContainer" . | nindent 6 }}
containers:
# side car containers
{{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
@@ -86,18 +65,8 @@ spec:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if not (include "common.onServiceMesh" .) }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"]
- env:
-{{ else }}
command: ["/opt/app/policy/gui/bin/policy-gui.sh"]
env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{ end }}
- name: CLAMP_URL
value: http://policy-clamp-runtime-acm:6969
ports:
@@ -116,7 +85,7 @@ spec:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ volumeMounts:
- name: logs
mountPath: {{ .Values.log.path }}
- mountPath: /opt/app/policy/gui/etc/application.yml
@@ -135,7 +104,7 @@ spec:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
diff --git a/kubernetes/policy/components/policy-gui/templates/service.yaml b/kubernetes/policy/components/policy-gui/templates/service.yaml
index 827e93a4f2..36406228d5 100644
--- a/kubernetes/policy/components/policy-gui/templates/service.yaml
+++ b/kubernetes/policy/components/policy-gui/templates/service.yaml
@@ -18,29 +18,4 @@
# ============LICENSE_END=========================================================
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
+{{ include "common.service" . }}
diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml
index 178aa4e67c..8b41911799 100644
--- a/kubernetes/policy/components/policy-gui/values.yaml
+++ b/kubernetes/policy/components/policy-gui/values.yaml
@@ -22,52 +22,6 @@
global: # global defaults
nodePortPrefix: 304
centralizedLoggingEnabled: true
- #AAF service
- aafEnabled: true
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- keystoreLocation: /opt/app/policy/gui/etc/ssl/policy-keystore
- truststoreLocation: /opt/app/policy/gui/etc/ssl/policy-truststore
- trustStorePassword: Pol1cy_0nap
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: policy-gui-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export TRUSTSTORE='{{ .Values.credsPath }}/org.onap.policy.trust.jks'" >> {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- echo "export TRUSTSTORE_PASSWD='${cadi_truststore_password}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
subChartsOnly:
enabled: true
@@ -118,9 +72,11 @@ readiness:
service:
type: NodePort
name: policy-gui
- portName: http
internalPort: 2443
- nodePort: 43
+ ports:
+ - name: http
+ port: 2443
+ nodePort: 43
# see https://wiki.onap.org/display/DW/OOM+NodePort+List
diff --git a/kubernetes/policy/components/policy-nexus/templates/deployment.yaml b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml
index 4c945f4605..b18be93805 100755
--- a/kubernetes/policy/components/policy-nexus/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-nexus/templates/deployment.yaml
@@ -17,24 +17,12 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command: ["sh", "-c", "chown -R 200:200 /share"]
diff --git a/kubernetes/policy/components/policy-nexus/templates/service.yaml b/kubernetes/policy/components/policy-nexus/templates/service.yaml
index 6bec5619f6..6aee4ca230 100755
--- a/kubernetes/policy/components/policy-nexus/templates/service.yaml
+++ b/kubernetes/policy/components/policy-nexus/templates/service.yaml
@@ -15,28 +15,4 @@
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-nexus/values.yaml b/kubernetes/policy/components/policy-nexus/values.yaml
index ac0028d1d9..a7fcdaf832 100755
--- a/kubernetes/policy/components/policy-nexus/values.yaml
+++ b/kubernetes/policy/components/policy-nexus/values.yaml
@@ -56,10 +56,10 @@ readiness:
service:
type: ClusterIP
name: policy-nexus
- portName: http
- externalPort: 8081
internalPort: 8081
- nodePort: 36
+ ports:
+ - name: http
+ port: 8081
ingress:
enabled: false
diff --git a/kubernetes/policy/components/policy-pap/Chart.yaml b/kubernetes/policy/components/policy-pap/Chart.yaml
index 41ec369108..ef41d38f08 100755
--- a/kubernetes/policy/components/policy-pap/Chart.yaml
+++ b/kubernetes/policy/components/policy-pap/Chart.yaml
@@ -28,9 +28,6 @@ dependencies:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
index 3063136540..7f6f508c03 100644
--- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
+++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
@@ -57,7 +57,7 @@ spring:
server:
port: 6969
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
servlet:
context-path: /policy/pap/v1
@@ -119,14 +119,14 @@ pap:
port: 6969
userName: "${API_USER}"
password: "${API_PASSWORD}"
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ useHttps: false
basePath: policy/api/v1/healthcheck
- clientName: distribution
hostname: policy-distribution
port: 6969
userName: "${DISTRIBUTION_USER}"
password: "${DISTRIBUTION_PASSWORD}"
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ useHttps: false
basePath: healthcheck
- clientName: dmaap
hostname: message-router
diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
index f29ab865f1..201f48776d 100755
--- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml
@@ -77,24 +77,12 @@ spec:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/papParameters.yaml"]
-{{- else }}
command: ["/opt/app/policy/pap/bin/policy-pap.sh"]
args: ["/opt/app/policy/pap/etc/mounted/papParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
@@ -112,14 +100,13 @@ spec:
httpHeaders:
- name: Authorization
value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
- scheme: {{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}
+ scheme: "HTTP"
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeout }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -136,7 +123,6 @@ spec:
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index 665ef789f9..8a638f60bc 100755
--- a/kubernetes/policy/components/policy-pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -25,7 +25,6 @@
global:
nodePortPrefixExt: 304
persistence: {}
- aafEnabled: true
#################################################################
# Secrets metaconfig
@@ -55,16 +54,6 @@ secrets:
login: '{{ .Values.healthCheckRestClient.distribution.user }}'
password: '{{ .Values.healthCheckRestClient.distribution.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
- uid: policy-kafka-user
externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
type: genericKV
@@ -73,29 +62,6 @@ secrets:
value: '{{ .Values.config.someConfig }}'
policy: generate
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-pap-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
