diff options
Diffstat (limited to 'kubernetes')
288 files changed, 6603 insertions, 2973 deletions
diff --git a/kubernetes/aaf/charts/aaf-cm/values.yaml b/kubernetes/aaf/charts/aaf-cm/values.yaml index 3295395adc..c391369db6 100644 --- a/kubernetes/aaf/charts/aaf-cm/values.yaml +++ b/kubernetes/aaf/charts/aaf-cm/values.yaml @@ -60,7 +60,7 @@ ingress: name: "aaf-cm" port: 8150 config: - ssl: "none" + ssl: "redirect" # Configure resource requests and limits resources: diff --git a/kubernetes/aaf/charts/aaf-gui/values.yaml b/kubernetes/aaf/charts/aaf-gui/values.yaml index 3725d41f70..f418fd5b41 100644 --- a/kubernetes/aaf/charts/aaf-gui/values.yaml +++ b/kubernetes/aaf/charts/aaf-gui/values.yaml @@ -62,7 +62,7 @@ ingress: name: "aaf-gui" port: 8200 config: - ssl: "none" + ssl: "redirect" # Configure resource requests and limits resources: diff --git a/kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml b/kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml index 40b4bba0ce..1b33c1f8d1 100644 --- a/kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml +++ b/kubernetes/aaf/charts/aaf-locate/templates/ingress.yaml @@ -1,4 +1,2 @@ {{ include "common.ingress" . }} - - diff --git a/kubernetes/aaf/charts/aaf-locate/values.yaml b/kubernetes/aaf/charts/aaf-locate/values.yaml index 6249d3a13a..47b2f205e5 100644 --- a/kubernetes/aaf/charts/aaf-locate/values.yaml +++ b/kubernetes/aaf/charts/aaf-locate/values.yaml @@ -58,7 +58,7 @@ ingress: name: "aaf-locate" port: 8095 config: - ssl: "none" + ssl: "redirect" # Configure resource requests and limits resources: diff --git a/kubernetes/aaf/charts/aaf-oauth/templates/ingress.yaml b/kubernetes/aaf/charts/aaf-oauth/templates/ingress.yaml new file mode 100644 index 0000000000..1b33c1f8d1 --- /dev/null +++ b/kubernetes/aaf/charts/aaf-oauth/templates/ingress.yaml @@ -0,0 +1,2 @@ + +{{ include "common.ingress" . }} diff --git a/kubernetes/aaf/charts/aaf-oauth/values.yaml b/kubernetes/aaf/charts/aaf-oauth/values.yaml index 55a9511dba..7604b86393 100644 --- a/kubernetes/aaf/charts/aaf-oauth/values.yaml +++ b/kubernetes/aaf/charts/aaf-oauth/values.yaml @@ -61,7 +61,7 @@ ingress: name: "aaf-oauth" port: 8140 config: - ssl: "none" + ssl: "redirect" # Configure resource requests and limits resources: diff --git a/kubernetes/aaf/charts/aaf-service/values.yaml b/kubernetes/aaf/charts/aaf-service/values.yaml index 4a20150c8b..c2d96032cc 100644 --- a/kubernetes/aaf/charts/aaf-service/values.yaml +++ b/kubernetes/aaf/charts/aaf-service/values.yaml @@ -60,7 +60,7 @@ ingress: name: "aaf-service" port: 8100 config: - ssl: "none" + ssl: "redirect" # Configure resource requests and limits resources: diff --git a/kubernetes/aaf/charts/aaf-sms/resources/config/has.json b/kubernetes/aaf/charts/aaf-sms/resources/config/has.json index 4f48771275..679b5189de 100644 --- a/kubernetes/aaf/charts/aaf-sms/resources/config/has.json +++ b/kubernetes/aaf/charts/aaf-sms/resources/config/has.json @@ -5,37 +5,37 @@ { "name": "aai", "values": { - "username": "oof@oof.onap.org", - "password": "demo123456!" + "username": "${AAI_USER}", + "password": "${AAI_PASS}" } }, { "name": "conductor_api", "values": { - "username": "admin1", - "password": "plan.15" + "username": "${CONDUCTOR_USER}", + "password": "${CONDUCTOR_PASS}" } }, { "name": "sdnc", "values": { - "username": "admin", - "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" + "username": "${SDNC_USER}", + "password": "${SDNC_PASS}" } }, { "name": "music_api", "values": { - "aafuser": "conductor", - "aafpass": "c0nduct0r", + "aafuser": "${MUSIC_USER}", + "aafpass": "${MUSIC_PASS}", "aafns": "conductor" } }, { "name": "aaf_api", "values": { - "username": "aaf_admin@people.osaaf.org", - "password": "demo123456!", + "username": "${AAF_USER}", + "password": "${AAF_PASS}", "aaf_conductor_user": "oof@oof.onap.org" } } diff --git a/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json b/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json index 0950957b11..7666ff3077 100644 --- a/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json +++ b/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json @@ -12,22 +12,22 @@ { "name": "conductor", "values": { - "UserName": "admin1", - "Password": "plan.15" + "UserName": "${CONDUCTOR_USER}", + "Password": "${CONDUCTOR_PASS}" } }, { "name": "policyPlatform", "values": { - "UserName": "testpdp", - "Password": "alpha123" + "UserName": "${POLICY_PLAT_USER}", + "Password": "${POLICY_PLAT_PASS}" } }, { "name": "policyClient", "values": { - "UserName": "python", - "Password": "test" + "UserName": "${POLICY_CLI_USER}", + "Password": "${POLICY_CLI_PASS}" } }, { @@ -47,36 +47,36 @@ { "name": "osdfPlacement", "values": { - "UserName": "test", - "Password": "testpwd" + "UserName": "${OSDF_PLACEMENT_USER}", + "Password": "${OSDF_PLACEMENT_PASS}" } }, { "name": "osdfPlacementSO", "values": { - "UserName": "so_test", - "Password": "so_testpwd" + "UserName": "${OSDF_PLACEMENT_SO_USER}", + "Password": "${OSDF_PLACEMENT_SO_PASS}" } }, { "name": "osdfPlacementVFC", "values": { - "UserName": "vfc_test", - "Password": "vfc_testpwd" + "UserName": "${OSDF_PLACEMENT_VFC_USER}", + "Password": "${OSDF_PLACEMENT_VFC_PASS}" } }, { "name": "osdfCMScheduler", "values": { - "UserName": "test1", - "Password": "testpwd1" + "UserName": "${OSDF_CM_SCHEDULER_USER}", + "Password": "${OSDF_CM_SCHEDULER_PASS}" } }, { "name": "configDb", "values": { - "UserName": "osdf", - "Password": "passwd" + "UserName": "${CONFIG_DB_USER}", + "Password": "${CONFIG_DB_PASS}" } }, { @@ -89,10 +89,17 @@ { "name": "osdfPCIOpt", "values": { - "UserName": "pci_test", - "Password": "pci_testpwd" + "UserName": "${OSDF_PCI_OPT_USER}", + "Password": "${OSDF_PCI_OPT_PASS}" + } + }, + { + "name": "osdfOptEngine", + "values": { + "UserName": "${OSDF_OPT_ENGINE_USER}", + "Password": "${OSDF_OPT_ENGINE_PASS}" } } ] } -}
\ No newline at end of file +} diff --git a/kubernetes/aaf/charts/aaf-sms/templates/job.yaml b/kubernetes/aaf/charts/aaf-sms/templates/job.yaml index ccccf22037..7a17b917ae 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/job.yaml +++ b/kubernetes/aaf/charts/aaf-sms/templates/job.yaml @@ -33,6 +33,106 @@ spec: release: {{ include "common.release" . }} spec: initContainers: + - command: + - sh + args: + - -c + - "export AAI_PASS=${AAI_PASS_PLAIN}; + export CONDUCTOR_PASS=${CONDUCTOR_PASS_PLAIN}; + export SDNC_PASS=${SDNC_PASS_PLAIN}; + export MUSIC_PASS=${MUSIC_PASS_PLAIN}; + export AAF_PASS=${AAF_PASS_PLAIN}; + export POLICY_PLAT_PASS=${POLICY_PLAT_PASS_PLAIN}; + export POLICY_CLI_PASS=${POLICY_CLI_PASS_PLAIN}; + export OSDF_PLACEMENT_PASS=${OSDF_PLACEMENT_PASS_PLAIN}; + export OSDF_PLACEMENT_SO_PASS=${OSDF_PLACEMENT_SO_PASS_PLAIN}; + export OSDF_PLACMENET_VFC_PASS=${OSDF_PLACEMENT_VFC_PASS_PLAIN}; + export OSDF_CM_SCHEDULER_PASS=${OSDF_CM_SCHEDULER_PASS_PLAIN}; + export CONFIG_DB_PASS=${CONFIG_DB_PASS_PLAIN}; + export OSDF_PCI_OPT_PASS=${OSDF_PCI_OPT_PASS_PLAIN}; + export OSDF_OPT_ENGINE_PASS=${OSDF_OPT_ENGINE_PASS_PLAIN}; + cd /config-input; + for PFILE in `find . -not -type d | grep -v -F ..`; do + envsubst <${PFILE} >/config/${PFILE}; + done" + env: + - name: AAI_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-creds" "key" "login") | indent 10 }} + - name: AAI_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-creds" "key" "password") | indent 10 }} + + - name: CONDUCTOR_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "conductor-creds" "key" "login") | indent 10 }} + - name: CONDUCTOR_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "conductor-creds" "key" "password") | indent 10 }} + + - name: SDNC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "login") | indent 10 }} + - name: SDNC_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "password") | indent 10 }} + + - name: MUSIC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-creds" "key" "login") | indent 10 }} + - name: MUSIC_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-creds" "key" "password") | indent 10 }} + + - name: AAF_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 10 }} + - name: AAF_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 10 }} + + - name: POLICY_PLAT_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-plat-creds" "key" "login") | indent 10 }} + - name: POLICY_PLAT_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-plat-creds" "key" "password") | indent 10 }} + + - name: POLICY_CLI_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-cli-creds" "key" "login") | indent 10 }} + - name: POLICY_CLI_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-cli-creds" "key" "password") | indent 10 }} + + - name: OSDF_PLACEMENT_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-creds" "key" "login") | indent 10 }} + - name: OSDF_PLACEMENT_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-creds" "key" "password") | indent 10 }} + + - name: OSDF_PLACEMENT_SO_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-so-creds" "key" "login") | indent 10 }} + - name: OSDF_PLACEMENT_SO_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-so-creds" "key" "password") | indent 10 }} + + - name: OSDF_PLACEMENT_VFC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-vfc-creds" "key" "login") | indent 10 }} + - name: OSDF_PLACEMENT_VFC_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-vfc-creds" "key" "password") | indent 10 }} + + - name: OSDF_CM_SCHEDULER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-cm-scheduler-creds" "key" "login") | indent 10 }} + - name: OSDF_CM_SCHEDULER_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-cm-scheduler-creds" "key" "password") | indent 10 }} + + - name: CONFIG_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "config-db-creds" "key" "login") | indent 10 }} + - name: CONFIG_DB_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "config-db-creds" "key" "password") | indent 10 }} + + - name: OSDF_PCI_OPT_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-pci-opt-creds" "key" "login") | indent 10 }} + - name: OSDF_PCI_OPT_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-pci-opt-creds" "key" "password") | indent 10 }} + + - name: OSDF_OPT_ENGINE_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-opt-engine-creds" "key" "login") | indent 10 }} + - name: OSDF_OPT_ENGINE_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-opt-engine-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: {{ include "common.name" . }}-preload-input + - mountPath: /config/ + name: {{ include "common.name" . }}-preload + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness @@ -84,9 +184,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name : {{ include "common.name" . }}-preload + - name: {{ include "common.name" . }}-preload-input configMap: name: {{ include "common.fullname" . }}-preload + - name: {{ include "common.name" . }}-preload + emptyDir: + medium: Memory restartPolicy: OnFailure imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-sms/templates/secret.yaml b/kubernetes/aaf/charts/aaf-sms/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sms/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/aaf/charts/aaf-sms/values.yaml b/kubernetes/aaf/charts/aaf-sms/values.yaml index b24605161a..12312c5430 100644 --- a/kubernetes/aaf/charts/aaf-sms/values.yaml +++ b/kubernetes/aaf/charts/aaf-sms/values.yaml @@ -21,6 +21,7 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 persistence: {} + envsubstImage: dibi/envsubst flavor: small ################################################################# @@ -84,6 +85,121 @@ persistence: ingress: enabled: false +secrets: + - uid: aai-creds + type: basicAuth + login: '{{ .Values.oofCreds.aaiUsername }}' + password: '{{ .Values.oofCreds.aaiPassword }}' + passwordPolicy: required + - uid: conductor-creds + type: basicAuth + login: '{{ .Values.oofCreds.conductorUsername }}' + password: '{{ .Values.oofCreds.conductorPassword }}' + passwordPolicy: required + - uid: sdnc-creds + type: basicAuth + login: '{{ .Values.oofCreds.sdncUsername }}' + password: '{{ .Values.oofCreds.sdncPassword }}' + passwordPolicy: required + - uid: music-creds + type: basicAuth + login: '{{ .Values.oofCreds.musicUsername }}' + password: '{{ .Values.oofCreds.musicPassword }}' + passwordPolicy: required + - uid: aaf-creds + type: basicAuth + login: '{{ .Values.oofCreds.aafUsername }}' + password: '{{ .Values.oofCreds.aafPassword }}' + passwordPolicy: required + - uid: policy-plat-creds + type: basicAuth + login: '{{ .Values.oofCreds.policyPlatUsername }}' + password: '{{ .Values.oofCreds.policyPlatPassword }}' + passwordPolicy: required + - uid: policy-cli-creds + type: basicAuth + login: '{{ .Values.oofCreds.policyCliUsername }}' + password: '{{ .Values.oofCreds.policyCliPassword }}' + passwordPolicy: required + - uid: osdf-placement-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfPlacementUsername }}' + password: '{{ .Values.oofCreds.osdfPlacementPassword }}' + passwordPolicy: required + - uid: osdf-placement-so-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfPlacementSOUsername }}' + password: '{{ .Values.oofCreds.osdfPlacementSOPassword }}' + passwordPolicy: required + - uid: osdf-placement-vfc-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfPlacementVFCUsername }}' + password: '{{ .Values.oofCreds.osdfPlacementVFCPassword }}' + passwordPolicy: required + - uid: osdf-cm-scheduler-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfCMSchedulerUsername }}' + password: '{{ .Values.oofCreds.osdfCMSchedulerPassword }}' + passwordPolicy: required + - uid: config-db-creds + type: basicAuth + login: '{{ .Values.oofCreds.configDbUsername }}' + password: '{{ .Values.oofCreds.configDbPassword }}' + passwordPolicy: required + - uid: osdf-pci-opt-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfPCIOptUsername }}' + password: '{{ .Values.oofCreds.osdfPCIOptPassword }}' + passwordPolicy: required + - uid: osdf-opt-engine-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfOptEngineUsername }}' + password: '{{ .Values.oofCreds.osdfOptEnginePassword }}' + passwordPolicy: required + +oofCreds: + aaiUsername: oof@oof.onap.org + aaiPassword: demo123456! + + conductorUsername: admin1 + conductorPassword: plan.15 + + sdncUsername: admin + sdncPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + + musicUsername: conductor + musicPassword: c0nduct0r + + aafUsername: aaf_admin@people.osaaf.org + aafPassword: demo123456! + + policyPlatUsername: testpdp + policyPlatPassword: alpha123 + + policyCliUsername: python + policyCliPassword: test + + osdfPlacementUsername: test + osdfPlacementPassword: testpwd + + osdfPlacementSOUsername: so_test + osdfPlacementSOPassword: so_testpwd + + osdfPlacementVFCUsername: vfc_test + osdfPlacementVFCPassword: vfc_testpwd + + osdfCMSchedulerUsername: test1 + osdfCMSchedulerPassword: testpwd1 + + configDbUsername: osdf + configDbPassword: passwd + + osdfPCIOptUsername: pci_test + osdfPCIOptPassword: pci_testpwd + + osdfOptEngineUsername: opt_test + osdfOptEnginePassword: opt_testpwd + # Configure resource requests and limits resources: small: diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml index b521b25311..bedf243639 100644 --- a/kubernetes/aaf/values.yaml +++ b/kubernetes/aaf/values.yaml @@ -100,6 +100,12 @@ readiness: ingress: enabled: false + service: + - baseaddr: "aaf.api" + name: "aaf-service" + port: 8100 + config: + ssl: "none" persistence: {} diff --git a/kubernetes/aai b/kubernetes/aai -Subproject 9b27009ab70a2d4fccd43247f7dbb887cb94429 +Subproject 2d6141ab8bd7bfe58f5da0483e578032226e7eb diff --git a/kubernetes/appc/charts/appc-cdt/values.yaml b/kubernetes/appc/charts/appc-cdt/values.yaml index 118d19c1b3..bd99bcac15 100644 --- a/kubernetes/appc/charts/appc-cdt/values.yaml +++ b/kubernetes/appc/charts/appc-cdt/values.yaml @@ -65,7 +65,7 @@ ingress: name: "appc-cdt" port: 18080 config: - ssl: "none" + ssl: "redirect" # Configure resource requests and limits # ref: http://kubernetes.io/docs/user-guide/compute-resources/ diff --git a/kubernetes/appc/resources/config/log/filebeat/log4j/filebeat.yml b/kubernetes/appc/resources/config/log/filebeat/filebeat.yml index 85293c8275..85293c8275 100644 --- a/kubernetes/appc/resources/config/log/filebeat/log4j/filebeat.yml +++ b/kubernetes/appc/resources/config/log/filebeat/filebeat.yml diff --git a/kubernetes/appc/templates/configmap.yaml b/kubernetes/appc/templates/configmap.yaml index 72dc6172dc..fe206a9322 100644 --- a/kubernetes/appc/templates/configmap.yaml +++ b/kubernetes/appc/templates/configmap.yaml @@ -119,19 +119,6 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-filebeat - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/log4j/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: name: {{ include "common.fullname" . }}-logging-cfg namespace: {{ include "common.namespace" . }} labels: @@ -141,3 +128,5 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }} + +{{ include "common.log.configMap" . }} diff --git a/kubernetes/appc/templates/statefulset.yaml b/kubernetes/appc/templates/statefulset.yaml index 5fd34ece79..3480e638aa 100644 --- a/kubernetes/appc/templates/statefulset.yaml +++ b/kubernetes/appc/templates/statefulset.yaml @@ -185,7 +185,7 @@ spec: subPath: installSdncDb.sh - mountPath: {{ .Values.persistence.mdsalPath }} name: {{ include "common.fullname" . }}-data - - mountPath: /var/log/onap + - mountPath: {{ .Values.log.path }} name: logs - mountPath: /opt/onap/appc/data/org.ops4j.pax.logging.cfg name: log-config @@ -208,17 +208,7 @@ spec: {{- end }} # side car containers - - name: filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - name: filebeat-conf - subPath: filebeat.yml - - mountPath: /var/log/onap - name: logs - - mountPath: /usr/share/filebeat/data - name: data-filebeat + {{ include "common.log.sidecar" . | nindent 8 }} volumes: - name: keyfile-certs secret: @@ -229,16 +219,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: {{ include "common.fullname" . }}-filebeat - name: log-config configMap: name: {{ include "common.fullname" . }}-logging-cfg - name: logs emptyDir: {} - - name: data-filebeat - emptyDir: {} + {{ include "common.log.volumes" . | nindent 8 }} - name: onap-appc-data-properties-input configMap: name: {{ include "common.fullname" . }}-onap-appc-data-properties diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml index fb8230b128..45a9b4cfa1 100644 --- a/kubernetes/appc/values.yaml +++ b/kubernetes/appc/values.yaml @@ -20,6 +20,7 @@ global: nodePortPrefix: 302 readinessRepository: oomk8s readinessImage: readiness-check:2.0.0 + centralizedLoggingEnabled: false loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 # envsusbt @@ -62,6 +63,10 @@ pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false +# log configuration +log: + path: /var/log/onap + # application configuration config: # dbRootPassExternalSecret: some secret @@ -71,14 +76,14 @@ config: # It seems that the DB name is hardcoded. dbName: appcctl userName: appcctl - password: appcctl + # password: appcctl # userCredsExternalSecret: some secret sdncdb: # Warning: changing this config option may not work. # It seems that the DB name is hardcoded. dbName: sdnctl userName: sdnctl - password: gamma + # password: gamma # userCredsExternalSecret: some secret odlUid: 100 odlGid: 101 @@ -138,6 +143,15 @@ dgbuilder: service: name: appc-dgbuilder + ingress: + enabled: false + service: + - baseaddr: "appc-dgbuilder" + name: "appc-dgbuilder" + port: 3000 + config: + ssl: "redirect" + #passing value to cdt chart. value of nodePort3 will be same as appc.service.nodePort3. appc-cdt: nodePort3: 11 @@ -202,7 +216,7 @@ persistence: ingress: enabled: false service: - - baseaddr: appc + - baseaddr: "appc.api" name: "appc" port: 8443 config: diff --git a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties index eee61e7e90..94f3466d9d 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties +++ b/kubernetes/cds/charts/cds-blueprints-processor/resources/config/application.properties @@ -81,6 +81,7 @@ blueprintprocessor.resourceResolution.enabled=true blueprintprocessor.netconfExecutor.enabled=true blueprintprocessor.restConfExecutor.enabled=true blueprintprocessor.remoteScriptCommand.enabled=true +blueprintsprocessor.remote-script-command.response.log.enabled=false # Command executor blueprintsprocessor.grpcclient.remote-python.type=token-auth @@ -117,6 +118,9 @@ blueprintsprocessor.messageconsumer.self-service-api.pollMillSec=1000 # Self Service Response Kafka Message Producer blueprintsprocessor.messageproducer.self-service-api.bootstrapServers=message-router-kafka:9092 +# Kafka Audit Service Configurations +blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable=false + # Executor Options blueprintsprocessor.resourceResolution.enabled=true blueprintsprocessor.netconfExecutor.enabled=true diff --git a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml index ab7245e56a..ac0e9c5f80 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/templates/deployment.yaml @@ -85,6 +85,17 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + - name: fix-permission + command: + - chown + - -R + - 100:101 + - /opt/app/onap/blueprints/deploy + image: busybox:latest + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: {{ .Values.persistence.deployedBlueprint }} + name: {{ include "common.fullname" . }}-blueprints containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index 6cd3c2b554..f120f12072 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -62,7 +62,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-blueprintsprocessor:0.7.1 +image: onap/ccsdk-blueprintsprocessor:0.7.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/cds/charts/cds-command-executor/values.yaml b/kubernetes/cds/charts/cds-command-executor/values.yaml index 3f9fb87e13..2bc84bd299 100755 --- a/kubernetes/cds/charts/cds-command-executor/values.yaml +++ b/kubernetes/cds/charts/cds-command-executor/values.yaml @@ -40,7 +40,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-commandexecutor:0.7.1 +image: onap/ccsdk-commandexecutor:0.7.2 pullPolicy: Always # application configuration diff --git a/kubernetes/cds/charts/cds-sdc-listener/values.yaml b/kubernetes/cds/charts/cds-sdc-listener/values.yaml index b9c329a124..c784a82ba1 100644 --- a/kubernetes/cds/charts/cds-sdc-listener/values.yaml +++ b/kubernetes/cds/charts/cds-sdc-listener/values.yaml @@ -37,7 +37,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-sdclistener:0.7.1 +image: onap/ccsdk-sdclistener:0.7.2 name: sdc-listener pullPolicy: Always diff --git a/kubernetes/cds/charts/cds-ui/templates/deployment.yaml b/kubernetes/cds/charts/cds-ui/templates/deployment.yaml index 79cffd16da..d7aad4d0c3 100644 --- a/kubernetes/cds/charts/cds-ui/templates/deployment.yaml +++ b/kubernetes/cds/charts/cds-ui/templates/deployment.yaml @@ -85,31 +85,9 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - # side car containers - # - name: filebeat-onap - # image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - # imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - # volumeMounts: - # - mountPath: /usr/share/filebeat/filebeat.yml - # name: filebeat-conf - # subPath: filebeat.yml - # - mountPath: /home/esr/works/logs - # name: esr-server-logs - # - mountPath: /usr/share/filebeat/data - # name: esr-server-filebeat volumes: - name: localtime hostPath: path: /etc/localtime - # - name: filebeat-conf - # configMap: - # name: {{ include "common.fullname" . }}-esr-filebeat - # - name: esr-server-logs - # emptyDir: {} - # - name: esr-server-filebeat - # emptyDir: {} - # - name: esrserver-log - # configMap: - # name: {{ include "common.fullname" . }}-esr-esrserver-log imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/cds/charts/cds-ui/values.yaml b/kubernetes/cds/charts/cds-ui/values.yaml index 5810f39672..d084307bbb 100644 --- a/kubernetes/cds/charts/cds-ui/values.yaml +++ b/kubernetes/cds/charts/cds-ui/values.yaml @@ -28,7 +28,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-cds-ui-server:0.7.1 +image: onap/ccsdk-cds-ui-server:0.7.2 pullPolicy: Always # application configuration @@ -88,9 +88,9 @@ ingress: service: - baseaddr: "cdsui" name: "cds-ui" - port: 8080 - config: - ssl: "none" + port: 3000 + config: + ssl: "redirect" # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml b/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml index 0011c6a6d4..f66312c741 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml +++ b/kubernetes/clamp/charts/clamp-backend/templates/configmap.yaml @@ -26,16 +26,5 @@ metadata: data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} spring_application_json: {{ tpl .Values.config.springApplicationJson . | quote }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.release" . }}-clamp-filebeat-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} + +{{ include "common.log.configMap" . }} diff --git a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml index bdae07a261..5e473bc12e 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml +++ b/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml @@ -48,17 +48,8 @@ spec: name: {{ include "common.name" . }}-readiness containers: # side car containers - - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} + # main container - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -81,17 +72,23 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/onap + - name: logs + mountPath: {{ .Values.log.path }} - mountPath: /opt/clamp/sdc-controllers-config.json name: {{ include "common.fullname" . }}-config subPath: sdc-controllers-config.json env: - - name: SPRING_APPLICATION_JSON - valueFrom: - configMapKeyRef: - name: {{ template "common.fullname" . }} - key: spring_application_json + - name: MYSQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: MYSQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + - name: MYSQL_DATABASE + value: {{ tpl .Values.db.databaseName .}} + - name: SPRING_APPLICATION_JSON + valueFrom: + configMapKeyRef: + name: {{ template "common.fullname" . }} + key: spring_application_json resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -109,12 +106,8 @@ spec: items: - key: sdc-controllers-config.json path: sdc-controllers-config.json - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.release" . }}-clamp-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} + {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml b/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml new file mode 100644 index 0000000000..57f88ce32d --- /dev/null +++ b/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/charts/clamp-backend/values.yaml index 18888547c3..f354ad14a7 100644 --- a/kubernetes/clamp/charts/clamp-backend/values.yaml +++ b/kubernetes/clamp/charts/clamp-backend/values.yaml @@ -23,19 +23,34 @@ global: # global defaults readinessImage: readiness-check:2.0.0 persistence: {} +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-backend:5.0.3 +image: onap/clamp-backend:5.0.6 pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false +# log configuration +log: + path: /var/log/onap + ################################################################# # Application configuration defaults. ################################################################# + +db: {} + config: log: logstashServiceName: log-ls @@ -43,8 +58,10 @@ config: mysqlPassword: strong_pitchou dataRootDir: /dockerdata-nfs springApplicationJson: > - { - "spring.datasource.cldsdb.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3", + { + "spring.datasource.username": "${MYSQL_USER}", + "spring.datasource.password": "${MYSQL_PASSWORD}", + "spring.datasource.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3", "spring.profiles.active": "clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements", "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json", "clamp.config.dcae.inventory.url": "https4://inventory.{{ include "common.namespace" . }}:8080", @@ -59,7 +76,7 @@ config: "clamp.config.policy.pap.userName": "healthcheck", "clamp.config.policy.pap.password": "zb!XztG34", "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095" - } + } # default number of instances replicaCount: 1 diff --git a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml b/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml index e4deab0e15..1eb20fce89 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml +++ b/kubernetes/clamp/charts/clamp-dash-es/resources/config/elasticsearch.yml @@ -87,7 +87,7 @@ discovery.zen.minimum_master_nodes: 1 discovery.seed_hosts: [] # # Breaking change in 7.0 # # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes -cluster.initial_master_nodes: +cluster.initial_master_nodes: - cldash-es-node1 # - docker-test-node-1 # ---------------------------------- Various ----------------------------------- @@ -125,4 +125,4 @@ opendistro_security.check_snapshot_restore_write_privileges: true opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] cluster.routing.allocation.disk.threshold_enabled: false node.max_local_storage_nodes: 3 -######## End OpenDistro for Elasticsearch Security Demo Configuration ########
\ No newline at end of file +######## End OpenDistro for Elasticsearch Security Demo Configuration ######## diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml new file mode 100644 index 0000000000..0cd8cfbd36 --- /dev/null +++ b/kubernetes/clamp/charts/clamp-dash-kibana/templates/ingress.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.ingress" . }} diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml index 8e640a4b3a..96a30f9e5f 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml @@ -87,6 +87,12 @@ service: nodePort: 90 ingress: enabled: false + service: + - baseaddr: "cdash-kibana" + name: "cdash-kibana" + port: 5601 + config: + ssl: "redirect" #resources: {} # We usually recommend not to specify default resources and to leave this as a conscious diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf index 4b05910c02..c005fcca3e 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf +++ b/kubernetes/clamp/charts/clamp-dash-logstash/resources/config/pipeline.conf @@ -59,7 +59,7 @@ filter { if [http_request_failure] or [@metadata][code] != 200 { mutate { - add_tag => [ "error" ] + add_tag => [ "error" ] } } @@ -195,7 +195,7 @@ filter { clones => [ "event-cl-aggs" ] add_tag => [ "event-cl-aggs" ] } - + if "event-cl-aggs" in [@metadata][request][tags]{ # # we only need a few fields for aggregations; remove all fields from clone except : @@ -204,7 +204,7 @@ filter { prune { whitelist_names => ["^@.*$","^topic$","^type$","^tags$","^flagFinalFailure$","^flagAbated$","^locationState$","^locationCity$","^vmName$","^vnfName$","^vnfType$","^requestID$","^closedLoopAlarmStart$","^closedLoopControlName$","^closedLoopAlarmEnd$","^target$","^target_type$","^triggerSourceName$","^policyScope$","^policyName$","^policyVersion$"] } - + } } } diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh deleted file mode 100755 index 224a813db9..0000000000 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh - -### -# ============LICENSE_START======================================================= -# ONAP CLAMP -# ================================================================================ -# Copyright (C) 2017 AT&T Intellectual Property. All rights -# reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END============================================ -# =================================================================== -# -### - -mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < /docker-entrypoint-initdb.d/bulkload/create-db.sql -## New model creation -mysql -uroot -p$MYSQL_ROOT_PASSWORD -f cldsdb4 < /docker-entrypoint-initdb.d/bulkload/create-tables.sql diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql deleted file mode 100644 index ea4d97c1b5..0000000000 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql +++ /dev/null @@ -1,11 +0,0 @@ -# -# Create CLDS database objects (tables, etc.) -# -# -CREATE DATABASE `cldsdb4`; -USE `cldsdb4`; -DROP USER 'clds'; -CREATE USER 'clds'; -GRANT ALL on cldsdb4.* to 'clds' identified by 'sidnnd83K' with GRANT OPTION; -FLUSH PRIVILEGES; - diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql index 1f153bce04..1f153bce04 100644 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql +++ b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql diff --git a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml b/kubernetes/clamp/charts/mariadb/templates/configmap.yaml index 705c38fa19..522c5f9bf8 100644 --- a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml +++ b/kubernetes/clamp/charts/mariadb/templates/configmap.yaml @@ -17,19 +17,6 @@ apiVersion: v1 kind: ConfigMap metadata: - name: clamp-entrypoint-initdb-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: name: clamp-entrypoint-bulkload-configmap namespace: {{ include "common.namespace" . }} labels: @@ -38,7 +25,7 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }} --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml b/kubernetes/clamp/charts/mariadb/templates/deployment.yaml index be46f89433..7d22930b6a 100644 --- a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml +++ b/kubernetes/clamp/charts/mariadb/templates/deployment.yaml @@ -52,19 +52,19 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password + - name: MYSQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: MYSQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + - name: MYSQL_ROOT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12 }} + - name: MYSQL_DATABASE + value: {{ tpl .Values.db.databaseName .}} volumeMounts: - - mountPath: /docker-entrypoint-initdb.d/bootstrap-database.sh - name: docker-entrypoint-initdb - subPath: bootstrap-database.sh - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /docker-entrypoint-initdb.d/bulkload/ + - mountPath: /docker-entrypoint-initdb.d/ name: docker-entrypoint-bulkload - mountPath: /etc/mysql/conf.d/conf1/ name: clamp-mariadb-conf @@ -88,9 +88,6 @@ spec: {{- else }} emptyDir: {} {{- end }} - - name: docker-entrypoint-initdb - configMap: - name: clamp-entrypoint-initdb-configmap - name: docker-entrypoint-bulkload configMap: name: clamp-entrypoint-bulkload-configmap diff --git a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml b/kubernetes/clamp/charts/mariadb/templates/secrets.yaml index 8f3a21752d..57f88ce32d 100644 --- a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml +++ b/kubernetes/clamp/charts/mariadb/templates/secrets.yaml @@ -13,16 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-root-password: {{ .Values.config.mysqlPassword | b64enc | quote }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/clamp/charts/mariadb/values.yaml b/kubernetes/clamp/charts/mariadb/values.yaml index 8bf6100563..df651dd9ea 100644 --- a/kubernetes/clamp/charts/mariadb/values.yaml +++ b/kubernetes/clamp/charts/mariadb/values.yaml @@ -20,18 +20,27 @@ global: # global defaults nodePortPrefix: 302 persistence: {} - # application image repository: nexus3.onap.org:10001 image: mariadb:10.3.12 pullPolicy: Always flavor: small - ################################################################# -# Application configuration defaults. +# Secrets metaconfig ################################################################# -config: - mysqlPassword: strong_pitchou +secrets: + - uid: db-root-pass + type: password + externalSecret: '{{ tpl (default "" .Values.db.rootCredsExternalSecret) . }}' + password: '{{ .Values.db.rootPass }}' + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + +# Application configuration +db: {} # default number of instances replicaCount: 1 diff --git a/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml b/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml new file mode 100644 index 0000000000..dab2e44f5e --- /dev/null +++ b/kubernetes/clamp/resources/config/log/filebeat/filebeat.yml @@ -0,0 +1,53 @@ +# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/clamp/templates/configmap.yaml b/kubernetes/clamp/templates/configmap.yaml index 4278a6e6d3..3fce850140 100644 --- a/kubernetes/clamp/templates/configmap.yaml +++ b/kubernetes/clamp/templates/configmap.yaml @@ -25,3 +25,5 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} + +{{ include "common.log.configMap" . }} diff --git a/kubernetes/clamp/templates/deployment.yaml b/kubernetes/clamp/templates/deployment.yaml index e4ac4723da..e8a7cc25cd 100644 --- a/kubernetes/clamp/templates/deployment.yaml +++ b/kubernetes/clamp/templates/deployment.yaml @@ -48,17 +48,8 @@ spec: name: {{ include "common.name" . }}-readiness containers: # side car containers - - name: {{ include "common.name" . }}-filebeat-onap - image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-filebeat-conf - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - - name: {{ include "common.fullname" . }}-data-filebeat - mountPath: /usr/share/filebeat/data - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/nginx/ + {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} + # main container - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -79,8 +70,8 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - - name: {{ include "common.fullname" . }}-logs - mountPath: /var/log/nginx/ + - name: logs + mountPath: {{ .Values.log.path }} - mountPath: /etc/nginx/conf.d/default.conf name: {{ include "common.fullname" . }}-config subPath: default.conf @@ -101,13 +92,8 @@ spec: items: - key: default.conf path: default.conf - - name: {{ include "common.fullname" . }}-filebeat-conf - configMap: - name: {{ include "common.release" . }}-clamp-filebeat-configmap - - name: {{ include "common.fullname" . }}-data-filebeat - emptyDir: {} - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} + {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - diff --git a/kubernetes/clamp/templates/secrets.yaml b/kubernetes/clamp/templates/secrets.yaml new file mode 100644 index 0000000000..57f88ce32d --- /dev/null +++ b/kubernetes/clamp/templates/secrets.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index 47eca67f91..9446ca8eb3 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -22,6 +22,34 @@ global: # global defaults readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + centralizedLoggingEnabled: false + +secrets: + - uid: db-root-pass + name: &dbRootPass '{{ include "common.release" . }}-clamp-db-root-pass' + type: password + password: '{{ .Values.db.rootPass }}' + - uid: db-secret + name: &dbUserPass '{{ include "common.release" . }}-clamp-db-user-pass' + type: basicAuth + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + +db: + user: clds +# password: sidnnd83K + databaseName: &dbName cldsdb4 +# rootPass: emrys user: testos + +clamp-backend: + db: + userCredsExternalSecret: *dbUserPass + databaseName: *dbName +mariadb: + db: + rootCredsExternalSecret: *dbRootPass + userCredsExternalSecret: *dbUserPass + databaseName: *dbName subChartsOnly: enabled: true @@ -30,12 +58,16 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-frontend:5.0.3 +image: onap/clamp-frontend:5.0.6 pullPolicy: Always # flag to enable debugging - application support required debugEnabled: false +# log configuration +log: + path: /var/log/nginx/ + ################################################################# # Application configuration defaults. ################################################################# @@ -84,7 +116,7 @@ service: ingress: enabled: false service: - - baseaddr: "clamp" + - baseaddr: "clamp.api" name: "clamp" port: 2443 config: diff --git a/kubernetes/cli/resources/certificates/ocomp.pem b/kubernetes/cli/resources/certificates/ocomp.pem new file mode 100644 index 0000000000..5321c65d21 --- /dev/null +++ b/kubernetes/cli/resources/certificates/ocomp.pem @@ -0,0 +1,49 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDIyIm/AvmgI0A +DDVZb6pe8Qlh9YHoGnm5I3S3dvu1YBT6jLvP7N1v1BAx6+xxg4RQ2v+WAxUwKgy3 +gSo2mhmBwPZGlhLX+IdbT+sb7Cl/xfB7kkegLsnWhlM4YEtlAQW8FYi9gMqssBiO +lk6zlWqVrShNC566vpEURQOjU1CanZWMhXtYzw4gbMBGlrC54EtRwmn6a7Gp/avA +FZ05c/7BQyfFq/jc7ttmaeNtYdFwPkuljdE/0h4ZtmZjY5hxrBkCHUXtf/obhxep +q5PzR16MA1zwis+OHoadqm4qP8w9Wo7KNQo62Sm6zB4gbQO+qA/ZwcSHlJNPAavt +7KB3lIN1AgMBAAECggEAcXtgJC3WOeGunkV7TRzchsREgZyGRNYIzftpqDxg27UZ +3i+0FZKZoKxCEtYyNj2W2HLTyojWbKE3rgxG4WQyyzvNvXUPVlwpU5ghkaaA59bU +KPkEAIrVRJXvlcyibAXxMNWRJSveMhli3qFY+aU+S/dchZnpYI7szk3odLZCHPfd +7KWMOlm3RYUGo4XIXY9nqAgsgg0ml3s5NUoLwVtxtZFocEiLTxTuvjsirE+IVYNx +kgGJ5EYpfCkAPQkNF+L27BHrrQpGdmQnCft3iqkGJa8+oPE0DY+TPoY1VNoPmKKg +CTDouuaJQHq62MvkSj2EauHBshzzrL6UhW5FpqybIQKBgQDl40/jhvZ3i64rXUB+ +3GXFnSJuhG6ys/bHQBP+rtHCdyYlfgEe3ZjSKq16HNFErgUBXiVjR+VvPS2m/r9R +zYCD9jJ9YYfAdcyo58kZZrut8atu94G0Un9hNz5nQ+hy9YNOsI8woJdCfw41jGcx +A1hP05fDxw5Ozi2uZBhwI39keQKBgQDZTVbuASj4tMgsHHgpqVt0j6nD3t4kG5h5 +333arMmklsWrX1nnEHE73S72JO/sz0GJtAu7EpjMNkZlTmZz+U5geuhfrTLEGrti +MG8o9VakLbxdZBVbpHznoY+bb6o5pW6jKyOR9jPuX5AhgAj8eeP5OOU5nHh/2wOG +HMZyDak/3QKBgFTBI5j9Dy0v4Dy4mqiq1RKwRht809sqolb/dt+00Dzj9Lpp5Dve +8xK5DVAyA61QgyPn89zQivQiGAyzaxHbs//y6tZy+LuqMpQrMGcfCx6sNMoqkjVL +HQ9YcLddv/tyLMD8My54Zovrj++KHhlh5FM57YAOiWXgedMLsD7Xt4XxAoGBAJk8 +X6vQp5rSqUHqBZajdfm5gWa9l/rwdtKilraJGFz3cYdK4zP9NUyYyhALtiFReg7o +J0mRcKy5LWUtJzRrPyjsI0es9Fqz2yX/r7O7ZpC6K9XTyPfqA6a4GHPtB6ZFEcMA +ncHFU5OqUhI9npikP+40f/jjbVoEEPUW/53YIl0FAoGAR7g3so9iKRttgfMTpA3G +U480A8tTxZpP3agmvGvOw8HuLXzjGU5P6cntFGNxg1fDOOi8Qf+726gowMDij2nK +ACewXgS8aix8l0U/kzoUL4yUuc4AwobOMyefhCJ89hFaLRZn1LNKZIuNKcWApekh +kxMQk6Ent5/OF/yYOsIzlLs= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDXTCCAkWgAwIBAgIJAITRlPCTLzArMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV +BAYTAklOMQswCQYDVQQIDAJLQTEMMAoGA1UEBwwDQkxSMQwwCgYDVQQKDANDTEkx +DTALBgNVBAMMBG9uYXAwHhcNMjAwMjIxMTAyOTM4WhcNNDcwNzA4MTAyOTM4WjBF +MQswCQYDVQQGEwJJTjELMAkGA1UECAwCS0ExDDAKBgNVBAcMA0JMUjEMMAoGA1UE +CgwDQ0xJMQ0wCwYDVQQDDARvbmFwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAwyMiJvwL5oCNAAw1WW+qXvEJYfWB6Bp5uSN0t3b7tWAU+oy7z+zdb9QQ +MevscYOEUNr/lgMVMCoMt4EqNpoZgcD2RpYS1/iHW0/rG+wpf8Xwe5JHoC7J1oZT +OGBLZQEFvBWIvYDKrLAYjpZOs5Vqla0oTQueur6RFEUDo1NQmp2VjIV7WM8OIGzA +RpawueBLUcJp+muxqf2rwBWdOXP+wUMnxav43O7bZmnjbWHRcD5LpY3RP9IeGbZm +Y2OYcawZAh1F7X/6G4cXqauT80dejANc8IrPjh6GnapuKj/MPVqOyjUKOtkpuswe +IG0DvqgP2cHEh5STTwGr7eygd5SDdQIDAQABo1AwTjAdBgNVHQ4EFgQUP0Dxq/ZI +TM5F62E87YD+09zk+7wwHwYDVR0jBBgwFoAUP0Dxq/ZITM5F62E87YD+09zk+7ww +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAqPlrvhP2ah4z5sDw/z31 +5v/20VKfQVDDeq3MHXRC2QCD3GR32aZYXSdtTKsBAS+jFzV42+T8ry0XBKPR0gtg +O2oZzfUkTG3eyAmOE1PFUIf+JaQiYN1v5uFsIhDbMngzvB66F9SCD5zzsSVv++DG +5YDqJFgHadp8BmTOkiA8u6YnnKF8UgBYwfuZFsSgzIDOjyLYULase+nqJVG841UN +MMWQzqyhHmzIvXcY3kYBbtI7n0ryW0u1ZkomBZs/DbixZ2w6G1K3UONHgdIX6uf4 +hca+vTR3xZuPJ9dXhwNhZVfQZr3SfGW89Xmu/LOGx+lZoAxFXw5PdbA0LPi5k+wU +xg== +-----END CERTIFICATE----- diff --git a/kubernetes/cli/templates/deployment.yaml b/kubernetes/cli/templates/deployment.yaml index 64c8968c6c..58fc6663c5 100644 --- a/kubernetes/cli/templates/deployment.yaml +++ b/kubernetes/cli/templates/deployment.yaml @@ -51,6 +51,11 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - name: ocomp-pem + mountPath: "/etc/lighttpd/ocomp.pem" + subPath: ocomp.pem + readOnly: true env: - name: OPEN_CLI_MODE value: "{{ .Values.config.climode }}" @@ -64,5 +69,9 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + volumes: + - name: ocomp-pem + secret: + secretName: ocomp-pem imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/cli/templates/secrets.yaml b/kubernetes/cli/templates/secrets.yaml new file mode 100644 index 0000000000..ab7fb6673a --- /dev/null +++ b/kubernetes/cli/templates/secrets.yaml @@ -0,0 +1,29 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: ocomp-pem + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: + ocomp.pem: +{{ tpl (.Files.Glob "resources/certificates/ocomp.pem").AsSecrets . | indent 2 }} + diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml index 7278c99a5f..e5484dff5b 100644 --- a/kubernetes/cli/values.yaml +++ b/kubernetes/cli/values.yaml @@ -24,7 +24,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/cli:3.0.0 +image: onap/cli:5.0.4 pullPolicy: Always flavor: small @@ -54,24 +54,24 @@ readiness: service: type: NodePort name: cli - externalPort: 8080 + externalPort: 443 externalPort1: 9090 - internalPort: "80" - internalPort1: 8080 + internalPort: "443" + internalPort1: 9090 nodePort: "60" nodePort1: "71" ingress: enabled: false service: - - baseaddr: "cli" + - baseaddr: "cli.api" name: "cli" - port: 8080 - - baseaddr: "cli2" + port: 443 + - baseaddr: "cli2.api" name: cli port: 9090 config: - ssl: "none" + ssl: "redirect" # Configure resource requests and limits # ref: http://kubernetes.io/docs/user-guide/compute-resources/ @@ -90,4 +90,4 @@ resources: requests: cpu: 2 memory: 4Gi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index 16aa27f68a..96139ce988 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -28,7 +28,7 @@ spec: hostNetwork: {{ .Values.hostNetwork }} containers: - name: {{ include "common.name" . }} - image: {{ .Values.image }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 8 }} volumeMounts: diff --git a/kubernetes/common/certInitializer/Chart.yaml b/kubernetes/common/certInitializer/Chart.yaml new file mode 100644 index 0000000000..3b20045b1f --- /dev/null +++ b/kubernetes/common/certInitializer/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Template used to obtain certificates in onap +name: certInitializer +version: 6.0.0 diff --git a/kubernetes/common/music/charts/music-tomcat/requirements.yaml b/kubernetes/common/certInitializer/requirements.yaml index 7aed47bc52..237f1d1354 100755..100644 --- a/kubernetes/common/music/charts/music-tomcat/requirements.yaml +++ b/kubernetes/common/certInitializer/requirements.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# Copyright © 2018 Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,8 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. - dependencies: - name: common version: ~6.x-0 - repository: '@local'
