diff options
Diffstat (limited to 'kubernetes')
104 files changed, 907 insertions, 585 deletions
diff --git a/kubernetes/.gitignore b/kubernetes/.gitignore index bc3a4f1ee0..f2b64de479 100644 --- a/kubernetes/.gitignore +++ b/kubernetes/.gitignore @@ -1 +1,3 @@ chartstorage/ +**/charts/*.tgz +helm/plugins/deploy/cache/ diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml index e4ded1b0b2..f70deefaff 100644 --- a/kubernetes/a1policymanagement/values.yaml +++ b/kubernetes/a1policymanagement/values.yaml @@ -63,7 +63,7 @@ certInitializer: echo "*** change ownership of certificates to targeted user" chown -R 1000 . -image: onap/ccsdk-oran-a1policymanagementservice:1.2.5 +image: onap/ccsdk-oran-a1policymanagementservice:1.3.0 userID: 1000 #Should match with image-defined user ID groupID: 999 #Should match with image-defined group ID pullPolicy: IfNotPresent diff --git a/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties index ea799e2119..0beaf4a42a 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties +++ b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties @@ -1,6 +1,6 @@ {{/* # -# Copyright (c) 2017-2019 AT&T, IBM, Bell Canada, Nordix Foundation. +# Copyright (c) 2017-2022 AT&T, IBM, Bell Canada, Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -109,19 +109,70 @@ blueprintsprocessor.restclient.aai-data.additionalHeaders.X-FromAppId=cds-app-id blueprintsprocessor.restclient.aai-data.additionalHeaders.Accept=application/json # Self Service Request Kafka Message Consumer -blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable=false -blueprintsprocessor.messageconsumer.self-service-api.type=kafka-basic-auth -blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers=message-router-kafka:9092 -blueprintsprocessor.messageconsumer.self-service-api.groupId=cds-consumer-group -blueprintsprocessor.messageconsumer.self-service-api.topic=cds-consumer -blueprintsprocessor.messageconsumer.self-service-api.clientId=cds-client -blueprintsprocessor.messageconsumer.self-service-api.pollMillSec=1000 +blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable={{ .Values.kafkaRequestConsumer.enabled }} +blueprintsprocessor.messageconsumer.self-service-api.type={{ .Values.kafkaRequestConsumer.type }} +{{- if eq .Values.useStrimziKafka true }} +blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 +{{- else -}} +blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ .Values.kafkaRequestConsumer.bootstrapServers }} +{{- end }} +blueprintsprocessor.messageconsumer.self-service-api.groupId={{ .Values.kafkaRequestConsumer.groupId }} +blueprintsprocessor.messageconsumer.self-service-api.topic={{ .Values.kafkaRequestConsumer.topic }} +blueprintsprocessor.messageconsumer.self-service-api.clientId={{ .Values.kafkaRequestConsumer.clientId }} +blueprintsprocessor.messageconsumer.self-service-api.pollMillSec={{ .Values.kafkaRequestConsumer.pollMillSec }} +{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }} +# SCRAM +blueprintsprocessor.messageconsumer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }} +blueprintsprocessor.messageconsumer.self-service-api.scramPassword=${JAAS_PASS} +{{ end }} # Self Service Response Kafka Message Producer -blueprintsprocessor.messageproducer.self-service-api.bootstrapServers=message-router-kafka:9092 - -# Kafka Audit Service Configurations -blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable=false +blueprintsprocessor.messageproducer.self-service-api.type={{ .Values.kafkaRequestProducer.type }} +{{- if eq .Values.useStrimziKafka true }} +blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 +{{- else -}} +blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ .Values.kafkaRequestProducer.bootstrapServers }} +{{- end }} +blueprintsprocessor.messageproducer.self-service-api.clientId={{ .Values.kafkaRequestProducer.clientId }} +blueprintsprocessor.messageproducer.self-service-api.topic={{ .Values.kafkaRequestProducer.topic }} +{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }} +# SCRAM +blueprintsprocessor.messageproducer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }} +blueprintsprocessor.messageproducer.self-service-api.scramPassword=${JAAS_PASS} +{{ end }} + +# AUDIT KAFKA FEATURE CONFIGURATION +# Audit feature dumps CDS request to a topic as well as a truncated response message to another topic. +## Audit request +blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable={{ .Values.kafkaAuditRequest.enabled }} +blueprintsprocessor.messageproducer.self-service-api.audit.request.type={{ .Values.kafkaAuditRequest.type }} +{{- if eq .Values.useStrimziKafka true }} +blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 +{{- else -}} +blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers }} +{{- end }} +blueprintsprocessor.messageproducer.self-service-api.audit.request.clientId={{ .Values.kafkaAuditRequest.clientId }} +blueprintsprocessor.messageproducer.self-service-api.audit.request.topic={{ .Values.kafkaAuditRequest.topic }} +{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }} +# SCRAM +blueprintsprocessor.messageproducer.self-service-api.audit.request.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }} +blueprintsprocessor.messageproducer.self-service-api.audit.request.scramPassword=${JAAS_PASS} +{{ end }} + +## Audit response +blueprintsprocessor.messageproducer.self-service-api.audit.response.type={{ .Values.kafkaAuditResponse.type }} +{{- if eq .Values.useStrimziKafka true }} +blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 +{{- else -}} +blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers }} +{{- end }} +blueprintsprocessor.messageproducer.self-service-api.audit.response.clientId={{ .Values.kafkaAuditResponse.clientId }} +blueprintsprocessor.messageproducer.self-service-api.audit.response.topic={{ .Values.kafkaAuditResponse.topic }} +{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }} +# SCRAM +blueprintsprocessor.messageproducer.self-service-api.audit.response.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }} +blueprintsprocessor.messageproducer.self-service-api.audit.response.scramPassword=${JAAS_PASS} +{{ end }} # Executor Options blueprintsprocessor.resourceResolution.enabled=true @@ -132,10 +183,10 @@ blueprintsprocessor.remoteScriptCommand.enabled=true ## Enable py-executor blueprintsprocessor.streamingRemoteExecution.enabled=true -# Used in Health Check -blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth -blueprintsprocessor.messageproducer.self-service-api.clientId=cds-client -blueprintsprocessor.messageproducer.self-service-api.topic=cds-producer +## Used in Health Check +#blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth +#blueprintsprocessor.messageproducer.self-service-api.clientId=cds-client +#blueprintsprocessor.messageproducer.self-service-api.topic=cds-producer #Encrypted username and password for health check service diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml new file mode 100644 index 0000000000..555f4d4e60 --- /dev/null +++ b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml @@ -0,0 +1,68 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if eq .Values.useStrimziKafka true }} +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: {{ .Values.kafkaRequestConsumer.topic }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + partitions: 10 + replicas: 2 + config: + retention.ms: 7200000 + segment.bytes: 1073741824 +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: {{ .Values.kafkaRequestProducer.topic }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + partitions: 10 + replicas: 2 + config: + retention.ms: 7200000 + segment.bytes: 1073741824 +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: {{ .Values.kafkaAuditRequest.topic }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + partitions: 10 + replicas: 2 + config: + retention.ms: 7200000 + segment.bytes: 1073741824 +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: {{ .Values.kafkaAuditResponse.topic }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + partitions: 10 + replicas: 2 + config: + retention.ms: 7200000 + segment.bytes: 1073741824 +{{ end }}
\ No newline at end of file diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml new file mode 100644 index 0000000000..65ee1d2a96 --- /dev/null +++ b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml @@ -0,0 +1,49 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if eq .Values.useStrimziKafka true }} +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaUser +metadata: + name: {{ include "common.release" . }}-{{ .Values.cdsKafkaUser }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + authentication: + type: scram-sha-512 + authorization: + type: simple + acls: + - resource: + type: group + name: {{ .Values.kafkaRequestConsumer.groupId }} + operation: All + - resource: + type: topic + name: {{ .Values.kafkaRequestConsumer.topic }} + operation: All + - resource: + type: topic + name: {{ .Values.kafkaRequestProducer.topic }} + operation: All + - resource: + type: topic + name: {{ .Values.kafkaAuditRequest.topic }} + operation: All + - resource: + type: topic + name: {{ .Values.kafkaAuditResponse.topic }} + operation: All +{{ end }}