-
#################################################################
# Application configuration defaults.
#################################################################
@@ -155,11 +121,9 @@ readiness:
service:
type: ClusterIP
name: policy-pap
- useNodePortExt: true
ports:
- name: http-api
port: 6969
- nodePort: 42
ingress:
enabled: false
@@ -197,7 +161,7 @@ metrics:
enabled: true
port: http-api
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-pap-user-creds
diff --git a/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml
index 4a5e8d15fa..f08e244f9b 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/Chart.yaml
@@ -27,9 +27,6 @@ dependencies:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
index d049626106..08dcb67182 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
+++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json
@@ -26,7 +26,7 @@
"port": 6969,
"userName": "${RESTSERVER_USER}",
"password": "${RESTSERVER_PASSWORD}",
- "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "https": "false",
"aaf": false,
"prometheus": true
},
@@ -35,7 +35,7 @@
"port": 6969,
"userName": "${API_USER}",
"password": "${API_PASSWORD}",
- "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "useHttps": "false",
"aaf": false
},
"applicationParameters": {
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
index 30500428bf..ee5a5722c0 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/deployment.yaml
@@ -20,24 +20,12 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
@@ -80,24 +68,12 @@ spec:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/pdpx/bin/policy-pdpx.sh /opt/app/policy/pdpx/etc/mounted/config.json"]
-{{- else }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
@@ -115,7 +91,6 @@ spec:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
@@ -132,7 +107,6 @@ spec:
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml
index 42995c8985..3e76c2ba36 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml
@@ -18,22 +18,4 @@
# ============LICENSE_END=========================================================
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }} \ No newline at end of file
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index 74be6f3b88..44ae16de1d 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -21,7 +21,6 @@
#################################################################
global:
persistence: {}
- aafEnabled: true
#################################################################
# Secrets metaconfig
@@ -45,39 +44,6 @@ secrets:
login: '{{ .Values.apiServer.user }}'
password: '{{ .Values.apiServer.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-xacml-pdp-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
#################################################################
# Application configuration defaults.
@@ -128,9 +94,10 @@ readiness:
service:
type: ClusterIP
name: policy-xacml-pdp
- portName: http
- externalPort: 6969
internalPort: 6969
+ ports:
+ - name: http
+ port: 6969
ingress:
enabled: false
@@ -168,7 +135,7 @@ metrics:
enabled: true
port: policy-xacml-pdp
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-xacml-pdp-restserver-creds
diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml
index 968ca32d42..4bf9def21e 100755
--- a/kubernetes/policy/templates/job.yaml
+++ b/kubernetes/policy/templates/job.yaml
@@ -31,6 +31,8 @@ spec:
app: {{ include "common.name" . }}-galera-init
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}-galera-init
+ annotations:
+ sidecar.istio.io/inject: "false"
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
@@ -60,8 +62,6 @@ spec:
- /bin/sh
- -cx
- |
- {{- if include "common.onServiceMesh" . }}
- echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
/dbcmd-config/db.sh
env:
- name: MYSQL_ROOT_PASSWORD
@@ -73,23 +73,6 @@ spec:
- name: MYSQL_PORT
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if (include "common.onServiceMesh" .) }}
- - name: policy-service-mesh-wait-for-job-container
- image: {{ include "repositoryGenerator.image.quitQuit" . }}
- imagePullPolicy: Always
- command:
- - /bin/sh
- - "-c"
- args:
- - echo "waiting 10s for istio side cars to be up"; sleep 10s;
- /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-config -t 45;
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- {{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
@@ -118,6 +101,8 @@ spec:
app: {{ include "common.name" . }}-pg-init
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}-pg-init
+ annotations:
+ sidecar.istio.io/inject: "false"
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
@@ -134,8 +119,6 @@ spec:
- /bin/sh
- -cx
- |
- {{- if include "common.onServiceMesh" . }}
- echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
/docker-entrypoint-initdb.d/db-pg.sh
env:
- name: PG_ADMIN_PASSWORD
@@ -149,23 +132,6 @@ spec:
- name: PG_PORT
value: "{{ .Values.postgres.service.internalPort }}"
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if (include "common.onServiceMesh" .) }}
- - name: policy-service-mesh-wait-for-job-container
- image: {{ include "repositoryGenerator.image.quitQuit" . }}
- imagePullPolicy: Always
- command:
- - /bin/sh
- - "-c"
- args:
- - echo "waiting 10s for istio side cars to be up"; sleep 10s;
- /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-config -t 45;
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- {{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
@@ -194,6 +160,8 @@ spec:
app: {{ include "common.name" . }}-galera-config
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}-galera-config
+ annotations:
+ sidecar.istio.io/inject: "false"
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
@@ -224,8 +192,6 @@ spec:
- /bin/sh
- -cx
- |
- {{- if include "common.onServiceMesh" . }}
- echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
/dbcmd-config/db_migrator_policy_init.sh
env:
- name: SQL_HOST
@@ -241,23 +207,6 @@ spec:
- name: SCRIPT_DIRECTORY
value: "sql"
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if (include "common.onServiceMesh" .) }}
- - name: policy-service-mesh-wait-for-job-container
- image: {{ include "repositoryGenerator.image.quitQuit" . }}
- imagePullPolicy: Always
- command:
- - /bin/sh
- - "-c"
- args:
- - echo "waiting 10s for istio side cars to be up"; sleep 10s;
- /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-db-migrator -t 45;
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- {{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
@@ -286,6 +235,8 @@ spec:
app: {{ include "common.name" . }}-pg-config
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}-pg-config
+ annotations:
+ sidecar.istio.io/inject: "false"
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
@@ -316,8 +267,6 @@ spec:
- /bin/sh
- -cx
- |
- {{- if include "common.onServiceMesh" . }}
- echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
/dbcmd-config/db_migrator_pg_policy_init.sh
env:
- name: SQL_HOST
@@ -335,23 +284,6 @@ spec:
- name: PGPASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
resources: {{ include "common.resources" . | nindent 10 }}
- {{- if (include "common.onServiceMesh" .) }}
- - name: policy-service-mesh-wait-for-job-container
- image: {{ include "repositoryGenerator.image.quitQuit" . }}
- imagePullPolicy: Always
- command:
- - /bin/sh
- - "-c"
- args:
- - echo "waiting 10s for istio side cars to be up"; sleep 10s;
- /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45;
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- {{- end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 3ff153ac6a..7abd75d832 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -18,7 +18,6 @@