\ No newline at end of file + repository: 'file://../common' diff --git a/kubernetes/common/certInitializer/templates/_certInitializer.yaml b/kubernetes/common/certInitializer/templates/_certInitializer.yaml new file mode 100644 index 0000000000..e4a878b420 --- /dev/null +++ b/kubernetes/common/certInitializer/templates/_certInitializer.yaml @@ -0,0 +1,152 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + + + +{{- define "common.certInitializer._aafConfigVolumeName" -}} + {{ include "common.fullname" . }}-aaf-config +{{- end -}} + +{{- define "common.certInitializer._aafAddConfigVolumeName" -}} + {{ print "aaf-add-config" }} +{{- end -}} + +{{/* + common templates to enable cert initialization for applictaions + + In deployments/jobs/stateful include: + initContainers: + {{ include "common.certInitializer.initContainer" . | nindent XX }} + + containers: + volumeMounts: + {{- include "common.certInitializer.volumeMount" . | nindent XX }} + volumes: + {{- include "common.certInitializer.volume" . | nindent XX}} +*/}} +{{- define "common.certInitializer._initContainer" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} +{{- $initName := default "certInitializer" -}} +{{/* Our version of helm doesn't support deepCopy so we need this nasty trick */}} +{{- $subchartDot := mergeOverwrite (fromJson (toJson $dot)) (dict "Chart" (set (fromJson (toJson .Chart)) "Name" $initRoot.nameOverride) "Values" $initRoot) }} +- name: {{ include "common.name" $dot }}-aaf-readiness + image: "{{ $dot.Values.global.readinessRepository }}/{{ $dot.Values.global.readinessImage }}" + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - aaf-locate + - --container-name + - aaf-cm + - --container-name + - aaf-service + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace +- name: {{ include "common.name" $dot }}-aaf-config + image: {{ (default $dot.Values.repository $dot.Values.global.repository) }}/{{ $dot.Values.global.aafAgentImage }} + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} + volumeMounts: + - mountPath: {{ $initRoot.mountPath }} + name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} +{{- if $initRoot.aaf_add_config }} + - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} + mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh + subPath: aaf-add-config.sh +{{- end }} + command: + - sh + - -c + - | + #!/usr/bin/env bash + /opt/app/aaf_config/bin/agent.sh +{{- if $initRoot.aaf_add_config }} + /opt/app/aaf_config/bin/aaf-add-config.sh +{{- end }} + env: + - name: APP_FQI + value: "{{ $initRoot.fqi }}" + - name: aaf_locate_url + value: "https://aaf-locate.{{ $dot.Release.Namespace}}:8095" + - name: aaf_locator_container + value: "oom" + - name: aaf_locator_container_ns + value: "{{ $dot.Release.Namespace }}" + - name: aaf_locator_fqdn + value: "{{ $initRoot.fqdn }}" + - name: aaf_locator_app_ns + value: "{{ $initRoot.app_ns }}" + - name: DEPLOY_FQI + {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "login") | indent 6 }} + - name: DEPLOY_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "password") | indent 6 }} + #Note: want to put this on Nodes, eventually + - name: cadi_longitude + value: "{{ default "52.3" $initRoot.cadi_longitude }}" + - name: cadi_latitude + value: "{{ default "13.2" $initRoot.cadi_latitude }}" + #Hello specific. Clients don't don't need this, unless Registering with AAF Locator + - name: aaf_locator_public_fqdn + value: "{{ $initRoot.public_fqdn | default "" }}" +{{- end -}} + +{{- define "common.certInitializer._volumeMount" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} +- mountPath: {{ $initRoot.mountPath }} + name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} +{{- end -}} + +{{- define "common.certInitializer._volumes" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.certInitializer .initRoot -}} +{{- $subchartDot := mergeOverwrite (fromJson (toJson $dot)) (dict "Chart" (set (fromJson (toJson .Chart)) "Name" $initRoot.nameOverride) "Values" $initRoot) }} +- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }} + emptyDir: + medium: Memory +{{- if $initRoot.aaf_add_config }} +- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }} + configMap: + name: {{ include "common.fullname" $subchartDot }}-add-config + defaultMode: 0700 +{{- end -}} +{{- end -}} + +{{- define "common.certInitializer.initContainer" -}} +{{- $dot := default . .dot -}} + {{- if $dot.Values.global.aafEnabled }} + {{ include "common.certInitializer._initContainer" . }} + {{- end -}} +{{- end -}} + +{{- define "common.certInitializer.volumeMount" -}} +{{- $dot := default . .dot -}} + {{- if $dot.Values.global.aafEnabled }} + {{- include "common.certInitializer._volumeMount" . }} + {{- end -}} +{{- end -}} + +{{- define "common.certInitializer.volumes" -}} +{{- $dot := default . .dot -}} + {{- if $dot.Values.global.aafEnabled }} + {{- include "common.certInitializer._volumes" . }} + {{- end -}} +{{- end -}} diff --git a/kubernetes/common/certInitializer/templates/configmap.yaml b/kubernetes/common/certInitializer/templates/configmap.yaml new file mode 100644 index 0000000000..640dafd67e --- /dev/null +++ b/kubernetes/common/certInitializer/templates/configmap.yaml @@ -0,0 +1,25 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ if .Values.aaf_add_config }} +apiVersion: v1 +kind: ConfigMap +{{- $suffix := "add-config" }} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} +data: + aaf-add-config.sh: | + {{ tpl .Values.aaf_add_config . | indent 4 }} +{{- end -}} diff --git a/kubernetes/common/certInitializer/templates/secret.yaml b/kubernetes/common/certInitializer/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/common/certInitializer/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/certInitializer/values.yaml b/kubernetes/common/certInitializer/values.yaml new file mode 100644 index 0000000000..b55ba5e2f3 --- /dev/null +++ b/kubernetes/common/certInitializer/values.yaml @@ -0,0 +1,42 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + aafEnabled: true + +pullPolicy: Always + +secrets: + - uid: deployer-creds + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aafDeployFqi }}' + password: '{{ .Values.aafDeployPass }}' + passwordPolicy: required + +aafDeployFqi: "changeme" +fqdn: "" +app_ns: "org.osaaf.aaf" +fqi: "" +fqi_namespace: "" +public_fqdn: "aaf.osaaf.org" +aafDeployFqi: "deployer@people.osaaf.org" +aafDeployPass: demo123456! +cadi_latitude: "38.0" +cadi_longitude: "-72.0" +aaf_add_config: "" +mountPath: "/opt/app/osaaf" diff --git a/kubernetes/common/common/templates/_log.tpl b/kubernetes/common/common/templates/_log.tpl new file mode 100644 index 0000000000..3ae536aff3 --- /dev/null +++ b/kubernetes/common/common/templates/_log.tpl @@ -0,0 +1,53 @@ +{{/* +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- define "common.log.sidecar" -}} +{{- if .Values.global.centralizedLoggingEnabled }} +- name: {{ include "common.name" . }}-filebeat + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: logs + mountPath: {{ .Values.log.path }} + - name: filebeat-data + mountPath: /usr/share/filebeat/data +{{- end -}} +{{- end -}} + +{{- define "common.log.volumes" -}} +{{- if .Values.global.centralizedLoggingEnabled }} +- name: filebeat-conf + configMap: + name: {{ include "common.fullname" . }}-filebeat +- name: filebeat-data + emptyDir: {} +{{- end -}} +{{- end -}} + +{{- define "common.log.configMap" -}} +{{- if .Values.global.centralizedLoggingEnabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "filebeat") | nindent 2 }} +data: +{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} +{{- end }} +{{- end -}} + diff --git a/kubernetes/common/common/templates/_secret.tpl b/kubernetes/common/common/templates/_secret.tpl index 064b0c16af..990c476f29 100644 --- a/kubernetes/common/common/templates/_secret.tpl +++ b/kubernetes/common/common/templates/_secret.tpl @@ -476,7 +476,6 @@ stringData: {{- if eq $type "generic" }} data: {{- range $curFilePath := $secret.filePaths }} - {{- fail (printf "%s" $curFilePath) }} {{ tpl ($global.Files.Glob $curFilePath).AsSecrets $global | indent 2 }} {{- end }} {{- if $secret.filePath }} diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index 0c7660eb1f..3d745ed819 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -30,6 +30,37 @@ {{- default $name .Values.service.name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* + Resolve the prefix node port to use. We look at these different values in + order of priority (first found, first chosen) + - .Values.service.nodePortPrefixOverride: override value for nodePort which + will be use locally; + - .Values.global.nodePortPrefix : global value for nodePort which will + be used for all charts (unless + previous one is used); + - .Values.global.nodePortPrefixExt : global value for nodePort which will + be used for all charts (unless + previous one is used) if + useNodePortExt is set to true in + service or on port; + - .Values.service.nodePortPrefix : value used on a pert chart basis if + no other version exists. + + The function takes two arguments (inside a dictionary): + - .dot : environment (.) + - .useNodePortExt : does the port use the "extended" nodeport part or the + normal one? +*/}} +{{- define "common.nodePortPrefix" -}} +{{- $dot := default . .dot -}} +{{- $useNodePortExt := default false .useNodePortExt -}} +{{- if or $useNodePortExt $dot.Values.service.useNodePortExt -}} +{{ $dot.Values.service.nodePortPrefixOverride | default $dot.Values.global.nodePortPrefixExt | default $dot.Values.nodePortPrefix }} +{{- else -}} +{{ $dot.Values.service.nodePortPrefixOverride | default $dot.Values.global.nodePortPrefix | default $dot.Values.nodePortPrefix }} +{{- end -}} +{{- end -}} + {{/* Define the metadata of Service The function takes from one to four arguments (inside a dictionary): - .dot : environment (.) @@ -96,7 +127,7 @@ labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent name: {{ $port.name }} {{- end }} {{- if (eq $serviceType "NodePort") }} - nodePort: {{ $dot.Values.global.nodePortPrefix | default $dot.Values.nodePortPrefix }}{{ $port.nodePort }} + nodePort: {{ include "common.nodePortPrefix" (dict "dot" $dot "portNodePortExt" $port.useNodePortExt) }}{{ $port.nodePort }} {{- end }} {{- else }} - port: {{ default $port.port $port.plain_port }} @@ -191,8 +222,8 @@ spec: {{- $labels := default (dict) .labels -}} {{- $matchLabels := default (dict) .matchLabels -}} -{{- if (and (include "common.needTLS" .) $both_tls_and_plain) }} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }} +{{- if (and (include "common.needTLS" $dot) $both_tls_and_plain) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }} {{- if (ne $serviceType "ClusterIP") }} --- {{- if $suffix }} @@ -200,10 +231,10 @@ spec: {{- else }} {{- $suffix = "external" }} {{- end }} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }} {{- end }} {{- else }} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }} {{- end }} {{- end -}} @@ -271,3 +302,33 @@ true {{- end }} {{- end }} {{- end -}} + +{{- define "common.port.buildCache" -}} + {{- $global := . }} + {{- if not $global.Values._DmaapDrNodePortsCache }} + {{- $portCache := dict }} + {{- range $port := .Values.service.ports }} + {{- $_ := set $portCache $port.name (dict "port" $port.port "plain_port" $port.plain_port) }} + {{- end }} + {{- $_ := set $global.Values "_DmaapDrNodePortsCache" $portCache }} + {{- end }} +{{- end -}} + +{/* + Get Port value according to its name and if we want tls or plain port. + The template takes below arguments: + - .global: environment (.) + - .name: name of the port + - .getPlain: boolean allowing to choose between tls (false, default) or + plain (true) + If plain_port is not set and we ask for plain, it will return empty. +*/} +{{- define "common.getPort" -}} + {{- $global := .global }} + {{- $name := .name }} + {{- $getPlain := default false .getPlain }} + {{- include "common.port.buildCache" $global }} + {{- $portCache := $global.Values._DmaapDrNodePortsCache }} + {{- $port := index $portCache $name }} + {{- ternary $port.plain_port $port.port $getPlain }} +{{- end -}} diff --git a/kubernetes/common/dgbuilder/templates/ingress.yaml b/kubernetes/common/dgbuilder/templates/ingress.yaml new file mode 100644 index 0000000000..0cd8cfbd36 --- /dev/null +++ b/kubernetes/common/dgbuilder/templates/ingress.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.ingress" . }} diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index 105facf2b9..6586573f9f 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -52,12 +52,12 @@ secrets: - uid: 'db-root-password' type: password externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' - password: '{{ .Values.config.dbRootPassword }}' + password: '{{ .Values.config.db.rootPassword }}' - uid: 'db-user-creds' type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' login: '{{ .Values.config.db.userName }}' - password: '{{ .Values.config.dbSdnctlPassword }}' + password: '{{ .Values.config.db.userPassword }}' - uid: 'http-user-creds' type: basicAuth externalSecret: '{{ tpl (default "" .Values.config.httpCredsExternalSecret) . }}' @@ -118,8 +118,6 @@ config: restconfPassword: admin # restconfCredsExternalSecret: some secret - dbRootPassword: openECOMP1.0 - dbSdnctlPassword: gamma dbPodName: mysql-db dbServiceName: sdnc-dbhost # MD5 hash of dguser password ( default: test123 ) @@ -154,6 +152,12 @@ service: ingress: enabled: false + service: + - baseaddr: "dgbuilder" + name: "dgbuilder" + port: 3000 + config: + ssl: "redirect" resources: {} # We usually recommend not to specify default resources and to leave this as a conscious diff --git a/kubernetes/common/elasticsearch/Chart.yaml b/kubernetes/common/elasticsearch/Chart.yaml new file mode 100644 index 0000000000..517905641f --- /dev/null +++ b/kubernetes/common/elasticsearch/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +apiVersion: v1 +description: ONAP elasticsearch +name: elasticsearch +version: 6.0.0 diff --git a/kubernetes/common/elasticsearch/components/curator/Chart.yaml b/kubernetes/common/elasticsearch/components/curator/Chart.yaml new file mode 100644 index 0000000000..d1eaa61bc2 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +apiVersion: v1 +description: ONAP elasticsearch curator +name: curator +version: 6.0.0 diff --git a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml new file mode 100644 index 0000000000..7e73420e13 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml @@ -0,0 +1,74 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.enabled }} +{{- range $kind, $enabled := .Values.hooks }} +{{- if $enabled }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-curator-on-{{ $kind }} + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 2 }} + role: "curator" + annotations: + "helm.sh/hook": post-{{ $kind }} + "helm.sh/hook-weight": "1" +{{- if $.Values.cronjob.annotations }} +{{ toYaml $.Values.cronjob.annotations | indent 4 }} +{{- end }} +spec: + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + volumes: + - name: config-volume + configMap: + name: {{ template "common.fullname" (dict "suffix" "curator" "dot" .) }} +{{- if $.Values.extraVolumes }} +{{ toYaml $.Values.extraVolumes | indent 8 }} +{{- end }} + restartPolicy: Never +{{- if $.Values.priorityClassName }} + priorityClassName: "{{ $.Values.priorityClassName }}" +{{- end }} + containers: + - name: {{ template "common.fullname" . }}-curator + image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: config-volume + mountPath: /etc/es-curator + {{- if $.Values.extraVolumeMounts }} +{{ toYaml $.Values.extraVolumeMounts | indent 12 }} + {{- end }} + command: [ "curator" ] + args: [ "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ] + resources: +{{ toYaml $.Values.resources | indent 12 }} + {{- with $.Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with $.Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with $.Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} +{{- end -}} +{{- end }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/requirements.yaml b/kubernetes/common/elasticsearch/components/curator/requirements.yaml new file mode 100644 index 0000000000..ff65593469 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml new file mode 100644 index 0000000000..dc2a430922 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml @@ -0,0 +1,24 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.enabled }} +apiVersion: v1 +kind: ConfigMap +{{ $role := "curator" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +data: + action_file.yml: {{ required "A valid .Values.configMaps.action_file_yml entry is required!" (toYaml .Values.configMaps.action_file_yml | indent 2) }} + config.yml: {{ required "A valid .Values.configMaps.config_yml entry is required!" (tpl (toYaml .Values.configMaps.config_yml | indent 2) $) }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml new file mode 100644 index 0000000000..901c0a5c06 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml @@ -0,0 +1,112 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.enabled }} +{{ $role := "curator" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +apiVersion: batch/v1beta1 +kind: CronJob +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} + {{- if .Values.cronjob.annotations }} + annotations: {{- toYaml .Values.cronjob.annotations | indent 4 }} + {{- end }} +spec: + schedule: "{{ .Values.cronjob.schedule }}" + {{- with .Values.cronjob.concurrencyPolicy }} + concurrencyPolicy: {{ . }} + {{- end }} + {{- with .Values.cronjob.failedJobsHistoryLimit }} + failedJobsHistoryLimit: {{ . }} + {{- end }} + {{- with .Values.cronjob.successfulJobsHistoryLimit }} + successfulJobsHistoryLimit: {{ . }} + {{- end }} + jobTemplate: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + template: + metadata: {{- include "common.templateMetadata" . | nindent 10 }} + spec: + volumes: + - name: config-volume + configMap: + name: {{ template "common.fullname" . }}-curator + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 12 }} + {{- end }} + restartPolicy: {{ .Values.global.restartPolicy | default .Values.cronjob.jobRestartPolicy }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} +{{- include "elasticsearch.imagePullSecrets" . | indent 10 }} + {{- if .Values.extraInitContainers }} + initContainers: + {{- range $key, $value := .Values.extraInitContainers }} + - name: "{{ $key }}" + {{- toYaml $value | nindent 14 }} + {{- end }} + {{- end }} + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ include "elasticsearch.curator.serviceAccountName" . }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.securityContext }} + securityContext: {{- toYaml .Values.securityContext | nindent 12 }} + {{- end }} + containers: + - name: {{ template "common.fullname" . }}-curator + image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: config-volume + mountPath: /etc/es-curator + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 16 }} + {{- end }} + {{ if .Values.command }} + command: {{ toYaml .Values.command | nindent 16 }} + {{- end }} + {{- if .Values.dryrun }} + args: [ "--dry-run", "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ] + {{- else }} + args: [ "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ] + {{- end }} + env: + {{- if .Values.env }} + {{- range $key,$value := .Values.env }} + - name: {{ $key | upper | quote}} + value: {{ $value | quote}} + {{- end }} + {{- end }} + {{- if .Values.envFromSecrets }} + {{- range $key,$value := .Values.envFromSecrets }} + - name: {{ $key | upper | quote}} + valueFrom: + secretKeyRef: + name: {{ $value.from.secret | quote}} + key: {{ $value.from.key | quote}} + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 16 }} + {{- end }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml new file mode 100644 index 0000000000..6fe032d818 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml @@ -0,0 +1,46 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if and .Values.enabled .Values.psp.create }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +{{ $role := "curator" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +spec: + privileged: true + #requiredDropCapabilities: + volumes: + - 'configMap' + - 'secret' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + # Require the container to run without root privileges. + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/role.yaml b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml new file mode 100644 index 0000000000..0d189f448b --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml @@ -0,0 +1,32 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if and .Values.enabled .Values.rbac.enabled }} +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +{{ $role := "curator" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role "component" "elasticsearch-curator-configmap") -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["update", "patch"] + {{- if .Values.psp.create }} + - apiGroups: ["extensions"] + resources: ["podsecuritypolicies"] + verbs: ["use"] + resourceNames: + - {{ include "common.fullname" (dict "suffix" $suffix "dot" .) }} + {{- end }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml new file mode 100644 index 0000000000..b112468dc3 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml @@ -0,0 +1,29 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if and .Values.enabled .Values.rbac.enabled }} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +{{ $role := "curator" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role "component" "elasticsearch-curator-configmap") -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +roleRef: + kind: Role + name: {{ template "common.name" (dict "suffix" $suffix "dot" .) }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ include "elasticsearch.curator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml new file mode 100644 index 0000000000..0bd4ae0999 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml @@ -0,0 +1,21 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if and .Values.enabled .Values.serviceAccount.create .Values.rbac.enabled }} +apiVersion: v1 +kind: ServiceAccount +{{ $role := .Values.name -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/values.yaml b/kubernetes/common/elasticsearch/components/curator/values.yaml new file mode 100644 index 0000000000..5e0d9668d3 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/values.yaml @@ -0,0 +1,180 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: + mountPath: /dockerdata-nfs + backup: + mountPath: /dockerdata-nfs/backup + storageClass: + clusterName: cluster.local +repositoryOverride: docker.io +################################################################# +# Application configuration defaults. +################################################################# +# application image +## Elasticsearch curator parameters +## +enabled: false +name: curator +image: + imageName: bitnami/elasticsearch-curator + tag: 5.8.1-debian-9-r74 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName +service: + port: 9200 +cronjob: + # At 01:00 every day + schedule: "0 1 * * *" + annotations: {} + concurrencyPolicy: "" + failedJobsHistoryLimit: "" + successfulJobsHistoryLimit: "" + jobRestartPolicy: Never +podAnnotations: {} +rbac: + # Specifies whether RBAC should be enabled + enabled: false +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: +psp: + # Specifies whether a podsecuritypolicy should be created + create: false +hooks: + install: false + upgrade: false +# run curator in dry-run mode +dryrun: false +command: ["curator"] +env: {} +configMaps: + # Delete indices older than 90 days + action_file_yml: |- + --- + actions: + 1: + action: delete_indices + description: "Clean up ES by deleting old indices" + options: + timeout_override: + continue_if_exception: False + disable_action: False + ignore_empty_list: True + filters: + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: 90 + field: + stats_result: + epoch: + exclude: False + # Default config (this value is evaluated as a template) + config_yml: |- + --- + client: + hosts: + {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }} + port: {{ .Values.service.port }} + # url_prefix: + # use_ssl: True + # certificate: + # client_cert: + # client_key: + # ssl_no_validate: True + # http_auth: + # timeout: 30 + # master_only: False + # logging: + # loglevel: INFO + # logfile: + # logformat: default + # blacklist: ['elasticsearch', 'urllib3'] +## Curator resources requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 100m + # memory: 128Mi + requests: {} + # cpu: 100m + # memory: 128Mi +priorityClassName: "" +# extraVolumes and extraVolumeMounts allows you to mount other volumes +# Example Use Case: mount ssl certificates when elasticsearch has tls enabled +# extraVolumes: +# - name: es-certs +# secret: +# defaultMode: 420 +# secretName: es-certs +# extraVolumeMounts: +# - name: es-certs +# mountPath: /certs +# readOnly: true +## Add your own init container or uncomment and modify the given example. +## +extraInitContainers: {} +## Don't configure S3 repository till Elasticsearch is reachable. +## Ensure that it is available at http://elasticsearch:9200 +## +# elasticsearch-s3-repository: +# image: bitnami/minideb:latest +# imagePullPolicy: "IfNotPresent" +# command: +# - "/bin/bash" +# - "-c" +# args: +# - | +# ES_HOST=elasticsearch +# ES_PORT=9200 +# ES_REPOSITORY=backup +# S3_REGION=us-east-1 +# S3_BUCKET=bucket +# S3_BASE_PATH=backup +# S3_COMPRESS=true +# S3_STORAGE_CLASS=standard +# install_packages curl && \ +# ( counter=0; while (( counter++ < 120 )); do curl -s http://${ES_HOST}:${ES_PORT} >/dev/null 2>&1 && break; echo "Waiting for elasticsearch $counter/120"; sleep 1; done ) && \ +# cat <<EOF | curl -sS -XPUT -H "Content-Type: application/json" -d @- http://${ES_HOST}:${ES_PORT}/_snapshot/${ES_REPOSITORY} \ +# { +# "type": "s3", +# "settings": { +# "bucket": "${S3_BUCKET}", +# "base_path": "${S3_BASE_PATH}", +# "region": "${S3_REGION}", +# "compress": "${S3_COMPRESS}", +# "storage_class": "${S3_STORAGE_CLASS}" +# } +# } + diff --git a/kubernetes/common/elasticsearch/components/data/Chart.yaml b/kubernetes/common/elasticsearch/components/data/Chart.yaml new file mode 100644 index 0000000000..5243a56101 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/data/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +apiVersion: v1 +description: ONAP elasticsearch data +name: data +version: 6.0.0 diff --git a/kubernetes/common/elasticsearch/components/data/requirements.yaml b/kubernetes/common/elasticsearch/components/data/requirements.yaml new file mode 100644 index 0000000000..6a61926e9e --- /dev/null +++ b/kubernetes/common/elasticsearch/components/data/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/common/elasticsearch/components/data/templates/pv.yaml b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml new file mode 100644 index 0000000000..c713ec81ac --- /dev/null +++ b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}} diff --git a/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml new file mode 100644 index 0000000000..2ac3880886 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml @@ -0,0 +1,21 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +{{ $role := .Values.name -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml new file mode 100644 index 0000000000..994b458e33 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml @@ -0,0 +1,175 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: StatefulSet +{{ $role := "data" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +spec: + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "OnDelete" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- else if .Values.updateStrategy.rollingUpdatePartition }} + rollingUpdate: + partition: {{ .Values.updateStrategy.rollingUpdatePartition }} + {{- end }} + selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .) | nindent 4 }} + serviceName: {{ include "common.fullname" . }}-data + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }} + spec: +{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "elasticsearch.data.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- if or .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) }} + initContainers: + {{- if .Values.sysctlImage.enabled }} + ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors) + - name: sysctl + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -c + - | + set -o errexit + set -o pipefail + set -o nounset + sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536 + securityContext: + privileged: true + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -c + - | + chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //bitnami/elasticsearch/data + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resource }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: "/bitnami/elasticsearch/data" + {{- end }} + {{- end }} + containers: + - name: {{ include "common.name" . }}-elasticsearch + image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: ELASTICSEARCH_CLUSTER_NAME + value: {{include "elasticsearch.clustername" .}} + - name: ELASTICSEARCH_CLUSTER_HOSTS + value: {{ include "common.name" . }}-discovery + {{- if .Values.plugins }} + - name: ELASTICSEARCH_PLUGINS + value: {{ .Values.plugins | quote }} + {{- end }} + - name: ELASTICSEARCH_HEAP_SIZE + value: {{ .Values.heapSize | quote }} + - name: ELASTICSEARCH_IS_DEDICATED_NODE + value: "yes" + - name: ELASTICSEARCH_NODE_TYPE + value: "data" + ports: {{- include "common.containerPorts" . |indent 12 }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + httpGet: + path: /_cluster/health?local=true + port: 9200 + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + httpGet: + path: /_cluster/health?local=true + port: 9200 + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.config }} + - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml + name: "config" + subPath: elasticsearch.yml + {{- end }} + - name: "data" + mountPath: "/bitnami/elasticsearch/data" + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + volumes: + {{- if .Values.config }} + - name: "config" + configMap: + name: {{ template "common.fullname" . }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} +{{- if not .Values.persistence.enabled }} + - name: "data" + emptyDir: {} +{{- else }} + volumeClaimTemplates: + - metadata: + name: "data" + {{- if .Values.persistence.annotations }} + annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: {{ include "common.storageClass" (dict "dot" . "suffix" .Values.persistence.suffix) }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/data/values.yaml b/kubernetes/common/elasticsearch/components/data/values.yaml new file mode 100644 index 0000000000..cfb7f51da3 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/data/values.yaml @@ -0,0 +1,170 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: + mountPath: /dockerdata-nfs + backup: + mountPath: /dockerdata-nfs/backup + storageClass: +repositoryOverride: docker.io +################################################################# +# Application configuration defaults. +################################################################# +## Init containers parameters: +sysctlImage: + enabled: true +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +volumePermissions: + enabled: true +# application image +## Elasticsearch data node parameters +## +name: data +## Number of data node(s) replicas to deploy +## +replicaCount: 0 +## required for "common.containerPorts" +## no dedicated service for data nodes +service: + ## list of ports for "common.containerPorts" + ports: + - name: http-transport + port: 9300 + +image: + imageName: bitnami/elasticsearch + tag: 6.8.6-debian-9-r23 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Set to true if you would like to see extra information on logs + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + ## + debug: false + + +## updateStrategy for ElasticSearch Data statefulset +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + type: RollingUpdate + # rollingUpdatePartition +heapSize: 128m +## Provide annotations for the data pods. +## +podAnnotations: {} +## Pod Security Context for data pods. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 +## Affinity for pod assignment. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Elasticsearch data container's resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. + limits: {} + # cpu: 100m + # memory: 128Mi + requests: + cpu: 25m + memory: 1152Mi +## Elasticsearch data container's liveness and readiness probes +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## +livenessProbe: + enabled: false +# initialDelaySeconds: 90 +# periodSeconds: 10 +# timeoutSeconds: 5 +# successThreshold: 1 +# failureThreshold: 5 +readinessProbe: + enabled: false +# initialDelaySeconds: 90 +# periodSeconds: 10 +# timeoutSeconds: 5 +# successThreshold: 1 +# failureThreshold: 5 +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + ## suffix for pv + suffix: data-pv + + ## Persistent Volume Storage Class + ## If defined, storageClassName: <storageClass> + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessMode: ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi +## Provide functionality to use RBAC +## + # existingClaim: + volumeReclaimPolicy: Retain + mountSubPath: elastic-data + storageType: local + backup: + mountPath: /dockerdata-nfs/backup +serviceAccount: + ## Specifies whether a ServiceAccount should be created for the data node + ## + create: false + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + # name: diff --git a/kubernetes/common/elasticsearch/components/master/Chart.yaml b/kubernetes/common/elasticsearch/components/master/Chart.yaml new file mode 100644 index 0000000000..e9ac99a5bc --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/Chart.yaml @@ -0,0 +1,20 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + + +apiVersion: v1 +description: ONAP elasticsearch master +name: master +version: 6.0.0 diff --git a/kubernetes/common/elasticsearch/components/master/requirements.yaml b/kubernetes/common/elasticsearch/components/master/requirements.yaml new file mode 100644 index 0000000000..6a61926e9e --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/common/elasticsearch/components/master/templates/pv.yaml b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml new file mode 100644 index 0000000000..c713ec81ac --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}} diff --git a/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml new file mode 100644 index 0000000000..05a3af37f2 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml @@ -0,0 +1,23 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +{{ $role := .Values.name -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml new file mode 100644 index 0000000000..dfa3ccbacc --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml @@ -0,0 +1,179 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: StatefulSet +{{ $role := "master" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +spec: + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "OnDelete" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} + selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .)| nindent 4 }} + serviceName: {{ include "common.fullname" . }}-master + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }} + spec: +{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "elasticsearch.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- if or .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) }} + initContainers: + {{- if .Values.sysctlImage.enabled }} + ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors) + - name: sysctl + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -c + - | + set -o errexit + set -o pipefail + set -o nounset + sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536 + securityContext: + privileged: true + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -c + - | + chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //bitnami/elasticsearch/data + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resource }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: "/bitnami/elasticsearch/data" + {{- end }} + {{- end }} + containers: + - name: {{ include "common.name" . }}-elasticsearch + image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: ELASTICSEARCH_CLUSTER_NAME + value: {{ include "elasticsearch.clustername" . }} + - name: ELASTICSEARCH_CLUSTER_HOSTS + value: {{ include "common.name" . }}-discovery + - name: ELASTICSEARCH_CLUSTER_MASTER_HOSTS + {{- $elasticsearchMasterFullname := printf "%s-%s" (include "common.fullname" . ) "master" }} + {{- $replicas := int .Values.replicaCount }} + value: {{range $i, $e := until $replicas }}{{ $elasticsearchMasterFullname }}-{{ $e }} {{ end }} + - name: ELASTICSEARCH_MINIMUM_MASTER_NODES + value: {{ add (div .Values.replicaCount 2) 1 | quote }} + {{- if .Values.plugins }} + - name: ELASTICSEARCH_PLUGINS + value: {{ .Values.plugins | quote }} + {{- end }} + - name: ELASTICSEARCH_HEAP_SIZE + value: {{ .Values.heapSize | quote }} + - name: ELASTICSEARCH_IS_DEDICATED_NODE + value: {{ .Values.dedicatednode | quote }} + - name: ELASTICSEARCH_NODE_TYPE + value: "master" + ports: {{- include "common.containerPorts" . |indent 12 }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + httpGet: + path: /_cluster/health?local=true + port: 9200 + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + httpGet: + path: /_cluster/health?local=true + port: 9200 + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.config }} + - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml + name: config + subPath: elasticsearch.yml + {{- end }} + - name: data + mountPath: /bitnami/elasticsearch/data + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + volumes: + {{- if .Values.config }} + - name: config + configMap: + name: {{ include "common.fullname" . }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} +{{- if not .Values.persistence.enabled }} + - name: "data" + emptyDir: {} +{{- else }} + volumeClaimTemplates: + - metadata: + name: "data" + {{- if .Values.persistence.annotations }} + annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: {{ include "common.storageClass" (dict "dot" . "suffix" .Values.persistence.suffix) }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/master/templates/svc.yaml b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml new file mode 100644 index 0000000000..8d66ef082e --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml @@ -0,0 +1,19 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +{{ $role := "master" -}} +{{ $labels := (dict "role" $role) -}} +{{ $matchLabels := (dict "role" $role) }} +{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
