summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/.gitignore2
-rw-r--r--kubernetes/a1policymanagement/values.yaml2
-rwxr-xr-xkubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties83
-rw-r--r--kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml68
-rw-r--r--kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml49
-rwxr-xr-xkubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml9
-rwxr-xr-xkubernetes/cds/components/cds-blueprints-processor/values.yaml47
-rwxr-xr-xkubernetes/cds/components/cds-command-executor/values.yaml2
-rwxr-xr-xkubernetes/cds/components/cds-py-executor/values.yaml2
-rw-r--r--kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml6
-rw-r--r--kubernetes/cds/components/cds-sdc-listener/values.yaml2
-rw-r--r--kubernetes/cds/components/cds-ui/values.yaml2
-rw-r--r--kubernetes/cds/values.yaml3
-rw-r--r--kubernetes/common/dgbuilder/values.yaml2
-rw-r--r--kubernetes/common/mariadb-galera/values.yaml2
-rw-r--r--kubernetes/common/network-name-gen/values.yaml2
-rw-r--r--kubernetes/common/repositoryGenerator/values.yaml2
-rwxr-xr-xkubernetes/contrib/components/awx/templates/service.yaml1
-rwxr-xr-xkubernetes/contrib/components/awx/values.yaml3
-rw-r--r--kubernetes/cps/components/cps-core/resources/config/application-helm.yml26
-rw-r--r--kubernetes/cps/components/cps-core/templates/deployment.yaml7
-rw-r--r--kubernetes/cps/components/cps-core/values.yaml30
-rw-r--r--kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml29
-rw-r--r--kubernetes/cps/components/cps-temporal/templates/deployment.yaml5
-rw-r--r--kubernetes/cps/components/cps-temporal/values.yaml32
-rw-r--r--kubernetes/cps/templates/cps-kafka-topic.yaml28
-rw-r--r--kubernetes/cps/templates/cps-kafka-user.yaml41
-rwxr-xr-xkubernetes/cps/values.yaml15
-rw-r--r--kubernetes/dcaegen2-services/Chart.yaml4
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/Chart.yaml41
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/configmap.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/deployment.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/secret.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/service.yaml19
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml211
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml4
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml2
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml35
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml10
-rw-r--r--kubernetes/dcaegen2-services/values.yaml3
-rw-r--r--kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml6
-rw-r--r--kubernetes/holmes/components/holmes-engine-mgmt/values.yaml2
-rw-r--r--kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml6
-rw-r--r--kubernetes/holmes/components/holmes-rule-mgmt/values.yaml2
-rw-r--r--kubernetes/modeling/components/modeling-etsicatalog/values.yaml2
-rw-r--r--kubernetes/multicloud/components/multicloud-k8s/values.yaml2
-rwxr-xr-xkubernetes/onap/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-api/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-data/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/resources/config/conductor.conf44
-rwxr-xr-xkubernetes/oof/components/oof-has/values.yaml5
-rw-r--r--kubernetes/oof/resources/config/conf/common_config.yaml1
-rwxr-xr-xkubernetes/policy/Chart.yaml7
-rw-r--r--kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-apex-pdp/values.yaml5
-rw-r--r--kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml2
-rw-r--r--kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-api/values.yaml5
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-be/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-distribution/values.yaml5
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf5
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml5
-rw-r--r--kubernetes/policy/components/policy-drools-pdp/templates/serviceMonitor.yaml23
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml8
-rwxr-xr-xkubernetes/policy/components/policy-drools-pdp/values.yaml34
-rw-r--r--kubernetes/policy/components/policy-gui/resources/config/default.conf32
-rw-r--r--kubernetes/policy/components/policy-gui/templates/deployment.yaml22
-rw-r--r--kubernetes/policy/components/policy-gui/values.yaml58
-rw-r--r--kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml2
-rw-r--r--kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-pap/values.yaml5
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/resources/config/logback.xml5
-rw-r--r--kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml4
-rwxr-xr-xkubernetes/policy/components/policy-xacml-pdp/values.yaml5
-rw-r--r--kubernetes/policy/resources/config/db-pg.sh29
-rw-r--r--kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh21
-rwxr-xr-xkubernetes/policy/templates/configmap.yaml2
-rwxr-xr-xkubernetes/policy/templates/job.yaml71
-rwxr-xr-xkubernetes/policy/values.yaml49
-rw-r--r--kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh13
-rw-r--r--kubernetes/sdc/components/sdc-be/values.yaml4
-rw-r--r--kubernetes/sdc/components/sdc-cs/values.yaml4
-rw-r--r--kubernetes/sdc/components/sdc-fe/templates/service.yaml3
-rw-r--r--kubernetes/sdc/components/sdc-fe/values.yaml3
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/values.yaml4
-rw-r--r--kubernetes/sdc/components/sdc-wfd-be/values.yaml4
-rw-r--r--kubernetes/sdc/components/sdc-wfd-fe/values.yaml2
-rw-r--r--kubernetes/sdnc/components/dmaap-listener/values.yaml2
-rw-r--r--kubernetes/sdnc/components/sdnc-ansible-server/values.yaml2
-rwxr-xr-xkubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh6
-rw-r--r--kubernetes/sdnc/components/ueb-listener/values.yaml2
-rw-r--r--kubernetes/sdnc/values.yaml2
-rw-r--r--kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml31
-rw-r--r--kubernetes/strimzi/templates/strimzi-kafka.yaml6
-rw-r--r--kubernetes/uui/components/uui-server/values.yaml2
-rw-r--r--kubernetes/uui/values.yaml2
104 files changed, 907 insertions, 585 deletions
diff --git a/kubernetes/.gitignore b/kubernetes/.gitignore
index bc3a4f1ee0..f2b64de479 100644
--- a/kubernetes/.gitignore
+++ b/kubernetes/.gitignore
@@ -1 +1,3 @@
chartstorage/
+**/charts/*.tgz
+helm/plugins/deploy/cache/
diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml
index e4ded1b0b2..f70deefaff 100644
--- a/kubernetes/a1policymanagement/values.yaml
+++ b/kubernetes/a1policymanagement/values.yaml
@@ -63,7 +63,7 @@ certInitializer:
echo "*** change ownership of certificates to targeted user"
chown -R 1000 .
-image: onap/ccsdk-oran-a1policymanagementservice:1.2.5
+image: onap/ccsdk-oran-a1policymanagementservice:1.3.0
userID: 1000 #Should match with image-defined user ID
groupID: 999 #Should match with image-defined group ID
pullPolicy: IfNotPresent
diff --git a/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties
index ea799e2119..0beaf4a42a 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties
+++ b/kubernetes/cds/components/cds-blueprints-processor/resources/config/application.properties
@@ -1,6 +1,6 @@
{{/*
#
-# Copyright (c) 2017-2019 AT&T, IBM, Bell Canada, Nordix Foundation.
+# Copyright (c) 2017-2022 AT&T, IBM, Bell Canada, Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -109,19 +109,70 @@ blueprintsprocessor.restclient.aai-data.additionalHeaders.X-FromAppId=cds-app-id
blueprintsprocessor.restclient.aai-data.additionalHeaders.Accept=application/json
# Self Service Request Kafka Message Consumer
-blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable=false
-blueprintsprocessor.messageconsumer.self-service-api.type=kafka-basic-auth
-blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers=message-router-kafka:9092
-blueprintsprocessor.messageconsumer.self-service-api.groupId=cds-consumer-group
-blueprintsprocessor.messageconsumer.self-service-api.topic=cds-consumer
-blueprintsprocessor.messageconsumer.self-service-api.clientId=cds-client
-blueprintsprocessor.messageconsumer.self-service-api.pollMillSec=1000
+blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable={{ .Values.kafkaRequestConsumer.enabled }}
+blueprintsprocessor.messageconsumer.self-service-api.type={{ .Values.kafkaRequestConsumer.type }}
+{{- if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+{{- else -}}
+blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ .Values.kafkaRequestConsumer.bootstrapServers }}
+{{- end }}
+blueprintsprocessor.messageconsumer.self-service-api.groupId={{ .Values.kafkaRequestConsumer.groupId }}
+blueprintsprocessor.messageconsumer.self-service-api.topic={{ .Values.kafkaRequestConsumer.topic }}
+blueprintsprocessor.messageconsumer.self-service-api.clientId={{ .Values.kafkaRequestConsumer.clientId }}
+blueprintsprocessor.messageconsumer.self-service-api.pollMillSec={{ .Values.kafkaRequestConsumer.pollMillSec }}
+{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
+# SCRAM
+blueprintsprocessor.messageconsumer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
+blueprintsprocessor.messageconsumer.self-service-api.scramPassword=${JAAS_PASS}
+{{ end }}
# Self Service Response Kafka Message Producer
-blueprintsprocessor.messageproducer.self-service-api.bootstrapServers=message-router-kafka:9092
-
-# Kafka Audit Service Configurations
-blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable=false
+blueprintsprocessor.messageproducer.self-service-api.type={{ .Values.kafkaRequestProducer.type }}
+{{- if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+{{- else -}}
+blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ .Values.kafkaRequestProducer.bootstrapServers }}
+{{- end }}
+blueprintsprocessor.messageproducer.self-service-api.clientId={{ .Values.kafkaRequestProducer.clientId }}
+blueprintsprocessor.messageproducer.self-service-api.topic={{ .Values.kafkaRequestProducer.topic }}
+{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
+# SCRAM
+blueprintsprocessor.messageproducer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
+blueprintsprocessor.messageproducer.self-service-api.scramPassword=${JAAS_PASS}
+{{ end }}
+
+# AUDIT KAFKA FEATURE CONFIGURATION
+# Audit feature dumps CDS request to a topic as well as a truncated response message to another topic.