# Global configuration defaults.
#################################################################
global:
- aafEnabled: false
mariadb:
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
@@ -143,6 +142,8 @@ policy-clamp-ac-http-ppnt:
enabled: true
policy-clamp-ac-a1pms-ppnt:
enabled: true
+policy-clamp-ac-kserve-ppnt:
+ enabled: true
policy-clamp-runtime-acm:
enabled: true
db: *dbSecretsHook
diff --git a/kubernetes/sdc/components/sdc-be/Chart.yaml b/kubernetes/sdc/components/sdc-be/Chart.yaml
index fe9f39108b..044d725fef 100644
--- a/kubernetes/sdc/components/sdc-be/Chart.yaml
+++ b/kubernetes/sdc/components/sdc-be/Chart.yaml
@@ -24,9 +24,6 @@ dependencies:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml
index d50a83b2fd..d6ea50e84e 100644
--- a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml
@@ -24,7 +24,7 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- /app/ready.py
@@ -57,7 +57,7 @@ spec:
- /app/ready.py
args:
- --job-name
- - {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init
+ - {{ include "common.release" . }}-sdc-onboarding-be
env:
- name: NAMESPACE
valueFrom:
@@ -71,54 +71,11 @@ spec:
requests:
cpu: 3m
memory: 20Mi
- {{- if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-update-config
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - "-c"
- - |
- export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export KEYSTORE_PASS=$cadi_keystore_password_p12
- export KEYMANAGER_PASS=$cadi_keystore_password_p12
- export TRUSTSTORE_PASS=$cadi_truststore_password
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
- cd /config-input && \
- for PFILE in `find . -not -type d | grep -v -F ..`
- do
- envsubst <${PFILE} >/config-output/${PFILE}
- chmod 0755 /config-output/${PFILE}
- done
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - name: sdc-environments-input
- mountPath: /config-input/
- - name: sdc-environments
- mountPath: /config-output/
- {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - "-c"
- - |
- sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh
- ${JETTY_BASE}/startup.sh
- {{- end }}
- ports: {{ include "common.containerPorts" . | nindent 10 }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
httpGet:
@@ -173,14 +130,6 @@ spec:
volumeMounts:
- name: sdc-environments
mountPath: /app/jetty/chef-solo/environments/
- {{- if .Values.global.aafEnabled }}
- - name: sdc-environments
- mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-environments
- mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
- {{- end }}
- name: localtime
mountPath: /etc/localtime
readOnly: true
@@ -196,7 +145,7 @@ spec:
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
@@ -205,10 +154,6 @@ spec:
configMap:
name : {{ include "common.fullname" . }}-logging-configmap
- name: sdc-environments
- {{- if .Values.global.aafEnabled }}
- emptyDir: { medium: "Memory" }
- - name: sdc-environments-input
- {{- end }}
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
diff --git a/kubernetes/sdc/components/sdc-be/templates/ingress.yaml b/kubernetes/sdc/components/sdc-be/templates/ingress.yaml
index 8f87c68f1e..90875ab5cc 100644
--- a/kubernetes/sdc/components/sdc-be/templates/ingress.yaml
+++ b/kubernetes/sdc/components/sdc-be/templates/ingress.yaml
@@ -1 +1,18 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
diff --git a/kubernetes/sdc/components/sdc-be/templates/job.yaml b/kubernetes/sdc/components/sdc-be/templates/job.yaml
index 5f70991e6f..fc7e108024 100644
--- a/kubernetes/sdc/components/sdc-be/templates/job.yaml
+++ b/kubernetes/sdc/components/sdc-be/templates/job.yaml
@@ -17,10 +17,7 @@
apiVersion: batch/v1
kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-config-backend
- namespace: {{ include "common.namespace" . }}
- labels: {{- include "common.labels" . | nindent 4 }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
backoffLimit: 20
template:
diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml
index e0493c6d7d..7b5b2b0efc 100644
--- a/kubernetes/sdc/components/sdc-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-be/values.yaml
@@ -19,7 +19,6 @@
#################################################################
global:
nodePortPrefix: 302
- aafEnabled: true
sdc_cassandra:
#This flag allows SDC to instantiate its own cluster, serviceName
#should be sdc-cs if this flag is enabled
@@ -52,26 +51,6 @@ debugEnabled: false
env:
name: &env AUTO
-certInitializer:
- nameOverride: sdc-be-cert-init
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: sdc
- fqi: sdc@sdc.onap.org
- public_fqdn: sdc.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- addconfig: true
- keystoreFile: "org.onap.sdc.p12"
- truststoreFile: "org.onap.sdc.trust.jks"
- permission_user: 352070
- permission_group: 35953
- aaf_add_config: |
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
-
#################################################################
# SDC Config part
#################################################################
@@ -126,36 +105,32 @@ startup:
service:
type: NodePort
name: sdc-be
- both_tls_and_plain: true
internalPort: 8080
- msb:
- - port: 8443
- url: "/sdc/v1"
- version: "v1"
- protocol: "REST"
- visualRange: "1"
- serviceName: sdc
- enable_ssl: true
- - port: 8080
- url: "/sdc/v1"
- version: "v1"
- protocol: "REST"
- visualRange: "1"
- serviceName: sdc-deprecated
ports:
- name: tcp-api
- port: 8443
- plain_port: 8080
+ port: 8080
port_protocol: http
nodePort: '04'
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "sdc-be",
+ "version": "v1",
+ "url": "/sdc/v1",
+ "path":"/sdc/v1",
+ "protocol": "REST",
+ "visualRange":"1",
+ "port": "{{ .Values.service.internalPort }}",
+ }
+ ]{{ end }}
ingress:
enabled: false
service:
- baseaddr: "sdc-be-api"
name: "sdc-be"
- port: 8443
- plain_port: 8080
+ port: 8080
config:
ssl: "redirect"
diff --git a/kubernetes/sdc/components/sdc-cs/templates/job.yaml b/kubernetes/sdc/components/sdc-cs/templates/job.yaml
index 0eeeff52da..31ab047c7a 100644
--- a/kubernetes/sdc/components/sdc-cs/templates/job.yaml
+++ b/kubernetes/sdc/components/sdc-cs/templates/job.yaml
@@ -17,14 +17,7 @@
apiVersion: batch/v1
kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-config-cassandra
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
backoffLimit: 20
template:
diff --git a/kubernetes/sdc/components/sdc-fe/Chart.yaml b/kubernetes/sdc/components/sdc-fe/Chart.yaml
index 7b646bdf30..c8e53e0ba5 100644
--- a/kubernetes/sdc/components/sdc-fe/Chart.yaml
+++ b/kubernetes/sdc/components/sdc-fe/Chart.yaml
@@ -21,9 +21,6 @@ name: sdc-fe
version: 12.0.0
dependencies:
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml b/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml
index cc91960dbf..1648555ffc 100644
--- a/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml
+++ b/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml
@@ -1,10 +1,6 @@
pluginsList:
- pluginId: WORKFLOW
- {{- if (include "common.needTLS" .) }}
- pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url.https }}"
- {{- else }}
pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url.http }}"
- {{- end }}
pluginSourceUrl: "{{ .Values.config.plugins.workflow_source_url }}"
pluginStateUrl: "workflowDesigner"
pluginDisplayOptions:
diff --git a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml
index 599e32e175..6bebe6f3fb 100644
--- a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T, ZTE