\ No newline at end of file diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml index d92f09a4c8..d68e900222 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # Copyright (c) 2019 IBM, Bell Canada # Copyright (c) 2020 Samsung Electronics +# Modification Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -78,10 +79,6 @@ spec: args: - --container-name - cds-db - {{- if .Values.dmaapEnabled }} - - --container-name - - message-router - {{ end }} env: - name: NAMESPACE valueFrom: @@ -121,6 +118,10 @@ spec: fieldPath: metadata.name - name: CLUSTER_CONFIG_FILE value: {{ .Values.config.appConfigDir }}/hazelcast.yaml + {{ if .Values.useStrimziKafka }} + - name: JAAS_PASS + value: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-kafka-secret" "key" "password") | indent 12 }} + {{ end }} ports: - containerPort: {{ .Values.service.http.internalPort }} - containerPort: {{ .Values.service.grpc.internalPort }} diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml index f59e8cea4d..af9482b663 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml @@ -1,5 +1,6 @@ # Copyright (c) 2019 IBM, Bell Canada # Copyright (c) 2020 Samsung Electronics +# Modification Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -57,6 +58,13 @@ secrets: externalSecret: '{{ tpl (default "" .Values.config.sdncDB.dbRootPassExternalSecret) . }}' password: '{{ .Values.config.sdncDB.dbRootPass }}' passwordPolicy: required + - uid: cds-kafka-secret + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: password + value: '{{ .Values.config.someConfig }}' + policy: generate ################################################################# # AAF part @@ -87,7 +95,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-blueprintsprocessor:1.2.1 +image: onap/ccsdk-blueprintsprocessor:1.3.0 pullPolicy: Always # flag to enable debugging - application support required @@ -111,6 +119,7 @@ config: # dbCredsExternalSecret: <some secret name> # dbRootPassword: password # dbRootPassExternalSecret + someConfig: blah # default number of instances replicaCount: 1 @@ -119,10 +128,40 @@ nodeSelector: {} affinity: {} -# flag for kafka-listener dependency. Set to true if you are using message-router otherwise set to false if you are using -# custom kafka cluster. -dmaapEnabled: true +# If useStrimziKafka is true, the following also applies: +# strimzi will create an associated kafka user and the topics defined for Request and Audit elements below. +# The connection type must be kafka-scram-plain-text-auth +# The bootstrapServers will target the strimzi kafka cluster by default +useStrimziKafka: false +cdsKafkaUser: cds-kafka-user +kafkaRequestConsumer: + enabled: false + type: kafka-scram-plain-text-auth + bootstrapServers: host:port + groupId: cds-consumer + topic: cds.blueprint-processor.self-service-api.request + clientId: request-receiver-client-id + pollMillSec: 1000 +kafkaRequestProducer: + type: kafka-scram-plain-text-auth + bootstrapServers: host:port + clientId: request-producer-client-id + topic: cds.blueprint-processor.self-service-api.response + enableIdempotence: false +kafkaAuditRequest: + enabled: false + type: kafka-scram-plain-text-auth + bootstrapServers: host:port + clientId: audit-request-producer-client-id + topic: cds.blueprint-processor.self-service-api.audit.request + enableIdempotence: false +kafkaAuditResponse: + type: kafka-scram-plain-text-auth + bootstrapServers: host:port + clientId: audit-response-producer-client-id + topic: cds.blueprint-processor.self-service-api.audit.response + enableIdempotence: false # probe configuration parameters startup: diff --git a/kubernetes/cds/components/cds-command-executor/values.yaml b/kubernetes/cds/components/cds-command-executor/values.yaml index 8077d819d1..b0c1e35cba 100755 --- a/kubernetes/cds/components/cds-command-executor/values.yaml +++ b/kubernetes/cds/components/cds-command-executor/values.yaml @@ -32,7 +32,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-commandexecutor:1.2.1 +image: onap/ccsdk-commandexecutor:1.3.0 pullPolicy: Always # application configuration diff --git a/kubernetes/cds/components/cds-py-executor/values.yaml b/kubernetes/cds/components/cds-py-executor/values.yaml index cf138c5e26..9dc4a3181e 100755 --- a/kubernetes/cds/components/cds-py-executor/values.yaml +++ b/kubernetes/cds/components/cds-py-executor/values.yaml @@ -30,7 +30,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-py-executor:1.2.1 +image: onap/ccsdk-py-executor:1.3.0 pullPolicy: Always # default number of instances diff --git a/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml b/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml index b3e95a2a21..7ef5959a1b 100644 --- a/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml @@ -14,10 +14,16 @@ listenerservice: keyStorePath: activateServerTLSAuth : false isUseHttpsWithDmaap: false + isUseHttpsWithSDC: true archivePath: /opt/app/onap/sdc-listener/ grpcAddress: cds-blueprints-processor-grpc grpcPort: 9111 authHeader: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== + httpsProxyHost: + httpProxyHost: + httpsProxyPort: 0 + httpProxyPort: 0 + cdslistener: diff --git a/kubernetes/cds/components/cds-sdc-listener/values.yaml b/kubernetes/cds/components/cds-sdc-listener/values.yaml index 7ca0a44aa4..ac1e3b4dde 100644 --- a/kubernetes/cds/components/cds-sdc-listener/values.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/values.yaml @@ -29,7 +29,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-sdclistener:1.2.1 +image: onap/ccsdk-sdclistener:1.3.0 name: sdc-listener pullPolicy: Always diff --git a/kubernetes/cds/components/cds-ui/values.yaml b/kubernetes/cds/components/cds-ui/values.yaml index 175c17ffa9..05f766e186 100644 --- a/kubernetes/cds/components/cds-ui/values.yaml +++ b/kubernetes/cds/components/cds-ui/values.yaml @@ -44,7 +44,7 @@ certInitializer: {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop # application image -image: onap/ccsdk-cds-ui-server:1.2.1 +image: onap/ccsdk-cds-ui-server:1.3.0 pullPolicy: Always # application configuration diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml index edac066f6f..58e6b65c6f 100644 --- a/kubernetes/cds/values.yaml +++ b/kubernetes/cds/values.yaml @@ -1,6 +1,7 @@ # Copyright © 2020 Samsung Electronics # Copyright © 2019 Orange, Bell Canada # Copyright © 2017 Amdocs, Bell Canada +# Modification Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,6 +23,7 @@ global: nodePortPrefixExt: 304 persistence: mountPath: /dockerdata-nfs + cdsKafkaUser: cds-kafka-user ################################################################# # Secrets metaconfig @@ -212,6 +214,7 @@ cds-blueprints-processor: dbPort: 3306 dbName: *mysqlDbName dbCredsExternalSecret: *dbUserSecretName + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.kafkaUser }}' cds-command-executor: enabled: true diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index fa1f6c3e62..9257dc89f9 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -69,7 +69,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-dgbuilder-image:1.2.2 +image: onap/ccsdk-dgbuilder-image:1.3.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index 112b8c0618..38f3e6e423 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -50,7 +50,7 @@ global: clusterDomain: cluster.local metrics: {} -image: bitnami/mariadb-galera:10.6.5-debian-10-r28 +image: bitnami/mariadb-galera:10.5.8 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index 6937facf6f..5f864a6555 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -74,7 +74,7 @@ mariadb-init: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-apps-ms-neng:1.2.1 +image: onap/ccsdk-apps-ms-neng:1.3.0 pullPolicy: IfNotPresent # application configuration diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index 34ce466f48..10703eff6e 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -35,7 +35,7 @@ global: jreImage: onap/integration-java11:10.0.0 kubectlImage: bitnami/kubectl:1.22.4 loggingImage: beats/filebeat:5.5.0 - mariadbImage: bitnami/mariadb:10.6.5-debian-10-r28 + mariadbImage: bitnami/mariadb:10.5.8 nginxImage: bitnami/nginx:1.21.4 postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 readinessImage: onap/oom/readiness:3.0.1 diff --git a/kubernetes/contrib/components/awx/templates/service.yaml b/kubernetes/contrib/components/awx/templates/service.yaml index 10f031da82..85ec8c8428 100755 --- a/kubernetes/contrib/components/awx/templates/service.yaml +++ b/kubernetes/contrib/components/awx/templates/service.yaml @@ -49,7 +49,6 @@ spec: ports: - port: {{ .Values.service.web.externalPort }} targetPort: {{ .Values.service.web.internalPort }} - nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.web.nodePort }} name: {{ .Values.service.web.portName }} selector: app: {{ include "common.fullname" . }} diff --git a/kubernetes/contrib/components/awx/values.yaml b/kubernetes/contrib/components/awx/values.yaml index 0a247c5743..44c57414a4 100755 --- a/kubernetes/contrib/components/awx/values.yaml +++ b/kubernetes/contrib/components/awx/values.yaml @@ -92,11 +92,10 @@ service: internalPort: 15672 externalPort: 15672 web: - type: NodePort + type: ClusterIP portName: web internalPort: 8052 externalPort: 8052 - nodePort: 78 rabbitmq: type: ClusterIP http: diff --git a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml index e9958f1114..e295a37b45 100644 --- a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml +++ b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml @@ -1,7 +1,7 @@ {{/* # Copyright (C) 2021 Pantheon.tech # Modifications Copyright (C) 2020 Bell Canada. -# Modifications Copyright (C) 2021 Nordix Foundation. +# Modifications Copyright (C) 2021-2022 Nordix Foundation. # Modifications Copyright (C) 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -28,17 +28,21 @@ spring: password: ${DB_PASSWORD} driverClassName: org.postgresql.Driver initialization-mode: always - liquibase: change-log: classpath:changelog/changelog-master.yaml labels: {{ .Values.config.liquibaseLabels }} + kafka: + producer: + client-id: cps-core + security: - # comma-separated uri patterns which do not require authorization - permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/api-docs - auth: - username: ${CPS_USERNAME} - password: ${CPS_PASSWORD} + # comma-separated uri patterns which do not require authorization + permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/api-docs + auth: + username: ${CPS_USERNAME} + password: ${CPS_PASSWORD} + logging: level: org: @@ -49,12 +53,18 @@ dmi: username: ${DMI_USERNAME} password: ${DMI_PASSWORD} -{{- if .Values.config.eventPublisher }} +{{- if .Values.config.useStrimziKafka }} +spring.kafka.bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 +spring.kafka.security.protocol: SASL_PLAINTEXT +spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512 +spring.kafka.properties.sasl.jaas.config: ${JAASLOGIN} +{{ else }} {{ toYaml .Values.config.eventPublisher | nindent 2 }} {{- end }} {{- if .Values.config.additional }} {{ toYaml .Values.config.additional | nindent 2 }} {{- end }} + # Last empty line is required otherwise the last property will be missing from application.yml file in the pod. diff --git a/kubernetes/cps/components/cps-core/templates/deployment.yaml b/kubernetes/cps/components/cps-core/templates/deployment.yaml index e6ee161feb..54e2cc6cdf 100644 --- a/kubernetes/cps/components/cps-core/templates/deployment.yaml +++ b/kubernetes/cps/components/cps-core/templates/deployment.yaml @@ -1,7 +1,7 @@ {{/* # Copyright (C) 2021 Pantheon.tech, Orange # Modifications Copyright (C) 2021 Bell Canada. -# Modifications Copyright (C) 2021 Nordix Foundation. +# Modifications Copyright (C) 2021-2022 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -57,7 +57,10 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "login") | indent 12 }} - name: DMI_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "password") | indent 12 }} - + {{- if .Values.config.useStrimziKafka }} + - name: JAASLOGIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-kafka-user" "key" "sasl.jaas.config") | indent 12 }} + {{- end }} volumeMounts: - mountPath: /config-input name: init-data-input diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml index d65924e90f..c548abbd23 100644 --- a/kubernetes/cps/components/cps-core/values.yaml +++ b/kubernetes/cps/components/cps-core/values.yaml @@ -1,5 +1,6 @@ # Copyright (C) 2021 Pantheon.tech, Orange, Bell Canada. # Modifications Copyright (C) 2022 Bell Canada +# Modifications Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -42,6 +43,13 @@ secrets: login: '{{ .Values.config.dmiPluginUserName }}' password: '{{ .Values.config.dmiPluginUserPassword }}' passwordPolicy: generate + - uid: cps-kafka-user + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: sasl.jaas.config + value: '{{ .Values.config.someConfig }}' + policy: generate ################################################################# # Global configuration defaults. @@ -67,7 +75,7 @@ global: container: name: postgres -image: onap/cps-and-ncmp:3.0.0 +image: onap/cps-and-ncmp:3.0.1 containerPort: &svc_port 8080 managementPort: &mgt_port 8081 @@ -170,17 +178,23 @@ config: #appUserPassword: dmiPluginUserName: dmiuser # Any new property can be added in the env by setting in overrides in the format mentioned below -# All the added properties must be in "key: value" format insead of yaml. +# All the added properties must be in "key: value" format instead of yaml. # additional: # spring.config.max-size: 200 # spring.config.min-size: 10 - eventPublisher: - spring.kafka.bootstrap-servers: message-router-kafka:9092 - spring.kafka.security.protocol: SASL_PLAINTEXT - spring.kafka.properties.sasl.mechanism: PLAIN - spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=admin_secret; - spring.kafka.producer.client-id: cps-core +# kafka config + useStrimziKafka: true + kafkaBootstrap: strimzi-kafka-bootstrap +# If targeting a custom kafka cluster, ie useStrimziKakfa: false +# uncomment below config and target your kafka bootstrap servers, +# along with any other security config. + +# eventPublisher: +# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092 +# spring.kafka.security.protocol: SASL_PLAINTEXT +# spring.kafka.properties.sasl.mechanism: PLAIN +# spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=admin_secret; additional: notification.data-updated.enabled: true diff --git a/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml b/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml index 32ae51b51a..6e80843949 100644 --- a/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml +++ b/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml @@ -1,6 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (c) 2021 Bell Canada. +# Modifications Copyright © 2022 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,19 +25,31 @@ spring: username: ${DB_USERNAME} password: ${DB_PASSWORD} -security: - auth: - username: ${APP_USERNAME} - password: ${APP_PASSWORD} + kafka: + consumer: + group-id: {{ .Values.config.kafka.consumer.groupId }} + +app: + listener: + data-updated: + topic: {{ .Values.config.app.listener.dataUpdatedTopic }} -# Event consumption properties (kafka) -{{- if .Values.config.eventConsumption }} -{{ toYaml .Values.config.eventConsumption | nindent 2 }} +{{- if .Values.config.useStrimziKafka }} +spring.kafka.bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 +spring.kafka.security.protocol: SASL_PLAINTEXT +spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512 +spring.kafka.properties.sasl.jaas.config: ${JAASLOGIN} +{{ else }} +{{ toYaml .Values.config.eventPublisher | nindent 2 }} {{- end }} -# Additional properties {{- if .Values.config.additional }} {{ toYaml .Values.config.additional | nindent 2 }} {{- end }} +security: + auth: + username: ${APP_USERNAME} + password: ${APP_PASSWORD} + # Last empty line is required otherwise the last property will be missing from application.yml file in the pod. diff --git a/kubernetes/cps/components/cps-temporal/templates/deployment.yaml b/kubernetes/cps/components/cps-temporal/templates/deployment.yaml index 806e65a865..71ff37193b 100644 --- a/kubernetes/cps/components/cps-temporal/templates/deployment.yaml +++ b/kubernetes/cps/components/cps-temporal/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # ============LICENSE_START======================================================= # Copyright (c) 2021 Bell Canada. +# Modifications Copyright © 2022 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -53,6 +54,10 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }} - name: APP_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }} + {{- if .Values.config.useStrimziKafka }} + - name: JAASLOGIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-kafka-user" "key" "sasl.jaas.config") | indent 12 }} + {{- end }} volumeMounts: - mountPath: /config-input name: init-data-input diff --git a/kubernetes/cps/components/cps-temporal/values.yaml b/kubernetes/cps/components/cps-temporal/values.yaml index 68bc2a7e8a..a92791e019 100644 --- a/kubernetes/cps/components/cps-temporal/values.yaml +++ b/kubernetes/cps/components/cps-temporal/values.yaml @@ -1,5 +1,6 @@ # ============LICENSE_START======================================================= # Copyright (c) 2021 Bell Canada. +# Modifications Copyright © 2022 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -39,6 +40,13 @@ secrets: login: '{{ .Values.config.appUserName }}' password: '{{ .Values.config.appUserPassword }}' passwordPolicy: generate + - uid: cps-kafka-user + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: sasl.jaas.config + value: '{{ .Values.config.someConfig }}' + policy: generate image: onap/cps-temporal:1.1.0 containerPort: &svc_port 8080 @@ -139,13 +147,23 @@ config: profile: helm #appUserPassword: - # Event consumption (kafka) properties - # All Kafka properties must be in "key: value" format instead of yaml. - eventConsumption: - spring.kafka.bootstrap-servers: message-router-kafka:9092 - spring.kafka.security.protocol: PLAINTEXT - spring.kafka.consumer.group-id: cps-temporal-group - app.listener.data-updated.topic: cps.data-updated-events +# Event consumption (kafka) properties + useStrimziKafka: true + kafkaBootstrap: strimzi-kafka-bootstrap + kafka: + consumer: + groupId: cps-temporal-group + app: + listener: + dataUpdatedTopic: cps.data-updated-events +# If targeting a custom kafka cluster, ie useStrimziKakfa: false +# uncomment below config and target your kafka bootstrap servers, +# along with any other security config. + +# eventConsumption: +# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092 +# spring.kafka.security.protocol: PLAINTEXT +# spring.kafka.consumer.group-id: cps-temporal-group # Any new property can be added in the env by setting in overrides in the format mentioned below # All the added properties must be in "key: value" format instead of yaml. diff --git a/kubernetes/cps/templates/cps-kafka-topic.yaml b/kubernetes/cps/templates/cps-kafka-topic.yaml new file mode 100644 index 0000000000..1a23ddfc9b --- /dev/null +++ b/kubernetes/cps/templates/cps-kafka-topic.yaml @@ -0,0 +1,28 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.config.useStrimziKafka }} +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: {{ .Values.config.dataUpdatedTopic.name }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + partitions: {{ .Values.config.dataUpdatedTopic.partitions }} + config: + retention.ms: {{ .Values.config.dataUpdatedTopic.retentionMs }} + segment.bytes: {{ .Values.config.dataUpdatedTopic.segmentBytes }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/cps/templates/cps-kafka-user.yaml b/kubernetes/cps/templates/cps-kafka-user.yaml new file mode 100644 index 0000000000..b3136d7f04 --- /dev/null +++ b/kubernetes/cps/templates/cps-kafka-user.yaml @@ -0,0 +1,41 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.config.useStrimziKafka }} +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaUser +metadata: + name: {{ include "common.release" . }}-{{ .Values.global.cpsKafkaUser }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + authentication: + type: scram-sha-512 + authorization: + type: simple + acls: + - resource: + type: group + name: {{ .Values.config.dataUpdatedTopic.consumer.groupId }} + operation: Read + - resource: + type: topic + name: {{ .Values.config.dataUpdatedTopic.name }} + operation: Read + - resource: + type: topic + name: {{ .Values.config.dataUpdatedTopic.name }} + operation: Write +{{- end }}
\ No newline at end of file diff --git a/kubernetes/cps/values.yaml b/kubernetes/cps/values.yaml index 754b016fe8..700ad38844 100755 --- a/kubernetes/cps/values.yaml +++ b/kubernetes/cps/values.yaml @@ -1,4 +1,5 @@ # Copyright (C) 2021 Bell Canada +# Modifications Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -40,9 +41,20 @@ global: virtualhost: baseurl: "simpledemo.onap.org" + kafkaBootstrap: strimzi-kafka-bootstrap + cpsKafkaUser: cps-kafka-user + config: coreUserName: cpsuser dmiPluginUserName: dmiuser + useStrimziKafka: true + dataUpdatedTopic: + name: cps.data-updated-events + partitions: 10 + retentionMs: 7200000 + segmentBytes: 1073741824 + consumer: + groupId: cps-temporal-group # Enable all CPS components by default cps-core: @@ -50,9 +62,12 @@ cps-core: config: appUserExternalSecret: *core-creds-secret dmiPluginUserExternalSecret: *dmi-plugin-creds-secret + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.cpsKafkaUser }}' cps-temporal: enabled: true + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.cpsKafkaUser }}' ncmp-dmi-plugin: enabled: true diff --git a/kubernetes/dcaegen2-services/Chart.yaml b/kubernetes/dcaegen2-services/Chart.yaml index 4710acc2b3..7c8a0e7ad6 100644 --- a/kubernetes/dcaegen2-services/Chart.yaml +++ b/kubernetes/dcaegen2-services/Chart.yaml @@ -27,10 +27,6 @@ dependencies: - name: common version: ~10.x-0 repository: '@local' - - name: dcae-bbs-eventprocessor-ms - version: ~10.x-0 - repository: '@local' - condition: dcae-bbs-eventprocessor-ms.enabled - name: dcae-datafile-collector version: ~10.x-0 repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/Chart.yaml deleted file mode 100644 index 5463d37a6e..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/Chart.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# ================================ LICENSE_START ============================= -# ============================================================================ -# Copyright (c) 2021 AT&T Intellectual Property -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ================================= LICENSE_END ============================== - -apiVersion: v2 -appVersion: "Jakarta" -description: DCAE BBS-EventProcessor Microservice -name: dcae-bbs-eventprocessor-ms -version: 10.0.0 - -dependencies: - - name: common - version: ~10.x-0 - repository: '@local' - - name: readinessCheck - version: ~10.