+## Audit request
+blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable={{ .Values.kafkaAuditRequest.enabled }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.type={{ .Values.kafkaAuditRequest.type }}
+{{- if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+{{- else -}}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers }}
+{{- end }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.clientId={{ .Values.kafkaAuditRequest.clientId }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.topic={{ .Values.kafkaAuditRequest.topic }}
+{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
+# SCRAM
+blueprintsprocessor.messageproducer.self-service-api.audit.request.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.scramPassword=${JAAS_PASS}
+{{ end }}
+
+## Audit response
+blueprintsprocessor.messageproducer.self-service-api.audit.response.type={{ .Values.kafkaAuditResponse.type }}
+{{- if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+{{- else -}}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers }}
+{{- end }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.clientId={{ .Values.kafkaAuditResponse.clientId }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.topic={{ .Values.kafkaAuditResponse.topic }}
+{{- if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
+# SCRAM
+blueprintsprocessor.messageproducer.self-service-api.audit.response.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.scramPassword=${JAAS_PASS}
+{{ end }}
# Executor Options
blueprintsprocessor.resourceResolution.enabled=true
@@ -132,10 +183,10 @@ blueprintsprocessor.remoteScriptCommand.enabled=true
## Enable py-executor
blueprintsprocessor.streamingRemoteExecution.enabled=true
-# Used in Health Check
-blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth
-blueprintsprocessor.messageproducer.self-service-api.clientId=cds-client
-blueprintsprocessor.messageproducer.self-service-api.topic=cds-producer
+## Used in Health Check
+#blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth
+#blueprintsprocessor.messageproducer.self-service-api.clientId=cds-client
+#blueprintsprocessor.messageproducer.self-service-api.topic=cds-producer
#Encrypted username and password for health check service
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml
new file mode 100644
index 0000000000..555f4d4e60
--- /dev/null
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-topics.yaml
@@ -0,0 +1,68 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if eq .Values.useStrimziKafka true }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.kafkaRequestConsumer.topic }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ partitions: 10
+ replicas: 2
+ config:
+ retention.ms: 7200000
+ segment.bytes: 1073741824
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.kafkaRequestProducer.topic }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ partitions: 10
+ replicas: 2
+ config:
+ retention.ms: 7200000
+ segment.bytes: 1073741824
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.kafkaAuditRequest.topic }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ partitions: 10
+ replicas: 2
+ config:
+ retention.ms: 7200000
+ segment.bytes: 1073741824
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.kafkaAuditResponse.topic }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ partitions: 10
+ replicas: 2
+ config:
+ retention.ms: 7200000
+ segment.bytes: 1073741824
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml
new file mode 100644
index 0000000000..65ee1d2a96
--- /dev/null
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/cds-kafka-user.yaml
@@ -0,0 +1,49 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if eq .Values.useStrimziKafka true }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: scram-sha-512
+ authorization:
+ type: simple
+ acls:
+ - resource:
+ type: group
+ name: {{ .Values.kafkaRequestConsumer.groupId }}
+ operation: All
+ - resource:
+ type: topic
+ name: {{ .Values.kafkaRequestConsumer.topic }}
+ operation: All
+ - resource:
+ type: topic
+ name: {{ .Values.kafkaRequestProducer.topic }}
+ operation: All
+ - resource:
+ type: topic
+ name: {{ .Values.kafkaAuditRequest.topic }}
+ operation: All
+ - resource:
+ type: topic
+ name: {{ .Values.kafkaAuditResponse.topic }}
+ operation: All
+{{ end }} \ No newline at end of file
diff --git a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
index d92f09a4c8..d68e900222 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/templates/deployment.yaml
@@ -1,6 +1,7 @@
{{/*
# Copyright (c) 2019 IBM, Bell Canada
# Copyright (c) 2020 Samsung Electronics
+# Modification Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -78,10 +79,6 @@ spec:
args:
- --container-name
- cds-db
- {{- if .Values.dmaapEnabled }}
- - --container-name
- - message-router
- {{ end }}
env:
- name: NAMESPACE
valueFrom:
@@ -121,6 +118,10 @@ spec:
fieldPath: metadata.name
- name: CLUSTER_CONFIG_FILE
value: {{ .Values.config.appConfigDir }}/hazelcast.yaml
+ {{ if .Values.useStrimziKafka }}
+ - name: JAAS_PASS
+ value: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-kafka-secret" "key" "password") | indent 12 }}
+ {{ end }}
ports:
- containerPort: {{ .Values.service.http.internalPort }}
- containerPort: {{ .Values.service.grpc.internalPort }}
diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
index f59e8cea4d..af9482b663 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
@@ -1,5 +1,6 @@
# Copyright (c) 2019 IBM, Bell Canada
# Copyright (c) 2020 Samsung Electronics
+# Modification Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -57,6 +58,13 @@ secrets:
externalSecret: '{{ tpl (default "" .Values.config.sdncDB.dbRootPassExternalSecret) . }}'
password: '{{ .Values.config.sdncDB.dbRootPass }}'
passwordPolicy: required
+ - uid: cds-kafka-secret
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: password
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
#################################################################
# AAF part
@@ -87,7 +95,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-blueprintsprocessor:1.2.1
+image: onap/ccsdk-blueprintsprocessor:1.3.0
pullPolicy: Always
# flag to enable debugging - application support required
@@ -111,6 +119,7 @@ config:
# dbCredsExternalSecret: <some secret name>
# dbRootPassword: password
# dbRootPassExternalSecret
+ someConfig: blah
# default number of instances
replicaCount: 1
@@ -119,10 +128,40 @@ nodeSelector: {}
affinity: {}
-# flag for kafka-listener dependency. Set to true if you are using message-router otherwise set to false if you are using
-# custom kafka cluster.
-dmaapEnabled: true
+# If useStrimziKafka is true, the following also applies:
+# strimzi will create an associated kafka user and the topics defined for Request and Audit elements below.
+# The connection type must be kafka-scram-plain-text-auth
+# The bootstrapServers will target the strimzi kafka cluster by default
+useStrimziKafka: false
+cdsKafkaUser: cds-kafka-user
+kafkaRequestConsumer:
+ enabled: false
+ type: kafka-scram-plain-text-auth
+ bootstrapServers: host:port
+ groupId: cds-consumer
+ topic: cds.blueprint-processor.self-service-api.request
+ clientId: request-receiver-client-id
+ pollMillSec: 1000
+kafkaRequestProducer:
+ type: kafka-scram-plain-text-auth
+ bootstrapServers: host:port
+ clientId: request-producer-client-id
+ topic: cds.blueprint-processor.self-service-api.response
+ enableIdempotence: false
+kafkaAuditRequest:
+ enabled: false
+ type: kafka-scram-plain-text-auth
+ bootstrapServers: host:port
+ clientId: audit-request-producer-client-id
+ topic: cds.blueprint-processor.self-service-api.audit.request
+ enableIdempotence: false
+kafkaAuditResponse:
+ type: kafka-scram-plain-text-auth
+ bootstrapServers: host:port
+ clientId: audit-response-producer-client-id
+ topic: cds.blueprint-processor.self-service-api.audit.response
+ enableIdempotence: false
# probe configuration parameters
startup:
diff --git a/kubernetes/cds/components/cds-command-executor/values.yaml b/kubernetes/cds/components/cds-command-executor/values.yaml
index 8077d819d1..b0c1e35cba 100755
--- a/kubernetes/cds/components/cds-command-executor/values.yaml
+++ b/kubernetes/cds/components/cds-command-executor/values.yaml
@@ -32,7 +32,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-commandexecutor:1.2.1
+image: onap/ccsdk-commandexecutor:1.3.0
pullPolicy: Always
# application configuration
diff --git a/kubernetes/cds/components/cds-py-executor/values.yaml b/kubernetes/cds/components/cds-py-executor/values.yaml
index cf138c5e26..9dc4a3181e 100755
--- a/kubernetes/cds/components/cds-py-executor/values.yaml
+++ b/kubernetes/cds/components/cds-py-executor/values.yaml
@@ -30,7 +30,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-py-executor:1.2.1
+image: onap/ccsdk-py-executor:1.3.0
pullPolicy: Always
# default number of instances
diff --git a/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml b/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml
index b3e95a2a21..7ef5959a1b 100644
--- a/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/resources/config/application.yaml
@@ -14,10 +14,16 @@ listenerservice:
keyStorePath:
activateServerTLSAuth : false
isUseHttpsWithDmaap: false
+ isUseHttpsWithSDC: true
archivePath: /opt/app/onap/sdc-listener/
grpcAddress: cds-blueprints-processor-grpc
grpcPort: 9111
authHeader: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+ httpsProxyHost:
+ httpProxyHost:
+ httpsProxyPort: 0
+ httpProxyPort: 0
+
cdslistener:
diff --git a/kubernetes/cds/components/cds-sdc-listener/values.yaml b/kubernetes/cds/components/cds-sdc-listener/values.yaml
index 7ca0a44aa4..ac1e3b4dde 100644
--- a/kubernetes/cds/components/cds-sdc-listener/values.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/values.yaml
@@ -29,7 +29,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-sdclistener:1.2.1
+image: onap/ccsdk-sdclistener:1.3.0
name: sdc-listener
pullPolicy: Always
diff --git a/kubernetes/cds/components/cds-ui/values.yaml b/kubernetes/cds/components/cds-ui/values.yaml
index 175c17ffa9..05f766e186 100644
--- a/kubernetes/cds/components/cds-ui/values.yaml
+++ b/kubernetes/cds/components/cds-ui/values.yaml
@@ -44,7 +44,7 @@ certInitializer:
{{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
# application image
-image: onap/ccsdk-cds-ui-server:1.2.1
+image: onap/ccsdk-cds-ui-server:1.3.0
pullPolicy: Always
# application configuration
diff --git a/kubernetes/cds/values.yaml b/kubernetes/cds/values.yaml
index edac066f6f..58e6b65c6f 100644
--- a/kubernetes/cds/values.yaml
+++ b/kubernetes/cds/values.yaml
@@ -1,6 +1,7 @@
# Copyright © 2020 Samsung Electronics
# Copyright © 2019 Orange, Bell Canada
# Copyright © 2017 Amdocs, Bell Canada
+# Modification Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -22,6 +23,7 @@ global:
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
+ cdsKafkaUser: cds-kafka-user
#################################################################
# Secrets metaconfig
@@ -212,6 +214,7 @@ cds-blueprints-processor:
dbPort: 3306
dbName: *mysqlDbName
dbCredsExternalSecret: *dbUserSecretName
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.kafkaUser }}'
cds-command-executor:
enabled: true
diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml
index fa1f6c3e62..9257dc89f9 100644
--- a/kubernetes/common/dgbuilder/values.yaml
+++ b/kubernetes/common/dgbuilder/values.yaml
@@ -69,7 +69,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-dgbuilder-image:1.2.2
+image: onap/ccsdk-dgbuilder-image:1.3.1
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml
index 112b8c0618..38f3e6e423 100644
--- a/kubernetes/common/mariadb-galera/values.yaml
+++ b/kubernetes/common/mariadb-galera/values.yaml
@@ -50,7 +50,7 @@ global:
clusterDomain: cluster.local
metrics: {}
-image: bitnami/mariadb-galera:10.6.5-debian-10-r28
+image: bitnami/mariadb-galera:10.5.8
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml
index 6937facf6f..5f864a6555 100644
--- a/kubernetes/common/network-name-gen/values.yaml
+++ b/kubernetes/common/network-name-gen/values.yaml
@@ -74,7 +74,7 @@ mariadb-init:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-apps-ms-neng:1.2.1
+image: onap/ccsdk-apps-ms-neng:1.3.0
pullPolicy: IfNotPresent
# application configuration
diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml
index 34ce466f48..10703eff6e 100644
--- a/kubernetes/common/repositoryGenerator/values.yaml
+++ b/kubernetes/common/repositoryGenerator/values.yaml
@@ -35,7 +35,7 @@ global:
jreImage: onap/integration-java11:10.0.0
kubectlImage: bitnami/kubectl:1.22.4
loggingImage: beats/filebeat:5.5.0
- mariadbImage: bitnami/mariadb:10.6.5-debian-10-r28
+ mariadbImage: bitnami/mariadb:10.5.8
nginxImage: bitnami/nginx:1.21.4
postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
readinessImage: onap/oom/readiness:3.0.1
diff --git a/kubernetes/contrib/components/awx/templates/service.yaml b/kubernetes/contrib/components/awx/templates/service.yaml
index 10f031da82..85ec8c8428 100755
--- a/kubernetes/contrib/components/awx/templates/service.yaml
+++ b/kubernetes/contrib/components/awx/templates/service.yaml
@@ -49,7 +49,6 @@ spec:
ports:
- port: {{ .Values.service.web.externalPort }}
targetPort: {{ .Values.service.web.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.web.nodePort }}
name: {{ .Values.service.web.portName }}
selector:
app: {{ include "common.fullname" . }}
diff --git a/kubernetes/contrib/components/awx/values.yaml b/kubernetes/contrib/components/awx/values.yaml
index 0a247c5743..44c57414a4 100755
--- a/kubernetes/contrib/components/awx/values.yaml
+++ b/kubernetes/contrib/components/awx/values.yaml
@@ -92,11 +92,10 @@ service:
internalPort: 15672
externalPort: 15672
web:
- type: NodePort
+ type: ClusterIP
portName: web
internalPort: 8052
externalPort: 8052
- nodePort: 78
rabbitmq:
type: ClusterIP
http:
diff --git a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
index e9958f1114..e295a37b45 100644
--- a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
@@ -1,7 +1,7 @@
{{/*
# Copyright (C) 2021 Pantheon.tech
# Modifications Copyright (C) 2020 Bell Canada.
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021-2022 Nordix Foundation.
# Modifications Copyright (C) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -28,17 +28,21 @@ spring:
password: ${DB_PASSWORD}
driverClassName: org.postgresql.Driver
initialization-mode: always
-
liquibase:
change-log: classpath:changelog/changelog-master.yaml
labels: {{ .Values.config.liquibaseLabels }}
+ kafka:
+ producer:
+ client-id: cps-core
+
security:
- # comma-separated uri patterns which do not require authorization
- permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/api-docs
- auth:
- username: ${CPS_USERNAME}
- password: ${CPS_PASSWORD}
+ # comma-separated uri patterns which do not require authorization
+ permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/api-docs
+ auth:
+ username: ${CPS_USERNAME}
+ password: ${CPS_PASSWORD}
+
logging:
level:
org:
@@ -49,12 +53,18 @@ dmi:
username: ${DMI_USERNAME}
password: ${DMI_PASSWORD}
-{{- if .Values.config.eventPublisher }}
+{{- if .Values.config.useStrimziKafka }}
+spring.kafka.bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+spring.kafka.security.protocol: SASL_PLAINTEXT
+spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512
+spring.kafka.properties.sasl.jaas.config: ${JAASLOGIN}
+{{ else }}
{{ toYaml .Values.config.eventPublisher | nindent 2 }}
{{- end }}
{{- if .Values.config.additional }}
{{ toYaml .Values.config.additional | nindent 2 }}
{{- end }}
+
# Last empty line is required otherwise the last property will be missing from application.yml file in the pod.
diff --git a/kubernetes/cps/components/cps-core/templates/deployment.yaml b/kubernetes/cps/components/cps-core/templates/deployment.yaml
index e6ee161feb..54e2cc6cdf 100644
--- a/kubernetes/cps/components/cps-core/templates/deployment.yaml
+++ b/kubernetes/cps/components/cps-core/templates/deployment.yaml
@@ -1,7 +1,7 @@
{{/*
# Copyright (C) 2021 Pantheon.tech, Orange
# Modifications Copyright (C) 2021 Bell Canada.
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021-2022 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -57,7 +57,10 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "login") | indent 12 }}
- name: DMI_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "password") | indent 12 }}
-
+ {{- if .Values.config.useStrimziKafka }}
+ - name: JAASLOGIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-kafka-user" "key" "sasl.jaas.config") | indent 12 }}
+ {{- end }}
volumeMounts:
- mountPath: /config-input
name: init-data-input
diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml
index d65924e90f..c548abbd23 100644
--- a/kubernetes/cps/components/cps-core/values.yaml
+++ b/kubernetes/cps/components/cps-core/values.yaml
@@ -1,5 +1,6 @@
# Copyright (C) 2021 Pantheon.tech, Orange, Bell Canada.
# Modifications Copyright (C) 2022 Bell Canada
+# Modifications Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -42,6 +43,13 @@ secrets:
login: '{{ .Values.config.dmiPluginUserName }}'
password: '{{ .Values.config.dmiPluginUserPassword }}'
passwordPolicy: generate
+ - uid: cps-kafka-user
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
#################################################################
# Global configuration defaults.
@@ -67,7 +75,7 @@ global:
container:
name: postgres
-image: onap/cps-and-ncmp:3.0.0
+image: onap/cps-and-ncmp:3.0.1
containerPort: &svc_port 8080
managementPort: &mgt_port 8081
@@ -170,17 +178,23 @@ config:
#appUserPassword:
dmiPluginUserName: dmiuser
# Any new property can be added in the env by setting in overrides in the format mentioned below
-# All the added properties must be in "key: value" format insead of yaml.
+# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
- eventPublisher:
- spring.kafka.bootstrap-servers: message-router-kafka:9092
- spring.kafka.security.protocol: SASL_PLAINTEXT
- spring.kafka.properties.sasl.mechanism: PLAIN
- spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=admin_secret;
- spring.kafka.producer.client-id: cps-core
+# kafka config
+ useStrimziKafka: true
+ kafkaBootstrap: strimzi-kafka-bootstrap
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+
+# eventPublisher:
+# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+# spring.kafka.security.protocol: SASL_PLAINTEXT
+# spring.kafka.properties.sasl.mechanism: PLAIN
+# spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=admin_secret;
additional:
notification.data-updated.enabled: true
diff --git a/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml b/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml
index 32ae51b51a..6e80843949 100644
--- a/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/cps-temporal/resources/config/application-helm.yml
@@ -1,6 +1,7 @@
{{/*
# ============LICENSE_START=======================================================
# Copyright (c) 2021 Bell Canada.
+# Modifications Copyright © 2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -24,19 +25,31 @@ spring:
username: ${DB_USERNAME}
password: ${DB_PASSWORD}
-security:
- auth:
- username: ${APP_USERNAME}
- password: ${APP_PASSWORD}
+ kafka:
+ consumer:
+ group-id: {{ .Values.config.kafka.consumer.groupId }}
+
+app:
+ listener:
+ data-updated:
+ topic: {{ .Values.config.app.listener.dataUpdatedTopic }}
-# Event consumption properties (kafka)
-{{- if .Values.config.eventConsumption }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
+{{- if .Values.config.useStrimziKafka }}
+spring.kafka.bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+spring.kafka.security.protocol: SASL_PLAINTEXT
+spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512
+spring.kafka.properties.sasl.jaas.config: ${JAASLOGIN}
+{{ else }}
+{{ toYaml .Values.config.eventPublisher | nindent 2 }}
{{- end }}
-# Additional properties
{{- if .Values.config.additional }}
{{ toYaml .Values.config.additional | nindent 2 }}
{{- end }}
+security:
+ auth:
+ username: ${APP_USERNAME}
+ password: ${APP_PASSWORD}
+
# Last empty line is required otherwise the last property will be missing from application.yml file in the pod.
diff --git a/kubernetes/cps/components/cps-temporal/templates/deployment.yaml b/kubernetes/cps/components/cps-temporal/templates/deployment.yaml
index 806e65a865..71ff37193b 100644
--- a/kubernetes/cps/components/cps-temporal/templates/deployment.yaml
+++ b/kubernetes/cps/components/cps-temporal/templates/deployment.yaml
@@ -1,6 +1,7 @@
{{/*
# ============LICENSE_START=======================================================
# Copyright (c) 2021 Bell Canada.
+# Modifications Copyright © 2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -53,6 +54,10 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
- name: APP_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
+ {{- if .Values.config.useStrimziKafka }}
+ - name: JAASLOGIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-kafka-user" "key" "sasl.jaas.config") | indent 12 }}
+ {{- end }}
volumeMounts:
- mountPath: /config-input
name: init-data-input
diff --git a/kubernetes/cps/components/cps-temporal/values.yaml b/kubernetes/cps/components/cps-temporal/values.yaml
index 68bc2a7e8a..a92791e019 100644
--- a/kubernetes/cps/components/cps-temporal/values.yaml
+++ b/kubernetes/cps/components/cps-temporal/values.yaml
@@ -1,5 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (c) 2021 Bell Canada.
+# Modifications Copyright © 2022 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -39,6 +40,13 @@ secrets:
login: '{{ .Values.config.appUserName }}'
password: '{{ .Values.config.appUserPassword }}'
passwordPolicy: generate
+ - uid: cps-kafka-user
+ externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
+ type: genericKV
+ envs:
+ - name: sasl.jaas.config
+ value: '{{ .Values.config.someConfig }}'
+ policy: generate
image: onap/cps-temporal:1.1.0
containerPort: &svc_port 8080
@@ -139,13 +147,23 @@ config:
profile: helm
#appUserPassword:
- # Event consumption (kafka) properties
- # All Kafka properties must be in "key: value" format instead of yaml.
- eventConsumption:
- spring.kafka.bootstrap-servers: message-router-kafka:9092
- spring.kafka.security.protocol: PLAINTEXT
- spring.kafka.consumer.group-id: cps-temporal-group
- app.listener.data-updated.topic: cps.data-updated-events
+# Event consumption (kafka) properties
+ useStrimziKafka: true
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ kafka:
+ consumer:
+ groupId: cps-temporal-group
+ app:
+ listener:
+ dataUpdatedTopic: cps.data-updated-events
+# If targeting a custom kafka cluster, ie useStrimziKakfa: false
+# uncomment below config and target your kafka bootstrap servers,
+# along with any other security config.