\ No newline at end of file diff --git a/kubernetes/common/elasticsearch/components/master/values.yaml b/kubernetes/common/elasticsearch/components/master/values.yaml new file mode 100644 index 0000000000..2862692eef --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/values.yaml @@ -0,0 +1,203 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: + mountPath: /dockerdata-nfs + backup: + mountPath: /dockerdata-nfs/backup + storageClass: +repositoryOverride: docker.io +################################################################# +# Application configuration defaults. +################################################################# +## Init containers parameters: +sysctlImage: + enabled: true +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +volumePermissions: + enabled: true + +# application image +## Elasticsearch master-eligible node parameters +## +name: master +## Number of master-eligible node(s) replicas to deploy +## +replicaCount: 3 +## master acts as master only node, choose 'no' if no further data nodes are deployed) +dedicatednode: "yes" +## dedicatednode: "no" +image: + imageName: bitnami/elasticsearch + tag: 6.8.6-debian-9-r23 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Set to true if you would like to see extra information on logs + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + ## + debug: false + +## String to partially override common.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override common.fullname template +## +# fullnameOverride: +## updateStrategy for ElasticSearch master statefulset +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + type: RollingUpdate +heapSize: 128m +## Provide annotations for master-eligible pods. +## +podAnnotations: {} +## Pod Security Context for master-eligible pods. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 +## Affinity for pod assignment. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Elasticsearch master-eligible container's resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. + limits: {} + # cpu: 100m + # memory: 128Mi + requests: + cpu: 25m + memory: 256Mi +## Elasticsearch master-eligible container's liveness and readiness probes +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## +livenessProbe: + enabled: false +# initialDelaySeconds: 90 +# periodSeconds: 10 +# timeoutSeconds: 5 +# successThreshold: 1 +# failureThreshold: 5 +readinessProbe: + enabled: false +# initialDelaySeconds: 90 +# periodSeconds: 10 +# timeoutSeconds: 5 +# successThreshold: 1 +# failureThreshold: 5 +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + ## suffix for pv + suffix: master-pv + ## Persistent Volume Storage Class + ## If defined, storageClassName: <storageClass> + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessMode: ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi + # existingClaim: + volumeReclaimPolicy: Retain + mountSubPath: elastic-master + storageType: local + backup: + mountPath: /dockerdata-nfs/backup +## Service parameters for master-eligible node(s) +## +service: + suffix: "service" + name: "" + ## list of ports for "common.containerPorts" + ## Elasticsearch transport port + ports: + - name: http-transport + port: 9300 + ## master-eligible service type + ## + type: ClusterIP + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: +## Provide functionality to use RBAC +## +serviceAccount: + ## Specifies whether a ServiceAccount should be created for the master node + create: false + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + # name: + + +## Elasticsearch cluster name +## +clusterName: elastic-cluster + + + diff --git a/kubernetes/common/elasticsearch/requirements.yaml b/kubernetes/common/elasticsearch/requirements.yaml new file mode 100644 index 0000000000..84fa71c6e6 --- /dev/null +++ b/kubernetes/common/elasticsearch/requirements.yaml @@ -0,0 +1,30 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: master + version: ~6.x-0 + repository: 'file://components/master' + - name: data + version: ~6.x-0 + repository: 'file://components/data' + condition: elasticsearch.data.enabled,data.enabled + - name: curator + version: ~6.x-0 + repository: 'file://components/curator' + condition: elasticsearch.curator.enabled,curator.enabled + diff --git a/kubernetes/common/elasticsearch/templates/_helpers.tpl b/kubernetes/common/elasticsearch/templates/_helpers.tpl new file mode 100644 index 0000000000..fdbe82f855 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/_helpers.tpl @@ -0,0 +1,103 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} + + +{{ define "elasticsearch.clustername"}} +{{- printf "%s-%s" (include "common.name" .) "cluster" -}} +{{- end -}} + +{{/* +This define should be used instead of "common.fullname" to allow +special handling of kibanaEnabled=true +Create a default fully qualified coordinating name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "elasticsearch.coordinating.fullname" -}} +{{- if .Values.global.kibanaEnabled -}} +{{- printf "%s-%s" .Release.Name .Values.global.coordinating.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" (include "common.fullname" .) .Values.global.coordinating.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* + Create the name of the master service account to use + */}} +{{- define "elasticsearch.master.serviceAccountName" -}} +{{- if .Values.master.serviceAccount.create -}} + {{ default (include "common.fullname" (dict "suffix" "master" "dot" .)) .Values.master.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.master.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* + Create the name of the coordinating-only service account to use + */}} +{{- define "elasticsearch.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.fullname" . ) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* + Create the name of the data service account to use + */}} +{{- define "elasticsearch.data.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.fullname" (dict "suffix" "data" "dot" .)) .Values.data.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "elasticsearch.imagePullSecrets" -}} +{{- if .Values.global }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end }} +{{- else }} +{{- $imagePullSecrets := coalesce .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.curator.image.pullSecrets .Values.sysctlImage.pullSecrets .Values.volumePermissions.image.pullSecrets -}} +{{- if $imagePullSecrets }} +imagePullSecrets: +{{- range $imagePullSecrets }} + - name: {{ . }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "elasticsearch.curator.serviceAccountName" -}} +{{- if .Values.curator.serviceAccount.create -}} + {{ default (include "common.fullname" (dict "suffix" "currator" "dot" .)) .Values.curator.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.curator.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml b/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml new file mode 100644 index 0000000000..b4e0044891 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml @@ -0,0 +1,33 @@ + +{{ if .Values.global.aafEnabled }} +{{/* +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.aafConfig.addconfig -}} +apiVersion: v1 +kind: ConfigMap +{{ $suffix := "aaf-add-config" -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} +data: + aaf-add-config.sh: |- + cd /opt/app/osaaf/local + mkdir -p certs + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0) + keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.aafConfig.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password + openssl pkcs12 -in {{ .Values.aafConfig.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12 + cp {{ .Values.aafConfig.fqi_namespace }}.key certs/key.pem + chmod -R 755 certs +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/elasticsearch/templates/configmap-es.yaml b/kubernetes/common/elasticsearch/templates/configmap-es.yaml new file mode 100644 index 0000000000..38234da0cf --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/configmap-es.yaml @@ -0,0 +1,20 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.config }} +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +data: + elasticsearch.yml: |- {{- toYaml .Values.config | nindent 4 }} +{{- end }} diff --git a/kubernetes/nbi/templates/configmap-aaf-add-config.yaml b/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml index fe099b140d..49ce0ef76a 100644 --- a/kubernetes/nbi/templates/configmap-aaf-add-config.yaml +++ b/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml @@ -1,6 +1,5 @@ -{{ if .Values.global.aafEnabled }} {{/* -# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies, Orange +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,15 +13,19 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} +{{- if .Values.nginx.serverBlock -}} -{{- if .Values.aafConfig.addconfig -}} apiVersion: v1 kind: ConfigMap -{{- $suffix := "aaf-add-config" }} +{{ $suffix := "nginx-server-block" -}} metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} data: - aaf-add-config.sh: |- - /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \ - {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop -{{- end -}} + server-block.conf: |- +{{ if .Values.global.aafEnabled }} +{{ .Values.nginx.serverBlock.https | indent 4 }} +{{ else }} +{{ .Values.nginx.serverBlock.http | indent 4 }} + + +{{ end }} {{- end -}} diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml new file mode 100644 index 0000000000..65a7f462e1 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml @@ -0,0 +1,167 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +{{ $role := "coordinating-only" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +spec: + strategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} + selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .) | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }} + spec: +{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "elasticsearch.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + + ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors) + initContainers: + {{- if .Values.sysctlImage.enabled }} + - name: sysctl + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -c + - | + set -o errexit + set -o pipefail + set -o nounset + sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536 + securityContext: + privileged: true + {{- end }} + {{ include "common.aaf-config" . | nindent 8}} + + containers: + - name: {{ include "common.name" . }}-nginx + image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.nginx.imageName .Values.nginx.tag }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.nginx.pullPolicy | quote }} + ports: {{- include "common.containerPorts" . | indent 12 -}} + {{- if .Values.nginx.livenessProbe }} + livenessProbe: {{- toYaml .Values.nginx.livenessProbe | nindent 12 }} + {{- end }} + {{- if .Values.nginx.readinessProbe }} + readinessProbe: {{- toYaml .Values.nginx.readinessProbe | nindent 12 }} + {{- end }} + {{- if .Values.nginx.resources }} + resources: {{- toYaml .Values.nginx.resources | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.nginx.serverBlock }} + - name: nginx-server-block + mountPath: /opt/bitnami/nginx/conf/server_blocks + {{- end }} + {{- include "common.aaf-config-volume-mountpath" . | nindent 10 }} + + - name: {{ include "common.name" . }}-elasticsearch + image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + {{- if .Values.securityContext.enabled }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: ELASTICSEARCH_CLUSTER_NAME + value: {{ include "elasticsearch.clustername" .}} + - name: ELASTICSEARCH_CLUSTER_HOSTS + value: {{ include "common.name" . }}-discovery + {{- if .Values.plugins }} + - name: ELASTICSEARCH_PLUGINS + value: {{ .Values.plugins | quote }} + {{- end }} + - name: ELASTICSEARCH_HEAP_SIZE + value: {{ .Values.heapSize | quote }} + - name: ELASTICSEARCH_IS_DEDICATED_NODE + value: "yes" + - name: ELASTICSEARCH_NODE_TYPE + value: "coordinating" + - name: ELASTICSEARCH_PORT_NUMBER + value: "9000" + {{/*ports: {{- include "common.containerPorts" . | indent 12 -}} */}} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + httpGet: + path: /_cluster/health?local=true + port: http + {{- end }} + {{- if .Values.readinessProbe.enabled}} + readinessProbe: + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + httpGet: + path: /_cluster/health?local=true + port: http + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end}} + volumeMounts: + {{- if .Values.config }} + - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml + name: config + subPath: elasticsearch.yml + {{- end }} + - name: data + mountPath: "/bitnami/elasticsearch/data/" + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + volumes: + {{- if .Values.config }} + - name: config + configMap: + name: {{ include "common.fullname" . }} + {{- end }} + - name: data + emptyDir: {} + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} + {{- if .Values.nginx.serverBlock }} + - name: nginx-server-block + configMap: + name: {{ include "common.fullname" . }}-nginx-server-block + {{- end }} + {{- include "common.aaf-config-volumes" . | nindent 8}} + diff --git a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml new file mode 100644 index 0000000000..610c7d68c1 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ $role := "coordinating-only" -}} +{{ $labels := (dict "role" $role) -}} +{{ $matchLabels := (dict "role" $role) }} +{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }} diff --git a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml new file mode 100644 index 0000000000..fa79c29eca --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- $matchLabels := (dict "discovery" (include "elasticsearch.clustername" .) "nameNoMatch" "useDiscoveryService") }} +{{ include "common.headlessService" (dict "matchLabels" $matchLabels "dot" .) }} diff --git a/kubernetes/common/elasticsearch/templates/secrets.yaml b/kubernetes/common/elasticsearch/templates/secrets.yaml new file mode 100644 index 0000000000..359e8975e1 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2019 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml new file mode 100644 index 0000000000..49ad504da6 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml @@ -0,0 +1,21 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +{{ $role := .Values.global.coordinating.name -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml new file mode 100644 index 0000000000..3627b2ea97 --- /dev/null +++ b/kubernetes/common/elasticsearch/values.yaml @@ -0,0 +1,329 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + aafEnabled: true + aafAgentImage: onap/aaf/aaf_agent:2.1.15 + nodePortPrefix: 302 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:latest + clusterName: cluster.local + +persistence: + mountPath: /dockerdata-nfs + backup: + mountPath: /dockerdata-nfs/backup + storageClass: +repositoryOverride: docker.io + +################################################################# +# Application configuration defaults. +################################################################# +## Init containers parameters: +sysctlImage: + enabled: true + +# application image +image: + imageName: bitnami/elasticsearch + tag: 6.8.6-debian-9-r23 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Set to true if you would like to see extra information on logs + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + ## + debug: false + +## String to partially override common.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override common.fullname template +## +# fullnameOverride: +## updateStrategy for ElasticSearch coordinating deployment +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +## +updateStrategy: + type: RollingUpdate +heapSize: 128m +## Provide annotations for the coordinating-only pods. +## +podAnnotations: {} +## Pod Security Context for coordinating-only pods. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 +## Affinity for pod assignment. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Elasticsearch coordinating-only container's resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. + limits: {} + # cpu: 100m + # memory: 128Mi + requests: + cpu: 25m + memory: 256Mi +## Elasticsearch coordinating-only container's liveness and readiness probes +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## +livenessProbe: + enabled: false +# initialDelaySeconds: 90 +# periodSeconds: 10 +# timeoutSeconds: 5 +# successThreshold: 1 +# failureThreshold: 5 +readinessProbe: + enabled: false +# initialDelaySeconds: 90 +# periodSeconds: 10 +# timeoutSeconds: 5 +# successThreshold: 1 +# failureThreshold: 5 +## Service parameters for coordinating-only node(s) +## +serviceAccount: + ## Specifies whether a ServiceAccount should be created for the coordinating node + ## + create: false + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + # name: + +## Bitnami Minideb image version +## ref: https://hub.docker.com/r/bitnami/minideb/tags/ +## +sysctlImage: + enabled: true + imageName: bitnami/minideb + tag: stretch + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + +# nginx image +nginx: + imageName: bitnami/nginx + tag: 1.16-debian-9 + pullPolicy: IfNotPresent + service: + name: nginx + ports: + - name: elasticsearch + port: 8080 +## Custom server block to be added to NGINX configuration +## PHP-FPM example server block: + serverBlock: + https: |- + server { + listen 9200 ssl; + #server_name ; + # auth_basic "server auth"; + # auth_basic_user_file /etc/nginx/passwords; + ssl_certificate /opt/app/osaaf/local/certs/cert.pem; + ssl_certificate_key /opt/app/osaaf/local/certs/key.pem; + location / { + # deny node shutdown api + if ($request_filename ~ "_shutdown") { + return 403; + break; + } + + proxy_pass http://localhost:9000; + proxy_http_version 1.1; + proxy_set_header Connection "Keep-Alive"; + proxy_set_header Proxy-Connection "Keep-Alive"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $http_host; + proxy_redirect off; + } + + location = / { + proxy_pass http://localhost:9000; + proxy_http_version 1.1; + proxy_set_header Connection "Keep-Alive"; + proxy_set_header Proxy-Connection "Keep-Alive"; + proxy_redirect off; + auth_basic "off"; + } + } + http: |- + server { + listen 9200 ; + #server_name ; + location / { + # deny node shutdown api + if ($request_filename ~ "_shutdown") { + return 403; + break; + } + + proxy_pass http://localhost:9000; + proxy_http_version 1.1; + proxy_set_header Connection "Keep-Alive"; + proxy_set_header Proxy-Connection "Keep-Alive"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $http_host; + proxy_redirect off; + } + + location = / { + proxy_pass http://localhost:9000; + proxy_http_version 1.1; + proxy_set_header Connection "Keep-Alive"; + proxy_set_header Proxy-Connection "Keep-Alive"; + proxy_redirect off; + auth_basic "off"; + } + } +################################################################# +# coordinating service configuration defaults. +################################################################# + +service: + name: "" + suffix: "" + ## coordinating-only service type + ## + type: ClusterIP + headlessPorts: + - name: http-transport + port: 9300 + headless: + suffix: discovery + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + publishNotReadyAddresses: true + ## Elasticsearch tREST API port + ## + ports: + - name: elasticsearch + port: 9200 + + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + ## Provide functionality to use RBAC + ## +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: &aaf_secret_uid elasticsearch-aaf-deploy-creds + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aafConfig.aafDeployFqi }}' + password: '{{ .Values.aafConfig.aafDeployPass }}' + passwordPolicy: required +################################################################# +# aaf configuration defaults. +################################################################# +aafConfig: + addconfig: true + fqdn: "elastic" + image: onap/aaf/aaf_agent:2.1.15 + app_ns: "org.osaaf.aaf" + fqi_namespace: org.onap.elastic + fqi: "elastic@elastic.onap.org" + public_fqdn: "aaf.osaaf.org" + deploy_fqi: "deployer@people.osaaf.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + #aafDeployCredsExternalSecret: some secret + #cadi_latitude: "52.5" + #cadi_longitude: "13.4" + secret_uid: *aaf_secret_uid +################################################################# +# subcharts configuration defaults. +################################################################# + + +#data: +# enabled: false + +#curator: +# enabled: false + +## Change nameOverride to be consistent accross all elasticsearch (sub)-charts + +master: + replicaCount: 3 + # dedicatednode: "yes" + # working as master node only, in this case increase replicaCount for elasticsearch-data + # dedicatednode: "no" + # handles master and data node functionality + dedicatednode: "no" +data: + enabled: false +curator: + enabled: false diff --git a/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh new file mode 100755 index 0000000000..42c5c89726 --- /dev/null +++ b/kubernetes/common/mariadb-galera/resources/config/configure-mysql.sh @@ -0,0 +1,89 @@ +#!/bin/bash +# +# Adfinis SyGroup AG +# openshift-mariadb-galera: mysql setup script +# + +set -eox pipefail + +echo 'Running mysql_install_db ...' +mysql_install_db --datadir=/var/lib/mysql +echo 'Finished mysql_install_db' + +mysqld --skip-networking --socket=/var/lib/mysql/mysql-init.sock --wsrep_on=OFF & +pid="$!" + +mysql=( mysql --protocol=socket -uroot -hlocalhost --socket=/var/lib/mysql/mysql-init.sock ) + +for i in {30..0}; do + if echo 'SELECT 1' | "${mysql[@]}" &> /dev/null; then + break + fi + echo 'MySQL init process in progress...' + sleep 1 +done +if [ "$i" = 0 ]; then + echo >&2 'MySQL init process failed.' + exit 1 +fi + +if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then + # sed is for https://bugs.mysql.com/bug.php?id=20545 + mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql +fi + +function prepare_password { + echo -n $1 | sed -e "s/'/''/g" +} + +mysql_root_password=`prepare_password $MYSQL_ROOT_PASSWORD` +# add MariaDB root user +"${mysql[@]}" <<-EOSQL +-- What's done in this file shouldn't be replicated +-- or products like mysql-fabric won't work +SET @@SESSION.SQL_LOG_BIN=0; + +DELETE FROM mysql.user ; +CREATE USER 'root'@'%' IDENTIFIED BY '${mysql_root_password}' ; +GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ; +DROP DATABASE IF EXISTS test ; +FLUSH PRIVILEGES ; +EOSQL + +# add root password for subsequent calls to mysql +if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then + mysql+=( -p"${MYSQL_ROOT_PASSWORD}" ) +fi + +# add users require for Galera +# TODO: make them somehow configurable +"${mysql[@]}" <<-EOSQL +CREATE USER 'xtrabackup_sst'@'localhost' IDENTIFIED BY 'xtrabackup_sst' ; +GRANT RELOAD, LOCK TABLES, REPLICATION CLIENT ON *.* TO 'xtrabackup_sst'@'localhost' ; +CREATE USER 'readinessProbe'@'localhost' IDENTIFIED BY 'readinessProbe'; +EOSQL + +if [ "$MYSQL_DATABASE" ]; then + echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" | "${mysql[@]}" + mysql+=( "$MYSQL_DATABASE" ) +fi + +if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then + mysql_password=`prepare_password $MYSQL_PASSWORD` + echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$mysql_password' ;" | "${mysql[@]}" + + if [ "$MYSQL_DATABASE" ]; then + echo "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" + fi + + echo 'FLUSH PRIVILEGES ;' | "${mysql[@]}" +fi + +if ! kill -s TERM "$pid" || ! wait "$pid"; then + echo >&2 'MySQL init process failed.' + exit 1 +fi + +echo +echo 'MySQL init process done. Ready for start up.' +echo diff --git a/kubernetes/common/mariadb-galera/templates/configmap.yaml b/kubernetes/common/mariadb-galera/templates/configmap.yaml index e7bb701930..a7064d7ce4 100644 --- a/kubernetes/common/mariadb-galera/templates/configmap.yaml +++ b/kubernetes/common/mariadb-galera/templates/configmap.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,4 +29,17 @@ metadata: data: my_extra.cnf: | {{ .Values.externalConfig | indent 4 }} -{{- end -}} +{{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml index 7157e3390b..855d50e5ea 100644 --- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml +++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml @@ -47,6 +47,10 @@ spec: configMap: name: {{ include "common.fullname" . }}-external-config {{- end}} + - name: init-script + configMap: + name: {{ include "common.fullname" . }} + defaultMode: 0755 - name: localtime hostPath: path: /etc/localtime @@ -104,6 +108,9 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true + - mountPath: /usr/share/container-scripts/mysql/configure-mysql.sh + subPath: configure-mysql.sh + name: init-script {{- if .Values.persistence.enabled }} - mountPath: /var/lib/mysql name: {{ include "common.fullname" . }}-data diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index dabf21da79..6decff2463 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -58,7 +58,7 @@ pullPolicy: IfNotPresent # application configuration config: # .mariadbRootPasswordExternalSecret: 'some-external-secret' - mariadbRootPassword: secretpassword + # mariadbRootPassword: secretpassword # .userCredentialsExternalSecret: 'some-external-secret' userName: my-user # userPassword: my-password diff --git a/kubernetes/common/music/charts/music-tomcat/resources/config/music.properties b/kubernetes/common/music/charts/music-tomcat/resources/config/music.properties deleted file mode 100755 index b977ca58ee..0000000000 --- a/kubernetes/common/music/charts/music-tomcat/resources/config/music.properties +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -my.public.ip=localhost -all.public.ips=localhost -my.id=0 -all.ids=0 -### Host Info ### -zookeeper.host={{.Values.properties.zookeeperHost}} -cassandra.host={{.Values.properties.cassandraHost}} -### User Info ### -cassandra.user={{.Values.properties.cassandraUser}} -cassandra.password={{.Values.properties.cassandraPassword}} -### AAF Endpoint ### -aaf.endpoint.url={{.Values.properties.aafEndpointUrl}} -### Admin API ### -# AAF UAT -aaf.admin.url={{.Values.properties.aafAdminUrl}} -# AAF PROD -admin.aaf.role={{.Values.properties.adminAafRole}} -music.namespace={{.Values.properties.musicNamespace}} diff --git a/kubernetes/common/music/charts/music-tomcat/templates/deployment.yaml b/kubernetes/common/music/charts/music-tomcat/templates/deployment.yaml deleted file mode 100755 index dcbd4e2d88..0000000000 --- a/kubernetes/common/music/charts/music-tomcat/templates/deployment.yaml +++ /dev/null @@ -1,115 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: {{ include "common.name" . }}-zookeeper-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/ready.py - args: - - --container-name - - zookeeper - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: {{ include "common.name" . }}-cassandra-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/job_complete.py - args: - - -j - - "{{ include "common.release" . }}-music-cassandra-job-config" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace -# War Container - - name: "{{ .Chart.Name }}-war" - image: "{{ include "common.repository" . }}/{{ .Values.warImage }}" - command: ["cp","/app/MUSIC.war","/webapps"] - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - volumeMounts: - - mountPath: /webapps - name: shared-data - containers: - # Tomcat Container - - name: "{{ include "common.name" . }}" - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /usr/local/tomcat/webapps - name: shared-data - - name: properties-music - mountPath: /opt/app/music/etc/music.properties - subPath: music.properties - resources: -{{ include "common.resources" . | indent 12 }} - volumes: - - name: shared-data - emptyDir: {} - - name: localtime - hostPath: - path: /etc/localtime - - name: properties-music - configMap: - name: {{ include "common.fullname" . }}-configmap - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/music/charts/music-tomcat/templates/service.yaml b/kubernetes/common/music/charts/music-tomcat/templates/service.yaml deleted file mode 100755 index d808bf957a..0000000000 --- a/kubernetes/common/music/charts/music-tomcat/templates/service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/common/music/charts/music-tomcat/values.yaml b/kubernetes/common/music/charts/music-tomcat/values.yaml deleted file mode 100755 index b91ffbd4e4..0000000000 --- a/kubernetes/common/music/charts/music-tomcat/values.yaml +++ /dev/null @@ -1,114 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - nodePortPrefixExt: 304 - repository: nexus3.onap.org:10001 - - # readiness check - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - - # logging agent - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: library/tomcat:8.5 -pullPolicy: Always -warImage: onap/music/music:3.0.24 - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: - usernameCassandra: cassandra1 - passwordCassandra: cassandra1 - -# default number of instances -replicaCount: 3 - -job: - host: cassandra - port: 9042 - busybox: - image: library/busybox:latest - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: NodePort - name: music-tomcat - externalPort: 8080 - internalPort: 8080 - nodePort: 76 - portName: tomcat -ingress: - enabled: false - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 900m - memory: 460Mi - requests: - cpu: 550m - memory: 360Mi - large: - limits: - cpu: 4 - memory: 2Gi - requests: - cpu: 2 - memory: 1Gi - unlimited: {} - - - -properties: - zookeeperHost: zookeeper - cassandraHost: music-cassandra - cassandraUser: nelson24 - cassandraPassword: nelson24 - - # Admin API - # ONAP AAF - aafAdminUrl: diff --git a/kubernetes/common/music/charts/music-tomcat/Chart.yaml b/kubernetes/common/music/charts/music/Chart.yaml index ec3934a2c5..7264b93e8a 100755..100644 --- a/kubernetes/common/music/charts/music-tomcat/Chart.yaml +++ b/kubernetes/common/music/charts/music/Chart.yaml @@ -13,6 +13,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP - MUSIC Tomcat Container -name: music-tomcat +description: MUSIC api as a Service API Spring boot container. +name: music version: 6.0.0 diff --git a/kubernetes/common/music/charts/music/resources/config/logback.xml b/kubernetes/common/music/charts/music/resources/config/logback.xml new file mode 100755 index 0000000000..51423e547d --- /dev/null +++ b/kubernetes/common/music/charts/music/resources/config/logback.xml @@ -0,0 +1,302 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ============LICENSE_START========================================== + org.onap.music + =================================================================== + Copyright (c) 2017 AT&T Intellectual Property + =================================================================== + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + ============LICENSE_END============================================= + ==================================================================== +--> + +<configuration scan="true" scanPeriod="3 seconds"> + <!--<jmxConfigurator /> --> + <!-- directory path for all other type logs --> + <property name="logDir" value="/opt/app/music/logs" /> + + <!-- directory path for debugging type logs --> + <property name="debugDir" value="debug-logs" /> + + <!-- specify the component name --> + <!-- <property name="componentName" value="EELF"></property> --> + <property name="componentName" value="MUSIC"></property> + + <!-- log file names --> + <property name="generalLogName" value="music" /> + <property name="securityLogName" value="security" /> + <property name="errorLogName" value="error" /> + <property name="metricsLogName" value="metrics" /> + <property name="auditLogName" value="audit" /> + <property name="debugLogName" value="debug" /> + <property name="defaultPattern" value="%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n" /> + <!-- <property name="applicationLoggerPattern" value="%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %msg%n" /> --> + <property name="applicationLoggerPattern" value="%d{yyyy-MM-dd HH:mm:ss} %-5level %X{keyspace} [transactionId:%X{transactionId}] - %msg%n" /> + <property name="auditLoggerPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" /> + <property name="metricsLoggerPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" /> + <!-- <property name="errorLoggerPattern" value= "%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %msg%n " /> --> + <property name="errorLoggerPattern" value="%d{yyyy-MM-dd HH:mm:ss} %-5level %X{keyspace} - %msg%n" /> + <property name="debugLoggerPattern" value="%date{ISO8601,UTC}|%X{RequestId}| %msg%n" ></property> + <property name="logDirectory" value="${logDir}/${componentName}" /> + <property name="debugLogDirectory" value="${debugDir}/${componentName}" /> + <!-- Example evaluator filter applied against console appender --> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <!-- <encoder> + <pattern>${defaultPattern}</pattern> + </encoder> --> + <!-- <filter class="org.onap.music.eelf.logging.CustomLoggingFilter" />--> + <encoder> + <pattern>%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %X{keyspace} %msg%n</pattern> + </encoder> + </appender> + + <!-- ============================================================================ --> + <!-- EELF Appenders --> + <!-- ============================================================================ --> + + <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${generalLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>5</maxHistory> + <totalSizeCap>5GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>${applicationLoggerPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="EELF" /> + </appender> + + <!-- Sift Appender --> + <appender name="KSEELF" class="ch.qos.logback.classic.sift.SiftingAppender"> + <!-- <discriminator class="org.onap.music.eelf.logging.AuxDiscriminator"> --> + <discriminator> + <key>keyspace</key> + <defaultValue>unknown</defaultValue> + </discriminator> + <sift> + <appender name="EELFSift" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${generalLogName}-keyspace.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${generalLogName}-${keyspace}.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxHistory>30</maxHistory> + </rollingPolicy> + <encoder> + <pattern>${applicationLoggerPattern}</pattern> + </encoder> + </appender> + </sift> + </appender> + + <appender name="asyncKSEELF" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="KSEELF" /> + </appender> + + + + + <!-- <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${generalLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>1GB</maxFileSize> + <maxHistory>5</maxHistory> + <totalSizeCap>5GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>${applicationLoggerPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <includeCallerData>true</includeCallerData> + <appender-ref ref="EELF" /> + </appender> --> + + <!-- EELF Security Appender. This appender is used to record security events + to the security log file. Security events are separate from other loggers + in EELF so that security log records can be captured and managed in a secure + way separate from the other logs. This appender is set to never discard any + events. --> + <appender name="EELFSecurity" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${securityLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <fileNamePattern>${logDirectory}/${securityLogName}.%i.log.zip</fileNamePattern> + <minIndex>1</minIndex> + <maxIndex>9</maxIndex> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <maxFileSize>5MB</maxFileSize> + </triggeringPolicy> + <encoder> + <pattern>%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n </pattern> + </encoder> + </appender> + + <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <discardingThreshold>0</discardingThreshold> + <appender-ref ref="EELFSecurity" /> + </appender> + + + + + <!-- EELF Audit Appender. This appender is used to record audit engine + related logging events. The audit logger and appender are specializations + of the EELF application root logger and appender. This can be used to segregate + Policy engine events from other components, or it can be eliminated to record + these events as part of the application root log. --> + + <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${auditLogName}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <fileNamePattern>${logDirectory}/${auditLogName}.%i.log.zip</fileNamePattern> + <minIndex>1</minIndex> + <maxIndex>9</maxIndex> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <maxFileSize>5MB</maxFileSize> + </triggeringPolicy> + <encoder> + <pattern>${auditLoggerPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFAudit" /> + </appender> + + <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${metricsLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <fileNamePattern>${logDirectory}/${metricsLogName}.%i.log.zip + </fileNamePattern> + <minIndex>1</minIndex> + <maxIndex>9</maxIndex> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <maxFileSize>5MB</maxFileSize> + </triggeringPolicy> + <encoder> + <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> --> + <pattern>${metricsLoggerPattern}</pattern> + </encoder> + </appender> + + + <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFMetrics"/> + </appender> + + <appender name="EELFError" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${errorLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <fileNamePattern>${logDirectory}/${errorLogName}.%i.log.zip</fileNamePattern> + <minIndex>1</minIndex> + <maxIndex>9</maxIndex> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <maxFileSize>5MB</maxFileSize> + </triggeringPolicy> + <encoder> + <pattern>${errorLoggerPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFError"/> + </appender> + + <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${debugLogDirectory}/${debugLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <fileNamePattern>${debugLogDirectory}/${debugLogName}.%i.log.zip</fileNamePattern> + <minIndex>1</minIndex> + <maxIndex>9</maxIndex> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <maxFileSize>5MB</maxFileSize> + </triggeringPolicy> + <encoder> + <pattern>${debugLoggerPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFDebug" /> + <includeCallerData>true</includeCallerData> + </appender> + + + <!-- ============================================================================ --> + <!-- EELF loggers --> + <!-- ============================================================================ --> + <logger name="com.att.eelf" level="{{.Values.logback.applicationLogLevel}}" additivity="false"> + <appender-ref ref="asyncEELF" /> + <appender-ref ref="asyncKSEELF" /> + </logger> + + <logger name="com.att.eelf.security" level="{{.Values.logback.securityLogLevel}}" additivity="false"> + <appender-ref ref="asyncEELFSecurity" /> + </logger> + + + <logger name="com.att.eelf.audit" level="{{.Values.logback.auditLogLevel}}" additivity="false"> + <appender-ref ref="asyncEELFAudit" /> + </logger> + + <logger name="com.att.eelf.metrics" level="{{.Values.logback.metricsLogLevel}}" additivity="false"> + <appender-ref ref="asyncEELFMetrics" /> + </logger> + + + <logger name="com.att.eelf.error" level="{{.Values.logback.errorLogLevel}}" additivity="false"> + <appender-ref ref="asyncEELFError" /> + </logger> + + <logger name="com.att.eelf.debug" level="debug" additivity="false"> + <appender-ref ref="asyncEELFDebug" /> + + </logger> + + <!-- Springboot??? --> + <!-- <logger name="org.springframework.web" level="DEBUG"> + <appender-ref ref="asyncEELF" /> + </logger> --> + + <root level="{{.Values.logback.rootLogLevel}}"> + <appender-ref ref="asyncEELF" /> + <appender-ref ref="asyncKSEELF" /> + <appender-ref ref="STDOUT" /> + </root> + + <!-- Conductor Specific additions to squash WARNING and INFO --> + <logger name="com.datastax.driver.core.Cluster" level="ERROR"/> + <logger name="org.onap.music.main.MusicCore" level="ERROR"/> +</configuration> + diff --git a/kubernetes/common/music/charts/music/resources/config/music-sb.properties b/kubernetes/common/music/charts/music/resources/config/music-sb.properties new file mode 100755 index 0000000000..751a351737 --- /dev/null +++ b/kubernetes/common/music/charts/music/resources/config/music-sb.properties @@ -0,0 +1,13 @@ +server.port=8443 +server.servlet.context-path=/MUSIC/rest +spring.jackson.mapper.ACCEPT_CASE_INSENSITIVE_ENUMS=true +#server.ssl.enabled=false +server.tomcat.max-threads=100 +#logging.file=/opt/app/music/logs/MUSIC/music-app.log +#logging.config=file:/opt/app/music/etc/logback.xml +security.require-ssl=true +server.ssl.key-store=/opt/app/aafcertman/org.onap.music.jks +server.ssl.key-store-password=${KEYSTORE_PASSWORD} +server.ssl.key-store-provider=SUN +server.ssl.key-store-type=JKS + diff --git a/kubernetes/common/music/charts/music/resources/config/music.properties b/kubernetes/common/music/charts/music/resources/config/music.properties new file mode 100755 index 0000000000..a7681d0a02 --- /dev/null +++ b/kubernetes/common/music/charts/music/resources/config/music.properties @@ -0,0 +1,24 @@ +lock.using={{.Values.properties.lockUsing}} +cassandra.host={{.Values.properties.cassandraHost}} +cassandra.port={{ .Values.properties.cassandraPort }} +lock.lease.period={{.Values.properties.lockLeasePeriod}} +cassandra.user=${CASSA_USER} +cassandra.password=${CASSA_PASSWORD} +cassandra.connecttimeoutms={{.Values.properties.cassandraConnecttimeoutms}} +cassandra.readtimeoutms={{.Values.properties.cassandraReadtimeoutms}} +cadi={{.Values.properties.cadi}} +music.aaf.ns={{.Values.properties.musicAafNs}} +keyspace.active={{.Values.properties.keyspaceActive}} +transId.header.required={{.Values.properties.transIdRequired}} +transId.header.prefix={{.Values.properties.transIdPrefix}} +conversation.header.required={{.Values.properties.conversationRequired}} +conversation.header.prefix={{.Values.properties.conversationPrefix}} +clientId.header.required={{.Values.properties.clientIdRequired}} +clientId.header.prefix={{.Values.properties.clientIdPrefix}} +messageId.header.required={{.Values.properties.messageIdRequired}} +messageId.header.prefix={{.Values.properties.messageIdPrefix}} +retry.count={{.Values.properties.retryCount}} +lock.daemon.sleeptime.ms={{.Values.properties.lockDaemonSleeptimeMs}} +keyspaces.for.lock.cleanup={{.Values.properties.keyspaceForLockCleanup}} +create.lock.wait.period.ms=0 +create.lock.wait.increment.ms=0 diff --git a/kubernetes/common/music/charts/music/resources/config/startup.sh b/kubernetes/common/music/charts/music/resources/config/startup.sh new file mode 100755 index 0000000000..7ab32558b4 --- /dev/null +++ b/kubernetes/common/music/charts/music/resources/config/startup.sh @@ -0,0 +1,67 @@ +#!