diff options
Diffstat (limited to 'kubernetes')
37 files changed, 351 insertions, 511 deletions
diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index 14f162a486..f6009af391 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -59,7 +59,7 @@ certInitializer: ################################################################# # application image -image: onap/babel:1.9.3 +image: onap/babel:1.9.5 flavor: small flavorOverride: small diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index a232d53c84..0eb0c75297 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -144,7 +144,7 @@ certInitializer: chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }} # application image -image: onap/aai-graphadmin:1.9.3 +image: onap/aai-graphadmin:1.9.4 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml index 6d1a37e561..3b7d79e4a3 100644 --- a/kubernetes/aai/components/aai-modelloader/values.yaml +++ b/kubernetes/aai/components/aai-modelloader/values.yaml @@ -56,7 +56,7 @@ certInitializer: chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }} # application image -image: onap/model-loader:1.9.2 +image: onap/model-loader:1.9.4 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index fdb243de0a..544ed28e62 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -157,7 +157,7 @@ certInitializer: chown -R 1000 {{ .Values.credsPath }} # application image -image: onap/aai-resources:1.9.4 +image: onap/aai-resources:1.9.5 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index b03032677e..8345a81f06 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -94,7 +94,7 @@ certInitializer: chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }} # application image -image: onap/aai-schema-service:1.9.4 +image: onap/aai-schema-service:1.9.5 pullPolicy: Always restartPolicy: Always flavorOverride: small diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index 921d2dc832..a77ce6a288 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -140,7 +140,7 @@ certInitializer: chown -R 1000 {{ .Values.credsPath }} # application image -image: onap/aai-traversal:1.9.4 +image: onap/aai-traversal:1.9.5 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl index f57d390477..1b99285a80 100644 --- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl +++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl @@ -154,6 +154,7 @@ mail: email (optional) You can also set the same things for dockerHub, elastic and googleK8s if needed. + if not needed, set global.repositoryCred.user to empty value. */}} {{- define "repositoryGenerator.secret" -}} {{- $dot := default . .dot -}} @@ -164,9 +165,11 @@ {{- if $subchartDot.Values.global.repositoryCred }} {{- $repo := $subchartDot.Values.global.repository }} {{- $cred := $subchartDot.Values.global.repositoryCred }} - {{- $mail := default "@" $cred.mail }} - {{- $auth := printf "%s:%s" $cred.user $cred.password | b64enc }} - {{- $repoCreds = printf "\"%s\": {\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $repo $cred.user $cred.password $mail $auth }} + {{- if $cred.user }} + {{- $mail := default "@" $cred.mail }} + {{- $auth := printf "%s:%s" $cred.user $cred.password | b64enc }} + {{- $repoCreds = printf "\"%s\": {\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $repo $cred.user $cred.password $mail $auth }} + {{- end }} {{- end }} {{- if $subchartDot.Values.global.dockerHubRepositoryCred }} {{- $dhRepo := $subchartDot.Values.global.dockerHubRepository }} diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml index d2062700f3..6099d0cf85 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml @@ -90,8 +90,8 @@ readiness: periodSeconds: 15 timeoutSeconds: 1 path: /healthcheck - scheme: HTTPS - port: 8443 + scheme: HTTP + port: 8081 # Service Configuration service: diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml index abf0371412..4cd47dccb5 100644 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml @@ -40,7 +40,7 @@ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.1 +image: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.2 pullPolicy: Always # log directory where logging sidecar should look for log files diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml index b53e61690b..714a875612 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml @@ -40,7 +40,7 @@ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.3.3 +image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.4.0 pullPolicy: Always # Log directory where logging sidecar should look for log files diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml index 873579ee97..a09437eba2 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== #================================================================================= -# Copyright (c) 2021 Nokia. All rights reserved. +# Copyright (c) 2021-2022 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +18,7 @@ # Global values global: pullPolicy: Always -image: onap/org.onap.dcaegen2.platform.ves-openapi-manager:1.0.1 +image: onap/org.onap.dcaegen2.platform.ves-openapi-manager:1.1.0 containerPort: &svc_port 8080 service: diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml index be0de969c1..c998e9ec67 100644 --- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml @@ -60,7 +60,7 @@ pullPolicy: Always zookeeper: name: message-router-zookeeper port: 2181 - replicaCount: 3 + replicaCount: 1 kafka: heapOptions: -Xmx5G -Xms1G @@ -129,7 +129,7 @@ secrets: debugEnabled: false # default number of instances -replicaCount: 3 +replicaCount: 1 # To access Kafka outside cluster, this value must be set to hard and the number of nodes in K8S cluster must be equal or greater then replica count diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml index fae361a4c8..79ced4dde2 100644 --- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml @@ -32,9 +32,9 @@ debugEnabled: false # default number of instances -replicaCount: 3 +replicaCount: 1 -zookeeperServers: 3 +zookeeperServers: 1 nodeSelector: {} diff --git a/kubernetes/helm/plugins/deploy/deploy.sh b/kubernetes/helm/plugins/deploy/deploy.sh index 13b0ed86e2..51438ad7ea 100755 --- a/kubernetes/helm/plugins/deploy/deploy.sh +++ b/kubernetes/helm/plugins/deploy/deploy.sh @@ -87,6 +87,54 @@ resolve_deploy_flags() { echo "$DEPLOY_FLAGS" } + +check_for_dep() { + try=0 + retries=30 + until (kubectl get deployment -n $RELEASE | grep -P "\b$1\b") &>/dev/null; do + (( ++try > retries )) && exit 1 + echo "$1 not found. Retry $try/$retries" + sleep 5 + done + echo "$1 found. Waiting for pod intialisation" + sleep 15 +} + +deploy_strimzi() { + #Deploy the srtimzi-kafka chart in advance. Dependent charts require the entity-operator + #for management of the strimzi crds + deploy_subchart + echo "waiting for ${RELEASE}-strimzi-entity-operator to be deployed" + check_for_dep ${RELEASE}-strimzi-entity-operator +} + +deploy_subchart() { + if [ -z "$SUBCHART_RELEASE" ] || [ "$SUBCHART_RELEASE" = "$subchart" ]; then + LOG_FILE=$LOG_DIR/"${RELEASE}-${subchart}".log + :> $LOG_FILE + + helm upgrade -i "${RELEASE}-${subchart}" $CACHE_SUBCHART_DIR/$subchart \ + $DEPLOY_FLAGS -f $GLOBAL_OVERRIDES -f $SUBCHART_OVERRIDES \ + > $LOG_FILE 2>&1 + + if [ "$VERBOSE" = "true" ]; then + cat $LOG_FILE + else + echo "release \"${RELEASE}-${subchart}\" deployed" + fi + # Add annotation last-applied-configuration if set-last-applied flag is set + if [ "$SET_LAST_APPLIED" = "true" ]; then + helm get manifest "${RELEASE}-${subchart}" \ + | kubectl apply set-last-applied --create-annotation -n onap -f - \ + > $LOG_FILE.log 2>&1 + fi + fi + if [ "$DELAY" = "true" ]; then + echo sleep 3m + sleep 180 + fi +} + deploy() { # validate params if [ -z "$1" ] || [ -z "$2" ]; then @@ -219,47 +267,50 @@ deploy() { #“helm ls” is an expensive command in that it can take a long time to execute. #So cache the results to prevent repeated execution. ALL_HELM_RELEASES=$(helm ls -q) - for subchart in * ; do - SUBCHART_OVERRIDES=$CACHE_SUBCHART_DIR/$subchart/subchart-overrides.yaml - SUBCHART_ENABLED=0 - if [ -f $SUBCHART_OVERRIDES ]; then - SUBCHART_ENABLED=$(cat $SUBCHART_OVERRIDES | grep -c "^enabled: true") - fi + for subchart in strimzi cassandra mariadb-galera postgres ; do + SUBCHART_OVERRIDES=$CACHE_SUBCHART_DIR/$subchart/subchart-overrides.yaml - if [ $SUBCHART_ENABLED -eq 1 ]; then - if [ -z "$SUBCHART_RELEASE" ] || [ "$SUBCHART_RELEASE" = "$subchart" ]; then - LOG_FILE=$LOG_DIR/"${RELEASE}-${subchart}".log - :> $LOG_FILE + SUBCHART_ENABLED=0 + if [ -f $SUBCHART_OVERRIDES ]; then + SUBCHART_ENABLED=$(cat $SUBCHART_OVERRIDES | grep -c "^enabled: true") + fi + if [ "${subchart}" = "strimzi" ] && [ $SUBCHART_ENABLED -eq 1 ]; then + deploy_strimzi + fi + # Deploy them at first + if [ $SUBCHART_ENABLED -eq 1 ]; then + deploy_subchart + else + array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}")) + n=${#array[*]} + for i in $(seq $(($n-1)) -1 0); do + helm del "${array[i]}" + done + fi + done - helm upgrade -i "${RELEASE}-${subchart}" $CACHE_SUBCHART_DIR/$subchart \ - $DEPLOY_FLAGS -f $GLOBAL_OVERRIDES -f $SUBCHART_OVERRIDES \ - > $LOG_FILE 2>&1 + for subchart in * ; do + SUBCHART_OVERRIDES=$CACHE_SUBCHART_DIR/$subchart/subchart-overrides.yaml - if [ "$VERBOSE" = "true" ]; then - cat $LOG_FILE - else - echo "release \"${RELEASE}-${subchart}\" deployed" - fi - # Add annotation last-applied-configuration if set-last-applied flag is set - if [ "$SET_LAST_APPLIED" = "true" ]; then - helm get manifest "${RELEASE}-${subchart}" \ - | kubectl apply set-last-applied --create-annotation -n onap -f - \ - > $LOG_FILE.log 2>&1 - fi + SUBCHART_ENABLED=0 + if [ -f $SUBCHART_OVERRIDES ]; then + SUBCHART_ENABLED=$(cat $SUBCHART_OVERRIDES | grep -c "^enabled: true") fi - if [ "$DELAY" = "true" ]; then - echo sleep 3m - sleep 180 + if [ "${subchart}" = "strimzi" ] || [ "${subchart}" = "cassandra" ] || [ "${subchart}" = "mariadb-galera" ] || [ "${subchart}" = "postgres" ]; then + SUBCHART_ENABLED=0 fi - else - array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}")) - n=${#array[*]} - for i in $(seq $(($n-1)) -1 0); do - helm del "${array[i]}" - done - fi - done + # Deploy the others + if [ $SUBCHART_ENABLED -eq 1 ]; then + deploy_subchart + else + array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}")) + n=${#array[*]} + for i in $(seq $(($n-1)) -1 0); do + helm del "${array[i]}" + done + fi + done # report on success/failures of installs/upgrades helm ls --all-namespaces | grep -i FAILED | grep $RELEASE diff --git a/kubernetes/onap/Chart.yaml b/kubernetes/onap/Chart.yaml index 4754f9fd2f..371bc7167e 100644 --- a/kubernetes/onap/Chart.yaml +++ b/kubernetes/onap/Chart.yaml @@ -143,6 +143,10 @@ dependencies: version: ~10.x-0 repository: '@local' condition: so.enabled + - name: strimzi + version: ~10.x-0 + repository: '@local' + condition: strimzi.enabled - name: uui version: ~10.x-0 repository: '@local' diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml index 528cd2c687..a56126a093 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml @@ -74,6 +74,8 @@ so: so-vnfm-adapter: ingress: enabled: true +strimzi: + enabled: true uui: enabled: true vfc: diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index 9306985d33..6d08d01139 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -82,6 +82,8 @@ sdnc: enabled: true so: enabled: true +strimzi: + enabled: true uui: enabled: true vfc: diff --git a/kubernetes/onap/resources/overrides/onap-vfw.yaml b/kubernetes/onap/resources/overrides/onap-vfw.yaml index 181a1d18e4..f9da136043 100644 --- a/kubernetes/onap/resources/overrides/onap-vfw.yaml +++ b/kubernetes/onap/resources/overrides/onap-vfw.yaml @@ -57,5 +57,7 @@ sdnc: enabled: true so: enabled: true +strimzi: + enabled: true vid: enabled: true diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml index b07b6d3aa2..37080b8290 100644 --- a/kubernetes/onap/resources/overrides/sm-onap.yaml +++ b/kubernetes/onap/resources/overrides/sm-onap.yaml @@ -134,6 +134,8 @@ so: openStackKeyStoneUrl: "$OPENSTACK_KEYSTONE_URL" openStackServiceTenantName: "$OPENSTACK_TENANT_NAME" openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD" +strimzi: + enabled: false uui: enabled: false vid: diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index f5b5c8ed7d..0e8dd21994 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -372,6 +372,8 @@ so: # server: # monitoring: # password: demo123456! +strimzi: + enabled: false uui: enabled: false vfc: diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml index 52c1b86f06..fb16e824fb 100755 --- a/kubernetes/policy/Chart.yaml +++ b/kubernetes/policy/Chart.yaml @@ -59,10 +59,6 @@ dependencies: version: ~10.x-0 repository: 'file://components/policy-clamp-be' condition: policy-clamp-be.enabled - - name: policy-clamp-fe - version: ~10.x-0 - repository: 'file://components/policy-clamp-fe' - condition: policy-clamp-fe.enabled - name: policy-clamp-cl-k8s-ppnt version: ~10.x-0 repository: 'file://components/policy-clamp-cl-k8s-ppnt' diff --git a/kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf b/kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf deleted file mode 100644 index 4cab734074..0000000000 --- a/kubernetes/policy/components/policy-clamp-fe/resources/config/default.conf +++ /dev/null @@ -1,31 +0,0 @@ -server { - - listen 2443 default ssl; - ssl_protocols TLSv1.2; - {{ if .Values.global.aafEnabled }} - ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}}; - ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}}; - {{ else }} - ssl_certificate /etc/ssl/clamp.pem; - ssl_certificate_key /etc/ssl/clamp.key; - {{ end }} - - ssl_verify_client optional_no_ca; - location /restservices/clds/ { - proxy_pass https://policy-clamp-be:8443; - proxy_set_header X-SSL-Cert $ssl_client_escaped_cert; - } - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - try_files $uri $uri/ /index.html; - } - - error_page 500 502 503 504 /50x.html; - - location = /50x.html { - root /usr/share/nginx/html; - } - -} diff --git a/kubernetes/policy/components/policy-clamp-fe/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/components/policy-clamp-fe/resources/config/log/filebeat/filebeat.yml deleted file mode 100644 index 8717e6f33a..0000000000 --- a/kubernetes/policy/components/policy-clamp-fe/resources/config/log/filebeat/filebeat.yml +++ /dev/null @@ -1,55 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -filebeat.prospectors: -#it is mandatory, in our case it's log -- input_type: log - #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. - paths: - - /var/log/onap/*/*/*/*.log - - /var/log/onap/*/*/*.log - - /var/log/onap/*/*.log - #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive - ignore_older: 48h - # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit - clean_inactive: 96h - -# Name of the registry file. If a relative path is used, it is considered relative to the -# data path. Else full qualified file name. -#filebeat.registry_file: ${path.data}/registry - - -output.logstash: - #List of logstash server ip addresses with port number. - #But, in our case, this will be the loadbalancer IP address. - #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. - hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"] - #If enable will do load balancing among availabe Logstash, automatically. - loadbalance: true - - #The list of root certificates for server verifications. - #If certificate_authorities is empty or not set, the trusted - #certificate authorities of the host system are used. - #ssl.certificate_authorities: $ssl.certificate_authorities - - #The path to the certificate for SSL client authentication. If the certificate is not specified, - #client authentication is not available. - #ssl.certificate: $ssl.certificate - - #The client certificate key used for client authentication. - #ssl.key: $ssl.key - - #The passphrase used to decrypt an encrypted key stored in the configured key file - #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/NOTES.txt b/kubernetes/policy/components/policy-clamp-fe/templates/NOTES.txt deleted file mode 100644 