+
+# eventConsumption:
+# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
+# spring.kafka.security.protocol: PLAINTEXT
+# spring.kafka.consumer.group-id: cps-temporal-group
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
diff --git a/kubernetes/cps/templates/cps-kafka-topic.yaml b/kubernetes/cps/templates/cps-kafka-topic.yaml
new file mode 100644
index 0000000000..1a23ddfc9b
--- /dev/null
+++ b/kubernetes/cps/templates/cps-kafka-topic.yaml
@@ -0,0 +1,28 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.config.useStrimziKafka }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ name: {{ .Values.config.dataUpdatedTopic.name }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ partitions: {{ .Values.config.dataUpdatedTopic.partitions }}
+ config:
+ retention.ms: {{ .Values.config.dataUpdatedTopic.retentionMs }}
+ segment.bytes: {{ .Values.config.dataUpdatedTopic.segmentBytes }}
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/cps/templates/cps-kafka-user.yaml b/kubernetes/cps/templates/cps-kafka-user.yaml
new file mode 100644
index 0000000000..b3136d7f04
--- /dev/null
+++ b/kubernetes/cps/templates/cps-kafka-user.yaml
@@ -0,0 +1,41 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.config.useStrimziKafka }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.release" . }}-{{ .Values.global.cpsKafkaUser }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: scram-sha-512
+ authorization:
+ type: simple
+ acls:
+ - resource:
+ type: group
+ name: {{ .Values.config.dataUpdatedTopic.consumer.groupId }}
+ operation: Read
+ - resource:
+ type: topic
+ name: {{ .Values.config.dataUpdatedTopic.name }}
+ operation: Read
+ - resource:
+ type: topic
+ name: {{ .Values.config.dataUpdatedTopic.name }}
+ operation: Write
+{{- end }} \ No newline at end of file
diff --git a/kubernetes/cps/values.yaml b/kubernetes/cps/values.yaml
index 754b016fe8..700ad38844 100755
--- a/kubernetes/cps/values.yaml
+++ b/kubernetes/cps/values.yaml
@@ -1,4 +1,5 @@
# Copyright (C) 2021 Bell Canada
+# Modifications Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -40,9 +41,20 @@ global:
virtualhost:
baseurl: "simpledemo.onap.org"
+ kafkaBootstrap: strimzi-kafka-bootstrap
+ cpsKafkaUser: cps-kafka-user
+
config:
coreUserName: cpsuser
dmiPluginUserName: dmiuser
+ useStrimziKafka: true
+ dataUpdatedTopic:
+ name: cps.data-updated-events
+ partitions: 10
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+ consumer:
+ groupId: cps-temporal-group
# Enable all CPS components by default
cps-core:
@@ -50,9 +62,12 @@ cps-core:
config:
appUserExternalSecret: *core-creds-secret
dmiPluginUserExternalSecret: *dmi-plugin-creds-secret
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.cpsKafkaUser }}'
cps-temporal:
enabled: true
+ config:
+ jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.cpsKafkaUser }}'
ncmp-dmi-plugin:
enabled: true
diff --git a/kubernetes/dcaegen2-services/Chart.yaml b/kubernetes/dcaegen2-services/Chart.yaml
index 4710acc2b3..7c8a0e7ad6 100644
--- a/kubernetes/dcaegen2-services/Chart.yaml
+++ b/kubernetes/dcaegen2-services/Chart.yaml
@@ -27,10 +27,6 @@ dependencies:
- name: common
version: ~10.x-0
repository: '@local'
- - name: dcae-bbs-eventprocessor-ms
- version: ~10.x-0
- repository: '@local'
- condition: dcae-bbs-eventprocessor-ms.enabled
- name: dcae-datafile-collector
version: ~10.x-0
repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/Chart.yaml
deleted file mode 100644
index 5463d37a6e..0000000000
--- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/Chart.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-# ================================ LICENSE_START =============================
-# ============================================================================
-# Copyright (c) 2021 AT&T Intellectual Property
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-# ============================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ================================= LICENSE_END ==============================
-
-apiVersion: v2
-appVersion: "Jakarta"
-description: DCAE BBS-EventProcessor Microservice
-name: dcae-bbs-eventprocessor-ms
-version: 10.0.0
-
-dependencies:
- - name: common
- version: ~10.x-0
- repository: '@local'
- - name: readinessCheck
- version: ~10.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~10.x-0
- repository: '@local'
- - name: dcaegen2-services-common
- version: ~10.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~10.x-0
- repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/configmap.yaml
deleted file mode 100644
index a914446c99..0000000000
--- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/configmap.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-{{/*
-################################################################################
-# Copyright (c) 2021 AT&T Intellectual Property #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); #
-# you may not use this file except in compliance with the License. #
-# You may obtain a copy of the License at #
-# #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-################################################################################
-*/}}
-
-{{ include "dcaegen2-services-common.configMap" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/deployment.yaml
deleted file mode 100644
index 0ad66b62a9..0000000000
--- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/deployment.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-{{/*
-################################################################################
-# Copyright (c) 2021 AT&T Intellectual Property #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); #
-# you may not use this file except in compliance with the License. #
-# You may obtain a copy of the License at #
-# #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-################################################################################
-*/}}
-
-{{ include "dcaegen2-services-common.microserviceDeployment" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/secret.yaml
deleted file mode 100644
index 6b70356ca9..0000000000
--- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/secret.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-{{/*
-################################################################################
-# Copyright (c) 2021 AT&T Intellectual Property #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); #
-# you may not use this file except in compliance with the License. #
-# You may obtain a copy of the License at #
-# #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-################################################################################
-*/}}
-
-{{ include "common.secretFast" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/service.yaml
deleted file mode 100644
index cf11d2a0c5..0000000000
--- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/templates/service.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-{{/*
-################################################################################
-# Copyright (c) 2021 AT&T Intellectual Property #
-# #
-# Licensed under the Apache License, Version 2.0 (the "License"); #
-# you may not use this file except in compliance with the License. #
-# You may obtain a copy of the License at #
-# #
-# http://www.apache.org/licenses/LICENSE-2.0 #
-# #
-# Unless required by applicable law or agreed to in writing, software #
-# distributed under the License is distributed on an "AS IS" BASIS, #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
-# See the License for the specific language governing permissions and #
-# limitations under the License. #
-################################################################################
-*/}}
-
-{{ include "common.service" . }} \ No newline at end of file
diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml
deleted file mode 100644
index f55aeecdbd..0000000000
--- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml
+++ /dev/null
@@ -1,211 +0,0 @@
-# ================================ LICENSE_START =============================
-# ============================================================================
-# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
-# ============================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ================================= LICENSE_END ==============================
-
-#################################################################
-# Global Configuration Defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- centralizedLoggingEnabled: true
-
-#################################################################
-# Filebeat Configuration Defaults.
-#################################################################
-filebeatConfig:
- logstashServiceName: log-ls
- logstashPort: 5044
-
-#################################################################
-# Secrets Configuration.
-#################################################################
-secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
- - uid: &aaiCredsUID aaicreds
- type: basicAuth
- login: '{{ .Values.aaiCreds.username }}'
- password: '{{ .Values.aaiCreds.password }}'
- passwordPolicy: required
-
-
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1
-
-#################################################################
-# Application Configuration Defaults.
-#################################################################
-# Application Image
-image: onap/org.onap.dcaegen2.services.components.bbs-event-processor:2.1.1
-pullPolicy: Always
-
-# Log directory where logging sidecar should look for log files
-# if path is set to null sidecar won't be deployed in spite of
-# global.centralizedLoggingEnabled setting.
-log:
- path: /opt/app/bbs-event-processor/logs
-logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/bbs-event-processor/etc/cert/
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: true
-
-# Dependencies
-readinessCheck:
- wait_for:
- - dcae-config-binding-service
- - aaf-cm
-
-# Probe Configuration
-readiness:
- initialDelaySeconds: 120
- periodSeconds: 180
- timeoutSeconds: 5
- path: /heartbeat
- scheme: HTTP
- port: 8100
-
-
-# Service Configuration
-service:
- type: ClusterIP
- name: dcae-bbs-eventprocessor
- ports:
- - name: https
- port: 8100
- port_protocol: http
-
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
-
-# AAI Credentials
-aaiCreds:
- username: AAI
- password: AAI
-
-credentials:
-- name: AAF_USERNAME
- uid: *aafCredsUID
- key: login
-- name: AAF_PASSWORD
- uid: *aafCredsUID
- key: password
-- name: AAI_USERNAME
- uid: *aaiCredsUID
- key: login
-- name: AAI_PASSWORD
- uid: *aaiCredsUID
- key: password
-
-
-# Initial Application Configuration
-applicationConfig:
- streams_subscribes:
- pnf_reregistration:
- type: message_router
- aaf_username: ${AAF_USERNAME}
- aaf_password: ${AAF_PASSWORD}
- dmaap_info:
- topic_url: https:message-router:3905/events/unauthenticated.PNF_UPDATE
- cpe_authentication:
- type: message_router
- aaf_username: ${AAF_USERNAME}
- aaf_password: ${AAF_PASSWORD}
- dmaap_info:
- topic_url: https:message-router:3905/events/unauthenticated.CPE_AUTHENTICATION
- streams_publishes:
- close_loop:
- type: message_router
- aaf_username: ${AAF_USERNAME}
- aaf_password: ${AAF_PASSWORD}
- dmaap_info:
- topic_url: https:message-router:3905/events/unauthenticated.DCAE_CL_OUTPUT
- dmaap.protocol: https
- dmaap.contentType: application/json
- dmaap.consumer.consumerId: c12
- dmaap.consumer.consumerGroup: OpenDcae-c12
- dmaap.messageLimit: -1
- dmaap.timeoutMs: -1
- aai.host: aai.onap
- aai.port: 8443
- aai.protocol: https
- aai.username: ${AAI_USERNAME}
- aai.password: ${AAF_PASSWORD}
- aai.aaiIgnoreSslCertificateErrors: true
- application.pipelinesPollingIntervalSec: 25
- application.pipelinesTimeoutSec: 15
- application.cbsPollingIntervalSec: 120
- application.policyVersion: 1.0.0.5
- application.clTargetType: VM
- application.clEventStatus: ONSET
- application.clVersion: 1.0.2
- application.clTarget: vserver.vserver-name
- application.clOriginator: DCAE-BBS-ep
- application.reregistration.policyScope: policyScopeReReg
- application.reregistration.clControlName: clControlNameReReg
- application.cpe.authentication.policyScope: policyScopeCpeAuth
- application.cpe.authentication.clControlName: clControlNameCpeAuth
- application.reregistration.configKey: pnf_reregistration
- application.cpeAuth.configKey: cpe_authentication
- application.closeLoop.configKey: close_loop
- application.loggingLevel: INFO
- application.ssl.keyStorePath: "/opt/app/bbs-event-processor/etc/cert/cert.jks"
- application.ssl.keyStorePasswordPath: "/opt/app/bbs-event-processor/etc/cert/jks.pass"
- application.ssl.trustStorePath: "/opt/app/bbs-event-processor/etc/cert/trust.jks"
- application.ssl.trustStorePasswordPath: "/opt/app/bbs-event-processor/etc/cert/trust.pass"
- application.ssl.enableAaiCertAuth: true
- application.ssl.enableDmaapCertAuth: true
-
-# Resource Limit Flavor -By Default Using Small
-flavor: small
-
-# Segregation for Different Environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 1
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 2
- memory: 2Gi
- unlimited: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: dcae-bbs-eventprocessor-ms
- roles:
- - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
index 72c6a4bcce..ad8ca9fb2e 100644
--- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
@@ -123,15 +123,11 @@ applicationConfig:
cid: kpi-cid
streams_subscribes:
performance_management_topic:
- aafUsername: ${AAF_IDENTITY}
- aafPassword: ${AAF_PASSWORD}
type: message-router
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.PERFORMANCE_MEASUREMENTS
streams_publishes:
kpi_topic:
- aafUsername: ${AAF_IDENTITY}
- aafPassword: ${AAF_PASSWORD}
type: message-router
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.DCAE_KPI_OUTPUT
diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
index 1c6d68969c..971d7bfd24 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
@@ -57,7 +57,7 @@ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.pmsh:2.0.0