/bin/bash +# +# ============LICENSE_START========================================== +# org.onap.music +# =================================================================== +# Copyright (c) 2019 AT&T Intellectual Property +# =================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# ============LICENSE_END============================================= +# ==================================================================== + +echo "Running startup script to get password from certman" +PWFILE=/opt/app/aafcertman/.password +LOGFILE=/opt/app/music/logs/MUSIC/music-sb.log +PROPS=/opt/app/music/etc/music-sb.properties +LOGBACK=/opt/app/music/etc/logback.xml +LOGGING= +DEBUG_PROP= +# Debug Setup. Uses env variables +# DEBUG and DEBUG_PORT +# DEBUG=true/false | DEBUG_PORT=<Port valie must be integer> +if [ "${DEBUG}" == "true" ]; then + if [ "${DEBUG_PORT}" == "" ]; then + DEBUG_PORT=8000 + fi + echo "Debug mode on" + DEBUG_PROP="-Xdebug -Xrunjdwp:server=y,transport=dt_socket,address=${DEBUG_PORT},suspend=n" +fi + +# LOGBACK file: if /opt/app/music/etc/logback.xml exists thenuse that. +if [ -f $LOGBACK ]; then + LOGGING="--logging.config=file:${LOGBACK}" +fi + +# Get Passwords from /opt/app/aafcertman +if [ -f $PWFILE ]; then + echo "Found ${PWFILE}" >> $LOGFILE + PASSWORD=$(cat ${PWFILE}) +else + PASSWORD=changeit + echo "#### Using Default Password for Certs" >> ${LOGFILE} +fi + +# If music-sb.properties exists in /opt/app/music/etc then use that to override the application.properties +if [ -f $PROPS ]; then + # Run with different Property file + #echo "java ${DEBUG_PROP} -jar MUSIC.jar --spring.config.location=file:${PROPS} ${LOGGING} 2>&1 | tee ${LOGFILE}" + java ${DEBUG_PROP} ${JAVA_OPTS} -jar MUSIC-SB.jar ${SPRING_OPTS} --spring.config.location=file:${PROPS} ${LOGGING} 2>&1 | tee ${LOGFILE} +else + #echo "java ${DEBUG_PROP} -jar MUSIC.jar --server.ssl.key-store-password=${PASSWORD} ${LOGGING} 2>&1 | tee ${LOGFILE}" + java ${DEBUG_PROP} ${JAVA_OPTS} -jar MUSIC-SB.jar ${SPRING_OPTS} --server.ssl.key-store-password="${PASSWORD}" ${LOGGING} 2>&1 | tee ${LOGFILE} +fi + + + + diff --git a/kubernetes/common/music/charts/music/resources/keys/org.onap.music.jks b/kubernetes/common/music/charts/music/resources/keys/org.onap.music.jks Binary files differnew file mode 100644 index 0000000000..35d27c3ef7 --- /dev/null +++ b/kubernetes/common/music/charts/music/resources/keys/org.onap.music.jks diff --git a/kubernetes/common/music/charts/music/resources/keys/truststoreONAPall.jks b/kubernetes/common/music/charts/music/resources/keys/truststoreONAPall.jks Binary files differnew file mode 100644 index 0000000000..ff844b109d --- /dev/null +++ b/kubernetes/common/music/charts/music/resources/keys/truststoreONAPall.jks diff --git a/kubernetes/common/music/charts/music-tomcat/templates/configmap.yaml b/kubernetes/common/music/charts/music/templates/configmap.yaml index 15859345e8..4023f343df 100755..100644 --- a/kubernetes/common/music/charts/music-tomcat/templates/configmap.yaml +++ b/kubernetes/common/music/charts/music/templates/configmap.yaml @@ -1,5 +1,4 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,12 +11,9 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -*/}} apiVersion: v1 kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-configmap - namespace: {{ include "common.namespace" . }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/common/music/charts/music/templates/deployment.yaml b/kubernetes/common/music/charts/music/templates/deployment.yaml new file mode 100644 index 0000000000..c3b30b22b7 --- /dev/null +++ b/kubernetes/common/music/charts/music/templates/deployment.yaml @@ -0,0 +1,119 @@ +# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - name: {{ include "common.name" . }}-cassandra-readiness + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/job_complete.py + args: + - -j + - "{{ include "common.release" . }}-music-cassandra-job-config" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: KEYSTORE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-keystore-pw" "key" "password") | indent 12}} + - name: CASSA_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "login") | indent 12 }} + - name: CASSA_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "password") | indent 12 }} + volumeMounts: + - mountPath: /config-input + name: properties-music-scrubbed + - mountPath: /config + name: properties-music + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + containers: + # MUSIC Container + - name: "{{ include "common.name" . }}-springboot" + image: "{{ .Values.repository }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ toYaml .Values.resources | indent 12 }} + env: + - name: SPRING_OPTS + value: "{{ .Values.springOpts }}" + - name: JAVA_OPTS + value: "{{ .Values.javaOpts }}" + - name: DEBUG + value: "{{ .Values.debug }}" + volumeMounts: + - name: localtime + mountPath: /etc/localtime + readOnly: true + - name: properties-music + mountPath: /opt/app/music/etc/music.properties + subPath: music.properties + - name: properties-music + mountPath: /opt/app/music/etc/music-sb.properties + subPath: music-sb.properties + - name: properties-music-scrubbed + mountPath: /opt/app/music/etc/logback.xml + subPath: logback.xml + - name: certs-aaf + mountPath: /opt/app/aafcertman/ + volumes: + - name: shared-data + emptyDir: {} + - name: certificate-vol + emptyDir: {} + - name: localtime + hostPath: + path: /etc/localtime + - name: properties-music-scrubbed + configMap: + name: {{ include "common.fullname" . }} + - name: properties-music + emptyDir: + medium: Memory + - name: certs-aaf + secret: + secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "music-certs") }} diff --git a/kubernetes/common/music/charts/music/templates/secrets.yaml b/kubernetes/common/music/charts/music/templates/secrets.yaml new file mode 100644 index 0000000000..5d5f5bb397 --- /dev/null +++ b/kubernetes/common/music/charts/music/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/music/charts/music/templates/service.yaml b/kubernetes/common/music/charts/music/templates/service.yaml new file mode 100644 index 0000000000..ca774c9b5b --- /dev/null +++ b/kubernetes/common/music/charts/music/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/common/music/charts/music/values.yaml b/kubernetes/common/music/charts/music/values.yaml new file mode 100644 index 0000000000..faa5a6223d --- /dev/null +++ b/kubernetes/common/music/charts/music/values.yaml @@ -0,0 +1,178 @@ +# Copyright © 2020 AT&T, Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + + envsubstImage: dibi/envsubst + + # readiness check + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + + # logging agent + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + + truststore: truststoreONAPall.jks + + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: music-certs + name: keystore.jks + type: generic + filePaths: + - resources/keys/org.onap.music.jks + - uid: music-keystore-pw + name: keystore-pw + type: password + password: '{{ .Values.keystorePassword }}' + passwordPolicy: required + - uid: cassa-secret + type: basicAuth + login: '{{ .Values.properties.cassandraUser }}' + password: '{{ .Values.properties.cassandraPassword }}' + passwordPolicy: required + + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/music/music_sb:3.2.40 +pullPolicy: Always + +job: + host: cassandra + port: 9042 + busybox: + image: library/busybox:latest + + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 30 + periodSeconds: 6 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: false + port: 8443 + + +# Java options that need to be passed to jave on CLI +#javaOpts: -Xms256m -Xmx2048m +javaOpts: +# Options that need to be passed to CLI for Sprngboot, pw is a secret passed in through ENV +springOpts: --spring.config.location=file:/opt/app/music/etc/music-sb.properties +# Resource Limit flavor -By Default using small +flavor: large +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 1000m + memory: 1G + requests: + cpu: 300m + memory: 512Mi + large: + limits: + cpu: 1500m + memory: 3Gi + requests: + cpu: 1000m + memory: 2Gi + unlimited: {} + +readiness: + initialDelaySeconds: 350 + periodSeconds: 120 + port: 8443 + +service: + useNodePortExt: true + type: NodePort + name: music + ports: + - name: https-api + port: 8443 + nodePort: '07' + +# Turn on Debugging true/false +debug: false +ingress: + enabled: false + +keystorePassword: "ysF9CVS+xvuXr0vf&fRa5lew" + +properties: + lockUsing: "cassandra" + # Comma dilimited list of hosts + cassandraHost: "music-cassandra" + cassandraUser: "nelson24" + cassandraPassword: "nelson24" + cassandraConnecttimeoutms: 12000 + cassandraPort: 9042 + # Connection Timeout for Cassandra in ms + # Read Timeout for Cassandra in ms + cassandraReadtimeoutms: 12000 + keyspaceActive: true + # Enable CADI + cadi: false + # Special headers that may be passed and if they are required. + # With the ability to add a Prefix if required. + transIdRequired: false + transIdPrefix: X-ATT- + conversationRequired: false + conversationPrefix: X-CSI- + clientIdRequired: false + clientIdPrefix: + messageIdRequired: false + messageIdPrefix: + + # sleep time for lock cleanup daemon, negative values turn off daemon +##### Lock settings + retryCount: 3 + lockLeasePeriod: 6000 + # sleep time for lock cleanup daemon, negative values turn off daemon + lockDaemonSleeptimeMs: 30000 + #comma separated list of keyspace names + keyspaceForLockCleanup: + + +logback: + errorLogLevel: info + securityLogLevel: info + applicationLogLevel: info + metricsLogLevel: info + auditLogLevel: info + # Values must be uppercase: INFO, WARN, CRITICAL,DEBUG etc.. + rootLogLevel: INFO + diff --git a/kubernetes/common/music/charts/zookeeper/.helmignore b/kubernetes/common/music/charts/zookeeper/.helmignore deleted file mode 100644 index f0c1319444..0000000000 --- a/kubernetes/common/music/charts/zookeeper/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/kubernetes/common/music/charts/zookeeper/Chart.yaml b/kubernetes/common/music/charts/zookeeper/Chart.yaml deleted file mode 100644 index 01e81736f6..0000000000 --- a/kubernetes/common/music/charts/zookeeper/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -name: zookeeper -home: https://zookeeper.apache.org/ -version: 1.0.2 -appVersion: 3.4.10 -description: Centralized service for maintaining configuration information, naming, - providing distributed synchronization, and providing group services. -icon: https://zookeeper.apache.org/images/zookeeper_small.gif -sources: -- https://github.com/apache/zookeeper -- https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper -maintainers: -- name: lachie83 - email: lachlan.evenson@microsoft.com -- name: kow3ns - email: owensk@google.com diff --git a/kubernetes/common/music/charts/zookeeper/OWNERS b/kubernetes/common/music/charts/zookeeper/OWNERS deleted file mode 100644 index dd9facde2a..0000000000 --- a/kubernetes/common/music/charts/zookeeper/OWNERS +++ /dev/null @@ -1,6 +0,0 @@ -approvers: -- lachie83 -- kow3ns -reviewers: -- lachie83 -- kow3ns diff --git a/kubernetes/common/music/charts/zookeeper/README.md b/kubernetes/common/music/charts/zookeeper/README.md deleted file mode 100644 index 22bbac49dc..0000000000 --- a/kubernetes/common/music/charts/zookeeper/README.md +++ /dev/null @@ -1,140 +0,0 @@ -# incubator/zookeeper - -This helm chart provides an implementation of the ZooKeeper [StatefulSet](http://kubernetes.io/docs/concepts/abstractions/controllers/statefulsets/) found in Kubernetes Contrib [Zookeeper StatefulSet](https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper). - -## Prerequisites -* Kubernetes 1.6+ -* PersistentVolume support on the underlying infrastructure -* A dynamic provisioner for the PersistentVolumes -* A familiarity with [Apache ZooKeeper 3.4.x](https://zookeeper.apache.org/doc/current/) - -## Chart Components -This chart will do the following: - -* Create a fixed size ZooKeeper ensemble using a [StatefulSet](http://kubernetes.io/docs/concepts/abstractions/controllers/statefulsets/). -* Create a [PodDisruptionBudget](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-disruption-budget/) so kubectl drain will respect the Quorum size of the ensemble. -* Create a [Headless Service](https://kubernetes.io/docs/concepts/services-networking/service/) to control the domain of the ZooKeeper ensemble. -* Create a Service configured to connect to the available ZooKeeper instance on the configured client port. -* Optionally apply a [Pod Anti-Affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature) to spread the ZooKeeper ensemble across nodes. -* Optionally start JMX Exporter and Zookeeper Exporter containers inside Zookeeper pods. -* Optionally create a job which creates Zookeeper chroots (e.g. `/kafka1`). - -## Installing the Chart -You can install the chart with the release name `zookeeper` as below. - -```console -$ helm repo add incubator http://storage.googleapis.com/kubernetes-charts-incubator -$ helm install --name zookeeper incubator/zookeeper -``` - -If you do not specify a name, helm will select a name for you. - -### Installed Components -You can use `kubectl get` to view all of the installed components. - -```console{%raw} -$ kubectl get all -l app=zookeeper -NAME: zookeeper -LAST DEPLOYED: Wed Apr 11 17:09:48 2018 -NAMESPACE: default -STATUS: DEPLOYED - -RESOURCES: -==> v1beta1/PodDisruptionBudget -NAME MIN AVAILABLE MAX UNAVAILABLE ALLOWED DISRUPTIONS AGE -zookeeper N/A 1 1 2m - -==> v1/Service -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -zookeeper-headless ClusterIP None <none> 2181/TCP,3888/TCP,2888/TCP 2m -zookeeper ClusterIP 10.98.179.165 <none> 2181/TCP 2m - -==> v1beta1/StatefulSet -NAME DESIRED CURRENT AGE -zookeeper 3 3 2m -``` - -1. `statefulsets/zookeeper` is the StatefulSet created by the chart. -1. `po/zookeeper-<0|1|2>` are the Pods created by the StatefulSet. Each Pod has a single container running a ZooKeeper server. -1. `svc/zookeeper-headless` is the Headless Service used to control the network domain of the ZooKeeper ensemble. -1. `svc/zookeeper` is a Service that can be used by clients to connect to an available ZooKeeper server. - -## Configuration -You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```console -$ helm install --name my-release -f values.yaml incubator/zookeeper -``` - -## Default Values - -- You can find all user-configurable settings, their defaults and commentary about them in [values.yaml](values.yaml). - -## Deep Dive - -## Image Details -The image used for this chart is based on Ubuntu 16.04 LTS. This image is larger than Alpine or BusyBox, but it provides glibc, rather than ulibc or mucl, and a JVM release that is built against it. You can easily convert this chart to run against a smaller image with a JVM that is built against that image's libc. However, as far as we know, no Hadoop vendor supports, or has verified, ZooKeeper running on such a JVM. - -## JVM Details -The Java Virtual Machine used for this chart is the OpenJDK JVM 8u111 JRE (headless). - -## ZooKeeper Details -The ZooKeeper version is the latest stable version (3.4.10). The distribution is installed into /opt/zookeeper-3.4.10. This directory is symbolically linked to /opt/zookeeper. Symlinks are created to simulate a rpm installation into /usr. - -## Failover -You can test failover by killing the leader. Insert a key: -```console -$ kubectl exec zookeeper-0 -- /opt/zookeeper/bin/zkCli.sh create /foo bar; -$ kubectl exec zookeeper-2 -- /opt/zookeeper/bin/zkCli.sh get /foo; -``` - -Watch existing members: -```console -$ kubectl run --attach bbox --image=busybox --restart=Never -- sh -c 'while true; do for i in 0 1 2; do echo zk-${i} $(echo stats | nc <pod-name>-${i}.<headless-service-name>:2181 | grep Mode); sleep 1; done; done'; - -zk-2 Mode: follower -zk-0 Mode: follower -zk-1 Mode: leader -zk-2 Mode: follower -``` - -Delete Pods and wait for the StatefulSet controller to bring them back up: -```console -$ kubectl delete po -l app=zookeeper -$ kubectl get po --watch-only -NAME READY STATUS RESTARTS AGE -zookeeper-0 0/1 Running 0 35s -zookeeper-0 1/1 Running 0 50s -zookeeper-1 0/1 Pending 0 0s -zookeeper-1 0/1 Pending 0 0s -zookeeper-1 0/1 ContainerCreating 0 0s -zookeeper-1 0/1 Running 0 19s -zookeeper-1 1/1 Running 0 40s -zookeeper-2 0/1 Pending 0 0s -zookeeper-2 0/1 Pending 0 0s -zookeeper-2 0/1 ContainerCreating 0 0s -zookeeper-2 0/1 Running 0 19s -zookeeper-2 1/1 Running 0 41s -``` - -Check the previously inserted key: -```console -$ kubectl exec zookeeper-1 -- /opt/zookeeper/bin/zkCli.sh get /foo -ionid = 0x354887858e80035, negotiated timeout = 30000 - -WATCHER:: - -WatchedEvent state:SyncConnected type:None path:null -bar -``` - -## Scaling -ZooKeeper can not be safely scaled in versions prior to 3.5.x. This chart currently uses 3.4.x. There are manual procedures for scaling a 3.4.x ensemble, but as noted in the [ZooKeeper 3.5.2 documentation](https://zookeeper.apache.org/doc/r3.5.2-alpha/zookeeperReconfig.html) these procedures require a rolling restart, are known to be error prone, and often result in a data loss. - -While ZooKeeper 3.5.x does allow for dynamic ensemble reconfiguration (including scaling membership), the current status of the release is still alpha, and 3.5.x is therefore not recommended for production use. - -## Limitations -* StatefulSet and PodDisruptionBudget are beta resources. -* Only supports storage options that have backends for persistent volume claims. diff --git a/kubernetes/common/music/charts/zookeeper/templates/NOTES.txt b/kubernetes/common/music/charts/zookeeper/templates/NOTES.txt deleted file mode 100644 index 4f7a27bd99..0000000000 --- a/kubernetes/common/music/charts/zookeeper/templates/NOTES.txt +++ /dev/null @@ -1,7 +0,0 @@ -Thank you for installing ZooKeeper on your Kubernetes cluster. More information -about ZooKeeper can be found at https://zookeeper.apache.org/doc/current/ - -Your connection string should look like: - {{ template "common.fullname" . }}-0.{{ template "common.fullname" . }}-headless:{{ .Values.service.ports.client.port }},{{ template "common.fullname" . }}-1.{{ template "common.fullname" . }}-headless:{{ .Values.service.ports.client.port }},... - -You can also use the client service {{ template "common.fullname" . }}:{{ .Values.service.ports.client.port }} to connect to an available ZooKeeper server. diff --git a/kubernetes/common/music/charts/zookeeper/templates/config-jmx-exporter.yaml b/kubernetes/common/music/charts/zookeeper/templates/config-jmx-exporter.yaml deleted file mode 100644 index 72fedbcbbb..0000000000 --- a/kubernetes/common/music/charts/zookeeper/templates/config-jmx-exporter.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.exporters.jmx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.release" . }}-jmx-exporter - labels: - app: {{ template "common.name" . }} - chart: {{ .Chart.Name }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: - config.yml: |- - hostPort: 127.0.0.1:{{ .Values.env.JMXPORT }} - lowercaseOutputName: {{ .Values.exporters.jmx.config.lowercaseOutputName }} - rules: -{{ .Values.exporters.jmx.config.rules | toYaml | indent 6 }} - ssl: false - startDelaySeconds: {{ .Values.exporters.jmx.config.startDelaySeconds }} -{{- end }} diff --git a/kubernetes/common/music/charts/zookeeper/templates/job-chroots.yaml b/kubernetes/common/music/charts/zookeeper/templates/job-chroots.yaml deleted file mode 100644 index b857a0d7b1..0000000000 --- a/kubernetes/common/music/charts/zookeeper/templates/job-chroots.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- if .Values.jobs.chroots.enabled }} -{{- $root := . }} -{{- $job := .Values.jobs.chroots }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "common.fullname" . }}-chroots - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded - labels: - app: {{ template "common.name" . }} - chart: {{ .Chart.Name }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - component: jobs - job: chroots -spec: - activeDeadlineSeconds: {{ $job.activeDeadlineSeconds }} - backoffLimit: {{ $job.backoffLimit }} - completions: {{ $job.completions }} - parallelism: {{ $job.parallelism }} - template: - metadata: - labels: - app: {{ template "common.name" . }} - release: {{ include "common.release" . }} - component: jobs - job: chroots - spec: - restartPolicy: {{ $job.restartPolicy }} - containers: - - name: main - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.image.pullPolicy }} - command: - - /bin/bash - - -o - - pipefail - - -euc - {{- $port := .Values.service.ports.client.port }} - - > - sleep 15; - export SERVER={{ template "common.fullname" $root }}:{{ $port }}; - {{- range $job.config.create }} - echo '==> {{ . }}'; - echo '====> Create chroot if does not exist.'; - zkCli.sh -server {{ template "common.fullname" $root }}:{{ $port }} get {{ . }} 2>&1 >/dev/null | grep 'cZxid' - || zkCli.sh -server {{ template "common.fullname" $root }}:{{ $port }} create {{ . }} ""; - echo '====> Confirm chroot exists.'; - zkCli.sh -server {{ template "common.fullname" $root }}:{{ $port }} get {{ . }} 2>&1 >/dev/null | grep 'cZxid'; - echo '====> Chroot exists.'; - {{- end }} - env: - {{- range $key, $value := $job.env }} - - name: {{ $key | upper | replace "." "_" }} - value: {{ $value | quote }} - {{- end }} - resources: -{{ toYaml $job.resources | indent 12 }} -{{- end -}} diff --git a/kubernetes/common/music/charts/zookeeper/templates/poddisruptionbudget.yaml b/kubernetes/common/music/charts/zookeeper/templates/poddisruptionbudget.yaml deleted file mode 100644 index a4bc322a31..0000000000 --- a/kubernetes/common/music/charts/zookeeper/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: {{ template "common.fullname" . }} - labels: - app: {{ template "common.name" . }} - chart: {{ .Chart.Name }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - component: server -spec: - selector: - matchLabels: - app: {{ template "common.name" . }} - release: {{ include "common.release" . }} - component: server -{{ toYaml .Values.podDisruptionBudget | indent 2 }} diff --git a/kubernetes/common/music/charts/zookeeper/templates/pv.yaml b/kubernetes/common/music/charts/zookeeper/templates/pv.yaml deleted file mode 100644 index 6e53a9543d..0000000000 --- a/kubernetes/common/music/charts/zookeeper/templates/pv.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{/* -# Copyright © 2019 Amdocs, Bell Canada, Orange -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -{{- $global := . }} -{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) -}} -{{- range $i := until (int $global.Values.replicaCount)}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-data-{{ $i }} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.fullname" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }} -spec: - capacity: - storage: {{ $global.Values.persistence.size}} - accessModes: - - {{ $global.Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" $global }}-data" - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/common/music/charts/zookeeper/templates/service-headless.yaml b/kubernetes/common/music/charts/zookeeper/templates/service-headless.yaml deleted file mode 100644 index 31475a1c76..0000000000 --- a/kubernetes/common/music/charts/zookeeper/templates/service-headless.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.fullname" . }}-headless - labels: - app: {{ template "common.name" . }} - chart: {{ .Chart.Name }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - clusterIP: None - ports: -{{- range $key, $port := .Values.ports }} - - name: {{ $key }} - port: {{ $port.containerPort }} - targetPort: {{ $port.name }} - protocol: {{ $port.protocol }} -{{- end }} - selector: - app: {{ template "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/common/music/charts/zookeeper/templates/service.yaml b/kubernetes/common/music/charts/zookeeper/templates/service.yaml deleted file mode 100644 index 0ef3a28b27..0000000000 --- a/kubernetes/common/music/charts/zookeeper/templates/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - labels: - app: {{ template "common.name" . }} - chart: {{ .Chart.Name }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -{{- with .Values.service.annotations }} -{{ toYaml . | indent 4 }} -{{- end }} -spec: - type: {{ .Values.service.type }} - ports: - {{- range $key, $value := .Values.service.ports }} - - name: {{ $key }} -{{ toYaml $value | indent 6 }} - {{- end }} - selector: - app: {{ template "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/common/music/charts/zookeeper/templates/statefulset.yaml b/kubernetes/common/music/charts/zookeeper/templates/statefulset.yaml deleted file mode 100644 index 73224addef..0000000000 --- a/kubernetes/common/music/charts/zookeeper/templates/statefulset.yaml +++ /dev/null @@ -1,182 +0,0 @@ -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: {{ template "common.fullname" . }} - labels: - app: {{ template "common.name" . }} - chart: {{ .Chart.Name }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - component: server -spec: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - podAffinityTerm: - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - "{{ .Chart.Name }}" - serviceName: {{ template "common.fullname" . }}-headless - replicas: {{ .Values.replicaCount }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} - selector: - matchLabels: - app: {{ template "common.name" . }} - release: {{ include "common.release" . }} - component: server - updateStrategy: -{{ toYaml .Values.updateStrategy | indent 4 }} - template: - metadata: - labels: - app: {{ template "common.name" . }} - release: {{ include "common.release" . }} - component: server - {{- if .Values.podLabels }} - ## Custom pod labels - {{- range $key, $value := .Values.podLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - annotations: - {{- if .Values.podAnnotations }} - ## Custom pod annotations - {{- range $key, $value := .Values.podAnnotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - spec: -{{- if .Values.schedulerName }} - schedulerName: "{{ .Values.schedulerName }}" -{{- end }} - securityContext: -{{ toYaml .Values.securityContext | indent 8 }} - containers: - - - name: zookeeper - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.image.pullPolicy }} - command: - - /bin/bash - - -xec - - zkGenConfig.sh && exec zkServer.sh start-foreground - ports: -{{- range $key, $port := .Values.ports }} - - name: {{ $key }} -{{ toYaml $port | indent 14 }} -{{- end }} - livenessProbe: -{{ toYaml .Values.livenessProbe | indent 12 }} - readinessProbe: -{{ toYaml .Values.readinessProbe | indent 12 }} - env: - - name: ZK_REPLICAS - value: {{ .Values.replicaCount | quote }} - {{- range $key, $value := .Values.env }} - - name: {{ $key | upper | replace "." "_" }} - value: {{ $value | quote }} - {{- end }} - resources: -{{ include "common.resources" . }} - volumeMounts: - - name: {{ include "common.fullname" . }}-data - mountPath: /var/lib/zookeeper - -{{- if .Values.exporters.jmx.enabled }} - - name: jmx-exporter - image: "{{ .Values.exporters.jmx.image.repository }}:{{ .Values.exporters.jmx.image.tag }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.exporters.jmx.image.pullPolicy }} - ports: - {{- range $key, $port := .Values.exporters.jmx.ports }} - - name: {{ $key }} -{{ toYaml $port | indent 14 }} - {{- end }} - livenessProbe: -{{ toYaml .Values.exporters.jmx.livenessProbe | indent 12 }} - readinessProbe: -{{ toYaml .Values.exporters.jmx.readinessProbe | indent 12 }} - env: - - name: SERVICE_PORT - value: {{ .Values.exporters.jmx.ports.jmxxp.containerPort | quote }} - {{- with .Values.exporters.jmx.env }} - {{- range $key, $value := . }} - - name: {{ $key | upper | replace "." "_" }} - value: {{ $value | quote }} - {{- end }} - {{- end }} - resources: -{{ toYaml .Values.exporters.jmx.resources | indent 12 }} - volumeMounts: - - name: config-jmx-exporter - mountPath: /opt/jmx_exporter/config.yml - subPath: config.yml -{{- end }} - -{{- if .Values.exporters.zookeeper.enabled }} - - name: zookeeper-exporter - image: "{{ .Values.exporters.zookeeper.image.repository }}:{{ .Values.exporters.zookeeper.image.tag }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.exporters.zookeeper.image.pullPolicy }} - args: - - -bind-addr=:{{ .Values.exporters.zookeeper.ports.zookeeperxp.containerPort }} - - -metrics-path={{ .Values.exporters.zookeeper.path }} - - -zookeeper=localhost:{{ .Values.ports.client.containerPort }} - - -log-level={{ .Values.exporters.zookeeper.config.logLevel }} - - -reset-on-scrape={{ .Values.exporters.zookeeper.config.resetOnScrape }} - ports: - {{- range $key, $port := .Values.exporters.zookeeper.ports }} - - name: {{ $key }} -{{ toYaml $port | indent 14 }} - {{- end }} - livenessProbe: -{{ toYaml .Values.exporters.zookeeper.livenessProbe | indent 12 }} - readinessProbe: -{{ toYaml .Values.exporters.zookeeper.readinessProbe | indent 12 }} - env: - {{- range $key, $value := .Values.exporters.zookeeper.env }} - - name: {{ $key | upper | replace "." "_" }} - value: {{ $value | quote }} - {{- end }} - resources: -{{ toYaml .Values.exporters.zookeeper.resources | indent 12 }} -{{- end }} - - {{- with .Values.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if (or .Values.exporters.jmx.enabled (not .Values.persistence.enabled)) }} - volumes: - {{- if .Values.exporters.jmx.enabled }} - - name: config-jmx-exporter - configMap: - name: {{ include "common.release" . }}-jmx-exporter - {{- end }} - {{- end }} - {{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: {{ include "common.fullname" . }}-data - labels: - name: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- end }} diff --git a/kubernetes/common/music/charts/zookeeper/values.yaml b/kubernetes/common/music/charts/zookeeper/values.yaml deleted file mode 100644 index 28c9711e84..0000000000 --- a/kubernetes/common/music/charts/zookeeper/values.yaml +++ /dev/null @@ -1,282 +0,0 @@ -## As weighted quorums are not supported, it is imperative that an odd number of replicas -## be chosen. Moreover, the number of replicas should be either 1, 3, 5, or 7. -## -## ref: https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper#stateful-set -replicaCount: 3 # Desired quantity of ZooKeeper pods. This should always be (1,3,5, or 7) - -podDisruptionBudget: - maxUnavailable: 1 # Limits how many Zokeeper pods may be unavailable due to voluntary disruptions. - -terminationGracePeriodSeconds: 1800 # Duration in seconds a Zokeeper pod needs to terminate gracefully. - -## OnDelete requires you to manually delete each pod when making updates. -## This approach is at the moment safer than RollingUpdate because replication -## may be incomplete when replication source pod is killed. -## -## ref: http://blog.kubernetes.io/2017/09/kubernetes-statefulsets-daemonsets.html -updateStrategy: - type: OnDelete # Pods will only be created when you manually delete old pods. - -## refs: -## - https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper -## - https://github.com/kubernetes/contrib/blob/master/statefulsets/zookeeper/Makefile#L1 -image: - #repository: nexus3.onap.org:10001/library/zookeeper - #tag: 3.3 - repository: gcr.io/google_samples/k8szk # Container image repository for zookeeper container. - tag: v3 # Container image tag for zookeeper container. - pullPolicy: IfNotPresent # Image pull criteria for zookeeper container. - -service: - name: zookeeper - type: ClusterIP # Exposes zookeeper on a cluster-internal IP. - annotations: {} # Arbitrary non-identifying metadata for zookeeper service. - ## AWS example for use with LoadBalancer service type. - # external-dns.alpha.kubernetes.io/hostname: zookeeper.cluster.local - # service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" - # service.beta.kubernetes.io/aws-load-balancer-internal: "true" - ports: - client: - port: 2181 # Service port number for client port. - targetPort: client # Service target port for client port. - protocol: TCP # Service port protocol for client port. - - -ports: - client: - containerPort: 2181 # Port number for zookeeper container client port. - protocol: TCP # Protocol for zookeeper container client port. - election: - containerPort: 3888 # Port number for zookeeper container election port. - protocol: TCP # Protocol for zookeeper container election port. - server: - containerPort: 2888 # Port number for zookeeper container server port. - protocol: TCP # Protocol for zookeeper container server port. - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 500m - memory: 900Mi - requests: - cpu: 10m - memory: 730Mi - large: - limits: - cpu: 3 - memory: 2Gi - requests: - cpu: 2 - memory: 1Gi - unlimited: {} - -nodeSelector: {} # Node label-values required to run zookeeper pods. - -tolerations: [] # Node taint overrides for zookeeper pods. - -affinity: {} # Criteria by which pod label-values influence scheduling for zookeeper pods. -affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: "kubernetes.io/hostname" - labelSelector: - matchLabels: - release: zookeeper - -podAnnotations: {} # Arbitrary non-identifying metadata for zookeeper pods. - -podLabels: {} # Key/value pairs that are attached to zookeeper pods. - -livenessProbe: - exec: - command: - - zkOk.sh - initialDelaySeconds: 20 - -readinessProbe: - exec: - command: - - zkOk.sh - initialDelaySeconds: 20 - -securityContext: - fsGroup: 1000 - #runAsUser: 1000 - -persistence: - enabled: true - ## zookeeper data Persistent Volume Storage Class - ## If defined, storageClassName: <storageClass> - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - mountPath: /dockerdata-nfs - mountSubPath: music/zookeeper - size: 4Gi - -## Exporters query apps for metrics and make those metrics available for -## Prometheus to scrape. -exporters: - - jmx: - enabled: false - image: - repository: sscaling/jmx-prometheus-exporter - tag: 0.3.0 - pullPolicy: IfNotPresent - config: - lowercaseOutputName: false - rules: - - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+)><>(\\w+)" - name: "zookeeper_$2" - - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+)><>(\\w+)" - name: "zookeeper_$3" - labels: - replicaId: "$2" - - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+)><>(\\w+)" - name: "zookeeper_$4" - labels: - replicaId: "$2" - memberType: "$3" - - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+), name3=(\\w+)><>(\\w+)" - name: "zookeeper_$4_$5" - labels: - replicaId: "$2" - memberType: "$3" - startDelaySeconds: 30 - env: {} - resources: {} - path: /metrics - ports: - jmxxp: - containerPort: 9404 - protocol: TCP - livenessProbe: - httpGet: - path: /metrics - port: jmxxp - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 60 - failureThreshold: 8 - successThreshold: 1 - readinessProbe: - httpGet: - path: /metrics - port: jmxxp - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 60 - failureThreshold: 8 - successThreshold: 1 - - zookeeper: - enabled: false - image: - repository: josdotso/zookeeper-exporter - tag: v1.1.2 - pullPolicy: IfNotPresent - config: - logLevel: info - resetOnScrape: "true" - env: {} - resources: {} - path: /metrics - ports: - zookeeperxp: - containerPort: 9141 - protocol: TCP - livenessProbe: - httpGet: - path: /metrics - port: zookeeperxp - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 60 - failureThreshold: 8 - successThreshold: 1 - readinessProbe: - httpGet: - path: /metrics - port: zookeeperxp - initialDelaySeconds: 30 - periodSeconds: 15 - timeoutSeconds: 60 - failureThreshold: 8 - successThreshold: 1 - -env: - - ## Options related to JMX exporter. - JMXAUTH: "false" - JMXDISABLE: "false" - JMXPORT: 1099 - JMXSSL: "false" - - ## The port on which the server will accept client requests. - ZK_CLIENT_PORT: 2181 - - ## The port on which the ensemble performs leader election. - ZK_ELECTION_PORT: 3888 - - ## The JVM heap size. - ZK_HEAP_SIZE: 2G - - ## The number of Ticks that an ensemble member is allowed to perform leader - ## election. - ZK_INIT_LIMIT: 5 - - ## The Log Level that for the ZooKeeper processes logger. - ## Choices are `TRACE,DEBUG,INFO,WARN,ERROR,FATAL`. - ZK_LOG_LEVEL: INFO - - ## The maximum number of concurrent client connections that - ## a server in the ensemble will accept. - ZK_MAX_CLIENT_CNXNS: 60 - - ## The maximum session timeout that the ensemble will allow a client to request. - ## Upstream default is `20 * ZK_TICK_TIME` - ZK_MAX_SESSION_TIMEOUT: 40000 - - ## The minimum session timeout that the ensemble will allow a client to request. - ## Upstream default is `2 * ZK_TICK_TIME`. - ZK_MIN_SESSION_TIMEOUT: 4000 - - ## The delay, in hours, between ZooKeeper log and snapshot cleanups. - ZK_PURGE_INTERVAL: 0 - - ## The port on which the leader will send events to followers. - ZK_SERVER_PORT: 2888 - - ## The number of snapshots that the ZooKeeper process will retain if - ## `ZK_PURGE_INTERVAL` is set to a value greater than `0`. - ZK_SNAP_RETAIN_COUNT: 3 - - ## The number of Tick by which a follower may lag behind the ensembles leader. - ZK_SYNC_LIMIT: 10 - - ## The number of wall clock ms that corresponds to a Tick for the ensembles - ## internal time. - ZK_TICK_TIME: 2000 - -jobs: - chroots: - enabled: false - activeDeadlineSeconds: 300 - backoffLimit: 5 - completions: 1 - config: - create: [] - # - /kafka - # - /ureplicator - env: [] - parallelism: 1 - resources: {} - restartPolicy: Never diff --git a/kubernetes/common/music/values.yaml b/kubernetes/common/music/values.yaml index 51c467cf2f..fe4cbaee9c 100644 --- a/kubernetes/common/music/values.yaml +++ b/kubernetes/common/music/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. +# Copyright © 2018-2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index 0defa97c26..a9f2a5bbd4 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -73,7 +73,7 @@ mariadb-init: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/ccsdk-apps-ms-neng:0.6.3 +image: onap/ccsdk-apps-ms-neng:0.7.1 pullPolicy: IfNotPresent # application configuration diff --git a/kubernetes/consul/values.yaml b/kubernetes/consul/values.yaml index d55ea4666e..34272c6b96 100644 --- a/kubernetes/consul/values.yaml +++ b/kubernetes/consul/values.yaml @@ -61,7 +61,7 @@ service: {} ingress: enabled: false service: - - baseaddr: "consul-server" + - baseaddr: "consul.api" name: "consul-server" port: 8800 config: diff --git a/kubernetes/contrib/Makefile b/kubernetes/contrib/Makefile index 3e9d7a7eb1..eb9f025fc8 100644 --- a/kubernetes/contrib/Makefile +++ b/kubernetes/contrib/Makefile @@ -12,11 +12,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -make-contrib: make-contrib-awx make-contrib-netbox make-contrib-core +make-contrib: make-contrib-awx make-contrib-netbox make-contrib-ejbca make-contrib-core make-contrib-awx: cd components && helm dep up awx && helm lint awx +make-contrib-ejbca: + cd components && helm dep up ejbca && helm lint ejbca + make-contrib-netbox: cd components && helm dep up netbox && helm lint netbox diff --git a/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml index 67d13cf477..56315285cd 100755 --- a/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml +++ b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml @@ -60,7 +60,7 @@ spec: name: localtime readOnly: true - name: {{ include "common.fullname" . }}-data - mountPath: /var/lib/postgresql/data + mountPath: /var/lib/postgresql/ resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/contrib/components/ejbca/Chart.yaml b/kubernetes/contrib/components/ejbca/Chart.yaml new file mode 100644 index 0000000000..4de6930f0c --- /dev/null +++ b/kubernetes/contrib/components/ejbca/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP EJBCA test server +name: ejbca +version: 6.0.0 diff --git a/kubernetes/contrib/components/ejbca/requirements.yaml b/kubernetes/contrib/components/ejbca/requirements.yaml new file mode 100644 index 0000000000..e87bc08da3 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/requirements.yaml @@ -0,0 +1,25 @@ +# Copyright © 2020 Orange, Ericsson +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: mariadb-galera + version: ~6.x-0 + repository: '@local' + condition: global.mariadbGalera.localCluster + - name: mariadb-init + version: ~6.x-0 + repository: '@local' + condition: not global.mariadbGalera.localCluster diff --git a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh new file mode 100755 index 0000000000..f1bd07e158 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +waitForEjbcaToStart() { + until $(curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth --output /dev/null --silent --head --fail) + do + sleep 5 + done +} + +configureEjbca() { + ejbca.sh config cmp addalias --alias cmpRA + ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra + ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK} + ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe + ejbca.sh config cmp dumpalias --alias cmpRA + ejbca.sh config cmp addalias --alias cmp + ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true + ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe + ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password ${CLIENT_IAK} --type 1 --token USERGENERATED + ejbca.sh ra setclearpwd --username Node123 --password ${CLIENT_IAK} + ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN + ejbca.sh config cmp dumpalias --alias cmp + ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem +} + + +waitForEjbcaToStart +configureEjbca diff --git a/kubernetes/contrib/components/ejbca/templates/configmap.yaml b/kubernetes/contrib/components/ejbca/templates/configmap.yaml new file mode 100644 index 0000000000..d336bc9a94 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/templates/configmap.yaml @@ -0,0 +1,20 @@ +# Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ include "common.fullname" . }}-config-script" +data: +{{ tpl (.Files.Glob "resources/ejbca-config.sh").AsConfig . | indent 2 }} diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml new file mode 100644 index 0000000000..c6981e5fc4 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml @@ -0,0 +1,92 @@ +# Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - name: {{ include "common.name" . }}-db-readiness + command: + - /root/ready.py + args: + - --container-name + {{- if .Values.global.mariadbGalera.localCluster }} + - ejbca-galera + {{- else }} + - ejbca-config + {{- end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }}-ejbca + image: {{ .Values.ejbca.image }} + imagePullPolicy: {{ .Values.pullPolicy }} + lifecycle: + postStart: + exec: + command: ["/bin/sh", "-c", "/opt/primekey/scripts/ejbca-config.sh"] + volumeMounts: + - name: "{{ include "common.fullname" . }}-volume" + mountPath: /opt/primekey/scripts/ + ports: {{ include "common.containerPorts" . | nindent 10 }} + env: + - name: INITIAL_ADMIN + value: ";PublicAccessAuthenticationToken:TRANSPORT_ANY;" + - name: DATABASE_JDBC_URL + value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ .Values.mysqlDatabase }} + - name: DATABASE_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "login") | indent 10 }} + - name: DATABASE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "password") | indent 10 }} + - name: RA_IAK + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 10 }} + - name: CLIENT_IAK + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 10 }} + livenessProbe: + httpGet: + port: {{ .Values.liveness.port }} + path: {{ .Values.liveness.path }} + scheme: HTTPS + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + readinessProbe: + httpGet: + port: {{ .Values.readiness.port }} + path: {{ .Values.readiness.path }} + scheme: HTTPS + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: + - configMap: + name: "{{ include "common.fullname" . }}-config-script" + defaultMode: 0755 + name: "{{ include "common.fullname" . }}-volume" diff --git a/kubernetes/contrib/components/ejbca/templates/secret.yaml b/kubernetes/contrib/components/ejbca/templates/secret.yaml new file mode 100644 index 0000000000..ecb51ae4d3 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/contrib/components/ejbca/templates/service.yaml b/kubernetes/contrib/components/ejbca/templates/service.yaml new file mode 100644 index 0000000000..01680ee78e --- /dev/null +++ b/kubernetes/contrib/components/ejbca/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/contrib/components/ejbca/values.yaml b/kubernetes/contrib/components/ejbca/values.yaml new file mode 100644 index 0000000000..0db7ca14be --- /dev/null +++ b/kubernetes/contrib/components/ejbca/values.yaml @@ -0,0 +1,105 @@ +# Copyright © 2020, Nordix Foundation, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +global: + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.1 + mariadbGalera: &mariadbGalera + #This flag allows EJBCA to instantiate its own mariadb-galera cluster + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + +secrets: + - uid: ejbca-db-secret + name: &ejbca-db-secret '{{ include "common.release" . }}-ejbca-db-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.db.userPassword }}' + - uid: ejbca-server-ra-iak + name: '{{ include "common.release" . }}-ejbca-ra-iak' + type: password + password: '{{ .Values.config.ejbca.raIak }}' + - uid: ejbca-server-client-iak + name: '{{ include "common.release" . }}-ejbca-client-iak' + type: password + password: '{{ .Values.config.ejbca.clientIak }}' + +# application configuration +config: + db: + userName: ejbca + # userPassword: password + # userCredentialsExternalSecret: some-secret + ejbca: {} + # raIak: mypassword + # clientIak: mypassword + +mysqlDatabase: &dbName ejbca + +################################################################# +# Application configuration defaults. +################################################################# +# application configuration +replicaCount: 1 + +ejbca: + image: primekey/ejbca-ce:6.15.2.5 +pullPolicy: Always + +mariadb-galera: + # '&mariadbConfig' means we "store" the values for later use in the file + # with '*mariadbConfig' pointer. + config: &mariadbConfig + userCredentialsExternalSecret: *ejbca-db-secret + mysqlDatabase: *dbName + nameOverride: ejbca-galera + service: + name: ejbca-galera + portName: ejbca-galera + internalPort: 3306 + replicaCount: 1 + persistence: + enabled: true + mountSubPath: ejbca/maria/data + +mariadb-init: + config: *mariadbConfig + nameOverride: ejbca-config + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + path: /ejbca/publicweb/healthcheck/ejbcahealth + port: api + initialDelaySeconds: 30 + periodSeconds: 30 + +readiness: + path: /ejbca/publicweb/healthcheck/ejbcahealth + port: api + initialDelaySeconds: 30 + periodSeconds: 30 + +service: + type: ClusterIP + ports: + - name: api + port: 8443 + plain_port: 8080 + port_protocol: http diff --git a/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml b/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml index 45468e4969..3a4bb90b98 100755 --- a/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml +++ b/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml @@ -50,7 +50,7 @@ spec: name: localtime readOnly: true - name: {{ include "common.fullname" . }}-data - mountPath: /var/lib/postgresql/data + mountPath: /var/lib/postgresql/ resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/contrib/requirements.yaml b/kubernetes/contrib/requirements.yaml index 2574cea2c5..b1739312a7 100644 --- a/kubernetes/contrib/requirements.yaml +++ b/kubernetes/contrib/requirements.yaml @@ -16,11 +16,15 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' - - name: netbox - version: ~6.x-0 - repository: 'file://components/netbox' - condition: netbox.enabled - name: awx version: ~6.x-0 repository: 'file://components/awx' condition: awx.enabled + - name: ejbca + version: ~6.x-0 + repository: 'file://components/ejbca' + condition: global.cmpv2Enabled + - name: netbox + version: ~6.x-0 + repository: 'file://components/netbox' + condition: netbox.enabled diff --git a/kubernetes/contrib/values.yaml b/kubernetes/contrib/values.yaml index e15806ff1c..8a44934d8f 100644 --- a/kubernetes/contrib/values.yaml +++ b/kubernetes/contrib/values.yaml @@ -12,7 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + cmpv2Enabled: true + awx: enabled: true netbox: - enabled: true
\ No newline at end of file + enabled: true diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml index 23bb080690..eb4cf252d4 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-pgaas-initdb-inputs.yaml @@ -16,4 +16,4 @@ # ============LICENSE_END========================================================= k8s_pgaas_instance_fqdn: {{ .Values.postgres.service.name2 }}.{{include "common.namespace" . }} -k8s_initial_password: {{ .Values.postgres.config.pgRootPassword }} +k8s_initial_password: $PG_ROOT_PASSWORD diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml index a36164d164..9009f6b114 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml @@ -1,130 +1,150 @@ -#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: 1
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - dcae-cloudify-manager
- - --container-name
- - consul-server
- - --container-name
- - msb-discovery
- - --container-name
- - kube2msb
- - --container-name
- - dcae-config-binding-service
- - --container-name
- - dcae-db
- - --container-name
- - dcae-inventory-api
- - "-t"
- - "15"
-
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: init-tls
- env:
- - name: POD_IP
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: status.podIP
- - name: aaf_locator_fqdn
- value: dcae
- image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources: {}
- volumeMounts:
- - mountPath: /opt/app/osaaf
- name: tls-info
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- volumeMounts:
- - mountPath: /inputs
- name: {{ include "common.fullname" . }}-dcae-inputs
- - mountPath: /dcae-configs
- name: {{ include "common.fullname" . }}-dcae-config
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /certs
- name: tls-info
- readOnly: true
- env:
- - name: CMADDR
- value: {{ .Values.config.address.cm.host }}
- - name: CMPASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.name" . }}-cmpass
- key: password
- - name: CMPROTO
- value: {{ .Values.config.address.cm.proto }}
- - name: CMPORT
- value: !!string {{ .Values.config.address.cm.port }}
- - name: CONSUL
- value: {{ .Values.config.address.consul.host }}:{{ .Values.config.address.consul.port }}
- - name: DCAE_NAMESPACE
- value: {{ .Values.dcae_ns | default "" }}
- - name: ONAP_NAMESPACE
- value: {{ include "common.namespace" . }}
- volumes:
- - name: {{ include "common.fullname" . }}-dcae-inputs
- configMap:
- name: {{ include "common.fullname" . }}-dcae-inputs
- - name: {{ include "common.fullname" . }}-dcae-config
- configMap:
- name: {{ include "common.fullname" . }}-dcae-config
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: tls-info