index e36d6a5bfb..0000000000 --- a/kubernetes/policy/components/policy-clamp-fe/templates/NOTES.txt +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit https://127.0.0.1:8443 to use your application" - kubectl port-forward $POD_NAME 8443:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml deleted file mode 100644 index 1349558651..0000000000 --- a/kubernetes/policy/components/policy-clamp-fe/templates/deployment.yaml +++ /dev/null @@ -1,106 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - /app/ready.py - args: - - --container-name - - policy-clamp-be - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness -{{ include "common.certInitializer.initContainer" . | nindent 6 }} - containers: - # side car containers - {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} - # main container - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - name: logs - mountPath: {{ .Values.log.path }} - - mountPath: /etc/nginx/conf.d/default.conf - name: {{ include "common.fullname" . }}-config - subPath: default.conf - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }} - items: - - key: default.conf - path: default.conf - - name: logs - emptyDir: {} - {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/ingress.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/ingress.yaml deleted file mode 100644 index 8f87c68f1e..0000000000 --- a/kubernetes/policy/components/policy-clamp-fe/templates/ingress.yaml +++ /dev/null @@ -1 +0,0 @@ -{{ include "common.ingress" . }} diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/service.yaml b/kubernetes/policy/components/policy-clamp-fe/templates/service.yaml deleted file mode 100644 index b4549ba099..0000000000 --- a/kubernetes/policy/components/policy-clamp-fe/templates/service.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} ---- diff --git a/kubernetes/policy/components/policy-clamp-fe/values.yaml b/kubernetes/policy/components/policy-clamp-fe/values.yaml deleted file mode 100644 index 80f40995d2..0000000000 --- a/kubernetes/policy/components/policy-clamp-fe/values.yaml +++ /dev/null @@ -1,154 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018-2021 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: # global defaults - nodePortPrefix: 302 - centralizedLoggingEnabled: true - #AAF service - aafEnabled: true - -################################################################# -# AAF part -################################################################# -certInitializer: - permission_user: 1000 - permission_group: 999 - addconfig: true - keystoreFile: "org.onap.clamp.p12" - truststoreFile: "org.onap.clamp.trust.jks" - keyFile: "org.onap.clamp.keyfile" - truststoreFileONAP: "truststoreONAPall.jks" - clamp_key: "clamp.key" - clamp_pem: "clamp.pem" - clamp_ca_certs_pem: "clamp-ca-certs.pem" - nameOverride: clamp-cert-initializer - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - # aafDeployCredsExternalSecret: some secret - fqdn: clamp - fqi: clamp@clamp.onap.org - public_fqdn: clamp.onap.org - cadi_longitude: "0.0" - cadi_latitude: "0.0" - app_ns: org.osaaf.aaf - credsPath: /opt/app/osaaf/local - aaf_add_config: > - cd {{ .Values.credsPath }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }}; - openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }}; - chmod a+rx *; - -subChartsOnly: - enabled: true - -flavor: small - -# application image -image: onap/policy-clamp-frontend:6.2.0 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# log configuration -log: - path: /var/log/nginx/ - -################################################################# -# Application configuration defaults. -################################################################# -config: - log: - logstashServiceName: log-ls - logstashPort: 5044 - dataRootDir: /dockerdata-nfs - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 120 - periodSeconds: 10 - timeoutSeconds: 3 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - -service: - type: NodePort - name: policy-clamp-fe - portName: policy-clamp-fe - internalPort: 2443 - nodePort: 58 - - # as of 20180904 port 58 is reserved for clamp from log/logdemonode - # see https://wiki.onap.org/display/DW/OOM+NodePort+List - -ingress: - enabled: false - service: - - baseaddr: "clamp.api" - name: "clamp" - port: 2443 - config: - ssl: "redirect" - -#resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -resources: - small: - limits: - cpu: 1 - memory: 200Mi - requests: - cpu: 1m - memory: 50Mi - large: - limits: - cpu: 1 - memory: 500Mi - requests: - cpu: 10m - memory: 50Mi - unlimited: {} - -#Pods Service Account -serviceAccount: - nameOverride: policy-clamp-fe - roles: - - read diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index c544467b53..77d3c3f83e 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -98,8 +98,6 @@ policy-clamp-be: db: *dbSecretsHook config: appUserExternalSecret: *policyAppCredsSecret -policy-clamp-fe: - enabled: true policy-clamp-cl-k8s-ppnt: enabled: true policy-clamp-cl-pf-ppnt: diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py index c2d1c48fe8..700b17a970 100644 --- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py @@ -20,7 +20,7 @@ GLOBAL_INJECTED_APPC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . GLOBAL_INJECTED_APPC_CDT_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "appc-cdt") }}' GLOBAL_INJECTED_ARTIFACTS_VERSION = '{{.Values.demoArtifactsVersion}}' GLOBAL_INJECTED_ARTIFACTS_REPO_URL = "{{ .Values.demoArtifactsRepoUrl }}" -GLOBAL_INJECTED_CLAMP_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "policy-clamp-fe") }}' +GLOBAL_INJECTED_CLAMP_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "policy-gui") }}' GLOBAL_INJECTED_CLI_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "cli") }}' GLOBAL_INJECTED_CLOUD_ENV = 'openstack' GLOBAL_INJECTED_DCAE_COLLECTOR_IP = "{{ .Values.dcaeCollectorIp }}" @@ -153,7 +153,7 @@ GLOBAL_SDC_PASSWORD = '{{ .Values.sdcPassword }}' GLOBAL_SDC_AUTHENTICATION = [GLOBAL_SDC_USERNAME, GLOBAL_SDC_PASSWORD] # clamp info - everything is from the private oam network (also called onap private network) GLOBAL_CLAMP_SERVER_PROTOCOL = "https" -GLOBAL_CLAMP_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "policy-clamp-fe" "port" 2443) }}' +GLOBAL_CLAMP_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "policy-gui" "port" 2443) }}' # nbi info - everything is from the private oam network (also called onap private network) GLOBAL_NBI_SERVER_PROTOCOL = "https" GLOBAL_NBI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "nbi" "port" 8443) }}' diff --git a/kubernetes/strimzi/.helmignore b/kubernetes/strimzi/.helmignore new file mode 100644 index 0000000000..0f976e9ff3 --- /dev/null +++ b/kubernetes/strimzi/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +Chart.lock diff --git a/kubernetes/policy/components/policy-clamp-fe/Chart.yaml b/kubernetes/strimzi/Chart.yaml index f703987a44..6ce866bdeb 100644 --- a/kubernetes/policy/components/policy-clamp-fe/Chart.yaml +++ b/kubernetes/strimzi/Chart.yaml @@ -1,7 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation +# Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,13 +13,16 @@ # limitations under the License. apiVersion: v2 -description: ONAP Policy Clamp Frontend -name: policy-clamp-fe +description: ONAP Strimzi kafka +name: strimzi version: 10.0.0 dependencies: - - name: certInitializer + - name: common version: ~10.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) repository: '@local' - name: repositoryGenerator version: ~10.x-0 @@ -30,3 +30,4 @@ dependencies: - name: serviceAccount version: ~10.x-0 repository: '@local' + diff --git a/kubernetes/strimzi/Makefile b/kubernetes/strimzi/Makefile new file mode 100644 index 0000000000..51d7de122c --- /dev/null +++ b/kubernetes/strimzi/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */Chart.