+image: onap/org.onap.dcaegen2.services.pmsh:2.2.2
pullPolicy: Always
# Log directory where logging sidecar should look for log files
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
index 9261b8ebe0..ef272eef23 100644
--- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
@@ -2,6 +2,7 @@
# ============================================================================
# Copyright (C) 2021-2022 Wipro Limited.
# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (C) 2022 Huawei Canada Limited.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -57,7 +58,7 @@ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.0.7
+image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.1.1
# Log directory where logging sidecar should look for log files
# if path is set to null sidecar won't be deployed in spite of
@@ -144,32 +145,48 @@ applicationConfig:
sliceanalysisms.rannfnssiDetailsTemplateId: get-rannfnssiid-details
sliceanalysisms.desUrl: http://dl-des:1681/datalake/v1/exposure/pm_data
sliceanalysisms.pmDataDurationInWeeks: 4
+ sliceanalysisms.vesNotifPollingInterval: 15
+ sliceanalysisms.vesNotifChangeIdentifier: PM_BW_UPDATE
+ sliceanalysisms.vesNotifChangeType: BandwidthChanged
+ sliceanalysisms.aaiNotif.targetAction: UPDATE
+ sliceanalysisms.aaiNotif.targetSource: UUI
+ sliceanalysisms.aaiNotif.targetEntity: service-instance
+ sliceanalysisms.ccvpnEvalInterval: 15
+ sliceanalysisms.ccvpnEvalThreshold: 0.8
+ sliceanalysisms.ccvpnEvalPrecision: 100.0
+ sliceanalysisms.ccvpnEvalPeriodicCheckOn: true
+ sliceanalysisms.ccvpnEvalOnDemandCheckOn: true
streams_publishes:
CL_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.DCAE_CL_OUTPUT
streams_subscribes:
performance_management_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.PERFORMANCE_MEASUREMENTS
intelligent_slicing_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.ML_RESPONSE_TOPIC
dcae_cl_response_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/DCAE_CL_RSP
+ ves_ccvpn_notification_topic:
+ type: message-router
+ dmaap_info:
+ topic_url: http://message-router:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT
+ aai_subscriber:
+ type: message-router
+ servers : ["message-router:3904"]
+ consumer_group: dcae_ccvpn_cl
+ consumer_instance: dcae_ccvpn_cl_aaievent
+ fetch_timeout: 15000
+ fetch_limit: 100
+ dmaap_info:
+ topic_url: http://message-router:3904/events/AAI-EVENT
applicationEnv:
STANDALONE: 'false'
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
index 88ceac0e8d..5e487e27a9 100644
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
@@ -186,33 +186,23 @@ applicationConfig:
streams_publishes:
CL_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.DCAE_CL_OUTPUT
streams_subscribes:
performance_management_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT
fault_management_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.SEC_FAULT_OUTPUT
nbr_list_change_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/PCI-NOTIF-TOPIC-NGHBR-LIST-CHANGE-INFO
dcae_cl_response_topic:
type: message-router
- aaf_username: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
dmaap_info:
topic_url: http://message-router:3904/events/DCAE_CL_RSP
service_calls:
diff --git a/kubernetes/dcaegen2-services/values.yaml b/kubernetes/dcaegen2-services/values.yaml
index 5334caced0..a7e24d1d9b 100644
--- a/kubernetes/dcaegen2-services/values.yaml
+++ b/kubernetes/dcaegen2-services/values.yaml
@@ -28,9 +28,6 @@ filebeatConfig:
# Control deployment of DCAE microservices at ONAP installation time
dcae-ves-openapi-manager:
enabled: true
-dcae-bbs-eventprocessor-ms:
- enabled: false
- logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
dcae-datafile-collector:
enabled: false
logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
index 7475a4d2bf..9e62ccf2f7 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/resources/config/engine-d.yml
@@ -31,7 +31,7 @@ server:
logging:
# The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL.
- level: ALL
+ level: INFO
# Logger-specific levels.
loggers:
@@ -41,7 +41,7 @@ logging:
appenders:
- type: console
- threshold: ALL
+ threshold: INFO
timeZone: UTC
logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
- type: file
@@ -51,7 +51,7 @@ logging:
archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/engine-d-error-%d{yyyy-MM-dd}.log.gz
archivedFileCount: 7
- type: file
- threshold: DEBUG
+ threshold: INFO
logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
currentLogFilename: /var/log/ONAP/holmes/engine-d-debug.log
archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/engine-d-debug-%d{yyyy-MM-dd}.log.gz
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
index c8ec225545..5781dabb85 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
@@ -28,7 +28,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/holmes/engine-management:10.0.2
+image: onap/holmes/engine-management:10.0.3
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
index 43a83d09b0..89269dede8 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/rulemgt.yml
@@ -24,7 +24,7 @@ server:
logging:
# The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL.
- level: ALL
+ level: INFO
# Logger-specific levels.
loggers:
@@ -34,7 +34,7 @@ logging:
appenders:
- type: console
- threshold: ALL
+ threshold: INFO
timeZone: UTC
logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
- type: file
@@ -45,7 +45,7 @@ logging:
archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/rulemgt-relation-error-%d{yyyy-MM-dd}.log.gz
archivedFileCount: 7
- type: file
- threshold: DEBUG
+ threshold: INFO
logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
currentLogFilename: /var/log/ONAP/holmes/rulemgt-relation-debug.log
archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/rulemgt-relation-debug-%d{yyyy-MM-dd}.log.gz
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
index 94076194e0..fbe873b184 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
@@ -28,7 +28,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/holmes/rule-management:10.0.2
+image: onap/holmes/rule-management:10.0.3
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
#################################################################
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml
index 1b1bb387b9..61df057fdb 100644
--- a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml
+++ b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml
@@ -102,7 +102,7 @@ config:
# application image
flavor: small
-image: onap/modeling/etsicatalog:1.0.13
+image: onap/modeling/etsicatalog:1.0.14
pullPolicy: Always
#Istio sidecar injection policy
diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml
index 844ac5e58d..b152af282e 100644
--- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml
@@ -24,7 +24,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/k8s:0.10.0
+image: onap/multicloud/k8s:0.10.1
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index 0e8dd21994..6939a87f21 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -97,7 +97,7 @@ global:
loggingImage: beats/filebeat:5.5.0
# mariadb client image
- mariadbImage: bitnami/mariadb:10.6.5-debian-10-r28
+ mariadbImage: bitnami/mariadb:10.5.8
# nginx server image
nginxImage: bitnami/nginx:1.21.4
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
index 72c5ddc9c2..228302fed4 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
@@ -16,7 +16,7 @@
global: # global defaults
nodePortPrefix: 302
image:
- optf_has: onap/optf-has:2.2.1
+ optf_has: onap/optf-has:2.3.0
#################################################################
# secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
index 0157c569a0..a8c5dd216a 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
@@ -14,7 +14,7 @@
global:
image:
- optf_has: onap/optf-has:2.2.1
+ optf_has: onap/optf-has:2.3.0
#################################################################
# Secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
index 5623cde904..0aaf4286cd 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
@@ -14,7 +14,7 @@
global:
image:
- optf_has: onap/optf-has:2.2.1
+ optf_has: onap/optf-has:2.3.0
#################################################################
# secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
index fa8bdd97ed..fd88273dce 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
@@ -14,7 +14,7 @@
global:
image:
- optf_has: onap/optf-has:2.2.1
+ optf_has: onap/optf-has:2.3.0
#################################################################
# secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
index e7ceddd9a4..36c1945835 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
@@ -14,7 +14,7 @@
global:
image:
- optf_has: onap/optf-has:2.2.1
+ optf_has: onap/optf-has:2.3.0
#################################################################
# secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/resources/config/conductor.conf b/kubernetes/oof/components/oof-has/resources/config/conductor.conf
index 7d724a593d..22a20fe64e 100755
--- a/kubernetes/oof/components/oof-has/resources/config/conductor.conf
+++ b/kubernetes/oof/components/oof-has/resources/config/conductor.conf
@@ -753,3 +753,47 @@ certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
#password =
get_ta_list_url = "/api/v1/execute/ran-coverage-area/get_ta_list"
+
+[dcae]
+
+#
+# From conductor
+#
+#
+# Data Store table prefix. (string value)
+#table_prefix = dcae
+
+# Base URL for DCAE, up to and not including the version, and without a
+# trailing slash. (string value)
+server_url = https://{{.Values.config.dcae.service}}.{{ include "common.namespace" . }}:{{.Values.config.dcae.port}}
+
+# Timeout for DCAE Rest Call (string value)
+#dcae_rest_timeout = 30
+
+# Number of retry for DCAE Rest Call (string value)
+#dcae_retries = 3
+
+# The version of A&AI in v# format. (string value)
+server_url_version = v1
+
+# SSL/TLS certificate file in pem format. This certificate must be registered
+# with the SDC endpoint. (string value)
+#certificate_file = certificate.pem
+certificate_file =
+
+# Private Certificate Key file in pem format. (string value)
+#certificate_key_file = certificate_key.pem
+certificate_key_file =
+
+# Certificate Authority Bundle file in pem format. Must contain the appropriate
+# trust chain for the Certificate file. (string value)
+#certificate_authority_bundle_file = certificate_authority_bundle.pem
+certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
+
+# Username for DCAE. (string value)
+#username =
+
+# Password for DCAE. (string value)
+#password =
+
+get_slice_config_url = "/api/v1/slices-config" \ No newline at end of file
diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml
index bc129beb3e..8a146a90b8 100755
--- a/kubernetes/oof/components/oof-has/values.yaml
+++ b/kubernetes/oof/components/oof-has/values.yaml
@@ -19,7 +19,7 @@
global:
commonConfigPrefix: onap-oof-has
image:
- optf_has: onap/optf-has:2.2.1
+ optf_has: onap/optf-has:2.3.0
persistence:
enabled: true
@@ -71,6 +71,9 @@ config:
cps:
service: cps-tbdmt
port: 8080
+ dcae:
+ service: dcae-slice-analysis-ms
+ port: 8080
etcd:
serviceName: &etcd-service oof-has-etcd
port: 2379
diff --git a/kubernetes/oof/resources/config/conf/common_config.yaml b/kubernetes/oof/resources/config/conf/common_config.yaml
index 8f00ac72da..57e8e27a19 100644
--- a/kubernetes/oof/resources/config/conf/common_config.yaml
+++ b/kubernetes/oof/resources/config/conf/common_config.yaml
@@ -162,4 +162,5 @@ nxi_termination:
- "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'AN') > service-instance*('service-role','nsi')"
- "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'AN_NF') > service-instance*('workload-context','AN')"
- "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'TN_MH') > service-instance*('workload-context','AN')"
+ - "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'TN_FH') > service-instance*('workload-context','AN')"
- "service-instance*('service-instance-id','{{ printf "{{instance_id}}" }}')('workload-context', 'AN_NF') > service-instance*('workload-context','AN')"
diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml
index 677271c241..d3b3c7b245 100755
--- a/kubernetes/policy/Chart.yaml
+++ b/kubernetes/policy/Chart.yaml
@@ -85,3 +85,10 @@ dependencies:
- name: serviceAccount
version: ~10.x-0
repository: '@local'
+ - name: readinessCheck
+ version: ~10.x-0
+ repository: '@local'
+ - name: postgres
+ version: ~10.x-0
+ repository: '@local'
+ condition: global.postgres.localCluster
diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml
index dbf6a7cd6a..8284c73ed1 100644
--- a/kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/templates/serviceMonitor.yaml
@@ -18,6 +18,6 @@
# ============LICENSE_END=========================================================
*/}}
-{{- if .Values.prometheus.enabled }}
+{{- if .Values.global.prometheusEnabled }}
{{ include "common.serviceMonitor" . }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml
index 6adf0e6609..ad2d954088 100755
--- a/kubernetes/policy/components/policy-apex-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml
@@ -49,7 +49,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-apex-pdp:2.7.1
+image: onap/policy-apex-pdp:2.7.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -140,9 +140,6 @@ serviceAccount:
roles:
- read
-prometheus:
- enabled: true
-
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
diff --git a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
index c08b035d53..e6cf2b3571 100644
--- a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
+++ b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml
@@ -29,6 +29,8 @@ spring:
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
password: "${SQL_PASSWORD}"
+ hikari:
+ maximumPoolSize: 20
jpa:
properties:
hibernate:
diff --git a/kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml
index dbf6a7cd6a..8284c73ed1 100644
--- a/kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml
+++ b/kubernetes/policy/components/policy-api/templates/serviceMonitor.yaml
@@ -18,6 +18,6 @@
# ============LICENSE_END=========================================================
*/}}
-{{- if .Values.prometheus.enabled }}
+{{- if .Values.global.prometheusEnabled }}
{{ include "common.serviceMonitor" . }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml
index 89608cfb6f..72c5c498ba 100755
--- a/kubernetes/policy/components/policy-api/values.yaml
+++ b/kubernetes/policy/components/policy-api/values.yaml
@@ -79,7 +79,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-api:2.6.1
+image: onap/policy-api:2.6.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -156,9 +156,6 @@ serviceAccount:
roles:
- read
-prometheus:
- enabled: true
-
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
index 8eafa463c5..844b3d78c2 100644
--- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml
@@ -71,7 +71,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-http-ppnt:6.2.1
+image: onap/policy-clamp-ac-http-ppnt:6.2.2
pullPolicy: Always
# application configuration
diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
index a3fb19f1bc..5592edcc3c 100644
--- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml
@@ -72,7 +72,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-k8s-ppnt:6.2.1
+image: onap/policy-clamp-ac-k8s-ppnt:6.2.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
index c825ab1a0c..70f2a0fa75 100644
--- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml
@@ -83,7 +83,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-pf-ppnt:6.2.1
+image: onap/policy-clamp-ac-pf-ppnt:6.2.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-clamp-be/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml
index 2016b14043..d40a2a9695 100644
--- a/kubernetes/policy/components/policy-clamp-be/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-be/values.yaml
@@ -71,7 +71,7 @@ secrets:
flavor: small
# application image
-image: onap/policy-clamp-backend:6.2.1
+image: onap/policy-clamp-backend:6.2.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
index 1b571fc502..f989715c41 100644
--- a/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
+++ b/kubernetes/policy/components/policy-clamp-runtime-acm/values.yaml
@@ -78,7 +78,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-runtime-acm:6.2.1
+image: onap/policy-clamp-runtime-acm:6.2.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml
index dbf6a7cd6a..8284c73ed1 100644
--- a/kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml
+++ b/kubernetes/policy/components/policy-distribution/templates/serviceMonitor.yaml
@@ -18,6 +18,6 @@
# ============LICENSE_END=========================================================
*/}}
-{{- if .Values.prometheus.enabled }}
+{{- if .Values.global.prometheusEnabled }}
{{ include "common.serviceMonitor" . }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml
index db271a9c3f..9e0b11d3a2 100755
--- a/kubernetes/policy/components/policy-distribution/values.yaml
+++ b/kubernetes/policy/components/policy-distribution/values.yaml
@@ -67,7 +67,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-distribution:2.7.1
+image: onap/policy-distribution:2.7.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -162,9 +162,6 @@ serviceAccount:
roles:
- read
-prometheus:
- enabled: true
-
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
index ff532ab5c1..57fa29bc3d 100755
--- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf
@@ -1,6 +1,6 @@
{{/*
# Copyright © 2017-2018 Amdocs, Bell Canada.
-# Modifications Copyright (C) 2018-2020 AT&T Intellectual Property.
+# Modifications Copyright (C) 2018-2020, 2022 AT&T Intellectual Property.
# Modifications Copyright (C) 2021 Bell Canada. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -43,6 +43,9 @@ REPOSITORY_OFFLINE={{.Values.nexus.offline}}
SQL_HOST={{ .Values.db.name }}
SQL_PORT=3306
+# Liveness
+LIVENESS_CONTROLLERS=*
+
# AAF
AAF={{.Values.aaf.enabled}}
diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml
index 2fc08e4e5d..a25a7e16d3 100755
--- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml
+++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/logback.xml
@@ -1,7 +1,7 @@
<!--
============LICENSE_START=======================================================
Copyright (C) 2020 Bell Canada. All rights reserved.
- Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
+ Modifications Copyright (C) 2021-2022 AT&T Intellectual Property. All rights reserved.
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -150,6 +150,8 @@
<appender-ref ref="AsyncStdOut" />
</logger>
+ <appender name="PromLogback" class="io.prometheus.client.logback.InstrumentedAppender"/>
+
<root level="INFO">
<appender-ref ref="AsyncDebugOut" />
<appender-ref ref="AsyncErrorOut" />
@@ -158,6 +160,7 @@
<appender-ref ref="AsyncStdOut" />
<appender-ref ref="AsyncMetricStdOut" />
<appender-ref ref="AsyncTransactionStdOut" />
+ <appender-ref ref="PromLogback" />
</root>
</configuration>
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/serviceMonitor.yaml
new file mode 100644
index 0000000000..f8c450cb7e
--- /dev/null
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/serviceMonitor.yaml
@@ -0,0 +1,23 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (c) 2022 AT&T Intellectual Property
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{- if .Values.global.prometheusEnabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
index d389246b5c..7dee453771 100755
--- a/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/templates/statefulset.yaml
@@ -1,6 +1,6 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2020 AT&T Intellectual Property
+# Modifications Copyright © 2018-2020, 2022 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -83,10 +83,12 @@ spec:
- containerPort: {{ .Values.service.externalPort2 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
+ httpGet:
+ path: /healthcheck/controllers
+ port: 6968
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{- end }}
readinessProbe:
tcpSocket:
diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml
index 2ce7503015..e15ce66359 100755
--- a/kubernetes/policy/components/policy-drools-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml
@@ -1,6 +1,6 @@
# Copyright © 2017 Amdocs
# Copyright © 2017, 2021 Bell Canada
-# Modifications Copyright © 2018-2021 AT&T Intellectual Property
+# Modifications Copyright © 2018-2022 AT&T Intellectual Property
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -30,12 +30,18 @@ secrets:
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
+ - uid: telemetry-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.telemetry.credsExternalSecret) . }}'
+ login: '{{ .Values.telemetry.user }}'
+ password: '{{ .Values.telemetry.password }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:1.10.1
+image: onap/policy-pdpd-cl:1.10.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -51,7 +57,8 @@ affinity: {}
# probe configuration parameters
liveness:
initialDelaySeconds: 180
- periodSeconds: 10
+ periodSeconds: 60
+ timeoutSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
@@ -195,3 +202,24 @@ serviceAccount:
nameOverride: policy-drools-pdp
roles:
- read
+
+metrics:
+ serviceMonitor:
+ # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+ # The default operator for prometheus enforces the below label.