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: 1 + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: PG_ROOT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-root-pass" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: {{ include "common.fullname" . }}-dcae-inputs-input + - mountPath: /config + name: {{ include "common.fullname" . }}-dcae-inputs + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + + - name: {{ include "common.name" . }}-readiness + image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - dcae-cloudify-manager + - --container-name + - consul-server + - --container-name + - msb-discovery + - --container-name + - kube2msb + - --container-name + - dcae-config-binding-service + - --container-name + - dcae-db + - --container-name + - dcae-inventory-api + - "-t" + - "15" + + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: init-tls + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: aaf_locator_fqdn + value: dcae + image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: {} + volumeMounts: + - mountPath: /opt/app/osaaf + name: tls-info + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: +{{ include "common.resources" . | indent 12 }} + volumeMounts: + - mountPath: /inputs + name: {{ include "common.fullname" . }}-dcae-inputs + - mountPath: /dcae-configs + name: {{ include "common.fullname" . }}-dcae-config + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /certs + name: tls-info + readOnly: true + env: + - name: CMADDR + value: {{ .Values.config.address.cm.host }} + - name: CMPASS + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-cmpass + key: password + - name: CMPROTO + value: {{ .Values.config.address.cm.proto }} + - name: CMPORT + value: !!string {{ .Values.config.address.cm.port }} + - name: CONSUL + value: {{ .Values.config.address.consul.host }}:{{ .Values.config.address.consul.port }} + - name: DCAE_NAMESPACE + value: {{ .Values.dcae_ns | default "" }} + - name: ONAP_NAMESPACE + value: {{ include "common.namespace" . }} + volumes: + - name: {{ include "common.fullname" . }}-dcae-inputs-input + configMap: + name: {{ include "common.fullname" . }}-dcae-inputs + - name: {{ include "common.fullname" . }}-dcae-inputs + emptyDir: + medium: Memory + - name: {{ include "common.fullname" . }}-dcae-config + configMap: + name: {{ include "common.fullname" . }}-dcae-config + - name: localtime + hostPath: + path: /etc/localtime + - name: tls-info + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml index d8b2ba2220..44395e48e8 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/secret.yaml @@ -29,3 +29,5 @@ metadata: type: Opaque data: password: YWRtaW4= +--- +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index a5bd69af02..5fcd916989 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -28,6 +28,15 @@ global: loggingImage: beats/filebeat:5.5.0 tlsRepository: nexus3.onap.org:10001 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 + envsubstImage: dibi/envsubst + +secrets: + - uid: pg-root-pass + name: &pgRootPassSecretName '{{ include "common.release" . }}-dcae-bootstrap-pg-root-pass' + type: password + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcae-bootstrap-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' + password: '{{ .Values.postgres.config.pgRootpassword }}' + policy: generate config: logstashServiceName: log-ls @@ -77,21 +86,10 @@ postgres: primary: dcae-pg-primary replica: dcae-pg-replica config: - pgPrimaryPassword: onapdemodb - pgRootPassword: onapdemodb + pgRootPasswordExternalSecret: *pgRootPassSecretName persistence: mountSubPath: dcae/data mountInitPath: dcae - pgpool: - nameOverride: dcae-pgpool - service: - name: dcae-pgpool - credentials: - pgpassword: onapdemodb - container: - name: - primary: dcae-pgpool-primary - replica: dcae-pgpool-replica mongo: nameOverride: dcae-mongo diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml index a926fb396b..bab034469b 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml @@ -126,11 +126,11 @@ spec: - name: consul_url value: http://consul-server-ui:8500 - name: postgres_user_dashboard - value: {{ .Values.postgres.config.pgUserName }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 14 }} + - name: postgres_password_dashboard + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 14 }} - name: postgres_db_name value: {{ .Values.postgres.config.pgDatabase }} - - name: postgres_password_dashboard - value: {{ .Values.postgres.config.pgUserPassword }} - name: postgres_ip value: {{ .Values.postgres.service.name2 }} - name: POD_IP @@ -169,4 +169,3 @@ spec: name: tls-info imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml new file mode 100644 index 0000000000..b143034d8f --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/secret.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml index fd7069450e..8e3f94dc64 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml @@ -27,6 +27,15 @@ global: tlsRepository: nexus3.onap.org:10001 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 +secrets: + - uid: pg-user-creds + name: &pgUserCredsSecretName '{{ include "common.release" . }}-dcae-dashboard-pg-user-creds' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "dcae-dashboard-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' + login: '{{ .Values.postgres.config.pgUserName }}' + password: '{{ .Values.postgres.config.pgUserPassword }}' + passwordPolicy: generate + config: logstashServiceName: log-ls logstashPort: 5044 @@ -81,10 +90,8 @@ postgres: replica: dcae-dashboard-pg-replica config: pgUserName: dashboard_pg_admin + pgUserExternalSecret: *pgUserCredsSecretName pgDatabase: dashboard_pg_db_common - pgPrimaryPassword: onapdemodb - pgUserPassword: onapdemodb - pgRootPassword: onapdemodb pgPort: "5432" persistence: mountSubPath: dcae-dashboard/data diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json b/kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json index d9927314e1..4be8c195d2 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json @@ -1,8 +1,8 @@ { "database": { "driverClass": "org.postgresql.Driver", - "user": "{{ .Values.postgres.config.pgUserName }}", - "password": "{{ .Values.postgres.config.pgUserPassword }}", + "user": "${PG_USER}", + "password": "${PG_PASSWORD}", "url": "jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }}", "properties": { "charSet": "UTF-8" diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml index 6769c00a2d..bf49157762 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml @@ -34,6 +34,25 @@ spec: release: {{ include "common.release" . }} spec: initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: PG_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }} + - name: PG_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }} + volumeMounts: + - mountPath: /config-input + name: {{ include "common.fullname" . }}-inv-config-input + - mountPath: /config + name: {{ include "common.fullname" . }}-inv-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - name: {{ include "common.name" . }}-readiness image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -135,11 +154,13 @@ spec: defaultMode: 420 name: {{ include "common.fullname" . }}-filebeat-configmap name: filebeat-conf - - name: {{ include "common.fullname" . }}-inv-config + - name: {{ include "common.fullname" . }}-inv-config-input configMap: name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-inv-config + emptyDir: + medium: Memory - emptyDir: {} name: tls-info imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/secret.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/secret.yaml new file mode 100644 index 0000000000..b143034d8f --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/secret.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# # +# # Licensed under the Apache License, Version 2.0 (the "License"); +# # you may not use this file except in compliance with the License. +# # You may obtain a copy of the License at +# # +# # http://www.apache.org/licenses/LICENSE-2.0 +# # +# # Unless required by applicable law or agreed to in writing, software +# # distributed under the License is distributed on an "AS IS" BASIS, +# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# # See the License for the specific language governing permissions and +# # limitations under the License. +*/}} +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml index 51af963343..a26ae5d196 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml @@ -26,10 +26,20 @@ global: loggingImage: beats/filebeat:5.5.0 tlsRepository: nexus3.onap.org:10001 tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 + envsubstImage: dibi/envsubst repositoryCred: user: docker password: docker +secrets: + - uid: pg-user-creds + name: &pgUserCredsSecretName '{{ include "common.release" . }}-dcae-inventory-api-pg-user-creds' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "dcae-inventory-api-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' + login: '{{ .Values.postgres.config.pgUserName }}' + password: '{{ .Values.postgres.config.pgUserPassword }}' + passwordPolicy: generate + config: logstashServiceName: log-ls logstashPort: 5044 @@ -82,24 +92,11 @@ postgres: replica: dcae-inv-pg-replica config: pgUserName: dcae_inv + pgUserExternalSecret: *pgUserCredsSecretName pgDatabase: dcae_inventory - pgPrimaryPassword: onapdemodb - pgUserPassword: onapdemodb - pgRootPassword: onapdemodb persistence: mountSubPath: dcae-inv/data mountInitPath: dcae-inv - pgpool: - nameOverride: dcae-inv-pgpool - service: - name: dcae-inv-pgpool - credentials: - pgusername: ddcae_inv - pgpassword: onapdemodb - container: - name: - primary: dcae-inv-pgpool-primary - replica: dcae-inv-pgpool-replica # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml index e0cb1dd21b..d2bba1124e 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml @@ -57,4 +57,4 @@ output.logstash: #ssl.key: $ssl.key #The passphrase used to decrypt an encrypted key stored in the configured key file - #ssl.key_passphrase: $ssl.key_passphrase
\ No newline at end of file + #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties index 3a95b5a221..784a35e25b 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties @@ -38,11 +38,11 @@ LogUploadURL=https://{{ .Values.global.dmaapDrProvName }}:{{ .Values.global.dmaa # The port number for http as seen within the server # #IntHttpPort: ${DRTR_NODE_INTHTTPPORT:-8080} -IntHttpPort={{.Values.config.dmaapDrNode.internalPort}} +IntHttpPort={{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }} # # The port number for https as seen within the server # -IntHttpsPort={{.Values.config.dmaapDrNode.internalPort2}} +IntHttpsPort={{ include "common.getPort" (dict "global" . "name" "api") }} # # The external port number for https taking port mapping into account # @@ -59,7 +59,7 @@ MinRedirSaveInterval=10000 # # The path to the directory where log files are stored # -LogDir=/opt/app/datartr/logs +LogDir={{ .Values.persistence.event.path }} # # The retention interval (in days) for log files # @@ -67,7 +67,7 @@ LogRetention=30 # # The path to the directories where data and meta data files are stored # -SpoolDir=/opt/app/datartr/spool +SpoolDir={{ .Values.persistence.spool.path }} # # The path to the redirection data file # @@ -101,5 +101,4 @@ AAFAction = publish CadiEnabled = false # # AAF Props file path -AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props - +AAFPropsFilePath = {{ .Values.aafConfig.credsPath }}/org.onap.dmaap-dr.props diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt b/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt index 65597e062f..62aeffbe80 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt @@ -17,17 +17,17 @@ {{- range .Values.ingress.hosts }} http://{{ . }} {{- end }} -{{- else if contains "NodePort" .Values.config.dmaapDrNode.servicetype }} +{{- else if contains "NodePort" .Values.service.type }} export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.config.dmaapDrNode.servicetype }} +{{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP:{{.Values.config.dmaapDrNode.externalPort}} -{{- else if contains "ClusterIP" .Values.config.dmaapDrNode.servicetype }} +{{- else if contains "ClusterIP" .Values.service.type }} export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{.Values.config.dmaapDrNode.internalPort}} -{{- end }}
\ No newline at end of file + kubectl port-forward $POD_NAME 8080:{{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }} +{{- end }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml index e9ab9c96fe..d03d61690c 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml @@ -1,27 +1,9 @@ apiVersion: batch/v1 kind: Job -metadata: - name: {{ include "common.fullname" . }}-post-install - labels: - app.kubernetes.io/managed-by: {{.Release.Service | quote }} - app.kubernetes.io/instance: {{include "common.release" . | quote }} - helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" - release: {{ include "common.release" . }} - annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. - "helm.sh/hook": post-install - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": hook-succeeded +metadata: {{ include "common.resourceMetadata" (dict "dot" . "suffix" "post-install" "annotations" .Values.job.annotations) | nindent 2 }} spec: template: - metadata: - name: {{ include "common.fullname" . }} - labels: - app.kubernetes.io/managed-by: {{.Release.Service | quote }} - app.kubernetes.io/instance: {{include "common.release" . | quote }} - helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: restartPolicy: Never containers: @@ -50,15 +32,12 @@ spec: # NOTE: the basename of the subdirectory is important - it matches the DBCL API URI - name: {{ include "common.fullname" . }}-dbc-drnodes mountPath: /opt/app/config/dr_nodes/ - resources: -{{ include "common.resources" . | indent 10 }} + resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} volumes: - name: localtime diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml deleted file mode 100644 index 4c30f58a6c..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{/* - # ============LICENSE_START======================================================= - # Copyright (C) 2019 Nordix Foundation. - # ================================================================================ - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # ============LICENSE_END========================================================= -*/}} - - -{{- if .Values.global.aafEnabled }} -{{- $global := . }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -{{- if (include "common.needPV" .) -}} -{{- range $i := until (int $global.Values.replicaCount)}} ---- -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-aaf-props-{{ $i }} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.name" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }}-aaf-props -spec: - capacity: - storage: {{ $global.Values.persistence.aafCredsSize }} - accessModes: - - {{ $global.Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" $global }}-data-aaf-props" - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.aafCredsMountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml index c7ecb07452..59b7b8c30e 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml @@ -1,7 +1,7 @@ {{/* - # ============LICENSE_START======================================================= - # Copyright (C) 2019 Nordix Foundation. - # ================================================================================ + # ============LICENSE_START=================================================== + # Copyright (C) 2020 Nordix Foundation, Orange. + # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -15,37 +15,7 @@ # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 - # ============LICENSE_END========================================================= + # ============LICENSE_END===================================================== */}} ---- -{{- $global := . }} -{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if (include "common.needPV" .) -}} -{{- range $i := until (int $global.Values.replicaCount)}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-event-logs-{{ $i }} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.fullname" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }}-event-logs -spec: - capacity: - storage: {{ $global.Values.persistence.eventLogSize}} - accessModes: - - {{ $global.Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" $global }}-data-event-logs" - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.eventLogsMountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} +{{ include "common.replicaPV" (dict "dot" . "suffix" "event-logs" "persistenceInfos" .Values.persistence.event) }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml index 094e92a4ad..8ada88319d 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml @@ -1,7 +1,7 @@ {{/* - # ============LICENSE_START======================================================= - # Copyright (C) 2019 Nordix Foundation. - # ================================================================================ + # ============LICENSE_START=================================================== + # Copyright (C) 2020 Nordix Foundation, Orange. + # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -15,36 +15,7 @@ # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 - # ============LICENSE_END========================================================= + # ============LICENSE_END===================================================== */}} -{{- $global := . }} -{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if (include "common.needPV" .) -}} -{{- range $i := until (int $global.Values.replicaCount)}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-spool-data-{{$i}} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.fullname" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }}-spool-data -spec: - capacity: - storage: {{ $global.Values.persistence.spoolSize}} - accessModes: - - {{ $global.Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" $global }}-data" - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.spoolMountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} +{{ include "common.replicaPV" (dict "dot" . "suffix" "spool" "persistenceInfos" .Values.persistence.spool) }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml new file mode 100644 index 0000000000..f8c32e0670 --- /dev/null +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml index 77aae1dd41..4ad43acf2a 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml @@ -12,40 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{.Values.config.dmaapDrNode.name}} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" -spec: - type: {{.Values.config.dmaapDrNode.servicetype}} - ports: - {{if eq .Values.config.dmaapDrNode.servicetype "NodePort" -}} - {{- if .Values.global.allow_http }} - - port: {{.Values.config.dmaapDrNode.externalPort}} - targetPort: {{.Values.config.dmaapDrNode.internalPort}} - nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{.Values.config.dmaapDrNode.nodePort}} - name: {{.Values.config.dmaapDrNode.name}} - {{- end}} - - port: {{.Values.config.dmaapDrNode.externalPort2}} - targetPort: {{.Values.config.dmaapDrNode.internalPort2}} - nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{.Values.config.dmaapDrNode.nodePort2}} - name: {{.Values.config.dmaapDrNode.name}}2 - {{- else -}} - - port: {{.Values.config.dmaapDrNode.externalPort}} - targetPort: {{.Values.config.dmaapDrNode.internalPort}} - name: {{.Values.config.dmaapDrNode.name}} - - port: {{.Values.config.dmaapDrNode.externalPort2}} - targetPort: {{.Values.config.dmaapDrNode.internalPort2}} - name: {{.Values.config.dmaapDrNode.name}}2 - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }}
\ No newline at end of file +{{ include "common.service" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml index 5ef7c2f242..6d797156d8 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml @@ -11,24 +11,15 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: apps/v1beta1 +apiVersion: apps/v1 kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + selector: {{- include "common.selectors" . | nindent 4 }} + serviceName: {{ include "common.servicename" . }} replicas: {{ .Values.replicaCount }} - serviceName: {{ .Values.config.dmaapDrNode.name }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - name: {{ include "common.name" . }}-readiness @@ -45,94 +36,37 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - {{- if .Values.global.aafEnabled }} - - name: {{ include "common.name" . }}-aaf-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/ready.py - args: - - --container-name - - aaf-locate - - --container-name - - aaf-cm - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: {{ include "common.name" . }}-dr-node-aaf-config - image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.fullname" . }}-aaf-props - command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"] - env: - - name: APP_FQI - value: "{{ .Values.aafConfig.fqi }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace }}:8095" - - name: aaf_locator_container - value: "{{ .Values.global.aafLocatorContainer }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_fqdn - value: "{{ .Values.aafConfig.fqdn }}" - - name: aaf_locator_public_fqdn - value: "{{.Values.aafConfig.publicFqdn}}" - - name: aaf_locator_app_ns - value: "{{ .Values.global.aafAppNs }}" - - name: DEPLOY_FQI - value: "{{ .Values.aafConfig.aafDeployFqi }}" - - name: DEPLOY_PASSWORD - value: "{{ .Values.aafConfig.aafDeployPass }}" - - name: cadi_longitude - value: "{{ .Values.aafConfig.cadiLongitude }}" - - name: cadi_latitude - value: "{{ .Values.aafConfig.cadiLatitude }}" - {{- end }} + {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config" . | nindent 8 }}{{ end }} - name: {{ include "common.name" . }}-permission-fixer image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: {{ .Values.persistence.spoolPath }} - name: {{ include "common.fullname" . }}-data - - mountPath: {{ .Values.persistence.eventLogsPath }} + volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }} + - mountPath: {{ .Values.persistence.spool.path }} + name: {{ include "common.fullname" . }}-spool + - mountPath: {{ .Values.persistence.event.path }} name: {{ include "common.fullname" . }}-event-logs - {{- if .Values.global.aafEnabled }} - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.fullname" . }}-aaf-props - {{- end }} command: ["chown","-Rf","1000:1001", "/opt/app/"] containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{.Values.config.dmaapDrNode.externalPort}} - - containerPort: {{.Values.config.dmaapDrNode.externalPort2}} + ports: {{ include "common.containerPorts" . | nindent 12 }} {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{.Values.config.dmaapDrNode.internalPort}} + port: {{.Values.liveness.port}} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{.Values.config.dmaapDrNode.internalPort}} + port: {{.Values.readiness.port}} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - {{- if .Values.global.aafEnabled }} - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.fullname" . }}-aaf-props - {{- end }} - - mountPath: {{ .Values.persistence.spoolPath }} - name: {{ include "common.fullname" . }}-data - - mountPath: {{ .Values.persistence.eventLogsPath }} + volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }} + - mountPath: {{ .Values.persistence.spool.path }} + name: {{ include "common.fullname" . }}-spool + - mountPath: {{ .Values.persistence.event.path }} name: {{ include "common.fullname" . }}-event-logs - mountPath: /etc/localtime name: localtime @@ -145,15 +79,12 @@ spec: subPath: logback.xml - mountPath: {{ .Values.global.loggingDirectory }} name: {{ include "common.fullname" . }}-logs - resources: -{{ include "common.resources" . }} + resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end -}} # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap @@ -169,7 +100,7 @@ spec: mountPath: /var/log/onap/datarouter-node imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - volumes: + volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime @@ -192,56 +123,11 @@ spec: {{- if not .Values.persistence.enabled }} - name: {{ include "common.fullname" . }}-event-logs emptyDir: {} - - name: {{ include "common.fullname" . }}-data - emptyDir: {} - {{- if .Values.global.aafEnabled }} - - name: {{ include "common.fullname" . }}-aaf-props + - name: {{ include "common.fullname" . }}-spool emptyDir: {} {{- end }} - {{- end }} {{- if .Values.persistence.enabled }} volumeClaimTemplates: - - metadata: - name: {{ include "common.fullname" . }}-data - labels: - name: {{ include "common.fullname" . }} - spec: - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.spoolSize }} - - metadata: - name: {{ include "common.fullname" . }}-event-logs - labels: - name: {{ include "common.fullname" . }} - spec: - accessModes: - - {{ .Values.persistence.accessMode }} - {{- if eq "True" (include "common.needPV" .) }} - storageClassName: "{{ include "common.fullname" . }}-data-event-logs" - {{- else }} - storageClassName: {{ include "common.storageClass" . }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.eventLogSize }} -{{- if .Values.global.aafEnabled }} - - metadata: - name: {{ include "common.fullname" . }}-aaf-props - labels: - name: {{ include "common.fullname" . }} - spec: - accessModes: - - {{ .Values.persistence.accessMode }} - {{- if eq "True" (include "common.needPV" .) }} - storageClassName: "{{ include "common.fullname" . }}-data-aaf-props" - {{- else }} - storageClassName: {{ include "common.storageClass" . }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.aafCredsSize }} -{{- end }} + - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "spool" "persistenceInfos" .Values.persistence.spool) | indent 4 | trim }} + - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "event-logs" "persistenceInfos" .Values.persistence.event) | indent 4 | trim }} {{- end }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index 9ed8a0b8e8..5c32d9950d 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -18,6 +18,7 @@ global: loggingDirectory: /var/log/onap/datarouter persistence: {} + aafEnabled: true ################################################################# # Application configuration defaults. @@ -45,40 +46,70 @@ liveness: # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: api readiness: initialDelaySeconds: 30 periodSeconds: 10 + port: api ## Persist data to a persitent volume persistence: enabled: true - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce mountPath: /dockerdata-nfs + spool: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountSubPath: data-router/dr-node/spool-data + size: 2Gi + path: /opt/app/datartr/spool + labels: + app.kubernetes.io/component: spool + + event: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountSubPath: data-router/dr-node/event-logs + path: /opt/app/datartr/logs + size: 2Gi + labels: + app.kubernetes.io/component: event-logs + +job: + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "-2" + "helm.sh/hook-delete-policy": hook-succeeded - spoolMountSubPath: data-router/dr-node/spool-data - spoolSize: 2Gi - spoolPath: /opt/app/datartr/spool - - eventLogsMountSubPath: data-router/dr-node/event-logs - eventLogSize: 2Gi - eventLogsPath: /opt/app/datartr/logs - - aafCredsMountSubPath: data-router/dr-node/aaf-props - aafCredsSize: 10M - aafCredsPath: /opt/app/osaaf/local - -#AAF local config +################################################################# +# AAF part +################################################################# aafConfig: aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! fqdn: dmaap-dr-node fqi: dmaap-dr-node@dmaap-dr.onap.org - publicFqdn: dmaap-dr.onap.org - cadiLatitude: 0.0 - cadiLongitude: 0.0 + public_fqdn: dmaap-dr.onap.org + cadi_longitude: 0.0 + cadi_latitude: 0.0 + app_ns: org.osaaf.aaf + permission_user: 1000 + permission_group: 1001 + secret_uid: &aaf_secret_uid dmaap-dr-node-aaf-deploy-creds + credsPath: /opt/app/osaaf/local +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: *aaf_secret_uid + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aafConfig.aafDeployFqi }}' + password: '{{ .Values.aafConfig.aafDeployPass }}' + passwordPolicy: required ingress: enabled: false @@ -109,19 +140,22 @@ resources: memory: 2Gi unlimited: {} +service: + type: NodePort + name: dmaap-dr-node + useNodePortExt: true + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + ports: + - name: api + port: 8443 + plain_port: 8080 + port_protocol: http + nodePort: 94 + config: # dr node server configuration dmaapDrNode: - servicetype: NodePort - name: dmaap-dr-node - externalPort: 8080 - externalPort2: 8443 - internalPort: 8080 - internalPort2: 8443 - portName: dr-node-port - portName2: dr-node-port2 - nodePort: 93 - nodePort2: 94 # dr uses the EELF Logging framework https://github.com/att/EELF # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF logLevel: "INFO" diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml index 4ba11ec8c7..0163fbd5d4 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml @@ -82,6 +82,7 @@ spec: - sh - -exec - | + rm -rf '/var/lib/kafka/data/lost+found'; chown -R 1000:0 /var/lib/kafka/data; image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml index 78721169d4..f742419b46 100644 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ b/kubernetes/dmaap/components/message-router/values.yaml @@ -95,6 +95,13 @@ prometheus: ingress: enabled: false + service: + - baseaddr: "mr.api" + name: "message-router" + port: 3905 + config: + ssl: "redirect" + # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/log/charts/log-kibana/values.yaml b/kubernetes/log/charts/log-kibana/values.yaml index d69ab8ef42..8d4b49e20f 100644 --- a/kubernetes/log/charts/log-kibana/values.yaml +++ b/kubernetes/log/charts/log-kibana/values.yaml @@ -81,7 +81,7 @@ service: ingress: enabled: false service: - - baseaddr: "logkibana" + - baseaddr: "kibana.api" name: "log-kibana" port: 5601 config: @@ -105,4 +105,4 @@ resources: requests: cpu: 2 memory: 4Gi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml index 00c2661391..f294abf14e 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/deployment.yaml @@ -73,6 +73,10 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: + - name: MSB_PROTO + value: "{{ .Values.global.config.msbProtocol }}" + - name: SSL_ENABLED + value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml index c4aad67beb..61aefa570c 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/templates/service.yaml @@ -30,14 +30,16 @@ metadata: "url": "/api/parser/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" }, { - "serviceName": "etsicatalog", + "serviceName": "catalog", "version": "v1", "url": "/api/catalog/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" }, { @@ -46,6 +48,7 @@ metadata: "url": "/api/nsd/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" }, { @@ -54,6 +57,7 @@ metadata: "url": "/api/vnfpkgm/v1", "protocol": "REST", "port": "{{.Values.service.externalPort}}", + "enable_ssl": {{ .Values.global.config.ssl_enabled }}, "visualRange":"1" } ]' diff --git a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml index af0d4730ac..a278a47e4a 100644 --- a/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/charts/modeling-etsicatalog/values.yaml @@ -23,6 +23,8 @@ global: loggingImage: beats/filebeat:5.5.0 config: + ssl_enabled: false + msbProtocol: https msbServiceName: msb-iag msbPort: 443 diff --git a/kubernetes/msb/charts/kube2msb/values.yaml b/kubernetes/msb/charts/kube2msb/values.yaml index af845939a5..556931d07e 100644 --- a/kubernetes/msb/charts/kube2msb/values.yaml +++ b/kubernetes/msb/charts/kube2msb/values.yaml @@ -24,7 +24,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/oom/kube2msb:1.1.0 +image: onap/oom/kube2msb:1.2.6 pullPolicy: Always istioSidecar: true @@ -70,4 +70,4 @@ resources: requests: cpu: 1 memory: 1Gi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/msb/charts/msb-discovery/values.yaml b/kubernetes/msb/charts/msb-discovery/values.yaml index 268385d59f..9f8f061d8e 100644 --- a/kubernetes/msb/charts/msb-discovery/values.yaml +++ b/kubernetes/msb/charts/msb-discovery/values.yaml @@ -60,7 +60,7 @@ service: ingress: enabled: false service: - - baseaddr: "msbdiscovery" + - baseaddr: "msb.api.discovery" name: "msb-discovery" port: 10081 config: diff --git a/kubernetes/msb/charts/msb-eag/values.yaml b/kubernetes/msb/charts/msb-eag/values.yaml index c5820ae3dc..60c197327e 100644 --- a/kubernetes/msb/charts/msb-eag/values.yaml +++ b/kubernetes/msb/charts/msb-eag/values.yaml @@ -24,7 +24,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/msb/msb_apigateway:1.2.6 +image: onap/msb/msb_apigateway:1.2.7 pullPolicy: Always istioSidecar: true diff --git a/kubernetes/msb/charts/msb-iag/values.yaml b/kubernetes/msb/charts/msb-iag/values.yaml index 00adb83658..a927816492 100644 --- a/kubernetes/msb/charts/msb-iag/values.yaml +++ b/kubernetes/msb/charts/msb-iag/values.yaml @@ -24,7 +24,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/msb/msb_apigateway:1.2.6 +image: onap/msb/msb_apigateway:1.2.7 pullPolicy: Always istioSidecar: true diff --git a/kubernetes/msb/resources/config/certificates/ca.crt b/kubernetes/msb/resources/config/certificates/ca.crt new file mode 100644 index 0000000000..62da777a58 --- /dev/null +++ b/kubernetes/msb/resources/config/certificates/ca.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDkjCCAnoCCQCHtNgoWafiHzANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC +Q04xETAPBgNVBAgMCHNpY2h1YW5nMRAwDgYDVQQHDAdjaGVuZ2R1MQwwCgYDVQQK +DAN6dGUxDjAMBgNVBAsMBXplbmFwMTgwNgYDVQQDDC9aVEUgT3BlblBhbGV0dGUg +Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzAeFw0xNzAzMTcwMTU2MjBa +Fw0yNzAzMTUwMTU2MjBaMIGKMQswCQYDVQQGEwJDTjERMA8GA1UECAwIc2ljaHVh +bmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAKBgNVBAoMA3p0ZTEOMAwGA1UECwwFemVu +YXAxODA2BgNVBAMML1pURSBPcGVuUGFsZXR0ZSBSb290IENlcnRpZmljYXRlIEF1 +dGhvcml0eSAyMDE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23LK +Eq56pVzsRbYJ6NMdk82QfLjnp+f7KzdQ46SfwldG3gmipasPwDXV9jT9FvUlX8s/ +mRphOyuZ7vDzL2QjlS/FBATTWrJ2VCJmBVlzVu4STZ6YrxpQrSAalGkiYd9uT2Yt +2quNUPCsZSlJ8qJCYs098bJ2XTsK0JBby94j3nTdvNWhhErrheWdG/CHje32sKog +6BxN4GzMeZ2fUd0vKsqBs89M0pApdjpRMqEGHg+Lri4iiE9kKa/Y8S3V6ggJZjbp +7xs7N0miy/paeosjfFe5U6mhumUSZPFy8ueAgGxqBkwvLJwCY3HYcrsFGaXTu+c3 +p2q1Adygif1h43HrvQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAb/cgmsCxvQmvu +5e4gpn5WEMo0k7F6IAghd8139i9vmtQ88reYZvfiVsp/5ZjNnNj75lLbjjexDkPA +bdnAiJfRKOrMaPqY6Bem4v8lPu1B/kj1umn4BXOCC1kpcH/2JCmvI8uh49SSlT9J +wUSKWw8Qhy9XKN692y02QZke9Xp2HoFvMUlntglmQUIRO5eBYLQCSWpfv/iyMs6w +ar7Tk1p2rURpRh02P7WFQ5j5fxXEOrkMT7FX80EB3AddSthstj2iDlUcqfG3jXH/ +FA5r1q45kMUaMYxV9WIE67Vt0RaxrUJYWDR2kDSSox7LR5GpjWiSlPAfcLCeVuA3 +3lR7lW/J +-----END CERTIFICATE----- diff --git a/kubernetes/msb/resources/config/certificates/cert.crt b/kubernetes/msb/resources/config/certificates/cert.crt new file mode 100644 index 0000000000..7d1314f59e --- /dev/null +++ b/kubernetes/msb/resources/config/certificates/cert.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqjCCApKgAwIBAgIJAOQWcdss4Qu5MA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD +VQQGEwJDTjERMA8GA1UECAwIc2ljaHVhbmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAK +BgNVBAoMA3p0ZTEOMAwGA1UECwwFemVuYXAxODA2BgNVBAMML1pURSBPcGVuUGFs +ZXR0ZSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE3MB4XDTIwMDQyMjAy +NTc1MFoXDTIyMDQyMjAyNTc1MFowYDELMAkGA1UEBhMCQ04xEDAOBgNVBAgMB1Np +Y2h1YW4xEDAOBgNVBAcMB0NoZW5nZHUxDTALBgNVBAoMBE9OQVAxDDAKBgNVBAsM +A01TQjEQMA4GA1UEAwwHbXNiLWlhZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAMa1YlTIL8APcmASbxrD7Q9BhWL9Hwi+FKO4HsIrSiJj/A/FLVe3kV2a +xA7b5wdv44P0qQnh3pc0djlnZ47Fgli3lhEZ33+j5vrXHCjEFKiZZVeO+y/p+OcZ +VMNiL+MPJNTNgMkPoaljs/U6fn6fFyAgMMIqqigxHJaNvz7IH+UpqbWWzZo7+JqC +lBi8t5ZIDk18/3cPQWXIne+3MoYULdEayAS8/4wYoJANH1knmSG+J07f9uCXniiz +4zFFngMGHm4kuKXJCAl5E6S5fPzsLKqtwbbn9kJNyWoNFDuc7zW5dPfqPVckHHQ8 +Dx0q2111UgrzrBZMW1RKmcwB+1YXip8CAwEAAaM8MDowCQYDVR0TBAIwADALBgNV +HQ8EBAMCBeAwIAYDVR0RBBkwF4IVKi5zaW1wbGVkZW1vLm9uYXAub3JnMA0GCSqG +SIb3DQEBCwUAA4IBAQCXSECDNzsg2MhVIVvviqxhpZWZ3sa7KxXlyd9iSmBzkneS ++XiyUC575ZM3lmh1Kme35bWgz5R/w76XLSMBPxIX6uZ4HVNQqwSPv63Nk9+ON3IN +iCn6ehHKJgT0rpx/aB3sIcE1hEtIWLGaaKVEb3DOuDbkbBT9eJbIgHKkT80PKynK +l35dQRMiGBQiD8cBUxTOJaj7QohZ/aUWArZCOl0uvddkrs/IOCMY3BDQ0WZ7RYp3 +LwpgZVPzkVRaSLSq3TS07Re+nZcaht69T6mdMY5V0gW20O4J2nWMaldSmlNqcddb +Nl5Xn0lRMW651ZzxEkcaXNtR78yLYi2JXtyQBgVA +-----END CERTIFICATE----- diff --git a/kubernetes/nbi/requirements.yaml b/kubernetes/nbi/requirements.yaml index 4bd4fd863e..7ce343627a 100644 --- a/kubernetes/nbi/requirements.yaml +++ b/kubernetes/nbi/requirements.yaml @@ -20,6 +20,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' - name: mongo version: ~6.x-0 repository: '@local' diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml index 3283239100..22dd4a1ded 100644 --- a/kubernetes/nbi/templates/deployment.yaml +++ b/kubernetes/nbi/templates/deployment.yaml @@ -33,7 +33,7 @@ spec: name: {{ include "common.fullname" . }} spec: {{- if .Values.global.aafEnabled }} - initContainers: {{ include "common.aaf-config" . | nindent 6 }} + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} {{- end }} containers: - name: {{ include "common.name" . }} @@ -49,18 +49,15 @@ spec: args: - -c - | - export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0) + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) export JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \ - -Dserver.ssl.key-store={{ .Values.aafConfig.credsPath }}/org.onap.nbi.p12 \ + -Dserver.ssl.key-store={{ .Values.certInitializer.credsPath }}/org.onap.nbi.p12 \ -Dserver.ssl.key-store-type=PKCS12 \ - -Djavax.net.ssl.trustStore={{ .Values.aafConfig.credsPath }}/org.onap.nbi.trust.jks \ + -Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/org.onap.nbi.trust.jks \ -Dserver.ssl.key-store-password=$cadi_keystore_password_p12 \ -Djavax.net.ssl.trustStoreType=jks\ -Djava.security.egd=file:/dev/./urandom -Dserver.port=8443" - {{- if eq "DEBUG" .Values.config.loglevel }} - export JAVA_DEBUG="-Djavax.net.debug=all" - {{- end }} - exec java -XX:+UseContainerSupport $JAVA_DEBUG $JAVA_OPTS -jar /opt/onap/app.jar + exec java -XX:+UseContainerSupport $JAVA_OPTS -jar /opt/onap/app.jar {{- end }} {{ if .Values.liveness.enabled }} livenessProbe: @@ -116,7 +113,7 @@ spec: value: {{ .Values.so_authorization }} {{- end }} - name: DMAAP_HOST - value: "http://message-router.{{ include "common.namespace" . }}:3904" + value: "https://message-router.{{ include "common.namespace" . }}:3905" - name: LOGGING_LEVEL_ORG_ONAP_NBI value: {{ .Values.config.loglevel }} - name: MSB_ENABLED @@ -125,7 +122,7 @@ spec: value: "msb-discovery.{{ include "common.namespace" . }}" - name: MSB_DISCOVERY_PORT value: "10081" - volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 12 }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -151,7 +148,7 @@ spec: # name: esr-server-logs # - mountPath: /usr/share/filebeat/data # name: esr-server-filebeat - volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }} + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/nbi/templates/ingress.yaml b/kubernetes/nbi/templates/ingress.yaml new file mode 100644 index 0000000000..0cd8cfbd36 --- /dev/null +++ b/kubernetes/nbi/templates/ingress.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.ingress" . }} diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index ceab7fad2a..4fe092e603 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -36,7 +36,8 @@ global: ################################################################# # AAF part ################################################################# -aafConfig: +certInitializer: + nameOverride: nbi-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! # aafDeployCredsExternalSecret: some secret @@ -45,13 +46,16 @@ aafConfig: public_fqdn: nbi.onap.org cadi_longitude: "0.0" cadi_latitude: "0.0" - credsPath: /opt/app/osaaf/local app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh; + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop + +aafConfig: permission_user: 1000 permission_group: 999 - addconfig: true - secret_uid: &aaf_secret_uid nbi-aaf-deploy-creds - ################################################################# # Secrets metaconfig @@ -63,19 +67,13 @@ secrets: externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' login: '{{ .Values.config.db.userName }}' password: '{{ .Values.config.db.userPassword }}' - - uid: *aaf_secret_uid - type: basicAuth - externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' - login: '{{ .Values.aafConfig.aafDeployFqi }}' - password: '{{ .Values.aafConfig.aafDeployPass }}' - passwordPolicy: required subChartsOnly: enabled: true # application image repository: nexus3.onap.org:10001 -image: onap/externalapi/nbi:6.0.1 +image: onap/externalapi/nbi:6.0.3 pullPolicy: IfNotPresent sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU= aai_authorization: Basic QUFJOkFBSQ== @@ -162,6 +160,12 @@ service: ingress: enabled: false + service: + - baseaddr: "nbi.api" + name: "nbi" + port: 8443 + config: + ssl: "redirect" # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml index d053162458..9385adea9a 100755 --- a/kubernetes/onap/requirements.yaml +++ b/kubernetes/onap/requirements.yaml @@ -55,7 +55,7 @@ dependencies: - name: contrib version: ~6.x-0 repository: '@local' - condition: contrib.enabled + condition: global.addTestingComponents - name: dcaegen2 version: ~6.x-0 repository: '@local' diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml index c9de7f98a8..5b59c65db7 100644 --- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml +++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml @@ -126,7 +126,7 @@ pomba: portal: enabled: true robot: - enabled: false + enabled: true config: # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml index 291a0321f7..997bca9f4d 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml @@ -42,10 +42,6 @@ dmaap: enabled: true esr: enabled: true -log: - enabled: true -sniro-emulator: - enabled: true oof: enabled: true msb: @@ -56,8 +52,6 @@ nbi: enabled: true policy: enabled: true -pomba: - enabled: true portal: enabled: true robot: diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index d302298b1a..86f898d18c 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -15,11 +15,13 @@ ################################################################### # This override file enables helm charts for all ONAP applications. ################################################################### +global: + addTestingComponents: &testing true + centralizedLoggingEnabled: ¢ralizedLogging false cassandra: enabled: true mariadb-galera: enabled: true - aaf: enabled: true aai: @@ -32,9 +34,12 @@ clamp: enabled: true cli: enabled: true -consul: - enabled: true +# Today, "contrib" chart that hosting these components must also be enabled +# in order to make it work. So `contrib.enabled` must have the same value than +# addTestingComponents contrib: + enabled: *testing +consul: enabled: true dcaegen2: enabled: true @@ -44,10 +49,6 @@ dmaap: enabled: true esr: enabled: true -log: - enabled: true -sniro-emulator: - enabled: true oof: enabled: true msb: @@ -58,8 +59,6 @@ nbi: enabled: true policy: enabled: true -pomba: - enabled: true portal: enabled: true robot: diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml new file mode 100644 index 0000000000..796643171b --- /dev/null +++ b/kubernetes/onap/resources/overrides/sm-onap.yaml @@ -0,0 +1,139 @@ +# Copyright 2020 Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +# This override file is used to deploy a core configuration. It is based on +# minimal-onap.yaml and Orange accomplishments [1][2][3]. +# It includes the following components: +# AAI, DMAAP, SDC, SDNC, SO (+ Cassandra) +# +# Minimal resources are also reviewed for the various containers +# AAI: no override => to be fixed +# DMAAP: no override # SO: no override +# SDC: new values +# SDNC: no override +# +# Replicas are set to: +# AAI Cassandra: 1 +# Cassandra: 3 (to allow reaching quorum) +# +# In addition, some parameters are set to limit the memory footprint. +# +# It overrides the default ONAP parent chart behaviour to deploy +# all of ONAP. +# +# helm deploy core local/onap --namespace onap -f core-onap.yaml +# +# [1] https://gitlab.com/Orange-OpenSource/lfn/onap/onap_oom_automatic_installation +# [2] https://wiki.lfnetworking.org/display/LN/Call%20for%20ONAP%20DDF%20Topics%20-%20Prague%202020#CallforONAPDDFTopics-Prague2020-OOM-IntroductionofServicemesh +# [3] https://wiki.lfnetworking.org/download/attachments/25364127/OOM%20Service%20Mesh%20Prague.pptx + +####################### +# Core ONAP deployment +####################### +global: + aafEnabled: false +aai: + enabled: true + global: + cassandra: + replicas: 1 + aai-cassandra: + replicaCount: 1 +aaf: + enabled: false +appc: + enabled: false +cassandra: + enabled: true + replicaCount: 3 +clamp: + enabled: false +cli: + enabled: false +consul: + enabled: false +contrib: + enabled: false +dcaegen2: + enabled: false +dmaap: + enabled: true +esr: + enabled: false +log: + enabled: false +mariadb-galera: + enabled: true +msb: + enabled: false +multicloud: + enabled: false +nbi: + enabled: false +oof: + enabled: false +policy: + enabled: false +pomba: + enabled: false +portal: + enabled: false +robot: + enabled: false +sdc: + enabled: true + sdc-be: + config: + javaOptions: "-Xdebug -agentlib:jdwp=transport=dt_socket,address=4000,server=y,suspend=n -Xmx512m -Xms256m" + sdc-fe: + resources: + small: + limits: + cpu: 1 + memory: 2Gi + requests: + cpu: 10m + memory: 500Mi + sdc-cs: + config: + maxHeapSize: "512M" + heapNewSize: "256M" +sdnc: + enabled: true +sniro-emulator: + enabled: false +so: + enabled: true + config: + # openstack configuration + openStackUserName: "$OPENSTACK_USER_NAME" + openStackRegion: "$OPENSTACK_REGION" + openStackKeyStoneUrl: "$OPENSTACK_KEYSTONE_URL" + openStackServiceTenantName: "$OPENSTACK_TENANT_NAME" + openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD" +uui: + enabled: false +vid: + enabled: false +vfc: + enabled: false +vnfsdk: + enabled: false +cds: + enabled: true +dmaap: + enabled: true + dmaap-bc: + enabled: false diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index abbbdcd757..9e593c2e42 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -24,6 +24,19 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + + # Install test components + # test components are out of the scope of ONAP but allow to have a entire + # environment to test the different features of ONAP + # Current tests environments provided: + # - netbox (needed for CDS IPAM) + # - AWX (needed for XXX) + # - EJBCA Server (needed for CMPv2 tests) + # Today, "contrib" chart that hosting these components must also be enabled + # in order to make it work. So `contrib.enabled` must have the same value than + # addTestingComponents + addTestingComponents: &testing false + # ONAP Repository # Uncomment the following to enable the use of a single docker # repository but ONLY if your repository mirrors all ONAP @@ -36,12 +49,17 @@ global: # readiness check - temporary repo until images migrated to nexus3 readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 # logging agent - temporary repo until images migrated to nexus3 loggingRepository: docker.elastic.co # image pull policy pullPolicy: Always + # default clusterName + # {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }} + clusterName: cluster.local + # default mount path root directory referenced # by persistent volumes and log files persistence: @@ -76,12 +94,20 @@ global: aafEnabled: true aafAgentImage: onap/aaf/aaf_agent:2.1.20 + # Enabling CMPv2 + cmpv2Enabled: true + # TLS # Set to false if you want to disable TLS for NodePorts. Be aware that this # will loosen your security. # if set this element will force or not tls even if serviceMesh.tls is set. # tlsEnabled: false + # Logging + # Currently, centralized logging is not in best shape so it's disabled by + # default + centralizedLoggingEnabled: ¢ralizedLogging false + # Example of specific for the components where you want to disable TLS only for # it: @@ -121,7 +147,7 @@ global: # to customize the ONAP deployment. ################################################################# aaf: - enabled: true + enabled: false aai: enabled: false appc: @@ -144,8 +170,11 @@ cli: enabled: false consul: enabled: false +# Today, "contrib" chart that hosting these components must also be enabled +# in order to make it work. So `contrib.enabled` must have the same value than +# addTestingComponents contrib: - enabled: false + enabled: *testing dcaegen2: enabled: false dcaemod: @@ -156,8 +185,11 @@ dmaap: enabled: false esr: enabled: false +# Today, "logging" chart that perform the central part of logging must also be +# enabled in order to make it work. So `logging.enabled` must have the same +# value than centralizedLoggingEnabled log: - enabled: false + enabled: *centralizedLogging sniro-emulator: enabled: false oof: diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml index ae859cfaa0..56cdf5cb58 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml @@ -32,7 +32,8 @@ spec: release: {{ include "common.release" . }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name @@ -47,8 +48,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - - command: + + - name: {{ include "common.name" . }}-onboard-readiness + command: - /root/job_complete.py args: - -j @@ -61,8 +63,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard-readiness - - command: + + - name: {{ include "common.name" . }}-has-sms-readiness + command: - sh - -c - resp="FAILURE"; @@ -79,13 +82,13 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-has-sms-readiness + containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/bin/bash","-c"] - args: ["nginx && /usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port=80 --die-on-term --exit-on-reload --logto /var/log/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:80"] + args: ["nginx && /usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port=8080 --die-on-term --exit-on-reload --logto /var/log/conductor/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:8080"] ports: - containerPort: {{ .Values.liveness.periodSeconds }} # disable liveness probe when breakpoints set in debugger @@ -111,7 +114,7 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: nginx.conf - mountPath: /usr/local/etc/conductor/conductor.conf - name: {{ .Values.global.commonConfigPrefix }}-config + name: {{ .Values.global.commonConfigPrefix }}-config subPath: conductor.conf - mountPath: /usr/local/bin/log.conf name: {{ .Values.global.commonConfigPrefix }}-config diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/ingress.