+# Modifications Copyright © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -17,26 +18,14 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- name: {{ include "common.name" . }}-job-completion
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
@@ -44,7 +33,7 @@ spec:
- /app/ready.py
args:
- --job-name
- - {{ include "common.release" . }}-sdc-be-config-backend
+ - {{ include "common.release" . }}-sdc-be
- "-t"
- "35"
env:
@@ -60,60 +49,15 @@ spec:
requests:
cpu: 3m
memory: 20Mi
- {{- if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-update-config
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - "-c"
- - |
- export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export KEYSTORE_PASS=$cadi_keystore_password_p12
- export KEYMANAGER_PASS=$cadi_keystore_password_p12
- export TRUSTSTORE_PASS=$cadi_truststore_password
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
- cd /config-input && \
- for PFILE in `find . -not -type d | grep -v -F ..`
- do
- envsubst <${PFILE} >/config-output/${PFILE}
- chmod 0755 /config-output/${PFILE}
- done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - name: sdc-environments-input
- mountPath: /config-input/
- - name: sdc-environments
- mountPath: /config-output/
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
- {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - "-c"
- - |
- sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh
- ${JETTY_BASE}/startup.sh
- {{- end }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
@@ -122,7 +66,7 @@ spec:
{{ end }}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
@@ -130,7 +74,7 @@ spec:
failureThreshold: {{ .Values.readiness.failureThreshold }}
startupProbe:
tcpSocket:
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.startup.periodSeconds }}
timeoutSeconds: {{ .Values.startup.timeoutSeconds }}
@@ -149,14 +93,6 @@ spec:
volumeMounts:
- name: sdc-environments
mountPath: /app/jetty/chef-solo/environments/
- {{- if .Values.global.aafEnabled }}
- - name: sdc-environments
- mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-environments
- mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
- {{- end }}
- name: localtime
mountPath: /etc/localtime
readOnly: true
@@ -175,7 +111,7 @@ spec:
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
diff --git a/kubernetes/sdc/components/sdc-fe/templates/ingress.yaml b/kubernetes/sdc/components/sdc-fe/templates/ingress.yaml
index 8f87c68f1e..90875ab5cc 100644
--- a/kubernetes/sdc/components/sdc-fe/templates/ingress.yaml
+++ b/kubernetes/sdc/components/sdc-fe/templates/ingress.yaml
@@ -1 +1,18 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
diff --git a/kubernetes/sdc/components/sdc-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-fe/templates/service.yaml
index 30c3d1122f..0a349834b4 100644
--- a/kubernetes/sdc/components/sdc-fe/templates/service.yaml
+++ b/kubernetes/sdc/components/sdc-fe/templates/service.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T, ZTE
+# Modifications Copyright © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -15,39 +16,4 @@
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "sdc-gui",
- "version": "v1",
- "url": "/sdc1",
- "protocol": "UI",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0|1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }}
- targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }} \ No newline at end of file
diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml
index a9eef905c4..b4a8bd6bfe 100644
--- a/kubernetes/sdc/components/sdc-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-fe/values.yaml
@@ -18,30 +18,6 @@
#################################################################
global:
nodePortPrefix: 302
- aafEnabled: true
-
-#################################################################
-# AAF Part
-#################################################################
-certInitializer:
- nameOverride: sdc-fe-cert-init
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: sdc
- fqi: sdc@sdc.onap.org
- public_fqdn: sdc.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- addconfig: true
- keystoreFile: "org.onap.sdc.p12"
- truststoreFile: "org.onap.sdc.trust.jks"
- permission_user: 352070
- permission_group: 35953
- aaf_add_config: |
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
@@ -54,15 +30,12 @@ config:
javaOptions: "-Xmx256m -Xms256m"
plugins:
dcae_discovery_url:
- https: "https://sdc-dcae-fe:9444/dcaed/#/home"
http: "http://sdc-dcae-fe:8183/dcaed/#/home"
dcae_source_url: "https://sdc.dcae.plugin.simpledemo.onap.org:30264/dcaed/#/home"
dcae_dt_discovery_url:
- https: "https://sdc-dcae-dt:9446/dcae/#/dcae/home"
http: "http://sdc-dcae-dt:8186/dcae/#/dcae/home"
dcae_dt_source_url: "https://sdc.dcae.plugin.simpledemo.onap.org:30266/dcae/#/dcae/home"
workflow_discovery_url:
- https: "https://sdc-wfd-fe:8443/workflows"
http: "http://sdc-wfd-fe:8080/workflows"
workflow_source_url: "https://sdc.workflow.plugin.simpledemo.onap.org:30256/workflows/"
@@ -106,26 +79,32 @@ startup:
failureThreshold: 60
service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
type: NodePort
name: sdc-fe
- portName: http
internalPort: 8181
- externalPort: 8181
- internalPort2: 9443
- externalPort2: 9443
- nodePort: "07"
-
+ ports:
+ - name: http
+ port: 8181
+ nodePort: '07'
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "sdc-ui",
+ "version": "v1",
+ "url": "/sdc1",
+ "protocol": "UI",
+ "visualRange":"0|1",
+ "port": "{{ .Values.service.internalPort }}",
+ }
+ ]{{ end }}
ingress:
enabled: false
service:
- baseaddr: "sdc-fe-ui"
name: "sdc-fe"
- port: 9443
- plain_port: 8181
+ port: 8181
config:
ssl: "redirect"
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml b/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml
index 6032061d13..92f8716d77 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/Chart.yaml
@@ -21,9 +21,6 @@ name: sdc-onboarding-be
version: 12.0.0
dependencies:
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
index 8180cc79f1..6c392ef24c 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml
@@ -18,26 +18,14 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- name: {{ include "common.name" . }}-job-completion
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
@@ -45,7 +33,7 @@ spec:
- /app/ready.py
args:
- --job-name
- - {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init
+ - {{ include "common.release" . }}-sdc-onboarding-be
env:
- name: NAMESPACE
valueFrom:
@@ -59,73 +47,16 @@ spec:
requests:
cpu: 3m
memory: 20Mi
- {{- if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-update-config
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - "-c"
- - |
- export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export KEYSTORE_PASS=$cadi_keystore_password_p12
- export KEYMANAGER_PASS=$cadi_keystore_password_p12
- export TRUSTSTORE_PASS=$cadi_truststore_password
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
- cd /config-input && \
- for PFILE in `find . -not -type d | grep -v -F ..`
- do
- envsubst <${PFILE} >/config-output/${PFILE}
- chmod 0755 /config-output/${PFILE}
- done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - name: sdc-environments-input
- mountPath: /config-input/
- - name: sdc-environments
- mountPath: /config-output/
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
- {{- end }}