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/configmap.yaml b/kubernetes/strimzi/templates/pv-kafka.yaml index 1a5b0ce06a..616f03e788 100644 --- a/kubernetes/policy/components/policy-clamp-fe/templates/configmap.yaml +++ b/kubernetes/strimzi/templates/pv-kafka.yaml @@ -1,6 +1,5 @@ {{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,18 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} - -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - -{{ include "common.log.configMap" . }} +{{ include "common.replicaPV" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistenceKafka) }} diff --git a/kubernetes/policy/components/policy-clamp-fe/templates/secrets.yaml b/kubernetes/strimzi/templates/pv-zk.yaml index 4cf8155f6c..60f4ca6e79 100644 --- a/kubernetes/policy/components/policy-clamp-fe/templates/secrets.yaml +++ b/kubernetes/strimzi/templates/pv-zk.yaml @@ -1,6 +1,5 @@ {{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,4 +14,4 @@ # limitations under the License. */}} -{{ include "common.secretFast" . }} +{{ include "common.replicaPV" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistenceZk) }} diff --git a/kubernetes/strimzi/templates/strimzi-kafka.yaml b/kubernetes/strimzi/templates/strimzi-kafka.yaml new file mode 100644 index 0000000000..cfd2ef13cc --- /dev/null +++ b/kubernetes/strimzi/templates/strimzi-kafka.yaml @@ -0,0 +1,90 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: kafka.strimzi.io/v1beta2 +kind: Kafka +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + kafka: + version: {{ .Values.version }} + replicas: {{ .Values.replicaCount }} + listeners: + - name: plain + port: {{ .Values.kafkaInternalPort }} + type: internal + tls: false + authentication: + type: {{ .Values.saslMechanism }} + - name: tls + port: 9093 + type: internal + tls: true + authentication: + type: tls + - name: external + port: 9094 + type: nodeport + tls: true + authentication: + type: tls + authorization: + type: simple + superUsers: + - {{ include "common.release" . }}-{{ .Values.kafkaStrimziAdminUser }} + template: + pod: + securityContext: + runAsUser: 0 + fsGroup: 0 + config: + offsets.topic.replication.factor: {{ .Values.replicaCount }} + transaction.state.log.replication.factor: {{ .Values.replicaCount }} + transaction.state.log.min.isr: 2 + log.message.format.version: "3.0" + inter.broker.protocol.version: "3.0" + storage: + type: jbod + class: {{ include "common.storageClass" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistenceKafka) }} + volumes: + - id: 0 + type: persistent-claim + size: {{ .Values.persistenceKafka.size }} + deleteClaim: true + class: {{ include "common.storageClass" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistenceKafka) }} + zookeeper: + template: + pod: + securityContext: + runAsUser: 0 + fsGroup: 0 + replicas: {{ .Values.replicaCount }} + config: + ssl.hostnameVerification: false + storage: + type: persistent-claim + size: {{ .Values.persistenceZk.size }} + deleteClaim: true + class: {{ include "common.storageClass" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistenceZk) }} + entityOperator: + topicOperator: {} + userOperator: {} + diff --git a/kubernetes/strimzi/values.yaml b/kubernetes/strimzi/values.yaml new file mode 100644 index 0000000000..e8db803f94 --- /dev/null +++ b/kubernetes/strimzi/values.yaml @@ -0,0 +1,52 @@ +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + persistence: + mountPath: /dockerdata-nfs + +################################################################# +# Application configuration defaults. +################################################################# +replicaCount: 2 +kafkaInternalPort: 9092 +saslMechanism: scram-sha-512 +version: 3.0.0 +kafkaStrimziAdminUser: strimzi-kafka-admin +persistence: {} + +persistenceKafka: + enabled: true + size: 2Gi + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountPath: /dockerdata-nfs + mountSubPath: strimzi-kafka/kafka +persistenceZk: + enabled: true + size: 2Gi + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountPath: /dockerdata-nfs + mountSubPath: strimzi-kafka/zk + +#Pods Service Account +serviceAccount: + nameOverride: strimzi-kafka + roles: + - read |