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/ingress.yaml new file mode 100644 index 0000000000..0cd8cfbd36 --- /dev/null +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/ingress.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.ingress" . }} diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml index df13309087..da6ab9b548 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-api/values.yaml @@ -56,3 +56,13 @@ liveness: readiness: initialDelaySeconds: 10 periodSeconds: 10 + + +ingress: + enabled: false + service: + - baseaddr: "oof-has-api.onap" + name: "oof-has-api" + port: 8091 + config: + ssl: "redirect" diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml index 1204502cd3..3dac4788cb 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml @@ -32,11 +32,12 @@ spec: release: {{ include "common.release" . }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name - - music-tomcat + - music-springboot - --container-name - aaf-sms env: @@ -47,8 +48,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - - command: + + - name: {{ include "common.name" . }}-onboard-readiness + command: - /root/job_complete.py args: - -j @@ -61,8 +63,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard-readiness - - command: + + - name: {{ include "common.name" . }}-cont-sms-readiness + command: - sh - -c - resp="FAILURE"; @@ -79,7 +82,6 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-cont-sms-readiness containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml index 4765223985..85fbd96221 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml @@ -32,11 +32,12 @@ spec: release: {{ include "common.release" . }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name - - music-tomcat + - music-springboot env: - name: NAMESPACE valueFrom: @@ -45,8 +46,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - - command: + + - name: {{ include "common.name" . }}-onboard-readiness + command: - /root/job_complete.py args: - -j @@ -59,8 +61,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard-readiness - - command: + + - name: {{ include "common.name" . }}-health-readiness + command: - /root/job_complete.py args: - -j @@ -73,8 +76,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-health-readiness - - command: + + - name: {{ include "common.name" . }}-data-sms-readiness + command: - sh - -c - resp="FAILURE"; @@ -91,7 +95,7 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-data-sms-readiness + containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml index 68ed4723ac..cb83643ed3 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml @@ -32,11 +32,12 @@ spec: release: {{ include "common.release" . }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name - - music-tomcat + - music-springboot env: - name: NAMESPACE valueFrom: @@ -45,8 +46,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - - command: + + - name: {{ include "common.name" . }}-onboard-readiness + command: - /root/job_complete.py args: - -j @@ -59,8 +61,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard-readiness - - command: + + - name: {{ include "common.name" . }}-health-readiness + command: - /root/job_complete.py args: - -j @@ -73,8 +76,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-health-readiness - - command: + + - name: {{ include "common.name" . }}-resrv-sms-readiness + command: - sh - -c - resp="FAILURE"; @@ -91,7 +95,7 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-resrv-sms-readiness + containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" @@ -162,5 +166,6 @@ spec: path: healthy.sh - key: AAF_RootCA.cer path: AAF_RootCA.cer + imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml index a412484a4d..858bf8908e 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml @@ -32,11 +32,12 @@ spec: release: {{ include "common.release" . }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name - - music-tomcat + - music-springboot env: - name: NAMESPACE valueFrom: @@ -45,8 +46,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - - command: + + - name: {{ include "common.name" . }}-onboard-readiness + command: - /root/job_complete.py args: - -j @@ -59,8 +61,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard-readiness - - command: + + - name: {{ include "common.name" . }}-health-readiness + command: - /root/job_complete.py args: - -j @@ -73,8 +76,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-health-readiness - - command: + + - name: {{ include "common.name" . }}-solvr-sms-readiness + command: - sh - -c - resp="FAILURE"; @@ -91,7 +95,7 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-solvr-sms-readiness + containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" diff --git a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf b/kubernetes/oof/charts/oof-has/resources/config/conductor.conf index fd87adc4b4..94a47fed2f 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf +++ b/kubernetes/oof/charts/oof-has/resources/config/conductor.conf @@ -147,6 +147,8 @@ log_config_append = /usr/local/bin/log.conf # Enables or disables fatal status of deprecations. (boolean value) #fatal_deprecations = false +[auth] +appkey = "" [aaf_api] @@ -426,7 +428,7 @@ server_url = http://{{.Values.config.msb.serviceName}}.{{ include "common.namesp # Base URL for Music REST API without a trailing slash. (string value) #server_url = http://oof-has-music:8080/MUSIC/rest/v2 -server_url = http://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2 +server_url = https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2 version = v2 # DEPRECATED: List of hostnames (round-robin access) (list value) @@ -490,7 +492,7 @@ music_new_version = True # for version (string value) #music_version = <None> -music_version = "3.0.21" +music_version = "3.2.40" # username value that used for creating basic authorization header (string # value) @@ -506,6 +508,13 @@ aafpass = c0nduct0r #aafns = <None> aafns = conductor +# Enabling HTTPs mode (boolean value) +enable_https_mode = True + +# Certificate Authority Bundle file in pem format. Must contain the appropriate +# trust chain for the Certificate file. (string value) +certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer + [prometheus] diff --git a/kubernetes/oof/charts/oof-has/resources/config/log.conf b/kubernetes/oof/charts/oof-has/resources/config/log.conf index 9e4e29a1ba..c476d0b6c8 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/log.conf +++ b/kubernetes/oof/charts/oof-has/resources/config/log.conf @@ -33,31 +33,31 @@ args=(sys.stdout,) class=handlers.TimedRotatingFileHandler level=NOTSET formatter=generic -args=('/var/log/application.log','midnight', 1, 10) +args=('/var/log/conductor/application.log','midnight', 1, 10) [handler_audithand] class=handlers.TimedRotatingFileHandler level=INFO formatter=audit -args=('/var/log/audit.log', 'midnight', 1, 10) +args=('/var/log/conductor/audit.log', 'midnight', 1, 10) [handler_metrichand] class=handlers.TimedRotatingFileHandler level=INFO formatter=metric -args=('/var/log/metric.log','midnight', 1, 10) +args=('/var/log/conductor/metric.log','midnight', 1, 10) [handler_errhand] class=handlers.TimedRotatingFileHandler level=ERROR formatter=error -args=('/var/log/error.log','midnight', 1, 10) +args=('/var/log/conductor/error.log','midnight', 1, 10) [handler_debughand] class=handlers.TimedRotatingFileHandler level=DEBUG formatter=generic -args=('/var/log/debug.log','midnight', 1, 10) +args=('/var/log/conductor/debug.log','midnight', 1, 10) [formatters] keys=generic,audit,metric,error diff --git a/kubernetes/oof/charts/oof-has/resources/config/nginx.conf b/kubernetes/oof/charts/oof-has/resources/config/nginx.conf index 3db6a21c3a..f2172b2793 100644 --- a/kubernetes/oof/charts/oof-has/resources/config/nginx.conf +++ b/kubernetes/oof/charts/oof-has/resources/config/nginx.conf @@ -6,7 +6,7 @@ events { http { # ... upstream conductor_uwsgi { - server 127.0.0.1:80; + server 127.0.0.1:8080; } server { diff --git a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt index 5d16e934f6..68f474b44f 100644 --- a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt +++ b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt @@ -1,29 +1,32 @@ -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIIfDQFJU4qiGcwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE +MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp -bnRlcm1lZGlhdGVDQV85MB4XDTE5MDUyMzAwMDAwOVoXDTIwMDUyMzAwMDAwOVow -fjEkMCIGA1UEAwwbb29mLmFwaS5zaW1wbGVkZW1vLm9uYXAub3JnMQ8wDQYJKoZI -hvcNAQkBFgAxGTAXBgNVBAsMEG9vZkBvb2Yub25hcC5vcmcxDjAMBgNVBAsMBU9T -QUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBANO9I1+i1syEv9DEX1lt9ioEYYRD5zvWqEktv6lc0sbs -lljrNuGD1zuRIU3VCY1G0sdOa/lPuwUdoX5Z4YJtBmKqrQ0E3RWtAt1IVMTrVExS -dnobP+MkSckI6T0/aeBL+lgZLV1O6z5gSqPi2xklXwgagA6zpLGuIPl7mM+Pm9cD -YLX0lRSaVhTJxMeCvwxYIuUvP0SyDZe1ofIhp7x8xa9dDvJor0VldRxi8DbSneHf -P8+JYAvIqsyudH31u4BlT0bv15kKDIQNaLmQtGeCYPoNJNbeod1itD5MR7k4g1oh -PzgWKYM81n10+6yLR3g0NYDpke9VoJBWeoTL3oiA3AkCAwEAAaOCAWEwggFdMAkG -A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB -BggrBgEFBQcDAjBUBgNVHSMETTBLgBSB95lbELnIjN7zUl7qTmmgQz6s3aEwpC4w -LDEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEH -MB0GA1UdDgQWBBSknkh8g81RnBHm70u/Wk2gFNTlkDCBqAYDVR0RBIGgMIGdghtv -b2YuYXBpLnNpbXBsZWRlbW8ub25hcC5vcmeCCWNtc28tb25hcIIcY21zby5hcGku -c2ltcGxlZGVtby5vbmFwLm9yZ4IJY21zby5vbmFwggtvb2YtaGFzLWFwaYIQb29m -LWhhcy1hcGkub25hcIIIb29mLW9uYXCCCG9vZi1vc2Rmgg1vb2Ytb3NkZi5vbmFw -gghvb2Yub25hcDANBgkqhkiG9w0BAQsFAAOCAQEABBBLE4thQulELuL4uyfRadNz -wycXjwXaxh9bj3e4QSIHwsRx/JZliYcNC1YKA066+230zdApzfDlFIRteJrYJkvh -0O0l/7hpVQbl0/5rlzAipm9r14M1CF2VJ//L721CgnQDrMqT1iewiUvIdyoqGy/Z -0a6/mWgwACpTJQQ7e/KBWNOVQUe1H39Bv1gNLM6iMl8kflMCyTDx5pJYocpvXzi+ -KF9u9YCCgOI8j1yvxLP4r7M0hCh2GpPzlbsSt0K0yD0d+L9eC0frgeTOJmV0l/kd -P67jUbbRG4Nu1dS8+6RnvhXQD6pbFJo0bga2MldfDfpUPZCvmodgkPuSERTT7Q== +bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow +XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6 +REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR +UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ +IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB +HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+ +LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH +hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib +AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB +Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze +81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ +MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw +ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv +bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw +Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv +b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw +aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v +cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt +cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU +FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20 +/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My +7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X +koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L +mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5 +GsHFjQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB diff --git a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key index fcb4f12100..a83edd1f86 100644 --- a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key +++ b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDTvSNfotbMhL/Q -xF9ZbfYqBGGEQ+c71qhJLb+pXNLG7JZY6zbhg9c7kSFN1QmNRtLHTmv5T7sFHaF+ -WeGCbQZiqq0NBN0VrQLdSFTE61RMUnZ6Gz/jJEnJCOk9P2ngS/pYGS1dTus+YEqj -4tsZJV8IGoAOs6SxriD5e5jPj5vXA2C19JUUmlYUycTHgr8MWCLlLz9Esg2XtaHy -Iae8fMWvXQ7yaK9FZXUcYvA20p3h3z/PiWALyKrMrnR99buAZU9G79eZCgyEDWi5 -kLRngmD6DSTW3qHdYrQ+TEe5OINaIT84FimDPNZ9dPusi0d4NDWA6ZHvVaCQVnqE -y96IgNwJAgMBAAECggEBAJsOoi3x+OzytelzNQQvk5p3dNZAR8C5VKmqV/X15OEJ -9pwNPDZvrxmPEV2HCiSsXcTYuBdt/N4lMdNujMdPgeKVbH7hNeoetb9IrdM7JpNx -vBN1ixaSx3nyDaPtoWJBIYaMgX0YQwt9xos3oQ1MIci0Z1zcz1nS05D/ows09oHA -QMzq/cMHi69Sce/4RJYmGVaHuMpcBBEzvj6cDR+sIqh9MlRuLwwcyTcWki8XTCBA -0bb8YEFnPl/85s+q8qDnI5kSRQ5ZLhnTK8kAl2DnEFWXxOMLUAl/pGMdkN55QyBO -6AYM+MoKOuzmH0sntjEXv5ACH0zF8yvkPjMG3gaIzgECgYEA+Cge4QicXTNOztax -HNHSqsQHJbRyJ/j+kqccAC2/u0PhSyDAgPZENcPqTtOEyDfU7Qtbx5xfmpMvzdgE -RsGoLU2QpGXFa65bGqrN6uxeb9HihVEokG+EKUPVqjyudNGBMNNy3MoLXhb0GtPn -vXotC5efZrG1VVeynUc9hpKwKcECgYEA2m5anXTvCceq+L6Fv2dqOFMp4pQ62T5h -zWCn2arthqic9yP0R7VkGR3fLr5gR2ETR4n/m9mnDr7tEXHbXE4SrFWhoV4huYrW -DQXzx2ByNqgobv+3nrAoc/PKZe0ZWANr71J4TWKAz2CzHSsRGuvP88Fe9EzIy8jr -lhDjSKC59EkCgYBQKRWgd5ma+aHxaqSXvKeiheQRJ/LgOqxxTw3aeOzAXzL9g7zr -a6GpBHpBsE3qJy7ey5aAKmEvm3ALvEXVXWUoDTA2CrH1EMNZH+eYhXYUBOZ5Tjge -QAefFMyGS0fHcI2c6hDmhVWatStxJxZqvHakkfvpvmnnAYcvCv4y5FuHgQKBgDlZ -lhMXW5eOxBYRN96cUWg+dZXW42icl2MsCIX++eRMKwI8f2vAdWqezDViqLa1BzHW -SrVpvRIDEQ1ufnDK0t5KkWhj5ajoifDbajkj2nj9R7h1DYntqIFhNffy+59/Lnyk -g4+V2EoakoyK/S+7UFsonzy3WFUhCLHa90HfaVN5AoGBAIBoMOTZvt0vebJl3hT1 -SyruP8//nv+2iqvBrHYi62zw4guqE/o+gByPPKq3RvUGODWToN+7guDzpntCDI35 -Z8GQ5eXG+nHsnwu4hbmh8hubLujmhyegc6ztMoPnnBPr4a4IrLPg37NKmCt7eEO6 -MUrMTOf2romyJgABunEPTWo3 +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ +ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+ +CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8 +MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK +GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH +KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g +uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q +MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V +SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0 +XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY +Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0 +0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe +FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430 +XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd +8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD +Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx +Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF +nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh +iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32 +ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h +MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+ +2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w +9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY +vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY +ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC +h+G1ZXD4PyjI6KWhRC3JuA== -----END PRIVATE KEY-----
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml b/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml index 92d6cbf441..34f215c9ab 100755 --- a/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml +++ b/kubernetes/oof/charts/oof-has/templates/job-healthcheck.yaml @@ -59,7 +59,7 @@ spec: sleep 15; resp="FAILURE"; until [ $resp = "200" ]; do - resp=$(curl -s -o /dev/null --write-out %{http_code} -X POST http://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/keyspaces/conductor/tables/plans/rows?id=healthcheck \ + resp=$(curl -k -s -o /dev/null --write-out %{http_code} -X POST https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/keyspaces/conductor/tables/plans/rows?id=healthcheck \ -H "Content-Type: application/json" \ -H "ns: conductor" \ -H "Authorization: Basic Y29uZHVjdG9yOmMwbmR1Y3Qwcg==" \ diff --git a/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml b/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml index 499d0923c8..ad42a1fe08 100755 --- a/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml +++ b/kubernetes/oof/charts/oof-has/templates/job-onboard.yaml @@ -40,7 +40,7 @@ spec: - /root/ready.py args: - --container-name - - "music-tomcat" + - "music-springboot" - --container-name - "music-cassandra" env: @@ -71,10 +71,7 @@ spec: - "/bin/sh" - "-c" - | - curl -X POST http://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/admin/onboardAppWithMusic \ - -H "Content-Type: application/json" \ - -H "Authorization: Basic Y29uZHVjdG9yOmMwbmR1Y3Qwcg==" \ - --data @onboard.json + echo "job-onboard" workingDir: /has volumeMounts: - mountPath: /etc/localtime diff --git a/kubernetes/oof/charts/oof-has/values.yaml b/kubernetes/oof/charts/oof-has/values.yaml index d2611abb2a..f4debe93fc 100755 --- a/kubernetes/oof/charts/oof-has/values.yaml +++ b/kubernetes/oof/charts/oof-has/values.yaml @@ -25,7 +25,7 @@ global: commonConfigPrefix: onap-oof-has image: readiness: oomk8s/readiness-check:2.0.0 - optf_has: onap/optf-has:1.3.3 + optf_has: onap/optf-has:2.0.3 filebeat: docker.elastic.co/beats/filebeat:5.5.0 pullPolicy: Always @@ -42,8 +42,8 @@ config: serviceName: msb-iag port: 80 music: - serviceName: music-tomcat - port: 8080 + serviceName: music + port: 8443 sms: serviceName: aaf-sms port: 10443 @@ -66,3 +66,4 @@ resources: memory: 2Gi cpu: 1000m unlimited: {} + diff --git a/kubernetes/oof/resources/config/common_config.yaml b/kubernetes/oof/resources/config/common_config.yaml index 0446dbd05c..bfee39b967 100644 --- a/kubernetes/oof/resources/config/common_config.yaml +++ b/kubernetes/oof/resources/config/common_config.yaml @@ -11,9 +11,11 @@ osdf_temp: # special configuration required for "workarounds" or testing local_policies: global_disabled: True local_placement_policies_enabled: True + local_slice_selection_policies_enabled: True placement_policy_dir_vcpe: "./test/policy-local-files/" placement_policy_files_vcpe: # workaroud for policy platform glitches (or "work-arounds" for other components) - Affinity_vCPE_1.json + - Attribute_vNS_1.json #- Capacity_vGMuxInfra.json #- Capacity_vG_1.json - Distance_vG_1.json @@ -38,6 +40,14 @@ osdf_temp: # special configuration required for "workarounds" or testing - vnfPolicy_vPGN_TD.json - affinity_vFW_TD.json - QueryPolicy_vFW_TD.json + + slice_selection_policy_dir_urllc_1: "./test/policy-local-files/" + slice_selection_policy_files_urllc_1: + - vnfPolicy_URLLC_Core_1.json + - thresholdPolicy_URLLC_Core_1_reliability.json + - thresholdPolicy_URLLC_Core_1_latency.json + - subscriber_policy_URLLC_1.json + service_info: vCPE: vcpeHostName: requestParameters.vcpeHostName @@ -50,30 +60,44 @@ references: service_name: source: request value: serviceInfo.serviceName + resource: + source: request + value: placementInfo.placementDemands.resourceModuleName subscriber_role: - source: SubscriberPolicy - value: content.properties.subscriberRole + source: onap.policies.optimization.SubscriberPolicy + value: properties.properties.subscriberRole policy_info: prioritization_attributes: policy_type: - - content.policyType + - type resources: - - content.resources - - content.objectiveParameter.parameterAttributes.resources + - properties.resources + - properties.objectiveParameter.parameterAttributes.resources service_name: - - content.serviceName + - properties.services - placement: + slice_selection: policy_fetch: by_scope policy_scope: - default_scope: OSDF_DUBLIN - vcpe_scope: OSDF_DUBLIN - vfw_scope: OSDF_DUBLIN - secondary_scopes: - - + - + scope: + - OSDF_FRANKFURT + services: - get_param: service_name + + placement: + policy_fetch: by_scope + policy_scope: + - + scope: + - OSDF_FRANKFURT + geography: - US + services: + - get_param: service_name + resources: + - get_param: resource # - # - get_param: service_name # - get_param: subscriber_role diff --git a/kubernetes/oof/resources/config/org.onap.oof.crt b/kubernetes/oof/resources/config/org.onap.oof.crt index 5d16e934f6..68f474b44f 100644 --- a/kubernetes/oof/resources/config/org.onap.oof.crt +++ b/kubernetes/oof/resources/config/org.onap.oof.crt @@ -1,29 +1,32 @@ -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIIfDQFJU4qiGcwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE +MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp -bnRlcm1lZGlhdGVDQV85MB4XDTE5MDUyMzAwMDAwOVoXDTIwMDUyMzAwMDAwOVow -fjEkMCIGA1UEAwwbb29mLmFwaS5zaW1wbGVkZW1vLm9uYXAub3JnMQ8wDQYJKoZI -hvcNAQkBFgAxGTAXBgNVBAsMEG9vZkBvb2Yub25hcC5vcmcxDjAMBgNVBAsMBU9T -QUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBANO9I1+i1syEv9DEX1lt9ioEYYRD5zvWqEktv6lc0sbs -lljrNuGD1zuRIU3VCY1G0sdOa/lPuwUdoX5Z4YJtBmKqrQ0E3RWtAt1IVMTrVExS -dnobP+MkSckI6T0/aeBL+lgZLV1O6z5gSqPi2xklXwgagA6zpLGuIPl7mM+Pm9cD -YLX0lRSaVhTJxMeCvwxYIuUvP0SyDZe1ofIhp7x8xa9dDvJor0VldRxi8DbSneHf -P8+JYAvIqsyudH31u4BlT0bv15kKDIQNaLmQtGeCYPoNJNbeod1itD5MR7k4g1oh -PzgWKYM81n10+6yLR3g0NYDpke9VoJBWeoTL3oiA3AkCAwEAAaOCAWEwggFdMAkG -A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB -BggrBgEFBQcDAjBUBgNVHSMETTBLgBSB95lbELnIjN7zUl7qTmmgQz6s3aEwpC4w -LDEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEH -MB0GA1UdDgQWBBSknkh8g81RnBHm70u/Wk2gFNTlkDCBqAYDVR0RBIGgMIGdghtv -b2YuYXBpLnNpbXBsZWRlbW8ub25hcC5vcmeCCWNtc28tb25hcIIcY21zby5hcGku -c2ltcGxlZGVtby5vbmFwLm9yZ4IJY21zby5vbmFwggtvb2YtaGFzLWFwaYIQb29m -LWhhcy1hcGkub25hcIIIb29mLW9uYXCCCG9vZi1vc2Rmgg1vb2Ytb3NkZi5vbmFw -gghvb2Yub25hcDANBgkqhkiG9w0BAQsFAAOCAQEABBBLE4thQulELuL4uyfRadNz -wycXjwXaxh9bj3e4QSIHwsRx/JZliYcNC1YKA066+230zdApzfDlFIRteJrYJkvh -0O0l/7hpVQbl0/5rlzAipm9r14M1CF2VJ//L721CgnQDrMqT1iewiUvIdyoqGy/Z -0a6/mWgwACpTJQQ7e/KBWNOVQUe1H39Bv1gNLM6iMl8kflMCyTDx5pJYocpvXzi+ -KF9u9YCCgOI8j1yvxLP4r7M0hCh2GpPzlbsSt0K0yD0d+L9eC0frgeTOJmV0l/kd -P67jUbbRG4Nu1dS8+6RnvhXQD6pbFJo0bga2MldfDfpUPZCvmodgkPuSERTT7Q== +bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow +XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6 +REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR +UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ +IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB +HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+ +LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH +hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib +AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB +Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze +81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ +MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw +ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv +bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw +Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv +b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw +aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v +cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt +cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU +FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20 +/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My +7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X +koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L +mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5 +GsHFjQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB diff --git a/kubernetes/oof/resources/config/org.onap.oof.key b/kubernetes/oof/resources/config/org.onap.oof.key index fcb4f12100..a83edd1f86 100644 --- a/kubernetes/oof/resources/config/org.onap.oof.key +++ b/kubernetes/oof/resources/config/org.onap.oof.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDTvSNfotbMhL/Q -xF9ZbfYqBGGEQ+c71qhJLb+pXNLG7JZY6zbhg9c7kSFN1QmNRtLHTmv5T7sFHaF+ -WeGCbQZiqq0NBN0VrQLdSFTE61RMUnZ6Gz/jJEnJCOk9P2ngS/pYGS1dTus+YEqj -4tsZJV8IGoAOs6SxriD5e5jPj5vXA2C19JUUmlYUycTHgr8MWCLlLz9Esg2XtaHy -Iae8fMWvXQ7yaK9FZXUcYvA20p3h3z/PiWALyKrMrnR99buAZU9G79eZCgyEDWi5 -kLRngmD6DSTW3qHdYrQ+TEe5OINaIT84FimDPNZ9dPusi0d4NDWA6ZHvVaCQVnqE -y96IgNwJAgMBAAECggEBAJsOoi3x+OzytelzNQQvk5p3dNZAR8C5VKmqV/X15OEJ -9pwNPDZvrxmPEV2HCiSsXcTYuBdt/N4lMdNujMdPgeKVbH7hNeoetb9IrdM7JpNx -vBN1ixaSx3nyDaPtoWJBIYaMgX0YQwt9xos3oQ1MIci0Z1zcz1nS05D/ows09oHA -QMzq/cMHi69Sce/4RJYmGVaHuMpcBBEzvj6cDR+sIqh9MlRuLwwcyTcWki8XTCBA -0bb8YEFnPl/85s+q8qDnI5kSRQ5ZLhnTK8kAl2DnEFWXxOMLUAl/pGMdkN55QyBO -6AYM+MoKOuzmH0sntjEXv5ACH0zF8yvkPjMG3gaIzgECgYEA+Cge4QicXTNOztax -HNHSqsQHJbRyJ/j+kqccAC2/u0PhSyDAgPZENcPqTtOEyDfU7Qtbx5xfmpMvzdgE -RsGoLU2QpGXFa65bGqrN6uxeb9HihVEokG+EKUPVqjyudNGBMNNy3MoLXhb0GtPn -vXotC5efZrG1VVeynUc9hpKwKcECgYEA2m5anXTvCceq+L6Fv2dqOFMp4pQ62T5h -zWCn2arthqic9yP0R7VkGR3fLr5gR2ETR4n/m9mnDr7tEXHbXE4SrFWhoV4huYrW -DQXzx2ByNqgobv+3nrAoc/PKZe0ZWANr71J4TWKAz2CzHSsRGuvP88Fe9EzIy8jr -lhDjSKC59EkCgYBQKRWgd5ma+aHxaqSXvKeiheQRJ/LgOqxxTw3aeOzAXzL9g7zr -a6GpBHpBsE3qJy7ey5aAKmEvm3ALvEXVXWUoDTA2CrH1EMNZH+eYhXYUBOZ5Tjge -QAefFMyGS0fHcI2c6hDmhVWatStxJxZqvHakkfvpvmnnAYcvCv4y5FuHgQKBgDlZ -lhMXW5eOxBYRN96cUWg+dZXW42icl2MsCIX++eRMKwI8f2vAdWqezDViqLa1BzHW -SrVpvRIDEQ1ufnDK0t5KkWhj5ajoifDbajkj2nj9R7h1DYntqIFhNffy+59/Lnyk -g4+V2EoakoyK/S+7UFsonzy3WFUhCLHa90HfaVN5AoGBAIBoMOTZvt0vebJl3hT1 -SyruP8//nv+2iqvBrHYi62zw4guqE/o+gByPPKq3RvUGODWToN+7guDzpntCDI35 -Z8GQ5eXG+nHsnwu4hbmh8hubLujmhyegc6ztMoPnnBPr4a4IrLPg37NKmCt7eEO6 -MUrMTOf2romyJgABunEPTWo3 +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ +ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+ +CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8 +MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK +GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH +KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g +uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q +MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V +SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0 +XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY +Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0 +0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe +FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430 +XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd +8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD +Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx +Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF +nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh +iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32 +ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h +MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+ +2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w +9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY +vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY +ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC +h+G1ZXD4PyjI6KWhRC3JuA== -----END PRIVATE KEY-----
\ No newline at end of file diff --git a/kubernetes/oof/resources/config/osdf_config.yaml b/kubernetes/oof/resources/config/osdf_config.yaml index 4dd3097918..b544c42e7a 100755 --- a/kubernetes/oof/resources/config/osdf_config.yaml +++ b/kubernetes/oof/resources/config/osdf_config.yaml @@ -10,14 +10,8 @@ placementDefaultMajorVersion: {{ .Values.config.placementDefaultMajorVersion }} placementDefaultMinorVersion: {{ .Values.config.placementDefaultMinorVersion }} placementDefaultPatchVersion: {{ .Values.config.placementDefaultPatchVersion }} -# Credentials for SO -soUsername: {{ .Values.config.soUsername }} -soPassword: {{ .Values.config.soPassword }} - # Credentials for Conductor conductorUrl: {{ .Values.config.conductorUrl }} -conductorUsername: {{ .Values.config.conductorUsername }} -conductorPassword: {{ .Values.config.conductorPassword }} conductorPingWaitTime: {{ .Values.config.conductorPingWaitTime }} conductorMaxRetries: {{ .Values.config.conductorMaxRetries }} # versions to be set in HTTP header @@ -26,39 +20,15 @@ conductorMinorVersion: {{ .Values.config.conductorMinorVersion }} # Policy Platform -- requires ClientAuth, Authorization, and Environment policyPlatformUrl: {{ .Values.config.policyPlatformUrl }} policyPlatformEnv: {{ .Values.config.policyPlatformEnv }} -policyPlatformUsername: {{ .Values.config.policyPlatformUsername }} -policyPlatformPassword: {{ .Values.config.policyPlatformPassword }} -policyClientUsername: {{ .Values.config.policyClientUsername }} -policyClientPassword: {{ .Values.config.policyClientPassword }} # Credentials for DMaaP messageReaderHosts: {{ .Values.config.messageReaderHosts }} messageReaderTopic: {{ .Values.config.messageReaderTopic }} -messageReaderAafUserId: {{ .Values.config.messageReaderAafUserId }} -messageReaderAafPassword: {{ .Values.config.messageReaderAafPassword }} # Credentials for SDC sdcUrl: {{ .Values.config.sdcUrl }} -sdcUsername: {{ .Values.config.sdcUsername }} -sdcPassword: {{ .Values.config.sdcPassword }} sdcONAPInstanceID: {{ .Values.config.sdcONAPInstanceID }} -# Credentials for the OOF placement service - Generic -osdfPlacementUsername: {{ .Values.config.osdfPlacementUsername }} -osdfPlacementPassword: {{ .Values.config.osdfPlacementPassword }} - -# Credentials for the OOF placement service - SO -osdfPlacementSOUsername: {{ .Values.config.osdfPlacementSOUsername }} -osdfPlacementSOPassword: {{ .Values.config.osdfPlacementSOPassword }} - -# Credentials for the OOF placement service - VFC -osdfPlacementVFCUsername: {{ .Values.config.osdfPlacementVFCUsername }} -osdfPlacementVFCPassword: {{ .Values.config.osdfPlacementVFCPassword }} - -# Credentials for the OOF CM scheduling service - Generic -osdfCMSchedulerUsername: {{ .Values.config.osdfCMSchedulerUsername }} -osdfCMSchedulerPassword: {{ .Values.config.osdfCMSchedulerPassword }} - is_aaf_enabled: {{ .Values.config.is_aaf_enabled }} aaf_cache_expiry_mins: {{ .Values.config.aaf_cache_expiry_mins }} aaf_url: {{ .Values.config.aaf_url }} @@ -75,15 +45,8 @@ aaf_ca_certs: {{ .Values.config.aaf_ca_certs }} # config db api configDbUrl: {{ .Values.config.configDbUrl }} -configDbUserName: {{ .Values.config.configDbUserName }} -configDbPassword: {{ .Values.config.configDbPassword }} configDbGetCellListUrl: {{ .Values.config.configDbGetCellListUrl }} configDbGetNbrListUrl: {{ .Values.config.configDbGetNbrListUrl }} -# Credentials for PCIHandler -pciHMSUsername: {{ .Values.config.pciHMSUsername }} -pciHMSPassword: {{ .Values.config.pciHMSPassword }} - -# Credentials for the OOF PCI Opt service -osdfPCIOptUsername: {{ .Values.config.osdfPCIOptUsername }} -osdfPCIOptPassword: {{ .Values.config.osdfPCIOptPassword }} +#key +appkey: '' diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml index a3205fa86d..ffcbb6574f 100644 --- a/kubernetes/oof/templates/deployment.yaml +++ b/kubernetes/oof/templates/deployment.yaml @@ -36,7 +36,7 @@ spec: - /root/ready.py args: - --container-name - - pdp + - policy-xacml-pdp env: - name: NAMESPACE valueFrom: @@ -64,6 +64,7 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-osdf-sms-readiness + containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -89,7 +90,7 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /opt/app/config/osdf_config.yaml + - mountPath: /opt/osdf/config/osdf_config.yaml name: {{ include "common.fullname" . }}-config subPath: osdf_config.yaml - mountPath: /opt/app/ssl_cert/aaf_root_ca.cer diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index e540aa096a..5205a1df1f 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/optf-osdf:1.3.4 +image: onap/optf-osdf:2.0.3 pullPolicy: Always # flag to enable debugging - application support required @@ -46,46 +46,22 @@ config: placementDefaultMajorVersion: "1" placementDefaultMinorVersion: "0" placementDefaultPatchVersion: "0" - # Credentials of the callback url for SO. - soUsername: "" # SO username for call back. - soPassword: "" # SO password for call back. + # Url and credentials for Conductor. conductorUrl: https://oof-has-api:8091/v1/plans/ - conductorUsername: admin1 - conductorPassword: plan.15 conductorPingWaitTime: 60 conductorMaxRetries: 30 # versions to be set in HTTP header conductorMinorVersion: 0 # Url and credentials for the Policy Platform - policyPlatformUrl: https://pdp:8081/pdp/api/getConfig # Policy Dev platform URL + policyPlatformUrl: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision # Policy Dev platform URL policyPlatformEnv: TEST # Environment for policy platform - policyPlatformUsername: testpdp # Policy platform username. - policyPlatformPassword: alpha123 # Policy platform password. - policyClientUsername: python # For use with ClientAuth - policyClientPassword: test # For use with ClientAuth # Credentials for the message reader - A placeholder. messageReaderHosts: NA messageReaderTopic: NA - messageReaderAafUserId: NA - messageReaderAafPassword: NA # Credentials for the SDC interface - A placeholder. sdcUrl: NA - sdcUsername: NA - sdcPassword: NA sdcONAPInstanceID: NA - # Credentials for the placement service – Generic. - osdfPlacementUsername: "test" - osdfPlacementPassword: "testpwd" - # Credentials for the OOF placement service – SO. - osdfPlacementSOUsername: so_test - osdfPlacementSOPassword: so_testpwd - # Credentials for the OOF placement service - VFC - osdfPlacementVFCUsername: vfc_test - osdfPlacementVFCPassword: vfc_testpwd - # Credentials for the OOF CM scheduling service – Generic. - osdfCMSchedulerUsername: test1 - osdfCMSchedulerPassword: testpwd1 #AAF Authentication is_aaf_enabled: False aaf_cache_expiry_mins: 5 @@ -101,16 +77,8 @@ config: aaf_ca_certs: /opt/app/ssl_cert/aaf_root_ca.cer # config db api configDbUrl: http://config.db.url:8080 - configDbUserName: osdf - configDbPassword: passwd configDbGetCellListUrl: 'SDNCConfigDBAPI/getCellList' configDbGetNbrListUrl: 'SDNCConfigDBAPI/getNbrList' - # Credentials for PCIHandler - pciHMSUsername: "" # pcihandler username for call back. - pciHMSPassword: "" # pcihandler password for call back. - # Credentials for the OOF PCI Opt service - osdfPCIOptUsername: pci_test - osdfPCIOptPassword: pci_testpwd # default number of instances replicaCount: 1 nodeSelector: {} @@ -157,4 +125,4 @@ ingress: name: "oof-osdf" port: 8698 config: - ssl: "none"