+ labels:
+ release: prometheus
+ enabled: true
+ port: policy-drools-pdp-9696
+ interval: 60s
+ isHttps: true
+ basicAuth:
+ enabled: true
+ externalSecretNameSuffix: policy-drools-pdp-telemetry-creds
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
diff --git a/kubernetes/policy/components/policy-gui/resources/config/default.conf b/kubernetes/policy/components/policy-gui/resources/config/default.conf
deleted file mode 100644
index 98417cd822..0000000000
--- a/kubernetes/policy/components/policy-gui/resources/config/default.conf
+++ /dev/null
@@ -1,32 +0,0 @@
-server {
-
- listen 2443 default ssl;
- ssl_protocols TLSv1.2;
- {{ if .Values.global.aafEnabled }}
- ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}};
- ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}};
- {{ else }}
- ssl_certificate /etc/ssl/clamp.pem;
- ssl_certificate_key /etc/ssl/clamp.key;
- {{ end }}
-
- ssl_verify_client optional_no_ca;
- absolute_redirect off;
-
- location / {
- root /usr/share/nginx/html;
- index index.html index.htm;
- try_files $uri $uri/ =404;
- }
-
- location /clamp/restservices/clds/ {
- proxy_pass https://policy-clamp-be:8443/restservices/clds/;
- proxy_set_header X-SSL-Cert $ssl_client_escaped_cert;
- }
-
- location = /50x.html {
- root /var/lib/nginx/html;
- }
- error_page 500 502 503 504 /50x.html;
- error_log /var/log/nginx/error.log warn;
-}
diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
index b67fa273de..a155715580 100644
--- a/kubernetes/policy/components/policy-gui/templates/deployment.yaml
+++ b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
@@ -1,6 +1,6 @@
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -62,6 +62,20 @@ spec:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["sh","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"]
+ env:
+{{- else }}
+ command: ["/opt/app/policy/gui/bin/policy-gui.sh"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
+ - name: CLAMP_URL
+ value: https://policy-clamp-be:8443
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
@@ -81,9 +95,6 @@ spec:
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: logs
mountPath: {{ .Values.log.path }}
- - mountPath: /etc/nginx/conf.d/default.conf
- name: {{ include "common.fullname" . }}-config
- subPath: default.conf
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
@@ -99,9 +110,6 @@ spec:
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
- items:
- - key: default.conf
- path: default.conf
- name: logs
emptyDir: {}
{{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml
index 6ee7715678..aa2b9d3122 100644
--- a/kubernetes/policy/components/policy-gui/values.yaml
+++ b/kubernetes/policy/components/policy-gui/values.yaml
@@ -1,5 +1,5 @@
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation.
+# Copyright (C) 2021-2022 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -26,36 +26,46 @@ global: # global defaults
aafEnabled: true
#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+#################################################################
# AAF part
#################################################################
certInitializer:
- permission_user: 1000
- permission_group: 999
- addconfig: true
- keystoreFile: "org.onap.clamp.p12"
- truststoreFile: "org.onap.clamp.trust.jks"
- keyFile: "org.onap.clamp.keyfile"
- truststoreFileONAP: "truststoreONAPall.jks"
- clamp_key: "clamp.key"
- clamp_pem: "clamp.pem"
- clamp_ca_certs_pem: "clamp-ca-certs.pem"
nameOverride: policy-gui-cert-initializer
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: clamp
- fqi: clamp@clamp.onap.org
- public_fqdn: clamp.onap.org
- cadi_longitude: "0.0"
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
+ cadi_longitude: "0.0"
credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
aaf_add_config: >
- cd {{ .Values.credsPath }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
- openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
- chmod a+rx *;
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export TRUSTSTORE='{{ .Values.credsPath }}/org.onap.policy.trust.jks'" >> {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ echo "export TRUSTSTORE_PASSWD='${cadi_truststore_password}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
subChartsOnly:
enabled: true
@@ -63,7 +73,7 @@ subChartsOnly:
flavor: small
# application image
-image: onap/policy-gui:2.2.0
+image: onap/policy-gui:2.2.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -71,7 +81,7 @@ debugEnabled: false
# log configuration
log:
- path: /var/log/nginx/
+ path: /var/log/onap/policy/gui
#################################################################
# Application configuration defaults.
diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
index 6f501b8c21..00f7b9b8ee 100644
--- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
+++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml
@@ -29,6 +29,8 @@ spring:
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
password: "${SQL_PASSWORD}"
+ hikari:
+ maximumPoolSize: 20
jpa:
properties:
hibernate:
diff --git a/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml
index dbf6a7cd6a..8284c73ed1 100644
--- a/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml
+++ b/kubernetes/policy/components/policy-pap/templates/serviceMonitor.yaml
@@ -18,6 +18,6 @@
# ============LICENSE_END=========================================================
*/}}
-{{- if .Values.prometheus.enabled }}
+{{- if .Values.global.prometheusEnabled }}
{{ include "common.serviceMonitor" . }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml
index 311653b860..41978331a4 100755
--- a/kubernetes/policy/components/policy-pap/values.yaml
+++ b/kubernetes/policy/components/policy-pap/values.yaml
@@ -92,7 +92,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pap:2.6.1
+image: onap/policy-pap:2.6.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -181,9 +181,6 @@ serviceAccount:
roles:
- read
-prometheus:
- enabled: true
-
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/logback.xml b/kubernetes/policy/components/policy-xacml-pdp/resources/config/logback.xml
index cc7f8e56c1..fad7e72509 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/logback.xml
+++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/logback.xml
@@ -1,7 +1,7 @@
<!--
============LICENSE_START=======================================================
Copyright (C) 2020 Bell Canada. All rights reserved.
- Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
+ Modifications Copyright (C) 2021-2022 AT&T Intellectual Property. All rights reserved.
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -95,10 +95,13 @@
<appender-ref ref="AsyncStdOut" />
</logger>
+ <appender name="PromLogback" class="io.prometheus.client.logback.InstrumentedAppender"/>
+
<root level="INFO">
<appender-ref ref="AsyncDebugOut" />
<appender-ref ref="AsyncErrorOut" />
<appender-ref ref="AsyncStdOut" />
+ <appender-ref ref="PromLogback" />
</root>
</configuration>
diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml
index dbf6a7cd6a..8284c73ed1 100644
--- a/kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/templates/serviceMonitor.yaml
@@ -18,6 +18,6 @@
# ============LICENSE_END=========================================================
*/}}
-{{- if .Values.prometheus.enabled }}
+{{- if .Values.global.prometheusEnabled }}
{{ include "common.serviceMonitor" . }}
-{{- end }} \ No newline at end of file
+{{- end }}
diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
index 504313832d..4b97dbb01d 100755
--- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml
+++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml
@@ -83,7 +83,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:2.6.1
+image: onap/policy-xacml-pdp:2.6.2
pullPolicy: Always
# flag to enable debugging - application support required
@@ -159,9 +159,6 @@ serviceAccount:
roles:
- read
-prometheus:
- enabled: true
-
metrics:
serviceMonitor:
# Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
diff --git a/kubernetes/policy/resources/config/db-pg.sh b/kubernetes/policy/resources/config/db-pg.sh
new file mode 100644
index 0000000000..f26a80fad7
--- /dev/null
+++ b/kubernetes/policy/resources/config/db-pg.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021-2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+
+#psql() { /usr/bin/psql -h ${PG_HOST} -p ${PG_PORT} "$@"; };
+
+export PGPASSWORD=${PG_ADMIN_PASSWORD};
+
+psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE USER ${PG_USER} WITH PASSWORD '${PG_USER_PASSWORD}'"
+
+for db in migration pooling policyadmin policyclamp operationshistory clampacm
+do
+ psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE DATABASE ${db};"
+ psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "GRANT ALL PRIVILEGES ON DATABASE ${db} TO ${PG_USER};"
+done
diff --git a/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh b/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh
new file mode 100644
index 0000000000..53921ab751
--- /dev/null
+++ b/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+{{/*
+# Copyright (C) 2022 Nordix Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB}
+/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o upgrade
+rc=$?
+/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o report
+exit $rc
diff --git a/kubernetes/policy/templates/configmap.yaml b/kubernetes/policy/templates/configmap.yaml
index 17558f86ea..c8b01ccb81 100755
--- a/kubernetes/policy/templates/configmap.yaml
+++ b/kubernetes/policy/templates/configmap.yaml
@@ -1,7 +1,7 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021-2022 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml
index d59b5fe770..9fea669c37 100755
--- a/kubernetes/policy/templates/job.yaml
+++ b/kubernetes/policy/templates/job.yaml
@@ -1,7 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, Bell Canada
# Modifications Copyright © 2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2022 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -33,9 +33,9 @@ spec:
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers:
+ initContainers: {{ if .Values.global.postgres.localCluster }}{{ include "common.readinessCheck.waitFor" . | nindent 6 }}{{ end }}
#This container checks that all galera instances are up before initializing it.