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~10.x-0 - repository: '@local' - - name: dcaegen2-services-common - version: ~10.x-0 - repository: '@local' - - name: serviceAccount - version: ~10.x-0 - repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/configmap.yaml deleted file mode 100644 index a914446c99..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/configmap.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 AT&T Intellectual Property # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "dcaegen2-services-common.configMap" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/deployment.yaml deleted file mode 100644 index 0ad66b62a9..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/deployment.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 AT&T Intellectual Property # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "dcaegen2-services-common.microserviceDeployment" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/secret.yaml deleted file mode 100644 index 6b70356ca9..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 AT&T Intellectual Property # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "common.secretFast" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/service.yaml deleted file mode 100644 index cf11d2a0c5..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{/* -################################################################################ -# Copyright (c) 2021 AT&T Intellectual Property # -# # -# Licensed under the Apache License, Version 2.0 (the "License"); # -# you may not use this file except in compliance with the License. # -# You may obtain a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -################################################################################ -*/}} - -{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml deleted file mode 100644 index f55aeecdbd..0000000000 --- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml +++ /dev/null @@ -1,211 +0,0 @@ -# ================================ LICENSE_START ============================= -# ============================================================================ -# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved. -# ============================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ================================= LICENSE_END ============================== - -################################################################# -# Global Configuration Defaults. -################################################################# -global: - nodePortPrefix: 302 - nodePortPrefixExt: 304 - centralizedLoggingEnabled: true - -################################################################# -# Filebeat Configuration Defaults. -################################################################# -filebeatConfig: - logstashServiceName: log-ls - logstashPort: 5044 - -################################################################# -# Secrets Configuration. -################################################################# -secrets: - - uid: &aafCredsUID aafcreds - type: basicAuth - login: '{{ .Values.aafCreds.identity }}' - password: '{{ .Values.aafCreds.password }}' - passwordPolicy: required - - uid: &aaiCredsUID aaicreds - type: basicAuth - login: '{{ .Values.aaiCreds.username }}' - password: '{{ .Values.aaiCreds.password }}' - passwordPolicy: required - - -################################################################# -# InitContainer Images. -################################################################# -tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 -consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 - -################################################################# -# Application Configuration Defaults. -################################################################# -# Application Image -image: onap/org.onap.dcaegen2.services.components.bbs-event-processor:2.1.1 -pullPolicy: Always - -# Log directory where logging sidecar should look for log files -# if path is set to null sidecar won't be deployed in spite of -# global.centralizedLoggingEnabled setting. -log: - path: /opt/app/bbs-event-processor/logs -logConfigMapNamePrefix: '{{ include "common.fullname" . }}' - -# Directory where TLS certs should be stored -# if absent, no certs will be retrieved and stored -certDirectory: /opt/app/bbs-event-processor/etc/cert/ - -# TLS role -- set to true if microservice acts as server -# If true, an init container will retrieve a server cert -# and key from AAF and mount them in certDirectory. -tlsServer: true - -# Dependencies -readinessCheck: - wait_for: - - dcae-config-binding-service - - aaf-cm - -# Probe Configuration -readiness: - initialDelaySeconds: 120 - periodSeconds: 180 - timeoutSeconds: 5 - path: /heartbeat - scheme: HTTP - port: 8100 - - -# Service Configuration -service: - type: ClusterIP - name: dcae-bbs-eventprocessor - ports: - - name: https - port: 8100 - port_protocol: http - -# AAF Credentials -aafCreds: - identity: dcae@dcae.onap.org - password: demo123456! - -# AAI Credentials -aaiCreds: - username: AAI - password: AAI - -credentials: -- name: AAF_USERNAME - uid: *aafCredsUID - key: login -- name: AAF_PASSWORD - uid: *aafCredsUID - key: password -- name: AAI_USERNAME - uid: *aaiCredsUID - key: login -- name: AAI_PASSWORD - uid: *aaiCredsUID - key: password - - -# Initial Application Configuration -applicationConfig: - streams_subscribes: - pnf_reregistration: - type: message_router - aaf_username: ${AAF_USERNAME} - aaf_password: ${AAF_PASSWORD} - dmaap_info: - topic_url: https:message-router:3905/events/unauthenticated.PNF_UPDATE - cpe_authentication: - type: message_router - aaf_username: ${AAF_USERNAME} - aaf_password: ${AAF_PASSWORD} - dmaap_info: - topic_url: https:message-router:3905/events/unauthenticated.CPE_AUTHENTICATION - streams_publishes: - close_loop: - type: message_router - aaf_username: ${AAF_USERNAME} - aaf_password: ${AAF_PASSWORD} - dmaap_info: - topic_url: https:message-router:3905/events/unauthenticated.DCAE_CL_OUTPUT - dmaap.protocol: https - dmaap.contentType: application/json - dmaap.consumer.consumerId: c12 - dmaap.consumer.consumerGroup: OpenDcae-c12 - dmaap.messageLimit: -1 - dmaap.timeoutMs: -1 - aai.host: aai.onap - aai.port: 8443 - aai.protocol: https - aai.username: ${AAI_USERNAME} - aai.password: ${AAF_PASSWORD} - aai.aaiIgnoreSslCertificateErrors: true - application.pipelinesPollingIntervalSec: 25 - application.pipelinesTimeoutSec: 15 - application.cbsPollingIntervalSec: 120 - application.policyVersion: 1.0.0.5 - application.clTargetType: VM - application.clEventStatus: ONSET - application.clVersion: 1.0.2 - application.clTarget: vserver.vserver-name - application.clOriginator: DCAE-BBS-ep - application.reregistration.policyScope: policyScopeReReg - application.reregistration.clControlName: clControlNameReReg - application.cpe.authentication.policyScope: policyScopeCpeAuth - application.cpe.authentication.clControlName: clControlNameCpeAuth - application.reregistration.configKey: pnf_reregistration - application.cpeAuth.configKey: cpe_authentication - application.closeLoop.configKey: close_loop - application.loggingLevel: INFO - application.ssl.keyStorePath: "/opt/app/bbs-event-processor/etc/cert/cert.jks" - application.ssl.keyStorePasswordPath: "/opt/app/bbs-event-processor/etc/cert/jks.pass" - application.ssl.trustStorePath: "/opt/app/bbs-event-processor/etc/cert/trust.jks" - application.ssl.trustStorePasswordPath: "/opt/app/bbs-event-processor/etc/cert/trust.pass" - application.ssl.enableAaiCertAuth: true - application.ssl.enableDmaapCertAuth: true - -# Resource Limit Flavor -By Default Using Small -flavor: small - -# Segregation for Different Environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 1Gi - requests: - cpu: 1 - memory: 1Gi - large: - limits: - cpu: 2 - memory: 2Gi - requests: - cpu: 2 - memory: 2Gi - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: dcae-bbs-eventprocessor-ms - roles: - - read diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml index 72c6a4bcce..ad8ca9fb2e 100644 --- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml @@ -123,15 +123,11 @@ applicationConfig: cid: kpi-cid streams_subscribes: performance_management_topic: - aafUsername: ${AAF_IDENTITY} - aafPassword: ${AAF_PASSWORD} type: message-router dmaap_info: topic_url: http://message-router:3904/events/unauthenticated.PERFORMANCE_MEASUREMENTS streams_publishes: kpi_topic: - aafUsername: ${AAF_IDENTITY} - aafPassword: ${AAF_PASSWORD} type: message-router dmaap_info: topic_url: http://message-router:3904/events/unauthenticated.DCAE_KPI_OUTPUT diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml index 1c6d68969c..971d7bfd24 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml @@ -57,7 +57,7 @@ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.pmsh:2.0.0 +image: onap/org.onap.dcaegen2.services.pmsh:2.2.2 pullPolicy: Always # Log directory where logging sidecar should look for log files diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml index 9261b8ebe0..ef272eef23 100644 --- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml @@ -2,6 +2,7 @@ # ============================================================================ # Copyright (C) 2021-2022 Wipro Limited. # Copyright (c) 2022 J. F. Lucas. All rights reserved. +# Copyright (C) 2022 Huawei Canada Limited. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -57,7 +58,7 @@ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.0.7 +image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.1.1 # Log directory where logging sidecar should look for log files # if path is set to null sidecar won't be deployed in spite of @@ -144,32 +145,48 @@ applicationConfig: sliceanalysisms.rannfnssiDetailsTemplateId: get-rannfnssiid-details sliceanalysisms.desUrl: http://dl-des:1681/datalake/v1/exposure/pm_data sliceanalysisms.pmDataDurationInWeeks: 4 + sliceanalysisms.vesNotifPollingInterval: 15 + sliceanalysisms.vesNotifChangeIdentifier: PM_BW_UPDATE + sliceanalysisms.vesNotifChangeType: BandwidthChanged + sliceanalysisms.aaiNotif.targetAction: UPDATE + sliceanalysisms.aaiNotif.targetSource: UUI + sliceanalysisms.aaiNotif.targetEntity: service-instance + sliceanalysisms.ccvpnEvalInterval: 15 + sliceanalysisms.ccvpnEvalThreshold: 0.8 + sliceanalysisms.ccvpnEvalPrecision: 100.0 + sliceanalysisms.ccvpnEvalPeriodicCheckOn: true + sliceanalysisms.ccvpnEvalOnDemandCheckOn: true streams_publishes: CL_topic: type: message-router - aaf_username: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} dmaap_info: topic_url: http://message-router:3904/events/unauthenticated.DCAE_CL_OUTPUT streams_subscribes: performance_management_topic: type: message-router - aaf_username: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} dmaap_info: topic_url: http://message-router:3904/events/unauthenticated.PERFORMANCE_MEASUREMENTS intelligent_slicing_topic: type: message-router - aaf_username: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} dmaap_info: topic_url: http://message-router:3904/events/unauthenticated.ML_RESPONSE_TOPIC dcae_cl_response_topic: type: message-router - aaf_username: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} dmaap_info: topic_url: http://message-router:3904/events/DCAE_CL_RSP + ves_ccvpn_notification_topic: + type: message-router + dmaap_info: + topic_url: http://message-router:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT + aai_subscriber: + type: message-router + servers : ["message-router:3904"] + consumer_group: dcae_ccvpn_cl + consumer_instance: dcae_ccvpn_cl_aaievent + fetch_timeout: 15000 + fetch_limit: 100 + dmaap_info: + topic_url: http://message-router:3904/events/AAI-EVENT applicationEnv: STANDALONE: 'false' diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml index 88ceac0e8d..5e487e27a9 100644 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml @@ -186,33 +186,23 @@ applicationConfig: streams_publishes: CL_topic: type: message-router - aaf_username: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} dmaap_info: topic_url: http://message-router:3904/events/unauthenticated.DCAE_CL_OUTPUT streams_subscribes: performance_management_topic: type: message-router - aaf_username: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} dmaap_info: topic_url: http://message-router:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT fault_management_topic: type: message-router - aaf_username: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} dmaap_info: topic_url: http://message-router:3904/events/unauthenticated.SEC_FAULT_OUTPUT nbr_list_change_topic: type: message-router - aaf_username: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} dmaap_info: topic_url: http://message-router:3904/events/PCI-NOTIF-TOPIC-NGHBR-LIST-CHANGE-INFO dcae_cl_response_topic: type: message-router - aaf_username: ${AAF_IDENTITY} - aaf_password: ${AAF_PASSWORD} dmaap_info: topic_url: http://message-router:3904/events/DCAE_CL_RSP service_calls: diff --git a/kubernetes/dcaegen2-services/values.yaml b/kubernetes/dcaegen2-services/values.yaml index 5334caced0..a7e24d1d9b 100644 --- a/kubernetes/dcaegen2-services/values.yaml +++ b/kubernetes/dcaegen2-services/values.yaml @@ -28,9 +28,6 @@ filebeatConfig: # Control deployment of DCAE microservices at ONAP installation time dcae-ves-openapi-manager: enabled: true -dcae-bbs-eventprocessor-ms: - enabled: false - logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-datafile-collector: enabled: false logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml index 7475a4d2bf..9e62ccf2f7 100644 --- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml +++ b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml @@ -31,7 +31,7 @@ server: logging: # The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL. - level: ALL + level: INFO # Logger-specific levels. loggers: @@ -41,7 +41,7 @@ logging: appenders: - type: console - threshold: ALL + threshold: INFO timeZone: UTC logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n" - type: file @@ -51,7 +51,7 @@ logging: archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/engine-d-error-%d{yyyy-MM-dd}.log.gz archivedFileCount: 7 - type: file - threshold: DEBUG + threshold: INFO logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n" currentLogFilename: /var/log/ONAP/holmes/engine-d-debug.log archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/engine-d-debug-%d{yyyy-MM-dd}.log.gz diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml index c8ec225545..5781dabb85 100644 --- a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml +++ b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml @@ -28,7 +28,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/holmes/engine-management:10.0.2 +image: onap/holmes/engine-management:10.0.3 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 ################################################################# diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml index 43a83d09b0..89269dede8 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml @@ -24,7 +24,7 @@ server: logging: # The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL. - level: ALL + level: INFO # Logger-specific levels. loggers: @@ -34,7 +34,7 @@ logging: appenders: - type: console - threshold: ALL + threshold: INFO timeZone: UTC logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n" - type: file @@ -45,7 +45,7 @@ logging: archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/rulemgt-relation-error-%d{yyyy-MM-dd}.log.gz archivedFileCount: 7 - type: file - threshold: DEBUG + threshold: INFO logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n" currentLogFilename: /var/log/ONAP/holmes/rulemgt-relation-debug.log archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/rulemgt-relation-debug-%d{yyyy-MM-dd}.log.gz diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml index 94076194e0..fbe873b184 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml @@ -28,7 +28,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/holmes/rule-management:10.0.2 +image: onap/holmes/rule-management:10.0.3 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 ################################################################# diff --git a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml index 1b1bb387b9..61df057fdb 100644 --- a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml @@ -102,7 +102,7 @@ config: # application image flavor: small -image: onap/modeling/etsicatalog:1.0.13 +image: onap/modeling/etsicatalog:1.0.14 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml index 844ac5e58d..b152af282e 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml @@ -24,7 +24,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/k8s:0.10.0 +image: onap/multicloud/k8s:0.10.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 0e8dd21994..6939a87f21 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -97,7 +97,7 @@ global: loggingImage: beats/filebeat:5.5.0 # mariadb client image - mariadbImage: bitnami/mariadb:10.6.5-debian-10-r28 + mariadbImage: bitnami/mariadb:10.5.8 # nginx server image nginxImage: bitnami/nginx:1.21.4 diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml index 72c5ddc9c2..228302fed4 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml @@ -16,7 +16,7 @@ global: # global defaults nodePortPrefix: 302 image: - optf_has: onap/optf-has:2.2.1 + optf_has: onap/optf-has:2.3.0 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml index 0157c569a0..a8c5dd216a 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.2.1 + optf_has: onap/optf-has:2.3.0 ################################################################# # Secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml index 5623cde904..0aaf4286cd 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.2.1 + optf_has: onap/optf-has:2.3.0 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml index fa8bdd97ed..fd88273dce 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.2.1 + optf_has: onap/optf-has:2.3.0 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml index e7ceddd9a4..36c1945835 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml @@ -14,7 +14,7 @@ global: image: - optf_has: onap/optf-has:2.2.1 + optf_has: onap/optf-has:2.3.0 ################################################################# # secrets metaconfig diff --git a/kubernetes/oof/components/oof-has/resources/config/conductor.conf b/kubernetes/oof/components/oof-has/resources/config/conductor.conf index 7d724a593d..22a20fe64e 100755 --- a/kubernetes/oof/components/oof-has/resources/config/conductor.conf +++ b/kubernetes/oof/components/oof-has/resources/config/conductor.conf @@ -753,3 +753,47 @@ certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer #password = get_ta_list_url = "/api/v1/execute/ran-coverage-area/get_ta_list" + +[dcae] + +# +# From conductor +# +# +# Data Store table prefix. (string value) +#table_prefix = dcae + +# Base URL for DCAE, up to and not including the version, and without a +# trailing slash. (string value) +server_url = https://{{.Values.config.dcae.service}}.{{ include "common.namespace" . }}:{{.Values.config.dcae.port}} + +# Timeout for DCAE Rest Call (string value) +#dcae_rest_timeout = 30 + +# Number of retry for DCAE Rest Call (string value) +#dcae_retries = 3 + +# The version of A&AI in v# format. (string value) +server_url_version = v1 + +# SSL/TLS certificate file in pem format. This certificate must be registered +# with the SDC endpoint. (string value) +#certificate_file = certificate.pem +certificate_file = + +# Private Certificate Key file in pem format. (string value) +#certificate_key_file = certificate_key.pem +certificate_key_file = + +# Certificate Authority Bundle file in pem format. Must contain the appropriate +# trust chain for the Certificate file. (string value) +#certificate_authority_bundle_file = certificate_authority_bundle.pem +certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer + +# Username for DCAE. (string value) +#username = + +# Password for DCAE. (string value) +#password = + +get_slice_config_url = "/api/v1/slices-config"