\ No newline at end of file + ssl: "redirect" diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf index 7c58b3da54..90248b8836 100644 --- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf +++ b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf @@ -21,10 +21,10 @@ COMPONENT_X_MS_MB=1024 REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/ REST_PDP_ID=https://{{ .Values.global.pdp.nameOverride }}:{{.Values.config.pdpPort}}/pdp/ -PDP_HTTP_USER_ID=testpdp -PDP_HTTP_PASSWORD=alpha123 -PDP_PAP_PDP_HTTP_USER_ID=testpap -PDP_PAP_PDP_HTTP_PASSWORD=alpha123 +PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID} +PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD} +PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID} +PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD} M2_HOME=/usr/share/java/maven-3 snapshotRepositoryID=policy-nexus-snapshots @@ -33,8 +33,8 @@ snapshotRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.c releaseRepositoryID=policy-nexus-releases releaseRepositoryName=Releases releaseRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases -repositoryUsername=admin -repositoryPassword=admin123 +repositoryUsername=${REPOSITORY_USERNAME} +repositoryPassword=${REPOSITORY_PASSWORD} UEB_URL=message-router UEB_TOPIC=PDPD-CONFIGURATION UEB_API_KEY= @@ -63,5 +63,5 @@ BRMS_UEB_API_KEY= BRMS_UEB_API_SECRET= #Dependency.json file version -BRMS_DEPENDENCY_VERSION=1.6.0 -BRMS_MODELS_DEPENDENCY_VERSION=2.2.2 +BRMS_DEPENDENCY_VERSION=1.6.3 +BRMS_MODELS_DEPENDENCY_VERSION=2.2.5 diff --git a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml index 6ff76ddfd1..8d9863784f 100644 --- a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml +++ b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml @@ -33,6 +33,40 @@ spec: spec: initContainers: - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done" + env: + - name: JDBC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: JDBC_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} + - name: PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} + - name: REPOSITORY_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }} + - name: REPOSITORY_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input/pe + name: pe-input + - mountPath: /config-input/pe-brmsgw + name: pe-brmsgw-input + - mountPath: /config/pe + name: pe + - mountPath: /config/pe-brmsgw + name: pe-brmsgw + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - command: - /root/ready.py args: - --container-name @@ -59,6 +93,18 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: JDBC_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} + - name: PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} + - name: REPOSITORY_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }} + - name: REPOSITORY_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }} ports: - containerPort: {{ .Values.service.externalPort }} {{- if eq .Values.liveness.enabled true }} @@ -103,7 +149,7 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: pe + - name: pe-input configMap: name: {{ include "common.release" . }}-pe-configmap defaultMode: 0755 @@ -111,9 +157,15 @@ spec: configMap: name: {{ include "common.release" . }}-pe-scripts-configmap defaultMode: 0777 - - name: pe-brmsgw + - name: pe-brmsgw-input configMap: name: {{ include "common.fullname" . }}-pe-configmap defaultMode: 0755 + - name: pe + emptyDir: + medium: Memory + - name: pe-brmsgw + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml index 08afdeeac0..b906e46468 100644 --- a/kubernetes/policy/charts/brmsgw/values.yaml +++ b/kubernetes/policy/charts/brmsgw/values.yaml @@ -20,6 +20,7 @@ global: nodePortPrefix: 302 readinessRepository: oomk8s readinessImage: readiness-check:2.0.2 + envsubstImage: dibi/envsubst ################################################################# # Secrets metaconfig @@ -31,13 +32,31 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: pdp-http-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}' + login: '{{ .Values.pdp.pdphttpuserid }}' + password: '{{ .Values.pdp.pdphttppassword }}' + passwordPolicy: required + - uid: pap-http-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}' + login: '{{ .Values.pap.pdppappdphttpuserid }}' + password: '{{ .Values.pap.pdppappdphttppassword }}' + passwordPolicy: required + - uid: nexus-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.nexus.nexusCredsExternalSecret) . }}' + login: '{{ .Values.nexus.repositoryUsername }}' + password: '{{ .Values.nexus.repositoryPassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.1 +image: onap/policy-pe:1.6.3 pullPolicy: Always # flag to enable debugging - application support required @@ -52,6 +71,15 @@ config: db: user: policy_user password: policy_user +pdp: + pdphttpuserid: testpdp + pdphttppassword: alpha123 +pap: + pdppappdphttpuserid: testpap + pdppappdphttppassword: alpha123 +nexus: + repositoryUsername: admin + repositoryPassword: admin123 # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml index 58ce2d0455..0126c6e06b 100644 --- a/kubernetes/policy/charts/drools/values.yaml +++ b/kubernetes/policy/charts/drools/values.yaml @@ -40,7 +40,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pdpd-cl:1.6.0 +image: onap/policy-pdpd-cl:1.6.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/pap/resources/config/config.json b/kubernetes/policy/charts/pap/resources/config/config.json index 544ecdfc32..5c02ce0f12 100644 --- a/kubernetes/policy/charts/pap/resources/config/config.json +++ b/kubernetes/policy/charts/pap/resources/config/config.json @@ -20,8 +20,8 @@ "restServerParameters":{ "host":"0.0.0.0", "port":6969, - "userName":"healthcheck", - "password":"zb!XztG34", + "userName":"${RESTSERVER_USER}", + "password":"${RESTSERVER_PASSWORD}", "https": true, "aaf": false }, @@ -69,8 +69,8 @@ "clientName": "api", "hostname": "policy-api", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34", + "userName": "${API_USER}", + "password": "${API_PASSWORD}", "useHttps": true, "basePath": "policy/api/v1/healthcheck" }, @@ -78,8 +78,8 @@ "clientName": "distribution", "hostname": "policy-distribution", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34", + "userName": "${DISTRIBUTION_USER}", + "password": "${DISTRIBUTION_PASSWORD}", "useHttps": true, "basePath": "healthcheck" }] diff --git a/kubernetes/policy/charts/pap/templates/deployment.yaml b/kubernetes/policy/charts/pap/templates/deployment.yaml index 85ca9c1486..39ac8a81ec 100644 --- a/kubernetes/policy/charts/pap/templates/deployment.yaml +++ b/kubernetes/policy/charts/pap/templates/deployment.yaml @@ -42,6 +42,18 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: SQL_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} + - name: API_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "login") | indent 10 }} + - name: API_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "password") | indent 10 }} + - name: DISTRIBUTION_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }} + - name: DISTRIBUTION_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input name: papconfig diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/charts/pap/values.yaml index 7edb3ab871..630b2055fa 100644 --- a/kubernetes/policy/charts/pap/values.yaml +++ b/kubernetes/policy/charts/pap/values.yaml @@ -34,13 +34,31 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: restserver-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required + - uid: api-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.api.credsExternalSecret) . }}' + login: '{{ .Values.healthCheckRestClient.api.user }}' + password: '{{ .Values.healthCheckRestClient.api.password }}' + passwordPolicy: required + - uid: distribution-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}' + login: '{{ .Values.healthCheckRestClient.distribution.user }}' + password: '{{ .Values.healthCheckRestClient.distribution.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pap:2.2.0 +image: onap/policy-pap:2.2.2 pullPolicy: Always # flag to enable debugging - application support required @@ -51,6 +69,16 @@ debugEnabled: false db: user: policy_user password: policy_user +restServer: + user: healthcheck + password: zb!XztG34 +healthCheckRestClient: + api: + user: healthcheck + password: zb!XztG34 + distribution: + user: healthcheck + password: zb!XztG34 # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf index 52480e59ff..bb12880ca7 100644 --- a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf +++ b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf @@ -39,10 +39,10 @@ REST_PDP_REGISTER_RETRIES=-1 REST_PDP_MAXCONTENT=999999999 # PDP related properties -PDP_HTTP_USER_ID=testpdp -PDP_HTTP_PASSWORD=alpha123 -PDP_PAP_PDP_HTTP_USER_ID=testpap -PDP_PAP_PDP_HTTP_PASSWORD=alpha123 +PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID} +PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD} +PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID} +PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD} node_type=pdp_xacml resource_name=pdp_1 diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml index 16d5fb5cec..b70b04b023 100644 --- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml +++ b/kubernetes/policy/charts/pdp/templates/statefulset.yaml @@ -37,6 +37,36 @@ spec: spec: initContainers: - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done" + env: + - name: JDBC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: JDBC_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} + - name: PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input/pe + name: pe-input + - mountPath: /config-input/pe-pdp + name: pe-pdp-input + - mountPath: /config/pe + name: pe + - mountPath: /config/pe-pdp + name: pe-pdp + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - command: - /root/ready.py args: - --container-name @@ -87,7 +117,7 @@ spec: name: pe subPath: base.conf - mountPath: /tmp/policy-install/config/pdp-tweaks.sh - name: pe-pdp + name: pe-pdp-input subPath: pdp-tweaks.sh - mountPath: /tmp/policy-install/config/pdplp.conf name: pe-pdp @@ -132,7 +162,7 @@ spec: - name: policy-logback configMap: name: {{ include "common.fullname" . }}-log-configmap - - name: pe + - name: pe-input configMap: name: {{ include "common.release" . }}-pe-configmap defaultMode: 0755 @@ -140,9 +170,15 @@ spec: configMap: name: {{ include "common.release" . }}-pe-scripts-configmap defaultMode: 0777 - - name: pe-pdp + - name: pe-pdp-input configMap: name: {{ include "common.fullname" . }}-pe-configmap defaultMode: 0755 + - name: pe + emptyDir: + medium: Memory + - name: pe-pdp + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml index 7b9c561a61..fa6c141c1c 100644 --- a/kubernetes/policy/charts/pdp/values.yaml +++ b/kubernetes/policy/charts/pdp/values.yaml @@ -33,13 +33,25 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: pdp-http-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}' + login: '{{ .Values.pdp.pdphttpuserid }}' + password: '{{ .Values.pdp.pdphttppassword }}' + passwordPolicy: required + - uid: pap-http-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}' + login: '{{ .Values.pap.pdppappdphttpuserid }}' + password: '{{ .Values.pap.pdppappdphttppassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.1 +image: onap/policy-pe:1.6.3 pullPolicy: Always # flag to enable debugging - application support required @@ -50,6 +62,12 @@ debugEnabled: false db: user: policy_user password: policy_user +pdp: + pdphttpuserid: testpdp + pdphttppassword: alpha123 +pap: + pdppappdphttpuserid: testpap + pdppappdphttppassword: alpha123 config: papPort: 9091 diff --git a/kubernetes/policy/charts/policy-apex-pdp/values.yaml b/kubernetes/policy/charts/policy-apex-pdp/values.yaml index b149c17c48..1fdc215ff7 100644 --- a/kubernetes/policy/charts/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-apex-pdp/values.yaml @@ -29,7 +29,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-apex-pdp:2.3.0 +image: onap/policy-apex-pdp:2.3.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-api/resources/config/config.json b/kubernetes/policy/charts/policy-api/resources/config/config.json index 2e46ccae96..fba7e6ce12 100644 --- a/kubernetes/policy/charts/policy-api/resources/config/config.json +++ b/kubernetes/policy/charts/policy-api/resources/config/config.json @@ -20,8 +20,8 @@ "restServerParameters":{ "host":"0.0.0.0", "port":6969, - "userName":"healthcheck", - "password":"zb!XztG34", + "userName":"${RESTSERVER_USER}", + "password":"${RESTSERVER_PASSWORD}", "https": true, "aaf": false }, diff --git a/kubernetes/policy/charts/policy-api/templates/deployment.yaml b/kubernetes/policy/charts/policy-api/templates/deployment.yaml index 777cc4954d..e1f699eccf 100644 --- a/kubernetes/policy/charts/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-api/templates/deployment.yaml @@ -39,9 +39,13 @@ spec: - "export SQL_PASSWORD_BASE64=`echo -n ${SQL_PASSWORD} | base64`; cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" env: - name: SQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }} - name: SQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }} + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 12 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 12 }} volumeMounts: - mountPath: /config-input name: apiconfig diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml index fd66b69e4e..906e86ad38 100644 --- a/kubernetes/policy/charts/policy-api/values.yaml +++ b/kubernetes/policy/charts/policy-api/values.yaml @@ -28,19 +28,25 @@ global: # Secrets metaconfig ################################################################# secrets: - - uid: db-secret + - uid: db-creds type: basicAuth externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: restserver-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-api:2.2.1 +image: onap/policy-api:2.2.3 pullPolicy: Always # flag to enable debugging - application support required @@ -50,6 +56,9 @@ debugEnabled: false db: user: policy_user password: policy_user +restServer: + user: healthcheck + password: zb!XztG34 # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf b/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf index 93b02e76bc..810b090069 100644 --- a/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf +++ b/kubernetes/policy/charts/policy-common/resources/config/pe/base.conf @@ -21,8 +21,9 @@ TRUSTSTORE_PASSWD=Pol1cy_0nap JDBC_DRIVER=org.mariadb.jdbc.Driver JDBC_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/onap_sdk?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30 JDBC_LOG_URL=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/log?connectTimeout=30000&socketTimeout=60000&log=true&sessionVariables=max_statement_time=30 -JDBC_USER={{ .Values.global.mariadb.config.userName }} -JDBC_PASSWORD={{ .Values.global.mariadb.config.userPassword }} + +JDBC_USER=${JDBC_USER} +JDBC_PASSWORD=${JDBC_PASSWORD} site_name=site_1 fp_monitor_interval=30 diff --git a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh index 0e473105a2..ee427af678 100644 --- a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh +++ b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh @@ -1,4 +1,7 @@ +#!/bin/bash + # Copyright © 2017 Amdocs, Bell Canada, AT&T +# Modifications Copyright © 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,7 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -#!/bin/bash # Script to configure and start the Policy components that are to run in the designated container, # It is intended to be used as the entrypoint in the Dockerfile, so the last statement of the @@ -65,7 +67,7 @@ else fi if [[ -f config/policy-truststore ]]; then - cp -f config/policy-truststore $[POLICY_HOME]/etc/ssl + cp -f config/policy-truststore $POLICY_HOME/etc/ssl fi if [[ -f config/$container-tweaks.sh ]] ; then @@ -95,13 +97,4 @@ else fi policy.sh start - -# on pap, wait for pap, pdp, brmsgw, nexus and drools up, -# then push the initial default policies -if [[ $container == pap ]]; then - # wait addional 1 minute for all processes to get fully initialized and synched up - sleep 60 - bash -xv config/push-policies.sh -fi - sleep 1000d diff --git a/kubernetes/policy/charts/policy-distribution/values.yaml b/kubernetes/policy/charts/policy-distribution/values.yaml index 2d62d1b571..835bfc4656 100644 --- a/kubernetes/policy/charts/policy-distribution/values.yaml +++ b/kubernetes/policy/charts/policy-distribution/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-distribution:2.3.0 +image: onap/policy-distribution:2.3.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json index a52cc0f6d4..3b72d8ed90 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json +++ b/kubernetes/policy/charts/policy-xacml-pdp/resources/config/config.json @@ -21,16 +21,16 @@ "restServerParameters": { "host": "0.0.0.0", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34", + "userName": "${RESTSERVER_USER}", + "password": "${RESTSERVER_PASSWORD}", "https": true, "aaf": false }, "policyApiParameters": { "host": "policy-api", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34", + "userName": "${API_USER}", + "password": "${API_PASSWORD}", "https": true, "aaf": false }, diff --git a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml index 5b02c177b5..9ac5d68a89 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/templates/deployment.yaml @@ -31,6 +31,28 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }} + - name: API_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "login") | indent 10 }} + - name: API_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: pdpxconfig + - mountPath: /config + name: pdpxconfig-processed + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -63,7 +85,9 @@ spec: name: localtime readOnly: true - mountPath: /opt/app/policy/pdpx/etc/mounted - name: pdpxconfig + name: pdpxconfig-processed + emptyDir: + medium: Memory resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -82,5 +106,8 @@ spec: configMap: name: {{ include "common.fullname" . }}-configmap defaultMode: 0755 + - name: pdpxconfig-processed + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml index dc7266e9a1..63f50fd7fa 100644 --- a/kubernetes/policy/charts/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/charts/policy-xacml-pdp/values.yaml @@ -21,6 +21,7 @@ ################################################################# global: persistence: {} + envsubstImage: dibi/envsubst ################################################################# # Secrets metaconfig @@ -32,13 +33,25 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: restserver-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required + - uid: api-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.apiServer.credsExternalSecret) . }}' + login: '{{ .Values.apiServer.user }}' + password: '{{ .Values.apiServer.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-xacml-pdp:2.2.0 +image: onap/policy-xacml-pdp:2.2.1 pullPolicy: Always # flag to enable debugging - application support required @@ -49,6 +62,12 @@ debugEnabled: false db: user: policy_user password: policy_user +restServer: + user: healthcheck + password: zb!XztG34 +apiServer: + user: healthcheck + password: zb!XztG34 # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/resources/config/pe/push-policies.sh b/kubernetes/policy/resources/config/pe/push-policies.sh deleted file mode 100644 index ec8c914c17..0000000000 --- a/kubernetes/policy/resources/config/pe/push-policies.sh +++ /dev/null @@ -1,485 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# Modifications Copyright © 2018-2019 AT&T. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#! /bin/bash - -# forked from https://gerrit.onap.org/r/gitweb?p=policy/docker.git;a=blob;f=config/pe/push-policies.sh;h=555ab357e6b4f54237bf07ef5e6777d782564bc0;hb=refs/heads/amsterdam and adapted for OOM - -#########################################Upload BRMS Param Template########################################## - -echo "Upload BRMS Param Template" - -sleep 2 - -wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl - -sleep 2 - -curl -k -v --silent -X POST --header 'Content-Type: multipart/form-data' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -F "file=@cl-amsterdam-template.drl" -F "importParametersJson={\"serviceName\":\"ClosedLoopControlName\",\"serviceType\":\"BRMSPARAM\"}" 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/policyEngineImport' - -echo "PRELOAD_POLICIES is $PRELOAD_POLICIES" - -if [ "$PRELOAD_POLICIES" == "false" ]; then - exit 0 -fi - -#########################################Create BRMS Param policies########################################## - -echo "Create BRMSParam Operational Policies" - -sleep 2 - -echo "Create BRMSParamvFirewall Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamvFirewall", - "policyDescription": "BRMS Param vFirewall policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+Eace933104d443b496b8.nodes.heat.vpg%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create BRMSParamvDNS Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamvDNS", - "policyDescription": "BRMS Param vDNS policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", - "controlLoopYaml": "controlLoop%3A%0A++version%3A+2.0.0%0A++controlLoopName%3A+ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3%0A++trigger_policy%3A+unique-policy-id-1-scale-up%0A++timeout%3A+1200%0A++abatement%3A+false%0Apolicies%3A%0A++-+id%3A+unique-policy-id-1-scale-up%0A++++name%3A+Create+a+new+VF+Module%0A++++description%3A%0A++++actor%3A+SO%0A++++recipe%3A+VF+Module+Create%0A++++target%3A%0A++++++type%3A+VNF%0A++++payload%3A%0A++++++requestParameters%3A+%27%7B%22usePreload%22%3Atrue%2C%22userParams%22%3A%5B%5D%7D%27%0A++++++configurationParameters%3A+%27%5B%7B%22ip-addr%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B9%5D%22%2C%22oam-ip-addr%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B16%5D%22%2C%22enabled%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B23%5D%22%7D%5D%27%0A++++retry%3A+0%0A++++timeout%3A+1200%0A++++success%3A+final_success%0A++++failure%3A+final_failure%0A++++failure_timeout%3A+final_failure_timeout%0A++++failure_retries%3A+final_failure_retries%0A++++failure_exception%3A+final_failure_exception%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create BRMSParamVOLTE Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamVOLTE", - "policyDescription": "BRMS Param VOLTE policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b%0D%0A++trigger_policy%3A+unique-policy-id-1-restart%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-restart%0D%0A++++name%3A+Restart+the+VM%0D%0A++++description%3A%0D%0A++++actor%3A+VFC%0D%0A++++recipe%3A+Restart%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create BRMSParamvCPE Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamvCPE", - "policyDescription": "BRMS Param vCPE policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e%0D%0A++trigger_policy%3A+unique-policy-id-1-restart%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+true%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-restart%0D%0A++++name%3A+Restart+the+VM%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+Restart%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create BRMSParamvPCI Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamvPCI", - "policyDescription": "BRMS Param vPCI policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "casablanca" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+3.0.0%0D%0A++controlLoopName%3A+ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459%0D%0A++trigger_policy%3A+unique-policy-id-123-modifyconfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-123-modifyconfig%0D%0A++++name%3A+modify+PCI+config%0D%0A++++description%3A%0D%0A++++actor%3A+SDNR%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+These+fields+are+not+used%0D%0A++++++resourceID%3A+Eace933104d443b496b8.nodes.heat.vpg%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create BRMSParamCCVPN Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamCCVPN", - "policyDescription": "BRMS Param CCVPN policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-CCVPN-2179b738-fd36-4843-a71a-a8c24c70c66b", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-CCVPN-2179b738-fd36-4843-a71a-a8c24c70c66b%0D%0A++trigger_policy%3A+unique-policy-id-16-Reroute%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-16-Reroute%0D%0A++++name%3A+Connectivity Reroute%0D%0A++++description%3A%0D%0A++++actor%3A+SDNC%0D%0A++++recipe%3A+Reroute%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -#########################################Create Micro Service Config policies########################################## - -echo "Create MicroService Config Policies" - -sleep 2 - -echo "Create MicroServicevFirewall Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevFirewall\", \"description\": \"MicroService vFirewall Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vFirewallBroadcastPackets\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 300, \"direction\": \"LESS_OR_EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ONSET\" }, { \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 700, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" } ] }] } } }", - "policyConfigType": "MicroService", - "policyName": "com.MicroServicevFirewall", - "onapName": "DCAE" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - - -sleep 2 - -echo "Create MicroServicevDNS Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevDNS\", \"description\": \"MicroService vDNS Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vLoadBalancer\", \"controlLoopSchemaType\": \"VM\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 300, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" }] }] } } }", - "policyConfigType": "MicroService", - "policyName": "com.MicroServicevDNS", - "onapName": "DCAE" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - - -sleep 2 - -echo "Create MicroServicevCPE Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevCPE\", \"description\": \"MicroService vCPE Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"Measurement_vGMUX\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value\", \"thresholdValue\": 0, \"direction\": \"EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ABATED\" }, { \"closedLoopControlName\": \"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value\", \"thresholdValue\": 0, \"direction\": \"GREATER\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" }] }] } } }", - "policyConfigType": "MicroService", - "policyName": "com.MicroServicevCPE", - "onapName": "DCAE" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -#########################################Create SDNC Naming Policies########################################## - -echo "Create Generic SDNC Naming Policy for VNF" - -sleep 2 - -echo "Create SDNC vFW Naming Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "configBody": "{ \"service\": \"SDNC-GenerateName\", \"version\": \"CSIT\", \"content\": { \"policy-instance-name\": \"ONAP_VNF_NAMING_TIMESTAMP\", \"naming-models\": [ { \"naming-properties\": [ { \"property-name\": \"AIC_CLOUD_REGION\" }, { \"property-name\": \"CONSTANT\", \"property-value\": \"ONAP-NF\" }, { \"property-name\": \"TIMESTAMP\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" } ], \"naming-type\": \"VNF\", \"naming-recipe\": \"AIC_CLOUD_REGION|DELIMITER|CONSTANT|DELIMITER|TIMESTAMP\" }, { \"naming-properties\": [ { \"property-name\": \"VNF_NAME\" }, { \"property-name\": \"SEQUENCE\", \"increment-sequence\": { \"max\": \"zzz\", \"scope\": \"ENTIRETY\", \"start-value\": \"001\", \"length\": \"3\", \"increment\": \"1\", \"sequence-type\": \"alpha-numeric\" } }, { \"property-name\": \"NFC_NAMING_CODE\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" } ], \"naming-type\": \"VNFC\", \"naming-recipe\": \"VNF_NAME|DELIMITER|NFC_NAMING_CODE|DELIMITER|SEQUENCE\" }, { \"naming-properties\": [ { \"property-name\": \"VNF_NAME\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" }, { \"property-name\": \"VF_MODULE_LABEL\" }, { \"property-name\": \"VF_MODULE_TYPE\" }, { \"property-name\": \"SEQUENCE\", \"increment-sequence\": { \"max\": \"zzz\", \"scope\": \"PRECEEDING\", \"start-value\": \"01\", \"length\": \"3\", \"increment\": \"1\", \"sequence-type\": \"alpha-numeric\" } } ], \"naming-type\": \"VF-MODULE\", \"naming-recipe\": \"VNF_NAME|DELIMITER|VF_MODULE_LABEL|DELIMITER|VF_MODULE_TYPE|DELIMITER|SEQUENCE\" } ] } }", - "policyName": "SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP", - "policyConfigType": "MicroService", - "onapName": "SDNC", - "riskLevel": "4", - "riskType": "test", - "guard": "false", - "priority": "4", - "description": "ONAP_VNF_NAMING_TIMESTAMP" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -#########################################Creating OOF PCI Policies########################################## -sleep 2 - -echo "Create MicroServicevPCI Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation_pci\", \"uuid\": \"test_pci\", \"policyName\": \"MicroServicevPCI\", \"description\": \"MicroService vPCI Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vFirewallBroadcastPackets\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.executePolicy\", \"thresholdValue\": 1, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ONSET\" } ] }] } } }", - "policyConfigType": "MicroService", - "policyName": "com.MicroServicevPCI", - "onapName": "DCAE" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create PCI MS Config Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyName": "com.PCIMS_CONFIG_POLICY", - "configBody": "{ \"PCI_NEIGHBOR_CHANGE_CLUSTER_TIMEOUT_IN_SECS\":60, \"PCI_MODCONFIG_POLICY_NAME\":\"ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"PCI_OPTMIZATION_ALGO_CATEGORY_IN_OOF\":\"OOF-PCI-OPTIMIZATION\", \"PCI_SDNR_TARGET_NAME\":\"SDNR\" }", - "policyType": "Config", - "attributes" : { "matching" : { "key1" : "value1" } }, - "policyConfigType": "Base", - "onapName": "DCAE", - "configName": "PCIMS_CONFIG_POLICY", - "configBodyType": "JSON" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create OOF Config Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyName": "com.OOF_PCI_CONFIG_POLICY", - "configBody": "{ \"ALGO_CATEGORY\":\"OOF-PCI-OPTIMIZATION\", \"PCI_OPTMIZATION_ALGO_NAME\":\"OOF-PCI-OPTIMIZATION-LEVEL1\", \"PCI_OPTIMIZATION_NW_CONSTRAINT\":\"MAX5PCICHANGESONLY\", \"PCI_OPTIMIZATION_PRIORITY\": 2, \"PCI_OPTIMIZATION_TIME_CONSTRAINT\":\"ONLYATNIGHT\" }", - "attributes" : { "matching" : { "key1" : "value1" } }, - "policyType": "Config", - "policyConfigType": "Base", - "onapName": "DCAE", - "configName": "OOF_PCI_CONFIG_POLICY", - "configBodyType": "JSON" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -#########################################Creating Decision Guard policies######################################### - -sleep 2 - -echo "Creating Decision Guard policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyClass": "Decision", - "policyName": "com.AllPermitGuard", - "policyDescription": "Testing all Permit YAML Guard Policy", - "onapName": "PDPD", - "ruleProvider": "GUARD_YAML", - "attributes": { - "MATCHING": { - "actor": ".*", - "recipe": ".*", - "targets": ".*", - "clname": ".*", - "limit": "10", - "timeWindow": "1", - "timeUnits": "minute", - "guardActiveStart": "00:00:01-05:00", - "guardActiveEnd": "23:59:59-05:00" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Creating Decision vDNS Guard - Frequency Limiter policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyClass": "Decision", - "policyName": "com.vDNS_Frequency", - "policyDescription": "Limit vDNS Scale Up over time period", - "onapName": "PDPD", - "ruleProvider": "GUARD_YAML", - "attributes": { - "MATCHING": { - "actor": "SO", - "recipe": "scaleOut", - "targets": ".*", - "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", - "limit": "1", - "timeWindow": "10", - "timeUnits": "minute", - "guardActiveStart": "00:00:01-05:00", - "guardActiveEnd": "23:59:59-05:00" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Creating Decision vDNS Guard - Min/Max policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyClass": "Decision", - "policyName": "com.vDNS_MinMax", - "policyDescription": "Ensure number of instances within a range", - "onapName": "SampleDemo", - "ruleProvider": "GUARD_MIN_MAX", - "attributes": { - "MATCHING": { - "actor": "SO", - "recipe": "scaleOut", - "targets": ".*", - "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", - "min": "1", - "max": "5", - "guardActiveStart": "00:00:01-05:00", - "guardActiveEnd": "23:59:59-05:00" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -#########################################Push Decision policy######################################### - -sleep 2 - -echo "Push Decision policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.AllPermitGuard", - "policyType": "DECISION" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "Push Decision policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.vDNS_Frequency", - "policyType": "DECISION" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "Push Decision policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.vDNS_MinMax", - "policyType": "DECISION" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -#########################################Pushing BRMS Param policies########################################## - -echo "Pushing BRMSParam Operational policies" - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamvFirewall" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamvFirewall", - "policyType": "BRMS_Param" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamvDNS" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamvDNS", - "policyType": "BRMS_Param" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamVOLTE" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamVOLTE", - "policyType": "BRMS_Param" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamvCPE" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamvCPE", - "policyType": "BRMS_Param" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamvPCI" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamvPCI", - "policyType": "BRMS_Param" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamCCVPN" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamCCVPN", - "policyType": "BRMS_Param" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -#########################################Pushing MicroService Config policies########################################## - -echo "Pushing MicroService Config policies" - -sleep 2 - -echo "pushPolicy : PUT : com.MicroServicevFirewall" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.MicroServicevFirewall", - "policyType": "MicroService" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 10 - -echo "pushPolicy : PUT : com.MicroServicevDNS" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.MicroServicevDNS", - "policyType": "MicroService" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 10 - -echo "pushPolicy : PUT : com.MicroServicevCPE" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.MicroServicevCPE", - "policyType": "MicroService" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -#########################################Pushing SDNC Naming Policies########################################## -echo "Pushing SDNC Naming Policies" - -sleep 2 - -echo "pushPolicy : PUT : SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP", - "policyType": "MicroService" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -#########################################Pushing OOF PCI Policies########################################## -sleep 10 - -echo "pushPolicy : PUT : com.MicroServicevPCI" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.MicroServicevPCI", - "policyType": "MicroService" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 10 - -echo "pushPolicy : PUT : com.PCIMS_CONFIG_POLICY" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.PCIMS_CONFIG_POLICY", - "policyType": "Base" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 10 - -echo "pushPolicy : PUT : com.OOF_PCI_CONFIG_POLICY" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.OOF_PCI_CONFIG_POLICY", - "policyType": "Base" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' diff --git a/kubernetes/policy/templates/deployment.yaml b/kubernetes/policy/templates/deployment.yaml index 8a0db8a699..fec565fb59 100644 --- a/kubernetes/policy/templates/deployment.yaml +++ b/kubernetes/policy/templates/deployment.yaml @@ -33,6 +33,24 @@ spec: spec: initContainers: - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: JDBC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: JDBC_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: pe + - mountPath: /config + name: pe-processed + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - command: - /root/ready.py args: - --container-name @@ -78,9 +96,6 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /tmp/policy-install/config/push-policies.sh - name: pe-pap - subPath: push-policies.sh - mountPath: /tmp/policy-install/config/pap-tweaks.sh name: pe-pap subPath: pap-tweaks.sh @@ -100,7 +115,7 @@ spec: name: pe-pap subPath: console.conf - mountPath: /tmp/policy-install/config/base.conf - name: pe + name: pe-processed subPath: base.conf - mountPath: /tmp/policy-install/do-start.sh name: pe-scripts @@ -157,5 +172,8 @@ spec: configMap: name: {{ include "common.fullname" . }}-pe-configmap defaultMode: 0755 + - name: pe-processed + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index 81904143fa..f6a1ace3dc 100644 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -57,14 +57,11 @@ spec: - /dbcmd-config/db.sh env: - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-secret - key: db-root-password + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 10 }} - name: MYSQL_HOST value: "{{ index .Values "mariadb-galera" "service" "name" }}" - name: MYSQL_USER - value: "{{ index .Values "mariadb-galera" "config" "userName" }}" + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: MYSQL_PORT value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" restartPolicy: Never diff --git a/kubernetes/policy/templates/secrets.yaml b/kubernetes/policy/templates/secrets.yaml index 6b8bc41033..c1f98ba3cc 100644 --- a/kubernetes/policy/templates/secrets.yaml +++ b/kubernetes/policy/templates/secrets.yaml @@ -13,17 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-secret - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-user-password: {{ index .Values "mariadb-galera" "config" "userPassword" | b64enc | quote }} - db-root-password: {{ index .Values "mariadb-galera" "config" "mariadbRootPassword" | b64enc | quote }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 1ac00c760a..f283d9042f 100644 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -22,6 +22,7 @@ global: readinessImage: readiness-check:2.0.2 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + envsubstImage: dibi/envsubst ubuntuImage: ubuntu:16.04 pdp: nameOverride: pdp @@ -37,9 +38,6 @@ global: # '&mariadbConfig' means we "store" the values for later use in the file # with '*mariadbConfig' pointer. config: &mariadbConfig - userName: policy_user - userPassword: policy_user - mariadbRootPassword: secret mysqlDatabase: policyadmin service: &mariadbService name: policy-mariadb @@ -47,25 +45,55 @@ global: internalPort: 3306 ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-root-password + name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password' + type: password + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret"))}}' + password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}' + policy: generate + - uid: db-secret + name: &dbSecretName '{{ include "common.release" . }}-policy-db-secret' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "policy-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "config" "userName" }}' + password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + passwordPolicy: generate + +################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.1 +image: onap/policy-pe:1.6.3 mariadb_image: library/mariadb:10 pullPolicy: Always subChartsOnly: enabled: true +db: &dbSecretsHook + credsExternalSecret: *dbSecretName + pap: nameOverride: pap + db: *dbSecretsHook pdp: nameOverride: pdp + db: *dbSecretsHook drools: nameOverride: drools -brmwgw: + db: *dbSecretsHook +brmsgw: nameOverride: brmsgw + db: *dbSecretsHook +policy-api: + db: *dbSecretsHook +policy-xacml-pdp: + db: *dbSecretsHook + nexus: nameOverride: nexus @@ -109,10 +137,20 @@ service: ingress: enabled: false + service: + - baseaddr: "policy.api" + name: "pap" + port: 8443 + config: + ssl: "redirect" mariadb-galera: # mariadb-galera.config and global.mariadb.config must be equals - config: *mariadbConfig + config: + <<: *mariadbConfig + userName: policy_user + mariadbRootPasswordExternalSecret: *dbRootPassSecretName + userCredentialsExternalSecret: *dbSecretName nameOverride: policy-mariadb # mariadb-galera.service and global.mariadb.service must be equals service: *mariadbService diff --git a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties index 63348f02d6..aeef85e54c 100755 --- a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties +++ b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties @@ -115,13 +115,12 @@ external_system_notification_url= https://jira.onap.org/browse/ #cookie domain cookie_domain = onap.org -{{- if .Values.global.aafEnabled }} -# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now) -ext_central_access_user_name = aaf_admin@people.osaaf.org -ext_central_access_password = thiswillbereplacedatruntime -ext_central_access_url = {{ .Values.aafURL }}/authz/ -ext_central_access_user_domain = @people.osaaf.org - # External Central Auth system access -remote_centralized_system_access = true -{{- end }} +remote_centralized_system_access = {{.Values.global.aafEnabled}} + +# External Access System Basic Auth Credentials & Rest endpoint +# The credentials are placeholders as these are replaced by AAF X509 identity at runtime +ext_central_access_user_name = portal@portal.onap.org +ext_central_access_password = thisfakepasswordwillbereplacedbythex509cert +ext_central_access_url = {{.Values.aafURL}} +ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file diff --git a/kubernetes/portal/charts/portal-app/templates/deployment.yaml b/kubernetes/portal/charts/portal-app/templates/deployment.yaml index 14bbd3c7f6..af00b5ff89 100644 --- a/kubernetes/portal/charts/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/charts/portal-app/templates/deployment.yaml @@ -60,7 +60,7 @@ spec: -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\ /start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"] env: - - name: _CATALINA_OPTS + - name: CATALINA_OPTS value: > -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}" -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}" diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml index 9a17ab0f6f..8d18fd0dbd 100644 --- a/kubernetes/portal/charts/portal-app/values.yaml +++ b/kubernetes/portal/charts/portal-app/values.yaml @@ -32,12 +32,12 @@ global: # application image repository: nexus3.onap.org:10001 -image: onap/portal-app:2.6.0 +image: onap/portal-app:3.2.0 pullPolicy: Always #AAF local config -aafURL: https://aaf-service:8100/ +aafURL: https://aaf-service:8100/authz/ aafConfig: aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! @@ -121,7 +121,7 @@ messageRouter: ingress: enabled: false service: - - baseaddr: portalapp + - baseaddr: portal.api name: "portal-app" port: 8443 config: diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql index a5c94bc5e1..13b319c76a 100644 --- a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql +++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql @@ -23,7 +23,7 @@ while the OOM K8s version has these service split up. */ -- app_url is the FE, app_rest_endpoint is the BE --portal-sdk => TODO: doesn't open a node port yet -update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App'; +update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App'; --dmaap-bc => the dmaap-bc doesn't open a node port.. update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl'; --sdc-be => 8443:30204 @@ -36,9 +36,9 @@ update fn_app set app_url = 'https://{{.Values.config.vidHostName}}:{{.Values.co --sparky => TODO: sparky doesn't open a node port yet update fn_app set app_url = 'https://{{.Values.config.aaiSparkyHostName}}:{{.Values.config.aaiSparkyPort}}/services/aai/webapp/index.html#/viewInspect', app_rest_endpoint = 'https://aai-sparky-be.