- - name: {{ include "common.name" . }}-readiness
+ - name: {{ include "common.name" . }}-mariadb-readiness
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
@@ -71,6 +71,33 @@ spec:
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
resources:
{{ include "common.resources" . }}
+ {{ if .Values.global.postgres.localCluster }}
+ - name: {{ include "common.release" . }}-policy-pg-config
+ image: {{ .Values.repository }}/{{ .Values.postgresImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /docker-entrypoint-initdb.d/db-pg.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db-pg.sh
+ command:
+ - /bin/sh
+ args:
+ - -x
+ - /docker-entrypoint-initdb.d/db-pg.sh
+ env:
+ - name: PG_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-root-pass" "key" "password") | indent 12 }}
+ - name: PG_HOST
+ value: "{{ .Values.postgres.service.name2 }}"
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ - name: PG_USER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+ - name: PG_PORT
+ value: "{{ .Values.postgres.service.internalPort }}"
+ resources:
+{{ include "common.resources" . }}
+ {{ end }}
containers:
- name: {{ include "common.release" . }}-policy-galera-db-migrator
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
@@ -95,8 +122,41 @@ spec:
value: {{ .Values.dbmigrator.schema }}
- name: POLICY_HOME
value: {{ .Values.dbmigrator.policy_home }}
+ - name: SCRIPT_DIRECTORY
+ value: "sql"
resources:
{{ include "common.resources" . }}
+ {{ if .Values.global.postgres.localCluster }}
+ - name: {{ include "common.release" . }}-policy-pg-db-migrator
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh
+ name: {{ include "common.fullname" . }}-config
+ subPath: db_migrator_pg_policy_init.sh
+ command:
+ - /bin/sh
+ args:
+ - -x
+ - /dbcmd-config/db_migrator_pg_policy_init.sh
+ env:
+ - name: SQL_HOST
+ value: "{{ .Values.postgres.service.name2 }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ - name: SQL_DB
+ value: {{ .Values.dbmigrator.schema }}
+ - name: POLICY_HOME
+ value: {{ .Values.dbmigrator.policy_home }}
+ - name: SCRIPT_DIRECTORY
+ value: "postgres"
+ - name: PGPASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ resources:
+{{ include "common.resources" . }}
+ {{ end }}
restartPolicy: Never
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
@@ -108,3 +168,8 @@ spec:
path: db.sh
- key: db_migrator_policy_init.sh
path: db_migrator_policy_init.sh
+ - key: db-pg.sh
+ path: db-pg.sh
+ - key: db_migrator_pg_policy_init.sh
+ path: db_migrator_pg_policy_init.sh
+
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 759ba56b02..a315bc251c 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -27,6 +27,15 @@ global:
service: &mariadbService
name: &policy-mariadb policy-mariadb
internalPort: 3306
+ prometheusEnabled: false
+ postgres:
+ localCluster: false
+ service:
+ name: pgset
+ name2: tcp-pgset-primary
+ name3: tcp-pgset-replica
+ container:
+ name: postgres
#################################################################
# Secrets metaconfig
@@ -66,6 +75,19 @@ secrets:
login: '{{ .Values.restServer.policyApiUserName }}'
password: '{{ .Values.restServer.policyApiUserPassword }}'
passwordPolicy: required
+ - uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-policy-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "policy-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootpassword }}'
+ policy: generate
+ - uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-policy-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "policy-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
db: &dbSecretsHook
credsExternalSecret: *dbSecretName
@@ -128,7 +150,7 @@ mariadb:
image: mariadb:10.5.8
dbmigrator:
- image: onap/policy-db-migrator:2.4.1
+ image: onap/policy-db-migrator:2.4.2
schema: policyadmin
policy_home: "/opt/app/policy"
@@ -180,6 +202,31 @@ mariadb-galera:
serviceAccount:
nameOverride: *policy-mariadb
+postgresImage: library/postgres:latest
+# application configuration override for postgres
+postgres:
+ nameOverride: &postgresName policy-postgres
+ service:
+ name: *postgresName
+ name2: policy-pg-primary
+ name3: policy-pg-replica
+ container:
+ name:
+ primary: policy-pg-primary
+ replica: policy-pg-replica
+ persistence:
+ mountSubPath: policy/postgres/data
+ mountInitPath: policy
+ config:
+ pgUserName: policy_user
+ pgDatabase: policyadmin
+ pgUserExternalSecret: *pgUserCredsSecretName
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
+
+readinessCheck:
+ wait_for:
+ - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
+
restServer:
policyPapUserName: policyadmin
policyPapUserPassword: zb!XztG34
diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
index ddaf099bdf..63d266b75c 100644
--- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
+++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
@@ -1,7 +1,6 @@
#!/bin/bash
set -eo pipefail
-shopt -s nullglob
# logging functions
mysql_log() {
@@ -170,11 +169,20 @@ docker_init_database_dir() {
mysql_note "Database files initialized"
}
+if [ -z "$DATADIR" ]; then
+ DATADIR='unknown'
+fi
+if [ -z "$SOCKET" ]; then
+ SOCKET='unknown'
+fi
+if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+ DATABASE_ALREADY_EXISTS='false'
+fi
+
# Loads various settings that are used elsewhere in the script
# This should be called after mysql_check_config, but before any other functions
docker_setup_env() {
# Get config
- declare -g DATADIR SOCKET
DATADIR="$(mysql_get_config 'datadir' "$@")"
SOCKET="$(mysql_get_config 'socket' "$@")"
@@ -186,7 +194,6 @@ docker_setup_env() {
file_env 'MYSQL_ROOT_PASSWORD'
file_env 'PORTAL_DB_TABLES'
- declare -g DATABASE_ALREADY_EXISTS
if [ -d "$DATADIR/mysql" ]; then
DATABASE_ALREADY_EXISTS='true'
fi
diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml
index b7fa714e73..dac6f6c667 100644
--- a/kubernetes/sdc/components/sdc-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-be/values.yaml
@@ -35,8 +35,8 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-backend-all-plugins:1.10.1
-backendInitImage: onap/sdc-backend-init:1.10.1
+image: onap/sdc-backend-all-plugins:1.10.4
+backendInitImage: onap/sdc-backend-init:1.10.4
pullPolicy: Always
diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml
index 3391af7864..2b6817b5a1 100644
--- a/kubernetes/sdc/components/sdc-cs/values.yaml
+++ b/kubernetes/sdc/components/sdc-cs/values.yaml
@@ -51,8 +51,8 @@ cassandra:
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.10.1
-cassandraInitImage: onap/sdc-cassandra-init:1.10.1
+image: onap/sdc-cassandra:1.10.4
+cassandraInitImage: onap/sdc-cassandra-init:1.10.4
pullPolicy: Always
config:
diff --git a/kubernetes/sdc/components/sdc-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-fe/templates/service.yaml
index f899d58971..968a09c77e 100644
--- a/kubernetes/sdc/components/sdc-fe/templates/service.yaml
+++ b/kubernetes/sdc/components/sdc-fe/templates/service.yaml
@@ -42,9 +42,6 @@ spec:
- port: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
targetPort: {{ .Values.service.internalPort }}
- {{ if eq .Values.service.type "NodePort" -}}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- {{ end }}
{{ if (include "common.needTLS" .) }}
- port: {{ .Values.service.internalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml
index 1dbf9ebd7a..6267da90f3 100644
--- a/kubernetes/sdc/components/sdc-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-fe/values.yaml
@@ -47,7 +47,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-frontend:1.10.1
+image: onap/sdc-frontend:1.10.4
pullPolicy: Always
config:
@@ -112,7 +112,6 @@ service:
type: NodePort
name: sdc-fe
portName: http
- nodePort: "06"
internalPort: 8181
externalPort: 8181
nodePort2: "07"
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
index ff5d031510..30a5f031c2 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
@@ -59,8 +59,8 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-onboard-backend:1.10.1
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.10.1
+image: onap/sdc-onboard-backend:1.10.4
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.10.4
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml
index 6b18f47d66..828283ec76 100644
--- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml
@@ -59,8 +59,8 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-workflow-backend:1.7.0
-configInitImage: onap/sdc-workflow-init:1.7.0
+image: onap/sdc-workflow-backend:1.11.1
+configInitImage: onap/sdc-workflow-init:1.11.1
pullPolicy: Always
initJob:
diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
index c7e680a745..fd6f713655 100644
--- a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml
@@ -47,7 +47,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-workflow-frontend:1.7.0
+image: onap/sdc-workflow-frontend:1.11.1
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml
index a1a583b3f9..7ef646f3e1 100644
--- a/kubernetes/sdnc/components/dmaap-listener/values.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml
@@ -49,7 +49,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-dmaap-listener-image:2.2.5
+image: onap/sdnc-dmaap-listener-image:2.3.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
index b247e71452..768a617b63 100644
--- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
@@ -49,7 +49,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ansible-server-image:2.2.5
+image: onap/sdnc-ansible-server-image:2.3.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh
index 099103ca79..d92a1049e3 100755
--- a/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh
+++ b/kubernetes/sdnc/components/sdnc-prom/resources/bin/ensureSdncActive.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
{{/*
# Copyright © 2018 Amdocs
@@ -33,8 +33,8 @@ failover(){
debugLog "Currently running sdnc and dns failover"
return
fi
- trap "rm -f ${lockFile}" INT TERM RETURN
- echo $BASHPID > ${lockFile}
+ trap "rm -f ${lockFile}" INT TERM EXIT
+ echo $$ > ${lockFile}
# perform takeover
debugLog "Started executing sdnc.failover for $SITE_NAME"
diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml
index 795ffeaa79..50fee59a32 100644
--- a/kubernetes/sdnc/components/ueb-listener/values.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/values.yaml
@@ -55,7 +55,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ueb-listener-image:2.2.5
+image: onap/sdnc-ueb-listener-image:2.3.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 5d2f5be9b2..d45e13eb01 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -210,7 +210,7 @@ certificates:
# application images
pullPolicy: Always
-image: onap/sdnc-image:2.2.5
+image: onap/sdnc-image:2.3.0
# flag to enable debugging - application support required
debugEnabled: false
diff --git a/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml b/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml
new file mode 100644
index 0000000000..2653c6799c
--- /dev/null
+++ b/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml
@@ -0,0 +1,31 @@
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ .Values.kafkaStrimziAdminUser }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: {{ .Values.saslMechanism }}
+ authorization:
+ type: simple
+ acls:
+ - resource:
+ type: group
+ name: onap-group
+ operation: Read \ No newline at end of file
diff --git a/kubernetes/strimzi/templates/strimzi-kafka.yaml b/kubernetes/strimzi/templates/strimzi-kafka.yaml
index a2d2c4dfa5..06802da968 100644
--- a/kubernetes/strimzi/templates/strimzi-kafka.yaml
+++ b/kubernetes/strimzi/templates/strimzi-kafka.yaml
@@ -57,16 +57,18 @@ spec:
authorization:
type: simple
superUsers:
- - {{ include "common.release" . }}-{{ .Values.kafkaStrimziAdminUser }}
+ - {{ .Values.kafkaStrimziAdminUser }}
template:
pod:
securityContext:
runAsUser: 0
fsGroup: 0
config:
+ default.replication.factor: {{ .Values.replicaCount }}
+ min.insync.replicas: {{ .Values.replicaCount }}
offsets.topic.replication.factor: {{ .Values.replicaCount }}
transaction.state.log.replication.factor: {{ .Values.replicaCount }}
- transaction.state.log.min.isr: 2
+ transaction.state.log.min.isr: {{ .Values.replicaCount }}
log.message.format.version: "3.0"
inter.broker.protocol.version: "3.0"
storage:
diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml
index 5bd781eb2d..d279163690 100644
--- a/kubernetes/uui/components/uui-server/values.yaml
+++ b/kubernetes/uui/components/uui-server/values.yaml
@@ -63,7 +63,7 @@ flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:4.0.6
+image: onap/usecase-ui-server:4.0.7
pullPolicy: Always
# application configuration
diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml
index 1ed9b470d2..f133ad5a27 100644
--- a/kubernetes/uui/values.yaml
+++ b/kubernetes/uui/values.yaml
@@ -57,7 +57,7 @@ subChartsOnly:
flavor: small
# application image
-image: onap/usecase-ui:4.0.6
+image: onap/usecase-ui:4.0.7
pullPolicy: Always
# application configuration