- - name: volume-permissions
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - "-c"
- - |
- chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert
- securityContext:
- runAsUser: 0
- volumeMounts:
- - name: cert-storage
- mountPath: "/onboard/cert"
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
httpGet:
path: /onboarding-api/v1.0/healthcheck
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
@@ -135,7 +66,7 @@ spec:
readinessProbe:
httpGet:
path: /onboarding-api/v1.0/healthcheck
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
@@ -144,7 +75,7 @@ spec:
startupProbe:
httpGet:
path: /onboarding-api/v1.0/healthcheck
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.startup.periodSeconds }}
timeoutSeconds: {{ .Values.startup.timeoutSeconds }}
@@ -171,25 +102,15 @@ spec:
valueFrom:
secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
- name: SDC_CERT_DIR
- value: {{ .Values.cert.certDir }}
+ value: ""
volumeMounts:
- name: sdc-environments
mountPath: /app/jetty/chef-solo/environments/
- {{- if .Values.global.aafEnabled }}
- - name: sdc-environments
- mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-environments
- mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
- {{- end }}
- name: localtime
mountPath: /etc/localtime
readOnly: true
- name: logs
mountPath: /var/log/onap
- - name: cert-storage
- mountPath: "{{ .Values.cert.certDir }}"
- name: logback
mountPath: /tmp/logback.xml
subPath: logback.xml
@@ -200,27 +121,19 @@ spec:
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: localtime
hostPath:
path: /etc/localtime
-
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: logback
configMap:
name : {{ include "common.fullname" . }}-logging-configmap
- name: sdc-environments
- {{- if .Values.global.aafEnabled }}
- emptyDir: { medium: "Memory" }
- - name: sdc-environments-input
- {{- end }}
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
- name: logs
emptyDir: {}
- - name: cert-storage
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-cert
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml
index bfc1ef8e7b..41996ff4cd 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml
@@ -17,14 +17,7 @@
apiVersion: batch/v1
kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-cassandra-init
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
backoffLimit: 20
template:
@@ -42,7 +35,7 @@ spec:
- /app/ready.py
args:
- --job-name
- - {{ include "common.release" . }}-sdc-cs-config-cassandra
+ - {{ include "common.release" . }}-sdc-cs
- "-t"
- "20"
env:
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/pv.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/pv.yaml
deleted file mode 100644
index bc110c3b0f..0000000000
--- a/kubernetes/sdc/components/sdc-onboarding-be/templates/pv.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-{{/*
-# ================================================================================
-# Copyright (C) 2019, Nordix Foundation. All rights reserved.
-# ================================================================================
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.cert.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.cert.persistence.size}}
- accessModes:
- - {{ .Values.cert.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.cert.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.cert.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/pvc.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/pvc.yaml
deleted file mode 100644
index 006d736b63..0000000000
--- a/kubernetes/sdc/components/sdc-onboarding-be/templates/pvc.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-{{/*
-# ================================================================================
-# Copyright (C) 2019, Nordix Foundation. All rights reserved.
-# ================================================================================
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.cert.persistence.enabled (not .Values.cert.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-cert
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.cert.persistence.annotations }}
- annotations:
-{{ toYaml .Values.cert.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.cert.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.cert.persistence.size }}
-{{- end -}}
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml
index ece5a439a3..0a349834b4 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T, ZTE
+# Modifications Copyright © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -15,35 +16,4 @@
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName | default "http" }}s
-
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName | default "http" }}}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName | default "http" }}s
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName | default "http" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }} \ No newline at end of file
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
index b34ce76fc7..2066835fcf 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
@@ -18,7 +18,6 @@
#################################################################
global:
nodePortPrefix: 302
- aafEnabled: true
persistence: {}
sdc_cassandra:
#This flag allows SDC to instantiate its own cluster, serviceName
@@ -33,29 +32,6 @@ global:
dataCenter: Pod
#################################################################
-# AAF Part
-#################################################################
-certInitializer:
- nameOverride: sdc-onboarding-be-cert-init
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: sdc
- fqi: sdc@sdc.onap.org
- public_fqdn: sdc.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- addconfig: true
- keystoreFile: "org.onap.sdc.p12"
- truststoreFile: "org.onap.sdc.trust.jks"
- permission_user: 352070
- permission_group: 35953
- aaf_add_config: |
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
-
-#################################################################
# Application configuration defaults.
#################################################################
# application image
@@ -109,12 +85,10 @@ startup:
service:
type: ClusterIP
name: sdc-onboarding-be
- portName: http
- internalPort: 8445
- externalPort: 8445
-
- internalPort2: 8081
- externalPort2: 8081
+ internalPort: 8081
+ ports:
+ - name: http
+ port: 8081
## Persist data to a persitent volume
persistence:
@@ -139,17 +113,6 @@ persistence:
mountPath: /dockerdata-nfs
mountSubPath: /sdc/sdc-cs/CS
-##Certificate storage persistence
-##This is temporary solution for SDC-1980
-cert:
- certDir: /app/jetty/cert
- persistence:
- enabled: true
- size: 10Mi
- accessMode: ReadWriteOnce
- volumeReclaimPolicy: Retain
- mountSubPath: /sdc/onbaording/cert
-
securityContext:
fsGroup: 35953
runAsUser: 352070
diff --git a/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml b/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml
index 51e84a690e..55b79aa127 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/Chart.yaml
@@ -20,9 +20,6 @@ name: sdc-wfd-be
version: 12.0.0
dependencies:
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
index a187e19a75..da620359da 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2017 Amdocs, AT&T, Bell Canada
# Modifications Copyright © 2018 ZTE
+# Modifications Copyright © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -17,26 +18,14 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