\ No newline at end of file diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml index bc129beb3e..8a146a90b8 100755 --- a/kubernetes/oof/components/oof-has/values.yaml +++ b/kubernetes/oof/components/oof-has/values.yaml @@ -19,7 +19,7 @@ global: commonConfigPrefix: onap-oof-has image: - optf_has: onap/optf-has:2.2.1 + optf_has: onap/optf-has:2.3.0 persistence: enabled: true @@ -71,6 +71,9 @@ config: cps: service: cps-tbdmt port: 8080 + dcae: + service: dcae-slice-analysis-ms + port: 8080 etcd: serviceName: &etcd-service oof-has-etcd port: 2379 diff --git a/kubernetes/oof/resources/config/conf/common_config.yaml b/kubernetes/oof/resources/config/conf/common_config.yaml index 8f00ac72da..57e8e27a19 100644 --- a/kubernetes/oof/resources/config/conf/common_config.yaml +++ b/kubernetes/oof/resources/config/conf/common_config.yaml @@ -162,4 +162,5 @@ nxi_termination: - "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'AN') > service-instance*('service-role','nsi')" - "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'AN_NF') > service-instance*('workload-context','AN')" - "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'TN_MH') > service-instance*('workload-context','AN')" + - "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'TN_FH') > service-instance*('workload-context','AN')" - "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'AN_NF') > service-instance*('workload-context','AN')" diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml index 677271c241..d3b3c7b245 100755 --- a/kubernetes/policy/Chart.yaml +++ b/kubernetes/policy/Chart.yaml @@ -85,3 +85,10 @@ dependencies: - name: serviceAccount version: ~10.x-0 repository: '@local' + - name: readinessCheck + version: ~10.x-0 + repository: '@local' + - name: postgres + version: ~10.x-0 + repository: '@local' + condition: global.postgres.localCluster diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml index dbf6a7cd6a..8284c73ed1 100644 --- a/kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml @@ -18,6 +18,6 @@ # ============LICENSE_END========================================================= */}} -{{- if .Values.prometheus.enabled }} +{{- if .Values.global.prometheusEnabled }} {{ include "common.serviceMonitor" . }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index 6adf0e6609..ad2d954088 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-apex-pdp:2.7.1 +image: onap/policy-apex-pdp:2.7.2 pullPolicy: Always # flag to enable debugging - application support required @@ -140,9 +140,6 @@ serviceAccount: roles: - read -prometheus: - enabled: true - metrics: serviceMonitor: # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. diff --git a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml index c08b035d53..e6cf2b3571 100644 --- a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml +++ b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml @@ -29,6 +29,8 @@ spring: driverClassName: org.mariadb.jdbc.Driver username: "${SQL_USER}" password: "${SQL_PASSWORD}" + hikari: + maximumPoolSize: 20 jpa: properties: hibernate: diff --git a/kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml index dbf6a7cd6a..8284c73ed1 100644 --- a/kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml +++ b/kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml @@ -18,6 +18,6 @@ # ============LICENSE_END========================================================= */}} -{{- if .Values.prometheus.enabled }} +{{- if .Values.global.prometheusEnabled }} {{ include "common.serviceMonitor" . }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index 89608cfb6f..72c5c498ba 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -79,7 +79,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-api:2.6.1 +image: onap/policy-api:2.6.2 pullPolicy: Always # flag to enable debugging - application support required @@ -156,9 +156,6 @@ serviceAccount: roles: - read -prometheus: - enabled: true - metrics: serviceMonitor: # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml index 8eafa463c5..844b3d78c2 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml @@ -71,7 +71,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-http-ppnt:6.2.1 +image: onap/policy-clamp-ac-http-ppnt:6.2.2 pullPolicy: Always # application configuration diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml index a3fb19f1bc..5592edcc3c 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml @@ -72,7 +72,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-k8s-ppnt:6.2.1 +image: onap/policy-clamp-ac-k8s-ppnt:6.2.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml index c825ab1a0c..70f2a0fa75 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml @@ -83,7 +83,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-ac-pf-ppnt:6.2.1 +image: onap/policy-clamp-ac-pf-ppnt:6.2.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-be/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml index 2016b14043..d40a2a9695 100644 --- a/kubernetes/policy/components/policy-clamp-be/values.yaml +++ b/kubernetes/policy/components/policy-clamp-be/values.yaml @@ -71,7 +71,7 @@ secrets: flavor: small # application image -image: onap/policy-clamp-backend:6.2.1 +image: onap/policy-clamp-backend:6.2.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml index 1b571fc502..f989715c41 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml @@ -78,7 +78,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-runtime-acm:6.2.1 +image: onap/policy-clamp-runtime-acm:6.2.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml index dbf6a7cd6a..8284c73ed1 100644 --- a/kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml @@ -18,6 +18,6 @@ # ============LICENSE_END========================================================= */}} -{{- if .Values.prometheus.enabled }} +{{- if .Values.global.prometheusEnabled }} {{ include "common.serviceMonitor" . }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index db271a9c3f..9e0b11d3a2 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -67,7 +67,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/policy-distribution:2.7.1 +image: onap/policy-distribution:2.7.2 pullPolicy: Always # flag to enable debugging - application support required @@ -162,9 +162,6 @@ serviceAccount: roles: - read -prometheus: - enabled: true - metrics: serviceMonitor: # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf index ff532ab5c1..57fa29bc3d 100755 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf @@ -1,6 +1,6 @@ {{/* # Copyright © 2017-2018 Amdocs, Bell Canada. -# Modifications Copyright (C) 2018-2020 AT&T Intellectual Property. +# Modifications Copyright (C) 2018-2020, 2022 AT&T Intellectual Property. # Modifications Copyright (C) 2021 Bell Canada. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -43,6 +43,9 @@ REPOSITORY_OFFLINE={{.Values.nexus.offline}} SQL_HOST={{ .Values.db.name }} SQL_PORT=3306 +# Liveness +LIVENESS_CONTROLLERS=* + # AAF AAF={{.Values.aaf.enabled}} diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml index 2fc08e4e5d..a25a7e16d3 100755 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml @@ -1,7 +1,7 @@ <!-- ============LICENSE_START======================================================= Copyright (C) 2020 Bell Canada. All rights reserved. - Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. + Modifications Copyright (C) 2021-2022 AT&T Intellectual Property. All rights reserved. ================================================================================ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -150,6 +150,8 @@ <appender-ref ref="AsyncStdOut" /> </logger> + <appender name="PromLogback" class="io.prometheus.client.logback.InstrumentedAppender"/> + <root level="INFO"> <appender-ref ref="AsyncDebugOut" /> <appender-ref ref="AsyncErrorOut" /> @@ -158,6 +160,7 @@ <appender-ref ref="AsyncStdOut" /> <appender-ref ref="AsyncMetricStdOut" /> <appender-ref ref="AsyncTransactionStdOut" /> + <appender-ref ref="PromLogback" /> </root> </configuration> diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/serviceMonitor.yaml new file mode 100644 index 0000000000..f8c450cb7e --- /dev/null +++ b/kubernetes/policy/components/policy-drools-pdp/templates/serviceMonitor.yaml @@ -0,0 +1,23 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (c) 2022 AT&T Intellectual Property +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{- if .Values.global.prometheusEnabled }} +{{ include "common.serviceMonitor" . }} +{{- end }} diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml index d389246b5c..7dee453771 100755 --- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml @@ -1,6 +1,6 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2020 AT&T Intellectual Property +# Modifications Copyright © 2018-2020, 2022 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -83,10 +83,12 @@ spec: - containerPort: {{ .Values.service.externalPort2 }} {{- if eq .Values.liveness.enabled true }} livenessProbe: - tcpSocket: - port: {{ .Values.service.externalPort }} + httpGet: + path: /healthcheck/controllers + port: 6968 initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{- end }} readinessProbe: tcpSocket: diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 2ce7503015..e15ce66359 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -1,6 +1,6 @@ # Copyright © 2017 Amdocs # Copyright © 2017, 2021 Bell Canada -# Modifications Copyright © 2018-2021 AT&T Intellectual Property +# Modifications Copyright © 2018-2022 AT&T Intellectual Property # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,12 +30,18 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: telemetry-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.telemetry.credsExternalSecret) . }}' + login: '{{ .Values.telemetry.user }}' + password: '{{ .Values.telemetry.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/policy-pdpd-cl:1.10.1 +image: onap/policy-pdpd-cl:1.10.2 pullPolicy: Always # flag to enable debugging - application support required @@ -51,7 +57,8 @@ affinity: {} # probe configuration parameters liveness: initialDelaySeconds: 180 - periodSeconds: 10 + periodSeconds: 60 + timeoutSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true @@ -195,3 +202,24 @@ serviceAccount: nameOverride: policy-drools-pdp roles: - read + +metrics: + serviceMonitor: + # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. + # The default operator for prometheus enforces the below label. + labels: + release: prometheus + enabled: true + port: policy-drools-pdp-9696 + interval: 60s + isHttps: true + basicAuth: + enabled: true + externalSecretNameSuffix: policy-drools-pdp-telemetry-creds + externalSecretUserKey: login + externalSecretPasswordKey: password + selector: + app: '{{ include "common.name" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: '{{ include "common.release" . }}' + heritage: '{{ .Release.Service }}' diff --git a/kubernetes/policy/components/policy-gui/resources/config/default.conf b/kubernetes/policy/components/policy-gui/resources/config/default.conf deleted file mode 100644 index 98417cd822..0000000000 --- a/kubernetes/policy/components/policy-gui/resources/config/default.conf +++ /dev/null @@ -1,32 +0,0 @@ -server { - - listen 2443 default ssl; - ssl_protocols TLSv1.2; - {{ if .Values.global.aafEnabled }} - ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}}; - ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}}; - {{ else }} - ssl_certificate /etc/ssl/clamp.pem; - ssl_certificate_key /etc/ssl/clamp.key; - {{ end }} - - ssl_verify_client optional_no_ca; - absolute_redirect off; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - try_files $uri $uri/ =404; - } - - location /clamp/restservices/clds/ { - proxy_pass https://policy-clamp-be:8443/restservices/clds/; - proxy_set_header X-SSL-Cert $ssl_client_escaped_cert; - } - - location = /50x.html { - root /var/lib/nginx/html; - } - error_page 500 502 503 504 /50x.html; - error_log /var/log/nginx/error.log warn; -} diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml index b67fa273de..a155715580 100644 --- a/kubernetes/policy/components/policy-gui/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-gui/templates/deployment.yaml @@ -1,6 +1,6 @@ {{/* # ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. +# Copyright (C) 2021-2022 