{{- if .Values.initJob.enabled }}
- name: {{ include "common.name" . }}-job-completion
image: {{ include "repositoryGenerator.image.readiness" . }}
@@ -45,7 +34,7 @@ spec:
- /app/ready.py
args:
- --job-name
- - {{ include "common.fullname" . }}-workflow-init
+ - {{ include "common.fullname" . }}
env:
- name: NAMESPACE
valueFrom:
@@ -64,28 +53,13 @@ spec:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - "-c"
- - |
- export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export SERVER_SSL_KEY_PASSWORD=$cadi_keystore_password_p12
- export KEYMANAGER_PASS=$cadi_keystore_password_p12
- export SERVER_SSL_TRUST_PASSWORD=$cadi_truststore_password
- export SERVER_SSL_KEYSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}
- export SERVER_SSL_TRUSTSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}
- ./startup.sh
- {{- end }}
- ports:
- - containerPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
livenessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
successThreshold: {{ .Values.liveness.successThreshold }}
@@ -93,14 +67,14 @@ spec:
{{ end }}
readinessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
startupProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.startup.periodSeconds }}
successThreshold: {{ .Values.startup.successThreshold }}
@@ -128,28 +102,17 @@ spec:
valueFrom:
secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_truststore_password}
- name: SDC_PROTOCOL
- value: "{{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}"
+ value: "HTTP"
- name: SDC_ENDPOINT
- value: "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdcEndpoint.https .Values.config.sdcEndpoint.http }}"
+ value: "{{ .Values.config.sdcEndpoint.http }}"
- name: SDC_USER
value: "{{ .Values.config.sdcExternalUser }}"
- name: SDC_PASSWORD
valueFrom:
secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: wf_external_user_password}
- {{- if (include "common.needTLS" .) }}
- - name: SERVER_SSL_ENABLED
- value: "true"
- - name: SERVER_SSL_KEYSTORE_TYPE
- value: "{{ .Values.config.serverSSLKeyStoreType }}"
- - name: SERVER_SSL_TRUSTSTORE_TYPE
- value: "{{ .Values.config.serverSSLTrustStoreType }}"
- {{- else }}
- name: SERVER_SSL_ENABLED
value: "false"
- {{- end }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
resources: {{ include "common.resources" . | nindent 12 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml
index 171442dfdc..e9e5fcf1d1 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml
@@ -1 +1,18 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{include "common.ingress" .}}
diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml
index 4184063f73..9ba05b8631 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml
@@ -18,14 +18,7 @@
{{ if .Values.initJob.enabled }}
apiVersion: batch/v1
kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-workflow-init
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
backoffLimit: 20
template:
@@ -43,7 +36,7 @@ spec:
- /app/ready.py
args:
- --job-name
- - {{ include "common.release" . }}-sdc-cs-config-cassandra
+ - {{ include "common.release" . }}-sdc-cs
- "-t"
- "20"
env:
diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml
index 2f4129b03f..895eac1794 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml
@@ -2,6 +2,7 @@
# Copyright © 2018 Amdocs, Bell Canada
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T, ZTE
+# Modifications Copyright © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -16,28 +17,4 @@
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }}
- targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }} \ No newline at end of file
diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml
index 8e4916901b..b011a03969 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml
@@ -18,7 +18,6 @@
#################################################################
global:
nodePortPrefix: 302
- aafEnabled: true
sdc_cassandra:
# This flag allows SDC to instantiate its own cluster, serviceName
# should be sdc-cs if this flag is enabled
@@ -33,29 +32,6 @@ global:
dataCenter: Pod
#################################################################
-# AAF Part
-#################################################################
-certInitializer:
- nameOverride: sdc-wfd-be-cert-init
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: sdc
- fqi: sdc@sdc.onap.org
- public_fqdn: sdc.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- addconfig: true
- keystoreFile: "org.onap.sdc.p12"
- truststoreFile: "org.onap.sdc.trust.jks"
- permission_user: 352070
- permission_group: 35953
- aaf_add_config: |
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
-
-#################################################################
# Application configuration defaults.
#################################################################
# application image
@@ -71,7 +47,6 @@ config:
cassandraAuthenticationEnabled: true
cassandraClientPort: 9042
sdcEndpoint:
- https: sdc-be:8443
http: sdc-be:8080
sdcExternalUser: workflow
serverSSLKeyStoreType: jks
@@ -126,20 +101,18 @@ startup:
service:
type: NodePort
- portName: http
internalPort: 8080
- externalPort: 8080
- internalPort2: 8443
- externalPort2: 8443
- nodePort: "57" # only one node port. set to http or https port depending on isHttpsEnabled property
+ ports:
+ - name: http
+ port: 8080
+ nodePort: "57"
ingress:
enabled: false
service:
- baseaddr: "sdc-wfd-be-api"
name: "sdc-wfd-be"
- port: 8443
- plain_port: 8080
+ port: 8080
config:
ssl: "redirect"
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml b/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml
index 1b17aa9e91..19e6aa219a 100644
--- a/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/Chart.yaml
@@ -20,9 +20,6 @@ name: sdc-wfd-fe
version: 12.0.0
dependencies:
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml
index d57309004d..b667af2a60 100644
--- a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml
@@ -16,26 +16,14 @@
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- /app/ready.py
@@ -57,52 +45,15 @@ spec:
requests:
cpu: 3m
memory: 20Mi
- {{- if .Values.global.aafEnabled }}
- - name: {{ include "common.fullname" . }}-move-cert
- command:
- - /bin/sh
- args:
- - -c
- - |
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /sdc-certs/{{ .Values.certInitializer.keystoreFile }}
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /sdc-certs/{{ .Values.certInitializer.truststoreFile }}
- cp {{ .Values.certInitializer.credsPath }}/mycreds.prop /sdc-certs/mycreds.prop
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - name: sdc-certs
- mountPath: /sdc-certs
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
- {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - "-c"
- - |
- export $(grep '^c' /sdc-certs/mycreds.prop | xargs -0)
- export KEYSTORE_PASS=$cadi_keystore_password_p12
- export TRUSTSTORE_PASS=$cadi_truststore_password
- export KEYSTORE_PATH=/etc/{{ .Values.certInitializer.keystoreFile }}
- export TRUSTSTORE_PATH=/etc/{{ .Values.certInitializer.truststoreFile }}
- ./startup.sh
- {{- end }}
- ports:
- - containerPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{ if .Values.liveness.enabled }}
livenessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
successThreshold: {{ .Values.liveness.successThreshold }}
@@ -110,14 +61,14 @@ spec:
{{ end }}
readinessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
startupProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.startup.periodSeconds }}
successThreshold: {{ .Values.startup.successThreshold }}
@@ -128,28 +79,13 @@ spec:
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
- name: BACKEND
- value: "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.backendServerURL.https .Values.config.backendServerURL.http }}"
+ value: "{{ .Values.config.backendServerURL.http }}"
- name: IS_HTTPS
- value: "{{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}"
- {{- if and (include "common.needTLS" .) (eq .Values.security.isDefaultStore false) }}
- - name: TRUST_ALL
- value: "{{ .Values.config.isTrustAll}}"
- {{- end }}
+ value: "false"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
- {{- if .Values.global.aafEnabled }}
- - name: sdc-certs
- mountPath: /sdc-certs/mycreds.prop
- subPath: mycreds.prop
- - name: sdc-certs
- mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.keystoreFile }}
- subPath: {{ .Values.certInitializer.keystoreFile }}
- - name: sdc-certs
- mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.truststoreFile }}
- subPath: {{ .Values.certInitializer.truststoreFile }}
- {{ end }}
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
@@ -162,15 +98,10 @@ spec:
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ volumes:
- name: {{ include "common.fullname" . }}-localtime
hostPath:
path: /etc/localtime
- {{- if .Values.global.aafEnabled }}
- - name: sdc-certs
- emptyDir:
- medium: "Memory"
- {{- end }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: logs
emptyDir: {}
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml
index 8f87c68f1e..90875ab5cc 100644
--- a/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/ingress.yaml
@@ -1 +1,18 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml
index 08feb5a6ed..f6b302776c 100644
--- a/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2018 ZTE
# Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada
+# Modifications Copyright © 2023 Deutsche Telekom
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@@ -14,39 +15,4 @@
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "wf-gui",
- "version": "v1",
- "url": "/",
- "protocol": "UI",
- "port": "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}",
- "visualRange":"0|1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }}
- targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }} \ No newline at end of file
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
index 37fdfd7993..9a7f6acfa4 100644
--- a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
@@ -18,30 +18,6 @@
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- aafEnabled: true
-
-#################################################################
-# AAF Part
-#################################################################
-certInitializer:
- nameOverride: sdc-wfd-fe-cert-init
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: sdc
- fqi: sdc@sdc.onap.org
- public_fqdn: sdc.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- addconfig: true
- keystoreFile: "org.onap.sdc.p12"
- truststoreFile: "org.onap.sdc.trust.jks"
- permission_user: 352070
- permission_group: 35953
- aaf_add_config: |
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
@@ -56,7 +32,6 @@ debugEnabled: false
config:
javaOptions: "-Xmx256m -Xms256m"
backendServerURL:
- https: "https://sdc-wfd-be:8443"
http: "http://sdc-wfd-be:8080"
# following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties
isTrustAll: true
@@ -101,26 +76,30 @@ startup:
service:
type: NodePort
internalPort: 8080
- externalPort: 8080
- internalPort2: 8443
- externalPort2: 8443
- portName: sdc-wfd-fe
- nodePort: "56" # only one node port. set to http or https port depending on isHttpsEnabled property
+ ports:
+ - name: http
+ port: 8080
+ port_protocol: http
+ nodePort: '56'
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "wf-gui",
+ "version": "v1",
+ "url": "/",
+ "protocol": "UI",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0|1"
+ }
+ ]{{ end }}
ingress:
enabled: false
service:
- baseaddr: "sdc-wfd-fe-ui"
name: "sdc-wfd-fe"
- port: 8443
- plain_port: 8080
- annotations:
- ingress.kubernetes.io/secure-backends: "false"
- nginx.ingress.kubernetes.io/secure-backends: "false"
- nginx.ingress.kubernetes.io/proxy-body-size: "0"
- nginx.ingress.kubernetes.io/ssl-redirect: "true"
- nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
- nginx.ingress.kubernetes.io/rewrite-target: "/workflows/"
+ port: 8080
# Resource Limit flavor -By Default using small
# Segregation for Different environment (Small and Large)
diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json
index 065a756822..2f0bb07219 100755
--- a/kubernetes/sdc/resources/config/environments/AUTO.json
+++ b/kubernetes/sdc/resources/config/environments/AUTO.json
@@ -8,7 +8,7 @@
"chef_type": "environment",
"default_attributes": {
- "disableHttp": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "disableHttp": false,
"CS_VIP": "{{.Values.global.sdc_cassandra.serviceName}}.{{include "common.namespace" .}}",
"BE_VIP": "sdc-be.{{include "common.namespace" .}}",
"ONBOARDING_BE_VIP": "sdc-onboarding-be.{{include "common.namespace" .}}",
@@ -121,13 +121,6 @@
"username": "user1@sdc.com",
"password": "password=="
}
- {{- if .Values.global.aafEnabled }}
- },
- "jetty": {
- "keystore_pwd": "${KEYSTORE_PASS}",
- "truststore_pwd": "${TRUSTSTORE_PASS}",
- "keymanager_pwd": "${KEYMANAGER_PASS}"
- {{- end }}
}
}
}
diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml
index 1e11ca6410..cba33628c3 100644
--- a/kubernetes/sdc/values.yaml
+++ b/kubernetes/sdc/values.yaml
@@ -25,7 +25,6 @@ global:
truststore_password: eitLRWo7dCssS05eaWltU2lTODllI3Aw
keystore_password: PyhrUCFZdXIhWyohWTUhRV5mKFpLYzMx
wf_external_user_password: S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==
- aafEnabled: true
sdc_cassandra:
#This flag allows SDC to instantiate its own cluster, serviceName
#should be "sdc-cs" if this flag is enabled
diff --git a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml
index 8e002e14a5..eefb33989d 100755
--- a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml
@@ -394,6 +394,9 @@ so:
adapter:
url: http://so-etsi-sol003-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1
auth: {{ .Values.so.sol003.adapter.auth }}
+cnfm:
+ endpoint:
+ url: http://so-cnfm-lcm.{{ include "common.namespace" . }}:9888
org:
onap:
so:
diff --git a/kubernetes/uui/Chart.yaml b/kubernetes/uui/Chart.yaml
index 3c920dc446..ab01381793 100644
--- a/kubernetes/uui/Chart.yaml
+++ b/kubernetes/uui/Chart.yaml
@@ -30,9 +30,6 @@ dependencies:
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: uui-server
version: ~12.x-0
repository: 'file://components/uui-server'
diff --git a/kubernetes/uui/components/uui-nlp/templates/ingress.yaml b/kubernetes/uui/components/uui-nlp/templates/ingress.yaml
index 8f87c68f1e..1471cb1d75 100644
--- a/kubernetes/uui/components/uui-nlp/templates/ingress.yaml
+++ b/kubernetes/uui/components/uui-nlp/templates/ingress.yaml
@@ -1 +1,17 @@
+{{/*
+# Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
diff --git a/kubernetes/uui/components/uui-server/Chart.yaml b/kubernetes/uui/components/uui-server/Chart.yaml
index a93cb669ba..99ade2256c 100644
--- a/kubernetes/uui/components/uui-server/Chart.yaml