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -62,6 +62,20 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["sh","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"] + env: +{{- else }} + command: ["/opt/app/policy/gui/bin/policy-gui.sh"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} + - name: CLAMP_URL + value: https://policy-clamp-be:8443 ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -81,9 +95,6 @@ spec: volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: logs mountPath: {{ .Values.log.path }} - - mountPath: /etc/nginx/conf.d/default.conf - name: {{ include "common.fullname" . }}-config - subPath: default.conf resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -99,9 +110,6 @@ spec: - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} - items: - - key: default.conf - path: default.conf - name: logs emptyDir: {} {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml index 6ee7715678..aa2b9d3122 100644 --- a/kubernetes/policy/components/policy-gui/values.yaml +++ b/kubernetes/policy/components/policy-gui/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. +# Copyright (C) 2021-2022 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,36 +26,46 @@ global: # global defaults aafEnabled: true ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +################################################################# # AAF part ################################################################# certInitializer: - permission_user: 1000 - permission_group: 999 - addconfig: true - keystoreFile: "org.onap.clamp.p12" - truststoreFile: "org.onap.clamp.trust.jks" - keyFile: "org.onap.clamp.keyfile" - truststoreFileONAP: "truststoreONAPall.jks" - clamp_key: "clamp.key" - clamp_pem: "clamp.pem" - clamp_ca_certs_pem: "clamp-ca-certs.pem" nameOverride: policy-gui-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: clamp - fqi: clamp@clamp.onap.org - public_fqdn: clamp.onap.org - cadi_longitude: "0.0" + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org cadi_latitude: "0.0" - app_ns: org.osaaf.aaf + cadi_longitude: "0.0" credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 aaf_add_config: > - cd {{ .Values.credsPath }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; - chmod a+rx *; + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export TRUSTSTORE='{{ .Values.credsPath }}/org.onap.policy.trust.jks'" >> {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + echo "export TRUSTSTORE_PASSWD='${cadi_truststore_password}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); subChartsOnly: enabled: true @@ -63,7 +73,7 @@ subChartsOnly: flavor: small # application image -image: onap/policy-gui:2.2.0 +image: onap/policy-gui:2.2.2 pullPolicy: Always # flag to enable debugging - application support required @@ -71,7 +81,7 @@ debugEnabled: false # log configuration log: - path: /var/log/nginx/ + path: /var/log/onap/policy/gui ################################################################# # Application configuration defaults. diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml index 6f501b8c21..00f7b9b8ee 100644 --- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml +++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml @@ -29,6 +29,8 @@ spring: driverClassName: org.mariadb.jdbc.Driver username: "${SQL_USER}" password: "${SQL_PASSWORD}" + hikari: + maximumPoolSize: 20 jpa: properties: hibernate: diff --git a/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml index dbf6a7cd6a..8284c73ed1 100644 --- a/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml +++ b/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml @@ -18,6 +18,6 @@ # ============LICENSE_END========================================================= */}} -{{- if .Values.prometheus.enabled }} +{{- if .Values.global.prometheusEnabled }} {{ include "common.serviceMonitor" . }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 311653b860..41978331a4 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -92,7 +92,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pap:2.6.1 +image: onap/policy-pap:2.6.2 pullPolicy: Always # flag to enable debugging - application support required @@ -181,9 +181,6 @@ serviceAccount: roles: - read -prometheus: - enabled: true - metrics: serviceMonitor: # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/logback.xml b/kubernetes/policy/components/policy-xacml-pdp/resources/config/logback.xml index cc7f8e56c1..fad7e72509 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/logback.xml +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/logback.xml @@ -1,7 +1,7 @@ <!-- ============LICENSE_START======================================================= Copyright (C) 2020 Bell Canada. All rights reserved. - Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. + Modifications Copyright (C) 2021-2022 AT&T Intellectual Property. All rights reserved. ================================================================================ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -95,10 +95,13 @@ <appender-ref ref="AsyncStdOut" /> </logger> + <appender name="PromLogback" class="io.prometheus.client.logback.InstrumentedAppender"/> + <root level="INFO"> <appender-ref ref="AsyncDebugOut" /> <appender-ref ref="AsyncErrorOut" /> <appender-ref ref="AsyncStdOut" /> + <appender-ref ref="PromLogback" /> </root> </configuration> diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml index dbf6a7cd6a..8284c73ed1 100644 --- a/kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml @@ -18,6 +18,6 @@ # ============LICENSE_END========================================================= */}} -{{- if .Values.prometheus.enabled }} +{{- if .Values.global.prometheusEnabled }} {{ include "common.serviceMonitor" . }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 504313832d..4b97dbb01d 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -83,7 +83,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-xacml-pdp:2.6.1 +image: onap/policy-xacml-pdp:2.6.2 pullPolicy: Always # flag to enable debugging - application support required @@ -159,9 +159,6 @@ serviceAccount: roles: - read -prometheus: - enabled: true - metrics: serviceMonitor: # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. diff --git a/kubernetes/policy/resources/config/db-pg.sh b/kubernetes/policy/resources/config/db-pg.sh new file mode 100644 index 0000000000..f26a80fad7 --- /dev/null +++ b/kubernetes/policy/resources/config/db-pg.sh @@ -0,0 +1,29 @@ +#!/bin/sh +# +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2022 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +# + +#psql() { /usr/bin/psql -h ${PG_HOST} -p ${PG_PORT} "$@"; }; + +export PGPASSWORD=${PG_ADMIN_PASSWORD}; + +psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE USER ${PG_USER} WITH PASSWORD '${PG_USER_PASSWORD}'" + +for db in migration pooling policyadmin policyclamp operationshistory clampacm +do + psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE DATABASE ${db};" + psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "GRANT ALL PRIVILEGES ON DATABASE ${db} TO ${PG_USER};" +done diff --git a/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh b/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh new file mode 100644 index 0000000000..53921ab751 --- /dev/null +++ b/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh @@ -0,0 +1,21 @@ +#!/bin/sh +{{/* +# Copyright (C) 2022 Nordix Foundation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB} +/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o upgrade +rc=$? +/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o report +exit $rc diff --git a/kubernetes/policy/templates/configmap.yaml b/kubernetes/policy/templates/configmap.yaml index 17558f86ea..c8b01ccb81 100755 --- a/kubernetes/policy/templates/configmap.yaml +++ b/kubernetes/policy/templates/configmap.yaml @@ -1,7 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018, 2020 AT&T Intellectual Property -# Modifications Copyright (C) 2021 Nordix Foundation. +# Modifications Copyright (C) 2021-2022 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index d59b5fe770..9fea669c37 100755 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -1,7 +1,7 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada # Modifications Copyright © 2020 AT&T Intellectual Property -# Modifications Copyright (C) 2021 Nordix Foundation. +# Modifications Copyright (C) 2022 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -33,9 +33,9 @@ spec: spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - initContainers: + initContainers: {{ if .Values.global.postgres.localCluster }}{{ include "common.readinessCheck.waitFor" . | nindent 6 }}{{ end }} #This container checks that all galera instances are up before initializing it. - - name: {{ include "common.name" . }}-readiness + - name: {{ include "common.name" . }}-mariadb-readiness image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: @@ -71,6 +71,33 @@ spec: value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" resources: {{ include "common.resources" . }} + {{ if .Values.global.postgres.localCluster }} + - name: {{ include "common.release" . }}-policy-pg-config + image: {{ .Values.repository }}/{{ .Values.postgresImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /docker-entrypoint-initdb.d/db-pg.sh + name: {{ include "common.fullname" . }}-config + subPath: db-pg.sh + command: + - /bin/sh + args: + - -x + - /docker-entrypoint-initdb.d/db-pg.sh + env: + - name: PG_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-root-pass" "key" "password") | indent 12 }} + - name: PG_HOST + value: "{{ .Values.postgres.service.name2 }}" + - name: PG_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }} + - name: PG_USER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }} + - name: PG_PORT + value: "{{ .Values.postgres.service.internalPort }}" + resources: +{{ include "common.resources" . }} + {{ end }} containers: - name: {{ include "common.release" . }}-policy-galera-db-migrator image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }} @@ -95,8 +122,41 @@ spec: value: {{ .Values.dbmigrator.schema }} - name: POLICY_HOME value: {{ .Values.dbmigrator.policy_home }} + - name: SCRIPT_DIRECTORY + value: "sql" resources: {{ include "common.resources" . }} + {{ if .Values.global.postgres.localCluster }} + - name: {{ include "common.release" . }}-policy-pg-db-migrator + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh + name: {{ include "common.fullname" . }}-config + subPath: db_migrator_pg_policy_init.sh + command: + - /bin/sh + args: + - -x + - /dbcmd-config/db_migrator_pg_policy_init.sh + env: + - name: SQL_HOST + value: "{{ .Values.postgres.service.name2 }}" + - name: SQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} + - name: SQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} + - name: SQL_DB + value: {{ .Values.dbmigrator.schema }} + - name: POLICY_HOME + value: {{ .Values.dbmigrator.policy_home }} + - name: SCRIPT_DIRECTORY + value: "postgres" + - name: PGPASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} + resources: +{{ include "common.resources" . }} + {{ end }} restartPolicy: Never serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: @@ -108,3 +168,8 @@ spec: path: db.sh - key: db_migrator_policy_init.sh path: db_migrator_policy_init.sh + - key: db-pg.sh + path: db-pg.sh + - key: db_migrator_pg_policy_init.sh + path: db_migrator_pg_policy_init.sh + diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 759ba56b02..a315bc251c 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -27,6 +27,15 @@ global: service: &mariadbService name: &policy-mariadb policy-mariadb internalPort: 3306 + prometheusEnabled: false + postgres: + localCluster: false + service: + name: pgset + name2: tcp-pgset-primary + name3: tcp-pgset-replica + container: + name: postgres ################################################################# # Secrets metaconfig @@ -66,6 +75,19 @@ secrets: login: '{{ .Values.restServer.policyApiUserName }}' password: '{{ .Values.restServer.policyApiUserPassword }}' passwordPolicy: required + - uid: pg-root-pass + name: &pgRootPassSecretName '{{ include "common.release" . }}-policy-pg-root-pass' + type: password + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "policy-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' + password: '{{ .Values.postgres.config.pgRootpassword }}' + policy: generate + - uid: pg-user-creds + name: &pgUserCredsSecretName '{{ include "common.release" . }}-policy-pg-user-creds' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "policy-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' + login: '{{ .Values.postgres.config.pgUserName }}' + password: '{{ .Values.postgres.config.pgUserPassword }}' + passwordPolicy: generate db: &dbSecretsHook credsExternalSecret: *dbSecretName @@ -128,7 +150,7 @@ mariadb: image: mariadb:10.5.8 dbmigrator: - image: onap/policy-db-migrator:2.4.1 + image: onap/policy-db-migrator:2.4.2 schema: policyadmin policy_home: "/opt/app/policy" @@ -180,6 +202,31 @@ mariadb-galera: serviceAccount: nameOverride: *policy-mariadb +postgresImage: library/postgres:latest +# application configuration override for postgres +postgres: + nameOverride: &postgresName policy-postgres + service: + name: *postgresName + name2: policy-pg-primary + name3: policy-pg-replica + container: + name: + primary: policy-pg-primary + replica: policy-pg-replica + persistence: + mountSubPath: policy/postgres/data + mountInitPath: policy + config: + pgUserName: policy_user + pgDatabase: policyadmin + pgUserExternalSecret: *pgUserCredsSecretName + pgRootPasswordExternalSecret: *pgRootPassSecretName + +readinessCheck: + wait_for: + - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}' + restServer: policyPapUserName: policyadmin policyPapUserPassword: zb!XztG34 diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh index ddaf099bdf..63d266b75c 100644 --- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh +++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh @@ -1,7 +1,6 @@ #!/bin/bash set -eo pipefail -shopt -s nullglob # logging functions mysql_log() { @@ -170,11 +169,20 @@ docker_init_database_dir() { mysql_note "Database files initialized" } +if [ -z "$DATADIR" ]; then + DATADIR='unknown' +fi +if [ -z "$SOCKET" ]; then + SOCKET='unknown' +fi +if [ -z "$DATABASE_ALREADY_EXISTS" ]; then + DATABASE_ALREADY_EXISTS='false' +fi + # Loads various settings that are used elsewhere in the script # This should be called after mysql_check_config, but before any other functions docker_setup_env() { # Get config - declare -g DATADIR SOCKET DATADIR="$(mysql_get_config 'datadir' "$@")" SOCKET="$(mysql_get_config 'socket' "$@")" @@ -186,7 +194,6 @@ docker_setup_env() { file_env 'MYSQL_ROOT_PASSWORD' file_env 'PORTAL_DB_TABLES' - declare -g DATABASE_ALREADY_EXISTS if [ -d "$DATADIR/mysql" ]; then DATABASE_ALREADY_EXISTS='true' fi diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index b7fa714e73..dac6f6c667 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -35,8 +35,8 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-backend-all-plugins:1.10.1 -backendInitImage: onap/sdc-backend-init:1.10.1 +image: onap/sdc-backend-all-plugins:1.10.4 +backendInitImage: onap/sdc-backend-init:1.10.4 pullPolicy: Always diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index 3391af7864..2b6817b5a1 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -51,8 +51,8 @@ cassandra: # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.10.1 -cassandraInitImage: onap/sdc-cassandra-init:1.10.1 +image: onap/sdc-cassandra:1.10.4 +cassandraInitImage: onap/sdc-cassandra-init:1.10.4 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-fe/templates/service.yaml index f899d58971..968a09c77e 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/service.yaml @@ -42,9 +42,6 @@ spec: - port: {{ .Values.service.internalPort }} name: {{ .Values.service.portName }} targetPort: {{ .Values.service.internalPort }} - {{ if eq .Values.service.type "NodePort" -}} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - {{ end }} {{ if (include "common.needTLS" .) }} - port: {{ .Values.service.internalPort2 }} targetPort: {{ .Values.service.internalPort2 }} diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index 1dbf9ebd7a..6267da90f3 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -47,7 +47,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-frontend:1.10.1 +image: onap/sdc-frontend:1.10.4 pullPolicy: Always config: @@ -112,7 +112,6 @@ service: type: NodePort name: sdc-fe portName: http - nodePort: "06" internalPort: 8181 externalPort: 8181 nodePort2: "07" diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index ff5d031510..30a5f031c2 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -59,8 +59,8 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-onboard-backend:1.10.1 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.10.1 +image: onap/sdc-onboard-backend:1.10.4 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.10.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml index 6b18f47d66..828283ec76 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml @@ -59,8 +59,8 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-workflow-backend:1.7.0 -configInitImage: onap/sdc-workflow-init:1.7.0 +image: onap/sdc-workflow-backend:1.11.1 +configInitImage: onap/sdc-workflow-init:1.11.1 pullPolicy: Always initJob: diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml index c7e680a745..fd6f713655 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml @@ -47,7 +47,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-workflow-frontend:1.7.0 +image: onap/sdc-workflow-frontend:1.11.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml index a1a583b3f9..7ef646f3e1 100644 --- a/kubernetes/sdnc/components/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-dmaap-listener-image:2.2.5 +image: onap/sdnc-dmaap-listener-image:2.3.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml index b247e71452..768a617b63 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ansible-server-image:2.2.5 +image: onap/sdnc-ansible-server-image:2.3.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh index 099103ca79..d92a1049e3 100755 --- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh +++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh {{/* # Copyright © 2018 Amdocs @@ -33,8 +33,8 @@ failover(){ debugLog "Currently running sdnc and dns failover" return fi - trap "rm -f ${lockFile}" INT TERM RETURN - echo $BASHPID > ${lockFile} + trap "rm -f ${lockFile}" INT TERM EXIT + echo $$ > ${lockFile} # perform takeover debugLog "Started executing sdnc.failover for $SITE_NAME" diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml index 795ffeaa79..50fee59a32 100644 --- a/kubernetes/sdnc/components/ueb-listener/values.yaml +++ b/kubernetes/sdnc/components/ueb-listener/values.yaml @@ -55,7 +55,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ueb-listener-image:2.2.5 +image: onap/sdnc-ueb-listener-image:2.3.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 5d2f5be9b2..d45e13eb01 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -210,7 +210,7 @@ certificates: # application images pullPolicy: Always -image: onap/sdnc-image:2.2.5 +image: onap/sdnc-image:2.3.0 # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml b/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml new file mode 100644 index 0000000000..2653c6799c --- /dev/null +++ b/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml @@ -0,0 +1,31 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaUser +metadata: + name: {{ .Values.kafkaStrimziAdminUser }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + authentication: + type: {{ .Values.saslMechanism }} + authorization: + type: simple + acls: + - resource: + type: group + name: onap-group + operation: Read
\ No newline at end of file diff --git a/kubernetes/strimzi/templates/strimzi-kafka.yaml b/kubernetes/strimzi/templates/strimzi-kafka.yaml index a2d2c4dfa5..06802da968 100644 --- a/kubernetes/strimzi/templates/strimzi-kafka.yaml +++ b/kubernetes/strimzi/templates/strimzi-kafka.yaml @@ -57,16 +57,18 @@ spec: authorization: type: simple superUsers: - - {{ include "common.release" . }}-{{ .Values.kafkaStrimziAdminUser }} + - {{ .Values.kafkaStrimziAdminUser }} template: pod: securityContext: runAsUser: 0 fsGroup: 0 config: + default.replication.factor: {{ .Values.replicaCount }} + min.insync.replicas: {{ .Values.replicaCount }} offsets.topic.replication.factor: {{ .Values.replicaCount }} transaction.state.log.replication.factor: {{ .Values.replicaCount }} - transaction.state.log.min.isr: 2 + transaction.state.log.min.isr: {{ .Values.replicaCount }} log.message.format.version: "3.0" inter.broker.protocol.version: "3.0" storage: diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml index 5bd781eb2d..d279163690 100644 --- a/kubernetes/uui/components/uui-server/values.yaml +++ b/kubernetes/uui/components/uui-server/values.yaml @@ -63,7 +63,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/usecase-ui-server:4.0.6 +image: onap/usecase-ui-server:4.0.7 pullPolicy: Always # application configuration diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml index 1ed9b470d2..f133ad5a27 100644 --- a/kubernetes/uui/values.yaml +++ b/kubernetes/uui/values.yaml @@ -57,7 +57,7 @@ subChartsOnly: flavor: small # application image -image: onap/usecase-ui:4.0.6 +image: onap/usecase-ui:4.0.7 pullPolicy: Always # application configuration |