+++ b/kubernetes/uui/components/uui-server/Chart.yaml
@@ -23,9 +23,6 @@ dependencies:
- name: common
version: ~12.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
version: ~12.x-0
repository: '@local'
diff --git a/kubernetes/uui/components/uui-server/resources/config/application.properties b/kubernetes/uui/components/uui-server/resources/config/application.properties
index cb26c750f9..36308c0313 100644
--- a/kubernetes/uui/components/uui-server/resources/config/application.properties
+++ b/kubernetes/uui/components/uui-server/resources/config/application.properties
@@ -46,10 +46,3 @@ logging.level.*=INFO
#enable shutdown
endpoints.shutdown.enabled=true
endpoints.shutdown.sensitive=false
-
-{{- if (include "common.needTLS" .) }}
-server.ssl.protocol=TLS
-server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-server.ssl.key-store-password=${KEYSTORE_PASSWORD}
-server.ssl.key-store-type=PKCS12
-{{- end }}
diff --git a/kubernetes/uui/components/uui-server/templates/deployment.yaml b/kubernetes/uui/components/uui-server/templates/deployment.yaml
index b25427a3be..3823a708bf 100644
--- a/kubernetes/uui/components/uui-server/templates/deployment.yaml
+++ b/kubernetes/uui/components/uui-server/templates/deployment.yaml
@@ -26,7 +26,7 @@ spec:
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- command:
- sh
args:
@@ -71,7 +71,6 @@ spec:
args:
- -c
- |
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
bash /uui/run.sh
ports: {{ include "common.containerPorts" . | nindent 10 }}
# disable liveness probe when breakpoints set in debugger
@@ -102,7 +101,7 @@ spec:
value: --spring.config.location=file:/config/application.properties
- name: POSTGRES_DB_NAME
value: {{ .Values.postgres.config.pgDatabase }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ volumeMounts:
- mountPath: /uui/run.sh
name: entrypoint
subPath: run.sh
@@ -120,6 +119,5 @@ spec:
configMap:
name: {{ include "common.fullname" . }}-entrypoint
defaultMode: 0755
- {{ include "common.certInitializer.volumes" . | nindent 6 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/uui/components/uui-server/templates/ingress.yaml b/kubernetes/uui/components/uui-server/templates/ingress.yaml
index 8f87c68f1e..1f6ec7ab0e 100644
--- a/kubernetes/uui/components/uui-server/templates/ingress.yaml
+++ b/kubernetes/uui/components/uui-server/templates/ingress.yaml
@@ -1 +1,17 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml
index f5f8f9d095..05c7b3c32c 100644
--- a/kubernetes/uui/components/uui-server/values.yaml
+++ b/kubernetes/uui/components/uui-server/values.yaml
@@ -37,46 +37,6 @@ secrets:
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: uui-server-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: uui
- fqi: uui@uui.onap.org
- fqi_namespace: org.onap.uui
- public_fqdn: uui.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** set key password as same password as keystore password"
- keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \
- -keystore {{ .Values.fqi_namespace }}.jks \
- -keypass "${cadi_keystore_password_p12}" \
- -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }}
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
-
-
#################################################################
# Application configuration defaults.
#################################################################
diff --git a/kubernetes/uui/resources/config/server.xml b/kubernetes/uui/resources/config/server.xml
index 9bb10fee67..f464074769 100644
--- a/kubernetes/uui/resources/config/server.xml
+++ b/kubernetes/uui/resources/config/server.xml
@@ -24,7 +24,7 @@
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="{{ (eq "true" (include "common.needTLS" .)) | ternary "on" "off" }}" />
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
@@ -61,15 +61,7 @@
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
- {{ if (include "common.needTLS" .) }}
- <Connector port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443" />
-
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12" keystorePass="${KEYSTORE_PASSWORD}" />
- {{ else }}
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" />
- {{ end }}
<!-- A "Connector" using the shared thread pool-->
<!--
@@ -115,12 +107,7 @@
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
- {{ if (include "common.needTLS" .) }}
- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
- {{ else }}
<Connector port="8009" protocol="AJP/1.3" secretRequired="false" />
- {{ end }}
-
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
diff --git a/kubernetes/uui/templates/deployment.yaml b/kubernetes/uui/templates/deployment.yaml
index e0d2e71fc8..61b0b2d9fa 100644
--- a/kubernetes/uui/templates/deployment.yaml
+++ b/kubernetes/uui/templates/deployment.yaml
@@ -23,19 +23,18 @@ spec:
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- command:
- sh
args:
- -c
- |
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
cd /config-input && for PFILE in `ls -1`
do
envsubst <${PFILE} >/config/${PFILE}
done
cat /config/server.xml
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- mountPath: /config-input
name: config-input
- mountPath: /config
@@ -55,10 +54,6 @@ spec:
ls -lh /opt/
echo "*** /opt/app"
ls -lh /opt/app/
- echo "*** /opt/app/osaaf/"
- ls -lh /opt/app/osaaf/
- echo "*** /opt/app/osaaf/local"
- ls -lh /opt/app/osaaf/local/
/home/uui/uuiStartup.sh
ports: {{ include "common.containerPorts" . | nindent 10 }}
# disable liveness probe when breakpoints set in debugger
@@ -75,15 +70,13 @@ spec:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ volumeMounts:
- mountPath: /home/uui/server.xml
name: config
subPath: server.xml
- {{ if not (include "common.needTLS" .) }}
- mountPath: /home/uui/web.xml
name: config
subPath: web.xml
- {{ end }}
env:
- name: MSB_ADDR
value: {{ tpl .Values.msbaddr . }}
@@ -94,7 +87,7 @@ spec:
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: config-input
configMap:
name: {{ include "common.fullname" . }}
diff --git a/kubernetes/uui/templates/ingress.yaml b/kubernetes/uui/templates/ingress.yaml
index 8f87c68f1e..1f6ec7ab0e 100644
--- a/kubernetes/uui/templates/ingress.yaml
+++ b/kubernetes/uui/templates/ingress.yaml
@@ -1 +1,17 @@
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml
index 67f135ced4..ef1af205f8 100644
--- a/kubernetes/uui/values.yaml
+++ b/kubernetes/uui/values.yaml
@@ -19,39 +19,6 @@
global:
uuiPortPrefix: 303
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: uui-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: uui
- fqi: uui@uui.onap.org
- fqi_namespace: org.onap.uui
- public_fqdn: uui.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
-
subChartsOnly:
enabled: true
@@ -94,8 +61,7 @@ service:
internalPort: 8080
ports:
- name: http
- port: 8443
- plain_port: 8080
+ port: 8080
nodePort: '98'
annotations:
msb.onap.org/service-info: |
@@ -107,12 +73,8 @@ service:
"path":"/iui/usecaseui",
"protocol": "UI",
"visualRange":"1",
- {{ if (include "common.needTLS" .) }}
- "port": "{{ include "common.getPort" (dict "global" . "name" "http") }}",
- "enable_ssl": true
- {{ else }}
+ "port": "http",
"port": "{{ include "common.getPort" (dict "global" . "name" "http" "getPlain" true) }}"
- {{ end }}
}
]{{ end }}
@@ -121,8 +83,7 @@ ingress:
service:
- baseaddr: "uui-ui"
name: "uui"
- port: 8443
- plain_port: 8080
+ port: 8080
config:
ssl: "redirect"