{{.Release.Namespace}}:8000/api/v2' where app_name = 'A&AI UI'; --cli => 8080:30260 -update fn_app set app_url = 'http://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI'; +update fn_app set app_url = 'https://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI'; --msb-iag => 80:30280 -update fn_app set app_url = 'http://{{.Values.config.msbHostName}}:{{.Values.config.msbPort}}/iui/microservices/default.html' where app_name = 'MSB'; +update fn_app set app_url = 'https://{{.Values.config.msbHostName}}:{{.Values.config.msbPort}}/iui/microservices/default.html' where app_name = 'MSB'; /* @@ -58,7 +58,7 @@ Add Contact information for SO Monitoring INSERT IGNORE INTO `fn_app_contact_us` (app_id, contact_name, contact_email, url, active_yn, description) VALUES ( 10,"SO Team","so@lists.onap.org","https://wiki.onap.org/display/DW/Approved+Projects",NULL, "Service Orchestration (SO)."); /* -Additionally, some more update statments; these should be refactored to another SQL file in future releases +Additionally, some more update statments; these should be refactored to another SQL file in future releases */ -- portal @@ -84,12 +84,9 @@ UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y'; /* Onboard LF Acumos App */ -INSERT IGNORE INTO `fn_app` (`app_id`, `app_name`, `app_image_url`, `app_description`, `app_notes`, `app_url`, `app_alternate_url`, `app_rest_endpoint`, `ml_app_name`, `ml_app_admin_id`, `mots_id`, `app_password`, `open`, `enabled`, `thumbnail`, `app_username`, `ueb_key`, `ueb_secret`, `ueb_topic_name`, `app_type`,`auth_central`,`auth_namespace`) VALUES +INSERT IGNORE INTO `fn_app` (`app_id`, `app_name`, `app_image_url`, `app_description`, `app_notes`, `app_url`, `app_alternate_url`, `app_rest_endpoint`, `ml_app_name`, `ml_app_admin_id`, `mots_id`, `app_password`, `open`, `enabled`, `thumbnail`, `app_username`, `ueb_key`, `ueb_secret`, `ueb_topic_name`, `app_type`,`auth_central`,`auth_namespace`) VALUES (11, 'LF Acumos Marketplace', 'images/cache/portal_907838932_26954.png', NULL, NULL, 'https://marketplace.acumos.org/#/home', NULL, NULL, '', '', NULL, '', 'Y', 'Y', NULL, '', '', '', '', 2,'N',NULL); -- add Acumos thumbnail UPDATE`fn_app`SET`thumbnail`=0x89504E470D0A1A0A0000000D494844520000010D0000004408060000009B326018000000017352474200AECE1CE90000000467414D410000B18F0BFC6105000000097048597300000EC400000EC401952B0E1B000051D749444154785EED7D07605555D6F54AEFBDF742120221F41E7A930E0A2A36D451B18E7DFC6C63EF3ACE388EBD6043054511A448EFBD844012D27BEFBD27FF5EFBBD28202558E67766B2E0E625EFB673CB5E67ED7DF639C7A443803F289A9BDB50515E8F152BE2B07A6D124C4C4DE0E06085871F9A0467672B242695A0ADDD048BBF3884E69676B8B8D962D8207F0C1FE887A8084F24A69600268087AB9D2CB63031913FBAD18D6EFC2AFC7F278DC2FC2AC41F2F4479692D2CADCD919F5B0D5F7F27F48EF6C5FAB509D8B93B0BA56575B077B4468B10C3002185E8DEDE58BE2A1E0E7696080E71C5965DE9B07790F56D406D630B5AE592AEBA241A3985B5D8B43713013E8E1814ED8388101739A329C2839CD13FD2D350806E74A31B1784FF6FA471707726962CDE8F92E21A2585BBFE321EC34787E2F18757A3674F2F9C482E415646194C2DCC6061618EC6D636F8783BE1A69B87E3B3250771F0483EEEBF672C3E5A72081DA6663033073ACC4CE507D0C2A5AD1D174F8BC489CC0A1C8C2B8095ADA5F085095ADADB10E2EB84293121F074B3C194E1C1C61275A31BDDE80AFEADA4D12A522023A504AFBFB811B107F2E02C465B5BDB8C19F3FBE1BE4726EB36CDB2CDE5733ED46D69E8266626686BEB40B390C05F1F9D821DBB32F0FDDA440C1D120467576BECDA93250AC502EDE27A989ACBB67239266666FA49A2B9624E1F1C4E2844625AB91CCF02AD72ACB0205704F9D8E3D3D589880872C193B78E44DF080F3D7F37BAD18D7343AAE6DF1759A92538B8331DFF7A76039EB9F73B3C74F357488E2F4280B8080162BC93A6F746700F77E3D6404E6639AAAB1B6069694E6140E180CAAA465CBB70308A44956CDB960A7B714B7CBCEC91935D095321156E632A3FDB4918F20779D054AECC4294C7722198FE3D3D1112E084E6A656D9B203365666B2AD097C3DEC515AD18067DFDF8BC389C5D87630475C20F171BAD18D6E9C15664F088CBFFF66686D6EC3C615C7F1CE4B9B4425B4E3BD57B6E2C89E0CE48991F78CF6C6806181E83F34182EEE7628CCADC4FEDD194200E5B016C5B0757332FAF4F545427C21CCC5E8EBEA5B3054B69F32B5279E7AEA079889AB626F6F891E611E481443178610C63085528709DD13611A3287280F33F9BEADBD0369D9559838320825E50DA8AC6D52F78401D29CC26A580939719BB6D60EFCE3B343D8775C084D088984D28D6E74E3E7F85D94464D5503CA4BAA111EE585CDDFC5C3D1C91A73AE1E827B9F9A0EDF405714E455E3DB2507B0EEDB38A48B12A14BB272D951EC1215B172591CEA6B9A71DB9DA34519B4C04388E5A2A99178F491756AE02489800017716B1A505BD748DB97A55D7F76B4B70B6F1874877E25DB9A8B5C696C6EC5EAADE9983C32183616E2CAC8AACADA46833221C7D0B591ED6C6DCC91955F855B9EDA886D877265AB6E74A31BA7E3778D6964A79562C95BBBE0EBE78CF8B83C242714C1CCDC1466A220CCADCDD121864AA36D1745D0DED20107676BF419E087E5CB6231624C18EEB8670C7C7D9CF0FE7B7BF1CD3747E1EC6A8792D25ADC7DCF587CF6C5117525CCCDCD657F03515068B4CBF13AC465818919AF4E8F4D57A54A148BAD9D05AE9E1D8DE89EEE2815D5F1F83BBB61696E8656F15AE64EEC818D7BB3515A590F37671B0CE8E981876E18063B1B0BC3C574A31BDD50FCA64AA3AEA6D1F89B01813DDC917EA2108BFFB90D19C9C5B013B7C2D6C61216E286988A410B65A82230E96817B7C314B9D915080C71839D9D158E1ECA868DAD052CACCC30615218EAEB5A9095550E7F21A0CCCC72545634A83A686B6B13C26947B3587E93B8450DCDED528E6654563608C1D4A1A0A81AC5A58D701542F2F3B4C7F4B1A1880EF7C0787179E68C0FD37D064779E2C68BFBE09EAB07E0A2114118D4CB03E5D54D4817D7A91BDDE8C6A9F8554AA3BDAD1DA50535D8BF351947F765236A4000D62F3F8A1B1F9D2CC6EF8A7D5B528420CC912A0AE3D8A11C5494D5A343C8C2C2C2523EDBD101337527DACD4415886BD1D8D486E8817EDAA272FC7821264C8D40AFDEBED8B02E11B32FE98BB008778486BAE39147D6E0E0915CB8B8DA6A1CC4D28A8B1C43140609C743C8C1DBD3019E1E767075B245634B2BF28A6B909255851BE747CB3A43BCE2D977F748194CB070566F04FA38EA77052535C8C8AB4589B85835428225423E61FECE18290AC84DDCAC6E74E37F1DBF9834F2324A11BB3303C7850C18836453C7F6EFE331686C0F210A4B34D43521490C7FD2DC3E6896DA9F6E4987FC4B4F2A467A6AA9A80E2B3172C377A6421A8C2FB4B677C02FD0052E1EF6D8B92D0DD3E74623E158018E1D2FC082AB07E3EE7BC7EAB95B455D3CF6F8063838580A5998CB37A259E4FC248DBAFA6694890A2912822A1157A356DC121373463D4C34DFE396AB07C2C949CE2D0AE799F7F68942E9C0B0BEDE78EECE51F866630A36EDCF4190B783B6CA3434B6C2CFCB1EF72F1CACE7ED4637BAF10B5B4FF2C43D483A9287A37BB3509A5F8D82AC0AA4C717C1D1CD0EA3A6F4C2F6B509E839C01F1525B5C84B2F478F282FA42516A140DC8F7E4383316058104E08193436B4AA719A98507188D10B5A5BDBE01BE08ADCCC32F41F1C80C2C26A3489F13258397D666FDD265548870961B1B105881342C9C8AC405A7A2952A55C39B955281375C0E42E4BB6B4385AC1C6CA12E6421C57CE89C2CE43F958B53515FE5E0EC82DAA858D28A176718F2AC5A5F97455BC0665738A6A905520D75552872BA74522C4CF49CF7B5814934F77AB4A37FEC771C1A4919F5186D59F1DC4CAC507909F5E863A632B04839AA3A7F5C291BD99A8AD6A847FB02B6A6B9A502D069C23063D767A14F2B24BB16753AAB8297598B770089CDCAC5155DE246E40931CD9A038D844EBE5EB888A8A460487B9232DA5144D0D2D98785124BEFD260E8D8D2D78E7ED3DEABE4C9A180E5F712B68E8241636B1527958989B69BC8344441DD5D8D48A9821816810923A9258289E503B22A47CCDADEDC828A8C2A59323B0799F2826E12D531353398E09A2C40D9A363A04EF7E7D0CF58D4DC82DAE45627A051EFEE72E38DA5B2032C4CD7043FECD484F4F47515109CA2BCA51525A8ABABA7A383B1B48AD1BDD381D35627F6952515695D6A1BCA0064599557016F5CCC688AE808E48E29E6C146654222FA904D6F69617E69E241ECEC1130B3F1735D00E7B91F8CC99606442BC0538B9DAA0F7D020ECDD9484E6A6360C1917266AA11C456294B4DC167103E6888B117F24178971F9AA307A0D0C44786F4F0D5A1E3D948B8AF23A315C33F41DE48FCAAA06F48EF6C1DAD509983AB30FF2F32AB17D7B3A1A8520DE7C6B3EEEB9F73B58D95868BE464888AB2809536489CA484A2B81B98519CC2CCDE59CEDA86F6E4564B827860DF4C7D2D5F13057774688A4A51DF75E3F148FBDB113B72D18802FD69D1032E980BBB30D068B32AAAD6FC57E51316CAE8D94E3975736C2CED60243FAF860E59654FCF5E6E188E9EFA7C7FA77A1AABA1AB7DF719794A54AAED70C2D52B6007F3FBCFBF6BF8C5B74A31BA762C9939BF1F1131BE1225E80982A8ACA2BB1F8E87D081197BC2B6066F69F7ABC8AAAE27A5434D5E2910F1674BDF5A4A2B806FFBCFF3B357647210833062F850C5833D78981470F0B46767231DA9A8546C4F8E84EB0C6679E9585F61F31C3FA15C7101EE58D9E7D7D5401A4C4E763CDD77128CAADC678511293448D58DB98225D8E13262A836C16DDD7175555F538723817F6F656183E2C5093BF7AF7F28295A5190A0A2AB1735726E2C4DD610BC96C513BE13DDC515FD3027F512C7D7A0A610CF0C39ACD295A16930EBA432668686A41AAB84B93C4553A72A244FE6EC55021A9182197A32965D829E446E5C126597B21272F775BA464552253C86BEAA810DCF7CA367CBE26D17073FE4D484FCF40756DAD90A2B9DE7F0B21C6CAEA2AE4648B4AEA4637CE80836B93606B632DCA9BFDB3E49D811992F6753D07898A9DEADD5AD4B5B5ECCD0AB9CBA4B14C6AE48AA23A58DB592963197E98A059DC054F7F6771356C912A866B2E86CC55861805C39C063010DA2A35E3C6157188EAEF8F3031FA56A9ED2D8484524F1461D5D223C813A39C3AA72FAEB969246EBD672C6EBC7524C27B7A61DBA614588B8190A7AEB86AB09245CCA8505538E6723318AFA8AA6EC4814379DA2BD65A2EF2963F0DC67BAFCEC11BCFCF10C337415E41B5121E6326CCEFA04B532F6ECF8BF78DC590686F5C3A25920D381AEF2816F7C9C64A6E2F133CE41A790D24391B6B33511F4568927D678DED81E73ED8872FD69CD0EBFB7720AFA040DD370B7323695858A05648242D33D3B84537BA712AF2922A602D0A99F6672A2E899D8D0DF67C7B21EFAC89DA0DED598EA079555D228DF48442EC58190F4B1BB28C9108E4477B7B1B3AE40833AF1A88AFDED90D3B472B35311EB8435E6EF57CD4E2E4D4F2BB419D9862F597471035C01F3DA37C34186A618C43241ECFC3CA2F631112E6AAB5285B3B7CFD1C515FDB2C46DE8AFEB24F546F2F9E1DE3C6F5808BB315DAC405A172A08B66656586868666ACDB90AC01CE4E8C1911848B64FB61E24E0CECE38D3E111E1810E98587160DD7F5D7CEEA8D84F412EC1275C1E0A9A5B02955462778CD3C07FFD94859576E4D839790E4D491C178FE83FD2828A9356EF9FB8171A3B4D474BDA72C0BC1CF367906054226DDE8C6E9488BCD47637DB3D8DD4F66CEE127B2C49E7F0DBA441A6B3E3E8086DA4635640365C84B2BFF5B5B3A10D9CF1FC70FE648ED4F16922FD53581760E63A733F15594343AC42DE0BE06C633C1C695C7111CEE8E883EBE68A8695426B31515D3D6DA8A7D3B33F4BC3C46B528883113C25059D1881917472361733ABE7C6E2B02029C1112EA8626512F3421AA045E0CF7099675B572B30A8A6BD1246EC8079FC7E2D0D13CA46694A1B8B4566E648B2A0DF639518821E617D769CCC2688FA7C2F825B7A65C73B4B5C4C7AB12B4235C94B851EF7F7B4CD7FF9E686C6840764E8E14C55066067309733373A4A6A58B826267BC5F86D2B2721C8F4F405CDC71A4A4A619BF3D376A6AEB909B9B2F845588A2A2626D81EA0A2A2A2A919F5F8002594A4B4B8DDF1A617C1C67425171313233B3905F58A0EE6F5751585884CCAC6C3DE7AF459DA8BAE494541C8D3BA69F3535BFAEB2A895FD4F2425EBBD4FCFC8D0BCA7DF12E9B185686E6E517BEB7C5F482035E50D28C9ADD2BF7F09BA14089DEEFD28BC825C55DEB00F28E3027CC2ACFD46CDE885C3DB33505FDF045331AE0E133331E416F4ECE7AB599EF187F345013065DCF0A2B38584BBD34D6017F68BE6F5D5CE6C69C92586B13398013AAD0F32334A515C5CA3B189B03E5E181113825917F7C513B33E959B51808F33EE475C6201EEB97B259C5D6DF5980CC07AFB3A62D28470AC589D48FEC29851C158B12E093636426062F0ADCC3597B25709A98C1E1288BBAE1BA22FE15FFEBE0D85A5F5E2FF9D9A36CE817FFAF52439B5235148874A8460F9A9662E9D128135DB33B1E485E9FAFDEF85FCC2423CF0E0C342A2B55A067D09E47EF3A5F0F1F6C2DF5F7E11F60E17D61CBC69F3567CBBE23B949697CBF3AB5715C3B47C6727470C1F3E14575F7105ECECEC8C5B9F8AE5DFACC0DBEF7F0027074778C9F99F7FFA49383A3A18D79E1D7FFBFB6BD8BE63973C810EF4EAD51B2F3EFBA4710DB0E09AEBE4FEDBA0AAAA0A77DE7E0B468F1A854F967C8E6DDB7748F91A9418593E2B2B4B840405E3F65B6F86A7E7CF8734A8936B79F783C5883B7A4C5CD07AC37EF2AED9D8DA62C4D0A1B8FCF2F9728D5D6F714A494DC5871F7E82ACDC6C51B28D72CF9BA542B494725821223C0CB7DF7233BCBCBA3EA8D3B1F8447CF8F147282E2CD6B2F259D2D5B4B1B6469F3E5172BC9BE020F7F5D7E2ADBB5663CD5BFBE1E06A2395B229DAE59DA50D971556E3E9D50B31647A4FE39667477B5B076E897A0DD5ECEC595287073E9D7F6EA5D12086F5C683AB60EF6CA3014FC801CC483152DBD5D736A1F7E0409497D6A1A2A446D7EB2A13210659DF202E859DAD35CF4A7A817C6DD88635921C877EB954F5F8F6A3FD881A148879D70CC6F5778CC6B44BFA234708E3C4B17CD456376B3F921D9B92111AE18E385119C7B6666A6C65F9ABBBD02FDA0F11F27D436D0B5AEA5BD1A7B73762860663F98A63A8AD6B4249592DECACE56188E2618F59AA040B59AC84CCE86A4489D2197BF5122CF93E01D7CE8ED2DEAD4CE8D20B3905244983DAE8045B2FAAEB5AB0646D12E64D0A47A5361BFF7E28CC93DAB9A0486B0A7B0707C4C4C4FC68E4256565C8931AB8ABC8CECDC51D77DD8FBF3CF81032B2B2D0D8D8A8C7B1104320A83C967CB10CD366CEC5DE7DFBF4BBD3D1D6D62A06D480C6A646DDBFD3653A1F9A5B9AE51E1BF669967D4F46BEB859C5A228D84AF4C3C64D983BEF727CF0E1C7A248CA757B1A575353132A2BABB067FF7E4C9F7B095E7BFD0D253C82EB972DFF0613264FC3AA55DFCB7594EAF6BA9F187A9990E3E7CB9661C6EC8BF1DDCAD57AFFCE052A89E75F7A190BAFBF09878FC66AF336AFD35A8C9B9FBCFE3DFBF663EEA597E39DF73F947B72EE6115CA45653DFEE4B3B8F6FA3F21E944326AEAEAF438DA7F4ACA585D5383F51B3763F28C3958FAF572E35EBF0C3C5EC2CE6CD8DA5BA2BAAC01F31F18A53DB9F96ED3ED4FDCFDCB83E767250DD6BE2FDFFE35B689013AB8D8A9AA2028723AE4E4D622D1C3A27D70786BAA30B8A53E00C37BC3D609533437081B4B4DCCDD648D128D6E4349201BF2A218CD6564F6E0F6345C77C718CC5D301033E645235E5C89BABA66D4892196145523BABF1FA2A27CF1BDB02607E4616067C757F168916D66CC8C4265553D2688E17A78D861D5DA04348BE133586A21ECCA1A8DA9EB94CFDA7222A4C1E65F17276B0D74BA3AD9606F5C81E68AF41577C35D58992ECF8FC4219FBC2EC3B59D0AC63758CE6FB6A42221B5144542A0BF1732A59663262CEF2163436347C7E82789902F7757E5774949291EFEEB13E2D2A4A0478F1EF2C25AA8D151FE17899AA9A8A8D04BF7F4F080938B339E7AF605AC5DFB8361E79340C94BD7882F3C09B9ABE0B6BA8F2CA7E70A58496DCB1A9C2A80AE9289AC670DCE6746A2A91405C2C06F9BBC3BF6A280820202F0FDDA75F8EB134FE9FEFF7AE36DBCFFFE62F8F9F9C2D5D555BFA3A1733FD6E87C193DDCDDE12ECBEB6FBD850F167FACDB9C0D4F3EFBBCAA315F5F1FD8DBDB0B41CAFB5852823CA36BC5BF1D85C0BDBDBCF09518F94B7FFB8771CF9F83E57FE6F917B06BCF6EBDEF241E920CCB5626A4CF67C867EB2AF7DCC7CB1B1F8852FAE8E34F8D7B5F38CAF36B64A916F56E8EA6D666F41E1988B0413E1AE360AA42AA7800BF14674DEE7A6CC12738BE37138ECEB654F5F222D1E06485B046A348E27173FB885B928646A9E5D90C43FFA3C354B7926DE4B593173A24D203A9C70B35B6C17C0E53715D94DDE580A6F2A9BD5CE54F4BB988590B06E879EDEDAD11D4C31DC347F5C0D09860F4EAE38BEB6F1B898AAC2ABC7AC7D770F370D2F3652617C23BD415D32FEF2F72DD547CC20AEC3B98A301513359CF7270F42E929BB5FC5D5ED5242445E33741ADB852F32E8AC4BA9DE92AD7AA453579BAD9A1ACAA01BD42DD902B6E115B584C29E984A4BC3D6C95344BCAEB7FF6A233685A2EFB6517D6A0A2BA51D3CE1DD8C2F41BE3BD0F3E16D96EE84047497CF5950BB062E52A91CAAD526337C1C5D909C3447A9F0F575F7B83D468D56A04AC29298BC78C1E2D527F11E6CE9E8D5E3D7B222B3B5B6B452B3160BA905BB76F47FF7E7DD5383A91909888FD070EC34A5E7E1AF094C993D46D381F76EFD9A33106C2C3C35DF7EB045D114AFECEDA97464E92701302183A7408264F1C0FFFA000A914C4784BCB94F429E9A950D6AD5F8FB8E3C7F5BA181C6E1077C64B5C9751A34662C2D831F0F1F4929ABD560D94C4642DE7D9272AC1598C3452AEF974BC4A376AD72EB9AFCEF22EB4A84B327CC810DC74D30D5878CD9518346080BA3D1999D9FA4ED8885B159F9080D696560C1CD0DF78949FF0F853CFE2C8915838CBF1E8BEB7C812E8EF8FF9975C82C99326C0C7C70BE5E5157ADFA90458C69DBB760B89B8213232C27894AEE3C09A64ECFE3651EE9189DC232B2C78740C9A4419EFFB3E09B68E56EA098CB9AC0F6CD89DE31C904780EFDFDC87A686568D05C65CD2FBCC4A63E5077B706C4F269CC490280CC8017439A8325A9ADBE017ECA646999F5AA63108AD8D4D459AB5B33A66CD2E062B37CFD2D2C2A8500CF91C1DF2309581A4A6903DE49FB8398DCDB0B631C7210EC493558E171F5E8D6D1B92B07CC9413CF9C04A1CDE9F096F4F47ACF8FB6E5881B2507615B8B838E0D34737CB31A05DEF776C4F959ACA4C5F24BD5259CC854CB2B32B85D9DD34206A2A17C3264B27B9515413F57213581C5B7161761CCA41CF6057EC3E928FE9A3427558C056B600C975B3A4C6D39E11DCFF84943D59CE157BA2CCF8ED6F8BD8B8A35A3B35CB0B1C121CA4DF458485C97535C2567CF5838762F5BB73E1F32FBE446945191CC4B0688CBD7AF5C45BFF7A0D0FDC77B71A419FA8DE98356B063E7AFF5D5C77F55572EC668D05D0C0FEFEFABF37818CB5708B18EAEC9933F0F187EFE1A1BFDC87CB2F9D8F3B6FB9056FFFEB9F78F2AF8FC8B336536366DC8535353F196B6240F1E6458BB058AEE39E3BFF8CCB64BFBBEFFE3316BFF70E16CA7551E5B2F2721445B3F893CF548D9C8CC38763B165C74E5511748B78DCA79F7C0C4F3CF608468F1C81F0D0508C17227AF2B147657958899704C2ED7FD8B0116969E9C62319B07BEF3EECD8B1038E8E8E5A5E1AF1C30FDE8FB7DFF827165C360F53A74CC6AD52DE8F3E7817375EBF50EF3B89D343D4DE3FFEF5CBEE7B6A6C3E5A44713339CB23C409F62EB6088CF65295C177B9AEBC1129877E99DAF8196964261661E5FB7BE12CB52B0FAE8BFC508540F690DFC3C52D39BE3F1B162C00BF5362309000C17DF467A7C1A9111BBEE3EFBC2134C60631DAB09E5E183ABA075E796C2D567C7608DB37266947B7F0080F5C76CD50F1170DAC3DED96A1B2B761842DC2D2DA0C1585B558FBEE014D275F70C540D48BABC0726A49F8299BB68A9131C78365D77F42062E4EB6A8956D35182BFC45366EA86F456E41B52671ED921B3E634CA8BA68243D5E3F8F792E38D858E2B0DCBBDDE25A192FF637035D8616216183F2694770908134FAF58BD60021C939F53CAD1ED5D5D5D82852DB450C852F2E7B1A3FFDC4E3521B9F3980B7E0F24B317BC674A9F92AB416E5F11910FC77A15E8C75EA9429B8E3B65BF4BA4FC730511E7F11B2A30A2009D070F91E9697970B09DE8B8B67CF306E792AAEBAE2725CB56081920CF761D075CBB6EDC6B506ACDFB4194D727E3E75BA7F2C0349F54C60396EF8D3427DB7E82E928C491227E34371833A039B54770FFDDF5F306AE448FDFB74CC9F7709AEBEEA0A7D5EBC6E12E3CA95DF1BD7761D25A2CCD95193EEBC5F989BAA73EF1017B87839C87B2DA421AA9895FE2FC1CF9EC6966F8EA2B2B816E63434351543FC81710AB624048A31338DBC30B35C5B4714F45BC44E9434E4C119BE6BD702F36FD11946E313C333AE673F10BF00174D375FF7F551B4092BDAD859C0D6CE5A7BC86E589388267123464F88C0076FED127FCC1753FE3408B5150DBA3FCF66EF6C8DE57FDB857629CF94291122A17D3536A18511B074626BAA2AACD9314DCAC37F9C07A5B8ACE1470223B998C90D8E4D2A45FF087764E456A348D6C70CF4937D0DC1ADCECB3A1B781C2A8E8DFBB2B16C7D8AF1DBDF06FB0F1E9617DC102C6300B957642FFD3EB26784948BD7C001884C909A7E76E2484E4ED5788685100C9B3D6FBDF90695F6E7C22D37DF68787EB2588A81B1D5E3DF01D6DA2E4E8E5824AEC0B9307CD8505C24C4525D5D23F700A815831C346800468B4B722E5C76E9251ADBE0794888DB4E228D969666ECD9BB57BF671075A8B82431230CF93C67C3B42917A17764A46E4F1C893DAACF8AA8A8AC404E7E9E1CCF5ACB396EDC580C1057EF5CB85208DBD3C35355A5B5EC177BEC9851B1770D65F9D5C84928D1CA84EF65483F43CAB8930801375F074365292E555EF26F401AC53995D8BD3A01760E56CA467C59D4E4E95AC817EDE287450D0F46DCAE74B918CA1C59ABEE0037960388FCEFBCB48E16832B63705FD8A2C24D643B395693280CBF00678C98148E355F1E5212222B32BB9379086672A1ACE5A7CCEA836C21A74FDED98D155FC7E2EA47C7C3C9D356FD4682637514A557206177365C84087A84BAA15F5F1F7978CCDD907F72523605B734B7C3D5C95A1E244B67026747A9618469D9BB5624882CE2CA48F92AAA1B50585287617D3DB1F560166CAD2C101DE681EA9A6634C98D56123C07D8FFC55AAE978AE3B704E3077413784F2CAD2DD5FF2502038244C2BA6A6D6B67678B6DDBCF6ED46C31696D6F55A5E2E4ECA43182AE60CCA81891EF75EA021D3B9E60FCF6F705DD8551725EBEF4E743CC88611A07E1B36D1675306FEE6CE39A7363FEFCB9DA4A43E24C3C9164FC562A98C616E4E6E4684C81EFFFC8E1C38C6BCE8DBE7DFB295170BFC2C242D4D51B82E2F1F189F23E1B62798C7D4C1A3F5EBF3F1FA65E344594739D3E77E69A5455767D402806414BB2AB74747E33331304F531BC2F768ED608161785E66A25B6937A300F7555A7B6607505A79046E2A16CD456366820B1D33C9406C48829FDFB8F0D436E7209AAA5B6A7B8A0612AC882FC9555B63C3CB23E13A7DAA586B79207CF422A64A7C6BA4678FA3961A4B8141BBE3D267FB3ED9DC3FD71F42ED9460ED1D0206E4BA427060E0BC28A2F63E5C19A61C907FBE01AEC8411737AA159540A37ACAF6AC2A069E1881CE10F6F0F7B79099A7464AF1E216E22C1DB34D8CA547533291753CB99A52AF7105E6EF6C6B472C335D018D98E6D29E5D87D341F23FBFA098199E2EB8DC9880872C64DF3FB625A4C885E42A9DC9FCA9A46540AE9742E0C80F2B35C1E4095289DEADA66DDF6B7006B85DCDC3C7D199BA416EC21FE742748141E6E547E2D2AB5D3334EF5A54F4683B1F5802D0FCE22959953D315D8D9DBA3B2AA5ADDA092B262E3B7BF2F5AE47AFC7C7C8C7F9D1B0E0EF64268361A0321B1D9D9762D57C5D7DB5B2B1FD6C4AD6DAD3FAA847A1A3B5F0C45071C1CBB962FC15C1955D282063916DD498284AB55AFDC7B4B2B4B25ECAE80DB65E7E46AAB566E5EBEC656BA8A8C6345FADEF09C76A2C67D420D2D490CFA07F47297EFDBD55D29CCA84055E9A9F19CAEE014D2387120076D2DA22CA486A6FD134A00626C6CC2ECD93F0087B7A569932779829B74928AFE4572503211C2905A9929DE6C52D56C41594D77C3D5C31113664561FD37C7502B8646C6E30BCC6DD984C7E1726A2A1BB170D1485494D661FBA6243839D92991FC202ECBC2C727C88368D45A9F893637BD320DFB572763EDBBFB70D32DC3F1AD10D184096172BA0E1D538342889DD148029CBA31C0D711F945D55A460E2DCA1B687CD61ADBE0A03D8744294C1D1D8A8AAA0684FA3962402F4FCC1A1B8AC76E1E81CBA7F4C49FE646E3964BFBE3D605FD71BB2C775C3E00B75D219FF2FB7D0B0763D2B04075E57E0B544A0D939797A7A4C09A67D8905307040A09095183A1FF5B595125EE598D71CD69A00AD440B53C1F7DEAC68B3E0F2E131FFBEF2FBF80179E7B1AF7DF738FF1DBDF0F343C4A71ED72D005E8BB6ABC14EE4BF2EF0AD8818BEF00F7E1313A732CA8167E245429C78F15E379C0B3D21E0883ED18FEB21322D3E3C8319988D7D0D0B566F9A183066AC21E03B0F7DF7B175C5C9C8D6BCE8F9443B91AFBA38DDA89C20E8AFA296EE51DEAA2F796EF404B633B724E9418D7741DA7DCE18C8442F179E526C9C90C2F9618BFBC68EC68367EDE006CFEFAB0484133BDA97A33C528F9A9FE96BC94FCCAB4DD38C0AFB0378D941314313FA2A9A1195E3ECE9830A70F562E39887AA9ADA942E404421386F8079B4E1BEADA30626C0F0C15A37DFD858D1ADF3097F7C7CAD214CB3EDE0F73776B4CBB7E08F28A4B31E78E91F00A71C66B37ADC0A78F6D85B3BD15AEBD76089E7F710B6EBF6504EC6C2CF502B3322BE1EFEF84DADA464C1EDD039B77640A9919A2C86C5161F9DAE5A5E1C3B61355B3FB709E267A3197C3C5591EBA11EEAED6281195B5431ECA27E2C6BDF6E921FC4B94D0BBDFC4E1BDAFE2F0CED771787F791C5EFA683F46DFB014B9856731E00B405A7ABA1099210988FD6F4EF7D7478E1CAEE3A3B28992E9DC59523B9D11BC58230CAF73D7C0969A91E2D30F1D3CE8BCBEF8FF179C7631AC2CBA02D6C23F816F89F1067512C685A2B3963D0D43878B1BA8F6C23398E09D7717D3AA0C2BCF011F1F6FCC9C310D93274C5017D1DADAC6B8E6FC48DE97AFEA9D15B157D0A9CAA6FFC41EB07660ACC3545CB166C46D3CBB3A3D1B4E218D9A8A7AED1B42A864978BA50FECEEE388C6FA46D494378A9F644898D25B4072E00DE08DD687209FFC2F44D32E4CD72612894A8299A5B6F6D61833B31776AC494093B83A1C8D9C7E0B9B67D97B8E8F9B29E6249149337BA3A2BC16FB76A58B3CB4963398889C3247B1B814EBBF4BC0C26726C0C5CA5EB3DC7EF8E020EA2AC43510F5B0E38B384C9FDD0B9EEE36F8528C79EA9408D8D858A0B4B4162E0EC2B801CE48CF2A975A9BE794F24A99D98AC3739BC9C568DC465D1513EC8DCDC7A8FE7E282EAFC396FDD9D8139B87A7DEDEAB4DC4D1E1EE9837310C574FEF8D20512E0DE2073343D456AE89FD57DC8468189C5DB7FBD7F73E4DCFCC56A5C71AD0CFD7578E7F6A5A3765B185B156A6FB525C7AE13547377E3F589A5B62A8A843B642D9DBDB69B0FAF1279E4195B87CBF07182FCC4B2D85A58DB9DA59FF2961C6350670D6421B3B4B7D9F989290117FE1F1B71F49E318FB7F70701C3118150DF283E4502F7E7ACF8101C817FF877E9A2637899D71ADEE2E864716FD31206A0447CBAA979ABD4E5C0D5B29E4DCEB0663EDD2232893DA9783F7980AB1F03CCA32240F35D876788B22183BB5173EFCC70E752998F04D22A1BAB1950B7EFBD5ED70F575C23F0FDD0A3731D88F1FD9A8AD288E2EB678EF8175F076B3C784F111484E29C521510C93C7856917782670B9CA368C653053B4336783B114CDD9901BDCC84C5271919CED2DE1EFE380C76F1B816F37A6E858A22BB7A7A14CAEE5586A197E103258B72B03C9B9E5983F290C8F2E1A0E2F371B1D098C933BD12D627F1B8ED3F16B9199912EB7A75D9B49434282B46FC6C9707674D20C48CA6B76F6CB48EBEE26FF47C3BD77DEAEA3ABD58A7BC96CD783878F60D16D7760F3D66DC62D7E3B146555C87B5AAD71C9BAB6460C9BF9F3C4B5DE314168A869520249FB0599A14A1A1C1323764B0AE6DC3412EE62904DA20C18372053B9FB39C1C5D316F1FB45D25B5BA87A205DD0255135220BA55EBB100AFD282693B00DD83FC405F3E478D73F380193E6F5C35AA9F91B6A9A6121F29F2D2406CA919F240C2106D6FD9C64E9D607262235B110077667E81406EA73CA5A06312D2C99CCD3847FBDBA4DFC342FBC7AFD724346AAA5B996ADAAB4012BFEB60B77DF351A33847838C87071492DA6882AE817ED8D0517472345589803F070D8401DB9DCCD4E7BAA4E1BDF03B3274660EA9810CC1A178E948C723C2BCAA257A8AB8E48EEED6AAF2D23D65206A6423736B7214988F4F9F70FE05D714BA68E0CC575B3A330634C0FF879D8C9353139ECDC7D11CE07F695C8C894FB6E69A81998CCD5D93FA413EE1E1CA13D5454468B3E07E652B0A9AE1B7F1C383939E31FAFBC02773737CDBF60C09681D7871E7D1CB7FDF96E6CDBB14353D27F0B6CFF2A1EB626563ACBA1B7872B3C835C8C6B7EC2F8ABFBA1BAA9415B368BCA2A50947D6153752869EC5A158F0DAA02AAD137A607265F31087D4784E0CFAFCCC5D34BAFC5C7CF6D109FCA122DA21E480C6D523B33D049D7857641DF89C1155B276BB8793B20A8A71716DE3701BD06FA638818A0871051694115CCA590745D0C1E5E2759C83F2111CAF946510403460663A39487C4C5E09E12926CC920255B66786E9F00839F66EF62A8753BFD53DE845DDF26A043882BBCA79BEC63AA599DE3C78661DAE49E18C39EB25323316E6408A68CEB81417DBC1115E1A199A4F12925D8272EC88A0DC958FCCD511D7478EBC11C8C18E0077B212492048FC773D17DE1EF9CF1CD5B08A249CAF4CED7B1F876530AF28A6A30B09717668E09C56C39C7D603BFBC6310D38AF30B0AF53E30101A1814605C732AD8078339272497DCDC5C7476E0EAC61F0741F2EC9E79F2714446466A65400406F823332B0B2FBCF8373CFED433DA09EFD722767D0A6C1CACD44DE931E0CC2D503DFAF9E8085E740C6C618D436B928D6BBA06531AFE916DA93A18F0814D4958FEC6766C5F1187BFBC7D29864B6DEDE6ED88EB1E9A8251337B63D2E5FD31FD9AC1987DE308CCBB3D0657DC331E57DD370E57DF3B1E178B441F3F371AFD4785C027D8552CD9780601ED9DC4221667F446D86221EA41B7216130FFC00C834787A24654CA66210D8EDD41462365304F84CA8663657096B57997F65797E28697A68A41B175C770322B31EE9423F9D8B5E204E6CCED8394B412AC597B420C4EB95131697C1876EFCBC61E21841DFBB2B079473A62138A5020245121F780238939DA5BA9A2609EC6BA1D9998333E140919A5F017426C6939E9C204BC060B7353383958A34E48EF6872093E5D2DC425DFD7335FBFE997AB8DA2E222D4371A92D94808BE3EBEFAFBE90813A541523113D78A636ED49E9616DD8D3F06820203F0F2F3CFE09A2BAF906754ABFD4CA83A98C075FC783C9E78F2193CF4C863F2DC7FB95B5B985E29B6648E5679EF7A0CF8A9AFD0C9B077B5416098A776ECB411577CEFAA9FF254BA025376712F2F96DA5164F54221873B5EB9180327448832F829505353598F0431B24352936E5A1E8B95EFEFC1672F6FC63B7FFD1E6F3FB2066F3DFA3D168B1AF9F2F5ED58FDD1416C5F790C6F3EB606B13BD3B1EA9383CA1F0347F740A3B827DAB4C51A5B3844DD0E59C7C2F71D168CC131A178FDC91FB4C544C7E0602C83D4411746544643631BFEFC9771422C0DB8FDFA2FD061698A2B1E9B809A52C3602854004C8679FFFEB5B0B630C7FD778FC30DD70FC3B7DFC5232BBB02B97955F87C692C6EB87A304244B63166C24E6DA41473EDB569D0403C17E3289C802921AD0C6EAEB64A003D7C1DB5A5E24C20A9B1BF8A839D05AE9D19A54DC45BF7E768B098B3D177AAA10BC1A1234785C4D853B8035EEE1E67CD5D0809098615631DBC4FB26D6CEC61E39A6EFCD1C044B43F5DB7102BBF5A863933A76B9C83791DAC141C1C1CE499C7E28AABAFC5D7DF7E6BDCA3EB483A90AB7147BE031636E6E815136C5CF373840AA1508D305C50927981EE495D7513FC42DC44DA5B60F3D24358F2D206EC5C791C2F2D5AAA999F6545D5F8FCD5ADA82AAB456579BD32189B73EC1DADE1222A84B9EC74495CDC1DE0EC6E0B7B7151189D8D1A1288951FEDC7472F6D4296487F374F7B8C12D78064A18381C8C9D54151FB6CC7F4F9FD34B6B26D5D229C5D6CB58F080D98A0BDB536B76B7F940917F5C292C5FB112B3768B3A888E9370D82AB9FA3BA4E848DA395104411F6AF4A44CC9860EC946BF8E18713D8BD374B5B4E366F4FC357E27E70D4F1A913C230415C155F2F3BED7BD2748A2A10BA1235C4806E49590382FD9C747473954AA741B311C5250A0B70C68C3161A811D2B3B1B1E421B06A5B1A0E8992F97194B00BC0891349DA94DA2244E5EEE90157D79FFBA704BF0FF0F3D52659F6F2DCBE73AF714D37FEA8B0B5B7C39D77DC867FBCF222A64C9CA041F9BADA3A1DC888CB3BEF7D88F73E586CDCBA6BC8385A8016A9586963D6527985449F7DC4F188C1FEE0F0066C8D600C3233AEEB43009A16A4976205E711D99381FADA16F1D54596DB5AA238BF123F2C398C6FDEDC8509F3FAE928E3E652B36B2F52A9D1D5748C06CF58039B2E69DCFC9B391001611EC816A9CE74F3CA925A241DCD07C79E9872991C4B24BEE6BF930C5ADAE1EC668721A274BE786B37EC8470D80CABAC42188D8DA9E131E37BE8EF5F7E7C4088C5068BDFDE0D07773B4CB8B29F0E61C6425125B8393AE3B3C736C3D9DE1AC1E22A31C18C6AA1A8B01691E11E62D4CD58BF350D1BB7A6A2A2A20183FBF9E1C605FDD4FD282EA9D332F1CEB37C74AD9233CB94102A850C1CE56118D2D10DA0A1322374CAF0204C1C1E28F7A70385A50D3ADEE8D1A462047A39A24E941453E32F046C2D292D2B53D260AB88CF394686622DC5E658068959932526FE7B4749EFC62F07BBE5DF7BD79FF1F4937F4540803F8AC535A1EBCEE106BE5CF6B528E365C62DCF8FA28C4AD99759C4EDDAC7C4DEEDECB91D3D870B6998339E086DA02848AF30AE393F4CD9D468C3E1C96D3962B1D81D9BFCE540AC299D4439FC20EEC584CB07E877ED5299B79BB2B615A391B39930218A2422166E224C492A61EE7EAF210128C828456D65A3924CA618CF00914ABBD726E2D8DE6C5C7CE3102513C628CA8BAB71FF0BB3502424B5ED87C41FBBEE1A5A650C6569935ADCDDDD1E975E33043B36A760E2E4484C9DD95B9487A7D4C6459871CB5078048A1210E324380072F689526CF9E408EEBB6F9C1CC29038969C528C90401725167BB95E2A8BA30985F86A550296AF49C298C101B87FD17084FA3B69AC84528F6549CAAC90BF4D10E0E928FB59A94B43E2600CC3C1D61A2FDC3D0AE181AE3896528A2FD625238E5339C87AE66E84C8B102BDEDD575BA10A4A6A7A3B4A44449835DA5274E9E685C73660CECD74F5B6BF8C23112CFDE9EDDF8CF41BFE868BCFBD6BF70E7ED37EBF3A68BE1E4E488D7DF780B79F9EC397D6ED063483B92AFF6D82236D86F620FED437636F845B88B7DDBFF58D1A7C7757DE43753361FAA0F6F30553A0CCA09CCA560B771CE7770684312A245C63333D4A49D244183E6468CC08A93A1BBCABE721CFAF011D17E38B63F5B0393661626282BA84695D4E8034787E284D4C0DBBE4BC084397DE1E5EB8C88BE7E88ECE78B4DDFC5EBCC6B8651A0581E39243FE43CEC421F332E14B93995080876C34D778FC6D5370CC3ED42081C04C725D809E3456D340A01B25C6C6DE0540AABDF3B085771A3E6CC8E467E7E2D32B32A101AE26A28BB94952D3296B29D9D101573393E581A8BAF57272042B699383C5849C4C3C55AC8A34DF335C60FF597ED9AB58F4B656D232EBB28024FDF3142DC8F627C2E84C8D6160645D9A396E5E6F1796CED9A7F81E0C8E324015E8B95B5158EC6C6E29B15DFE1ABE5CB65F9E6A7E5EBE558F9FDF7481192E1B817DC9E2FC1B1F87F4FE7B26EFCB6983F6F9E0E88545D53AB158093A323967DF58D71EDD951535E8FC2CC4A7539F8EEB3C3DA9A77F6E3DB5777FD6C59F18F5DD8F6459C0805434F769A5BE6B1628D2D7605A694EE6CC6645E01FF913668549A192AFF5970BA199E81CEFA1D5B334C384AB06CA3C627309A3838E3975F30272A6A5077A1B3431893BBB67D770C03C6F68083938D065E37AF8843589437FEFCF4547DC9BFFBE4006CAD2DF5B86421CDCC947F3CBA9DB8043BB7A4E1A15B97E1D13BBFC1BD8B96E1BE9B97E1DE5B64B9F56B2CFBEC10AE7C688C468D7F6C491125C131128F6E4AC14D8B862127AF123672FCA3C70A10DDDB5BBBBCB3FC1A8A95FF9672B399365E55DB84EFB7A462F7E15C1416D761D4403FDC7EE5202109A6B39BE1D93B47A177A80B5EBD7F9CB82C4EF8DBC787B0666786AE77B4B352A2E03D6339388A57567E159284AC2E14F1274E68649D65A454FDECF3A5F8F0A34FF0F1A79FCBB2E4A7E5B3CFF1EEFB8BB166ED3A1DA487E7668A704ECED99B7A0DF7B56BE0F81094CC1C8794A35E75827EF34FE8FAF10C3D8BFFC030BED3178E9FEEC12F3D4227664C9B8A9E11E1A238E49D13A599939BA7CFE15C28CDAD464D5983D4E326B0167B8BDD9C8EC5FFB71E4B9EDAF2B3E5B327B6E08BA7B7EA40C10C3990688A33CBD54BE80A4CFB8882182FEE0787FFD2F13B694672E3A812B42399D47625F2E2536A734224E10CD9C4D8642ABFAB3010A3E7AD62EFD369570FD6002883A1541DDC486B4BA971F74B6D3D6C4298BEB4D515F5483E96877031E0379F5A8FFABA4698B269942FBD1C8BC76F2741C93FC6591A1B9BD022EE446B738B2A1E76086BD79EACED58F9751C6A65DBB9778D447589B12545F6E7B066FFBC7535AC85EC82839CB5DFCC8103391832C01FEDA21E38D298216E21D7A9D740F210E5214CCD818953B2CA7532A42FD724E05F0F4D4044B00BA2C33DB0F8E969784FCEF9D06BBB74B268E67970391924A5882017A4E5566A30F54271F8D0E11FC7BBD0B89180B930675B884E12E7D81709423AECFDFA230C8F563FB4AF5017F1F77FBE81F1932FC28CD997E0C65B6F377E2BC791676AA8643ACBD7B56372F01B92DAAF35ACDF0B1C6782D765FCEBA4DFCF0DDE03DE0B425EA71FC151DBA3070DC5C0A131183966220A8BBA1670E4A8E91CB087A4C18E881C55FD5C483B9CA7E3E0680F7516597EB0572B33B8CFB4A87D69A7B60E4D6FC84FAD40614AD75C5A534EA9D8536A53CE92C64E657A93E4803459551642240C0C166494212CDA57FB91E8CD64A1C4C6F57D919BC40998A3470623E14096DE3C164A098672C558B0A29C72588A02E0A44AECBA3E536A709E6FD7BA24383A1A460AE3B979D19DF79D464DF2E09804ACC5C98A3AC51C2F5C162A25E698ACFDEE38163C3C46FBA8D09D20AC44A1E4A596E1E0EA645C76697FA9B90DA33B151454C1DBC7116D1D0CC692FC486C72CD525E9687F79C44C5291939C749B9B8565FAEFD6956AAACBC2A1C4F2B83A7AB8DBA477AADA7A15594928F9B1D0A4AEBE1E57EE66900CE869CBC3C343637C9359A89E1B78203F0B05584CAC3D6EE0C8B7CCFF51CA087DB731C8ABCBC7C1DF4A5133A7E279FAB2C8CD2333FA72B607ABF7F4000BCBD3C11141068FC167075711165D962385E5D9D066EBB8292B252AD80FEA8B0B3B5F98904E5B1F25E7505159595FADE12EC02CF1EDB849B9B1B02FDFC34B9CBCBDB531B00BA829A9A6A2566123C9FA799E9B95DDC13FB7235B99121022EECDD7AB6854998EC326FEB64C81CA51D5557D6212FFDB47968CE02531BF1F9930FE5E222510864A956AD15A50611A3616D4EB140D97F58247BDFD1A172435928F9928662346E1A1E47F10A087347F2913C0D721AEF1FDF3A250F1EA7A1AE1935158D70F77680A7AF232E12435EFAF61EA989D9E1CB50FBE8D080DC4DFE19F238A42C727C133929D790C4F82DB7D36EEDB295958D39562C3B8A7629C3FCFB63502F464E704B5B7B2B2C7D7EBBFC06EDE9CA099D2BAB9B0C83F2880B61A89D0DE7309CCB703D1A9F91752437C635DC9D6DB1F5500E12D2CBB0725B1AAE9ADE4B5D1236959D0E9EAB455E0E1F4F079455D623A6DF9993B2CE866371C775AC07AA3C1AE5FDF7DE83575E7C0E2F3DFF0C5E7AEE0C8B7CFFEACB2FE0964537FDE80B9F3E423913C3CC85184944CC484C4AE95A16E0AE3D7BB5BF0BC7D3080BFB692C8FE0C040796686347F9E335194CDF9C0E9127440602A23C363FEC3C1C2C20A9E9E46E3960779E4E851E39A73233E21514D82DDDF3DDCDD748E152258C8822A966A9BC316242777EDBEEF3F74489526DF2F573717D8D99FBBE239B42E453B85D6D73463C49C9E7879C78D787ADDC2332ECF70F9E15A3CB7E13AB8F9396843839585250EAFEBDA708E1AD31832B9273E7F79132EBD638CD6B0CDF5AD70F5B64779A1B01D6B76B9199C6D7DFBB7719830BF9F14CC3031924E0B205293FD51DCBD9D34A6515956A76A8037DCC0D7F276F0006280249F435B5310DADB1757DC3E4AB7FDE1AB233ACC5F3BEFB8323C771283E501480CF2A9E792DF4822BACE786E1D514CD650113088FAE9E27DB8445C144F7145D83243D83A5822F9601E762D3D8E5973FBA81B51284AC3CBD35E4981C76302998EF921903368994972754DCD70177299240AAAB4BC16474F94E0AB0DC9F8E0DBE33AD6C68D17B3AB78C78F430276822D2775A2DA4843574EEB85C1515D9BA1BB13CCEA646DC7C5D1C911D17DFAC0C7DB1B01FEFE675D38D667AFC8087848CD462264EDCF7E2B9D888C0C878BA883565122EC3CF5F2DFFE6E5C73762CF972A98E5942894C793C6ECC58E31AC0D3CB4B0726E67C2224EF4F3EFB5CC7DB3C17962FFF56D50F0DE88F0A2AB211C386E9FD638C68CBB66D421C71C6B567C6E123B13878E8883677F399F5EDD3D730AF8F20383858542087D86B5512F8F093CFF4FB7361EBB6EDC8C9310CBCD4228A93CDB20C729F0B59E5C53A921DFB8BF51D1FAA9D39D94272B6C537CC4D47F38F1CEEAF95B99DA88E1DCBE28D473B37F4E9C5CCEE83E1D322717C6F16864CE9A9BD533DFC9CB52F8A8EAA25352F3B6BA51E2BD06EF29438ECD36130E676D9BE19BD0607203BA9C4207B69D86230AA066886ACB5655B1A24E550716E39C6CF89C6AA4F0FEAC44794AB6C62E5365AC3CB86DC9FBF185E2F2A1EFE4697C8401C9AF7A0E7D1CDE026AEC277CBE26029AA20E6E2DEDAFCCA6311ECCCB6EADDFDF076B1434C4C30F272AB35B8AA2D353C8CA194FCC5B08FFCA72209957B103328003FECC84474B82736EFCD86AB8395CE4EBF715F0E9232CB7199DC2F3B5B73ED1E4FF0A5610AFAD5337A6340A40716CE8ED2EFBB8A26794972F3F38CAE491B0244DA1A5A94CE0F66147A7B7B8942E460BB1D48CFCC32AEA13BE18A0913C669976C1A0695C3934F3F7B4A70B313725BB16ACD1A2CFB6A39DCDD5C512B12BD57644FF489328C4D4AB09BF784F163B4C2E0580F59D93978F99557751CD2D34137E69F6FBEA5031B53FEFFD13169FC58706A0682D7F7AF37DE4262D29953AD3945E3ABAFBDAEC4C967EF24CF60A2DC979371D51597EA044F2495E2A2623CF5CCF3670D6C1E3A74186FBCF39EDE5F1E8FCF72F6AC99C6B567C6A1F529B083B855627BECDF151875E6F4F133217C903F9A1B9B6126EF6C517DD73243F56D64C0E4FAC7A78B4F648EF0817E08EDE32335B4853695AA918A66679E013B9115E757232852E41B7D211AB9487C4E6F10DAC70B2744BE33804AA353A3979F6A8CD4FC84F049B3B822A3C5A0483A3BD7246AEE3B41C3D7FD68C4F283718AD2C21A21AE2A9415F1B31A25F2C9EF4AE5B3443F6BF5772EE525F528CAAFC23B6FEEC482BF8ED3B66A553902BA4BC9FBF270684D126EBB7524B2732B35DF42E76311E3523747889165E6B93938F1005107FD7B7963F9FA2444043AA3A8B45ED58521B80B384AB90F1C2FC49E6385B8E2A2489D74A95ECE49CE614D7AF3BCBEF076BFB069120906BDF272F3953438C176787898F62BE90A6CC42003FCFDF4771DA13C2DED94CE6BD72DBC5A0CDC4A0983C3E9D3F5B8FFA147F0F5B72B703C3E5E0D63EFFE0378FCA9A7F0C69BEFE8C3A06A69696952D7E774CC9E3153550E87C82361ED97DAF69E071EC4A79F7FAE83F3EE93637DB362251E78F8117CBB6215382CDF1F59657482031B0DECDF4FE3191C60989D0639C114A73B88157785F795E9DE1F7CF4311E7BF269255E2A810A515A13268CD75EC72763EEEC590811C541F562B8EF7BF0E0238F61FD864DEA4272F024BA776FBFF73E9E78F6397068463E738EC171F97C4E2179EE2107F7AF4A82BDB85574339C3DEC11D4BBEB534486F6F796774D14BBBCB876B042E2DEF377B0FC31BAC2D60E670F3B1CDF9D89DB5E9C85C29C4A94FE7D3B9C7D1CC0742B1AA08D9D15920E6461D0A4089C607F0A21010ED9B7F0FF26E1CBBF6F3510006B7F1ABE18A1928DC18AF41C4CD5EED9DF1F638434BE7E772F8AC54D7072B553A3A5356A70553E2BCBEA3145DC20E66F68CC408EA5E6AF0C64000FCB2011D54E87B8C83C678B7824765206067AC65CDE073BBE4A80935C135D2C96FFAB9777E3852DD763EEDC286CD8948298618158B5EE84A6BE931B9BDBDAB483D99431A1DA0D7FE58624396E07FACB43D8B23F476A7C294A1B0D89E733D1795FD3B22B7440E22BA6F7C2AA2DA93A695249533D9E7E771F5EB96FAC3C90930ADD05B069939319A9DF2FF017A5D155D0B50C0D09C6D6ED3BF4A54B4FCB503F9A815282B4F8CA0BCFE3C147FFAA64C2F12FCB4ACBF0DEFB1FEAF36259194761F77BC31C22ADA8961AF1BA85D760C8A0817A8C93C111B6FFF6D2F39877D9023508D68E35D5D558F2F952AD25F97C34A02C04E6E6EAA25DF6CDF89D5C1B9FD71F1574B9FFFAC843B8EA9AEB9408D8E4CD7773E9B2AFF0E5D265EAAE711C535E1B49850BA7B21C36648890EBCF4750E7F11E79E87E3CF0D05F75A63706ADE982BEFCEA6B4AA40C74733065B531516D266295548423860DC5CD37FDC97894B32337A9545C130B6DB0F00CB1D5F86257D163901FAC39F1BA54FED61652117E9F845EC3CFDC9BBA13A71CFD4F8F4F4573430B5EFFCB4A78FA3A63E845BDE013E40A8EE8C52EF17CA94A447D70EED4E09E5EDA8E1C18E6AE69E295A575F2B21903A07293A828749C42F993B33355091188A7838B6FE4E8CE2658FAC64E4D19570B145E2068884C170FEAE18E9BEE1B8F11E3C231606810068E08C26059060DE7673006CA2753CA675ED2176326C93603033072540F8C1DD703FDFAF9A9AB70FB5B73B4F5847116C256DC8A235B5370786D326EBE79848E72CE4994B4CBBD180C035896F2325C3CAD9794B705AB44F2F1A58F08729732B523471416F98B1DE9D83242854270C0E2CAAA267CFC5D3CC60D0D44BF084F6DBD49CFA9405ED1858FCE94949CA44A802F2967E3EA9CE3A4AB080A0C82995C07F7E7485E1C9CF664F4E9D31BAFFFE35584F508155553A1D7C8DACFD1D15E89C2C9C949FD71CE2BCA87F7D003F76BAFCCB381FD24967EFE29060E1820954283BE139DC7E1EC641CF897E0E0C4ECC2EFE9E1AE711212C8E92D092C73E7A227EF0AE4F1F1BD3979E90A0CDB1A9A1ECF94ADCB9C9CCF3EF950E31B3A676D63A31A3B1515631D8E0E8E62F076DAE18CD73C67F64CEDC17A36848785E395979E5352E7B8AF8493B383D894A912B5AD9D0D1CE4BE3536362801733472CE4B73BE314F8B332B509455295E82A9A64D746552E793C1F003E743610308BB7F7465CCD09F4DCB386862381C9C6DF08F3BBF86BDB32D82C5151934210279A925282FAE5557860F2A6C801FE2F76469A6684176B9CE2A4D52A1BB4217A2471F6FF41B1D8AFD9B9231784218068D0B130272C1BC453158F6F62E1CDB9BA9FDFE69B0ACE6492F7C88ECE13AF38A81E83B2C08775CF2117E5811872DDF27602397EF8ECB673C36AC3A8ECD3F9C407A4A99B82CB53828C77AEDF94D58BFE604D6CAFA43077230636EB4DED0E403F986D4747939A84AD20E17E0F2FB462129B51469E9A5F2825B2135BD0C2EE25E5C3CB3378E9D28466C62B1BC14E27F0A11DE75C3507CB93A0135F52DB85AD65F33BBB7908B09F61D37B44C903BF89ED637B6E28410D188BEDEE2AAD8E9C03DECE41626AECD8560DD0F1B919C9CA24AC1D9C901D75C75E505497A1AC096AD3BB409942ACD4B8C748048ED934163E6140116E616C8CDCB4392B825242AB68270F46B1B2B6B796927E1969B6ED0C980CE07D6B49CFC2730D05F95526A4AAA48EE2254881F5F2D06E2EDEDA3D348DEBAE8464D3ACBCACE52A3F4F5F5C6A489138C4701FEF1FA9BE2F636699F9B98E1237406F5F38123757FFEE5328DA5D0B59B3C792202859CCE07B66230598E6AAA54D4D69FAE5DA83187934125312A66A4AABD4271218E27C4A3DA38323B9545AD10EB6859BF48D4C0FC8BE71AF73A3BD84C1D337284E6D1C4279CD0B14FD8558144C1C1798AA51C51BD7A61D10D7FC282CBE7FF184C3D17328F1763C34747947C2A6A6B70E3F353E1117061EF5C567C1112F7E4AA1B4F5BE488FFD6C6B001F9FBF469194D84D5CF48E9B1DBD2F0F7BB966BFF11F6629D76ED10ED0D7760638ACE123FE1D2FED8B3F604068D0FC3AEB589689603D2FE59F871F3A371D363D35057D3888DCB8E222DBE0015A5F578E0F58BB5167FE8AA4F74EA0253710118EE603095E383729E14B61DBFB5F2267CF9F61E2C7D6F9761A01D3930678FD7CA87AA5DC8852D142DB2C8AF888CF2C5485119BB7666205B082025A5046F2CBE12FE2EB67868CA6234D5B66A6A2D512DE57870C9A570EAE781D7FFB90BFF77FF387CF5ED71F8FAD863F5C65454D43408C958EAA85FE346896F6AD681551BD3A4E6B4C6BA0F2F37C478044FBCB90719F99CEF94B107B906294B93288C1AD96FECA00084073AC1CED60A13879EFF053E19372CBA0545620094F7C3870FC5630F3D685CD375DC7EE73D2A7FD93B3632A227FEF1B7178D6BCE8C86FA46A4A4A7A901F9FAF8C0DB537C62C365FE22B0E6A4EA68E96885A39D83925EA702E8541252BF6B4571322132E8C7BFB9DEE0C29CBF10DC873912DC962D602ECE2E6A94E7836116F932254E96F7E4796ACF06AA8DDCFC7C550A6CAD62D099FBFF52F058B1B171AA5438E136E780E5B4141782556FECC5470F6F04C7E26516F6E2CCFBE0EED7B569173A11B72D1D778D7B073E5E2E6A6B8F7D770522871B72729896704BD46B2A0A9841FAC0A7F34F754F4E46FFB13DF0F69EBBB1E899E9DA99EDBD27D662DB37C7102E0A234A5440A330CF9839D1422AF57072B5C1D46B8660D153D3F0ECD26B953008469EE3F766A9B1370A8130857C87D4DA745538A319BF37280C060B20C4528B990B06A97FC5161AAA1AB22D0740E55817ECD7C10995D89AC098839DF87136E2129D905AFF9DD7B68BEF698911A26EA832D67E2F4410E18E81E2BE90213BC1710656BF770091216EF8DBCBD31112EC8207EE198D5DFBB2919EC597C84C034A541A21FE8E58BF3503D1911E1831D00FA5E2A6119C28DADCC204413E8EF0F37480AF879D2C0E08F37746FF9E9EC82BAE4190AF1396AE4D425965D7679267F43B39254D836A7C910644471BD75C18428383757F4EE0CC0C440654CF051B5B6BF4955A9DC13F2671FD1AC22068F0F6E296B8383AFFCCF855F19144847C4F5750868184E4F9CA33EF0A6110DC8706C719D3BC3C3CBB441804EF8DAF2820EED715C220E89670C0A3C103076A00F8D71006E1EFEB8B99D3A762DEC5737494F90B250C2223AE5087C264BF91F021BEDA747AA17074B38713BB2C48E5D7D2D4725E17E59CBA973D5D99F4F5D4B2EBF1D28A1B31EBC661FAA07B0F0DC645570DC2FCDB6370F1AD3178EEABEB71ED4313B50B7D70AF9F1E80A38B9DF84966F861E9617171C2A550EDD8FC350796F9A9E661B32C0BC1D803DD8839A268BEFE600F7233C475B0B712792BFE3D7D8076D624861A9D39186CC9A9AD6D1235D3A4DFB393D8813D9938202495256EC7A25B47E9F1E7FFDF281D4A908C4930269172300F8736A4C0CEE6A71B3C636A4FCC99162935A3A5D4D0ED080970D159E22F9F1585406F27A46654E0FE97B6E0B3550978EBCB58AC1676DE7E384F3BA9ED389287DD4773B12B2E1FFB8F152036A90471C9A5F2029B8ADBD2B50C4022252D55DC0AC358911C6BB577EFDEFAFB85222666B8DC9B7A35BEA2C2229414772DD3AF1BFF59A8AF6E425E5299E645913442FB79E37CB3C09F092E5E7608EAE5A1EF1C6D2B33FEDC93629D93343AE1EC6E873E234230FBA691B8ED85999875C3308408397034E390DE3EB0170571368C9D172D4AC416972C1A81551F1F405672B148294B250B064059E3B4494DC85C8F85F71A92872A8A6A1110EA2A6ECA0D98BB70B02A0506CD982549C5C13960FB0E0EC00431F28BE6F4C1745966CDED8B05B2ED1C21AE71137B225B4887F00B77C7E8CB7A8B7433D4F89C82817D58963D6798BFB3BAB6116BD625E1D57FEE444E5E35268FEFA1C1D01993C2E0266A67BD90C3CE83D9AA2EB265FDD6FDD93A0607550E7BB072FE562E36425A9CA18D04E6CF56A89452F878DAC2435CA4AE62CBB6ADDAA24137C1D3D3FD825A4E4EC6B061C3447E372AC153B227249E3F5BB31BFF7928C9AD448E9006BB68507987F6BFB0CCE34EB0853128DA5BFB74B11B46C69142B1B9B3770BE81269FC1A440D0EC45D2FCFD63E221F3EB74147F832382572724E712656C65EB67E212E9879C560BCFDEC7A24C6E662F69583E1244AE5BABBC6E2D29B8663F61503B140486BFAFCFE8888F2D666BCA2FC6A51156548901A7EFB96547CF3E511BCFFE60E7C2A4AE5D9277EC0F2A547B41975C123E361290A824C4AD0F5D9BF2B055922ED92D2CA5052560B1B295F5656053E5A7204ABD69F406D5D0BD66E4943430365BE19D88A65239F1C48884153114BAA9C7E822172CF5884AFA73D0AC4D5AAAC6ED6D695AE62F79E7D7A5F2AABAA743E13ED2FF20B400DC77E22F4BD793C1EB71BFF7D284CAB40B6284956AA8CED0544BA19D75C3882A23C34219236727C5B262A0A8CC96752B973C8090ED5590F4E37D9F6F3D693DF1A4C180B0CF7C0AAC5FB10BB3313B6F686082DC9828954FCC75EA093850CFA8F0846FCFE1CF885BA232CCA47833BE525B5F8E2AD5DD8BF231DC70E6423510822536AF182BC4A9496D4E9D48DB5E2A270B83F364F31026C6B6FA9C65227EE4B4E76A52A92C2D47224EDCF85B5A8232D57BB39D28F16E0DA07C7A1548EC1418539DD818383B5BA27CC300D0A70425246A5AA9B0E792A2C76A3105C9F080FA4E6541A5C7FFAE77A44DEDF0E6D8E1D35C05FE74519D1D71723BBC8FE6D6DAD484E4D838F97B712C6C8E1C3D1BB57A471ED85A34194065B0342434234159D6DFEDDF8EF425662319A4A9B7552E7F0813E187559F42F724F08CEED5A5DDA28C4E3AE794E232FE90D07171B55AAD90986A131BCBC5D307466CFB3B79EFC96600EC7D3377C89A2DC0A5508AA6F8430A83728E739C8CE927DF760DBEA04BCF9F85A38893B34EB1A511AE2D65455D463D907FBB4B9D4D482E6C95610A9E1A5AA67C169E034544B210BED15C86F59E38B298F9ED0035B36A6E0ED8FAE40656A251E9EF6B1F67F610B0F150107567D76ED4258063961F386147CF1F55138898A68956344F5F602F3483834E0816385B0B7B7469B1CB55DC863E2C820EC3C92A70462222E49A75C63E7B6405F7B784AB9B71DCAC3E72F4C47B04FD726FCE56360993A633DA707092F143C5EE7A3E527038CDDF8EFC28F3D95B5F2950F63CBDE2F058F6750CBF2BEC87BDD093D0FDF4B798FD838F1EBDECC2E62C3B223C8482CD20B6312155501A3B42DCDED282FAAC1C5370CD3C140367E15ABBE59CCE49E58BFFC285EBC6F05F66E4EC5A8493DC5CFE70D22D1C885D1A0C41E1807F1F275C4CC79FDF5780C9872E6341A092F8C199BCC5578E78DDDE8393200E31744A34AD409E516C7FE681417E4A3BF6E42A89F13A2FA78C2C3C3FEC7D1C639F6C6A61D19888AF094DADF5EDBD3CDE4A88C379495D523C0DB41632C1A9B11F0A3555899FD55E2D3CA71FDECA82E1306C18745C32659FC5AC22078BCCE637513C67F27D480B90859FC5AC220782C1EE764C2203ACFC14FFD5B7FFE8EA8A96CC09EB509DA2C6BEB680D3B59989D692B6E000730F60974C1823B4661EBCAE3B0B435C7DC1B86EBD080A585B5F0F67541765A29EC1DADE0EA61A7FE166F0D0DB4AABC1E4E2EB678F0B999B86AD17078783A68162A099142C44248884DB7BC4066BBB1DFC8C5F7C6207CB02F027A792030CA1311F23BB35D930FE461C4902084063133AECD7002F9EF2EF26CC50F27306A70A02A9D36F9C76629E663B0795789DEB0A91295159B6B65F71E4242375CFCCB9A4BBBD18D3F3A7E77F784929B4921741FD4BA3A21C6CD7C0B0ECBC7AEB90B635E5337E5E9C557E2E8DE4C6C59755C13B8B80BE310532F1D80CFDFDA21BF5B81B3BF47447BE3FE6767C237C030ACFFD60D27F0FCC3E2DAE808CCA67076B3D51696B5ABE2316E5284C6396EBF734CA785EB3E945D9462ECF64F6CDF9581C79ED90807676B0C88F6436A56B9E6668C1E1E846A295BACA8252689798BF288E8E18EF5BB3285F82C741EDB7A59EFED618BD9637BE09249E1BF685CD06E74E33F01BF7B20943299C119B69E309ED0B950E6337FE3C4913C6C13C33EBA3B13B73C3E056F3FB55E8D7AFCAC28241CCE57E5C04E710D421481E19EA8AE6EC00DF78EC3ED8F4CD164B14E048B11B3D973F7D634915880978F231C9DAC909F5785BEFDFCF0DD8A63484F2FC3F163F9D8BD371B3BC4E05DDD6DB176433212840CBE5F93A0EE0C07182E29AD87AFAF834E1ACDF94C720B6B103324007945B53A7646496523268F0CC6A1F822ED6CC48C42073B2BDC77ED604C1F15AA64D88D6EFCB7E277278DB38135B6A3932DAA2B840C22DC5122C6DD50D7826431EAC2EC0A9D2680533CC6EEC9D06DD971EEF2452330EB8A811830FCCC3347F51672A03F76787F964EB844C5502C6E4E5884078EC515A020B74A08A204A9C9C538129BAF81CED8238699F2BF5F73029C152D44CE939E5E0E5F219DDAFA66B0031D83ADB50DAD1831D81FC7924A8448DA1133D01F87138AC0FE369CCB756A4C302E9D72619D85BAD18DFF44FC5B5A4FBA024E0F59905589F88359A8969A9CB3D68F9C14090F76CDB7B280A30BBB10772DA0979D518655DFC4A9CAA0C2E1644699A2323A5B6E74DC53B96C27671B8C1063DF2BCA63842887152BE371E55503F0E55771888EF64171591D0AC5B5E25CB0354228532786EBDF7B8FE663DCC8203470DE9494523409A9DCB37030E6895BD28D6EFCB7E30F431ABF0798F895975B89679F58077B7191D84D8AF1070D6C88BAE04CF0D3A6478AEA2880BBB82A2666667070B0425E418DBA50B50DCDC82FAED5EEC36DE22771E0A0CBE74663A5B834754D2DB8E692BE78E38B23B011B7E6A367A722F0025A4BBAD18DFF54FC573BDF41A16EDA52C33142080EA843BED01616015B44E2138A316448000E1ECE852B9359841882039D35B5DD446E0F9B54C9AB1C5E902D27FB8FE422667080E668B03F0B6769EB27EE55376174E37F05FFF511BBFE03FCD1B3B70FAAAA0C23940B0B0871086BC887B9A50952928AB5F9D4CFD719078438CCCCCDD0BB1747A366A28B6104746D02975F2C2C4C90262E948D85B99084233272AA7454F3FBAF3BFF9813DDE8C67F0BFE27C2FCCFFE6D16BC4509D45437EB781E1C48954DC166F28FB922DFAD3A8EB9B3A390935581FCC22A9DCB64D8C0001D7884DD63D4ADE9304C914802D9B8271DE3449D5454D5E38DC726C3CFFBC2C62FE84637FE93F15F1DD338194585D5D8BB2B13E9E9A548882FD2690C6AEB5B60EF60ADAEC6C409E1422C0E183A2C10FEBE4E282CAEC57D0FAF41AD900CBBECB3058789951DF283718E6103FDF1C89F4769E7B46E74E37F09FF33A4D1095E6E4D75132ACAEB70F46801F6EFCF425A6639FCFC9DF1E273D3D53D216A6A9B448124205BC885638032C9ABACAA11CD6D1D183AC00F57CF8B4678B0AB6EDB8D6EFCEF00F87F9ED91B4B4AFAE0D90000000049454E44AE426082 WHERE `app_id`='11' and `app_name` = 'LF Acumos Marketplace'; - - - diff --git a/kubernetes/portal/charts/portal-mariadb/templates/job.yaml b/kubernetes/portal/charts/portal-mariadb/templates/job.yaml index b6495c93fd..812dc66a23 100644 --- a/kubernetes/portal/charts/portal-mariadb/templates/job.yaml +++ b/kubernetes/portal/charts/portal-mariadb/templates/job.yaml @@ -33,7 +33,7 @@ spec: restartPolicy: Never initContainers: - name: {{ include "common.name" . }}-init-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.readinessImage }}" + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: - /root/ready.py diff --git a/kubernetes/portal/charts/portal-mariadb/values.yaml b/kubernetes/portal/charts/portal-mariadb/values.yaml index e6aab2a2e3..1234b6bc46 100644 --- a/kubernetes/portal/charts/portal-mariadb/values.yaml +++ b/kubernetes/portal/charts/portal-mariadb/values.yaml @@ -20,14 +20,15 @@ global: # global defaults nodePortPrefix: 302 persistence: {} readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 # application image repository: nexus3.onap.org:10001 -image: onap/portal-db:2.6.0 +image: onap/portal-db:3.2.0 pullPolicy: Always -readinessImage: readiness-check:2.0.0 + mariadbInitImage: "mariadb-client-init:3.0.0" # application configuration @@ -65,7 +66,7 @@ config: # application's front end hostname. Must be resolvable on the client side environment dmaapBcHostName: "dmaap-bc.simpledemo.onap.org" # msb IAG ui assignment for port 80 - msbPort: "30280" + msbPort: "30283" # application's front end hostname. Must be resolvable on the client side environment msbHostName: "msb.api.simpledemo.onap.org" # SO Monitoring assignment for port 30224 diff --git a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties index 063ba3d122..45ea9b70ca 100755 --- a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties +++ b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties @@ -82,13 +82,12 @@ authenticate_user_server=http://{{.Values.global.portalHostName}}:8383/openid-co #cookie domain cookie_domain = onap.org -{{- if .Values.global.aafEnabled }} -# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now) -ext_central_access_user_name = aaf_admin@people.osaaf.org -ext_central_access_password = thiswillbereplacedatruntime -ext_central_access_url = {{ .Values.aafURL }}/authz/ -ext_central_access_user_domain = @people.osaaf.org - # External Central Auth system access -remote_centralized_system_access = true -{{- end }}
\ No newline at end of file +remote_centralized_system_access = {{.Values.global.aafEnabled}} + +# External Access System Basic Auth Credentials & Rest endpoint +# The credentials are placeholders as these are replaced by AAF X509 identity at runtime +ext_central_access_user_name = portal@portal.onap.org +ext_central_access_password = thisfakepasswordwillbereplacedbythex509cert +ext_central_access_url = {{.Values.aafURL}} +ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file diff --git a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml index 2de9a1bd24..b78ef34fa1 100644 --- a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml +++ b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml @@ -60,7 +60,7 @@ spec: -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\ /start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"] env: - - name: _CATALINA_OPTS + - name: CATALINA_OPTS value: > -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}" -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}" diff --git a/kubernetes/portal/charts/portal-sdk/values.yaml b/kubernetes/portal/charts/portal-sdk/values.yaml index ad1e156738..7f3aa70a2c 100644 --- a/kubernetes/portal/charts/portal-sdk/values.yaml +++ b/kubernetes/portal/charts/portal-sdk/values.yaml @@ -33,11 +33,11 @@ global: # application image repository: nexus3.onap.org:10001 -image: onap/portal-sdk:2.6.0 +image: onap/portal-sdk:3.2.0 pullPolicy: Always #AAF local config -aafURL: https://aaf-service:8100/ +aafURL: https://aaf-service:8100/authz/ aafConfig: aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! @@ -115,11 +115,11 @@ messageRouter: ingress: enabled: false service: - - baseaddr: portalsdk + - baseaddr: portal-sdk name: "portal-sdk" port: 8443 config: - ssl: "none" + ssl: "redirect" # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/portal/charts/portal-widget/values.yaml b/kubernetes/portal/charts/portal-widget/values.yaml index 7a02509737..3d63cd8301 100644 --- a/kubernetes/portal/charts/portal-widget/values.yaml +++ b/kubernetes/portal/charts/portal-widget/values.yaml @@ -29,7 +29,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/portal-wms:2.6.0 +image: onap/portal-wms:3.2.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/robot b/kubernetes/robot -Subproject a995fce78ae63d33a0c48d825001ed7faea3b18 +Subproject c81062626b69160145baac5e6a5d670cb67211f diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml index a40b27d2aa..e0af28fd86 100644 --- a/kubernetes/sdc/charts/sdc-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-be/values.yaml @@ -88,7 +88,7 @@ service: ingress: enabled: false service: - - baseaddr: "sdcbe" + - baseaddr: "sdc.api.be" name: "sdc-be" port: 8443 config: diff --git a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml index d1fe131f82..0dfed6ae14 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml @@ -69,6 +69,12 @@ service: ingress: enabled: false + service: + - baseaddr: "sdc.dcae.plugin" + name: "sdc-dcae-be" + port: 8282 + config: + ssl: "none" # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml index ad46842393..6dbec2bc24 100644 --- a/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-dt/values.yaml @@ -61,12 +61,9 @@ ingress: service: - baseaddr: "dcaedt" name: "sdc-dcae-dt" - port: 8186 - - baseaddr: "dcaedt2" - name: "sdc-dcae-dt" port: 9446 config: - ssl: "none" + ssl: "redirect" # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml index b6572f5d3d..eae409a431 100644 --- a/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-fe/values.yaml @@ -68,7 +68,7 @@ ingress: name: "sdc-dcae-fe" port: 9444 config: - ssl: "none" + ssl: "redirect" # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml index f5d1956f18..e5d41eb897 100644 --- a/kubernetes/sdc/charts/sdc-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-fe/values.yaml @@ -81,7 +81,7 @@ service: ingress: enabled: false service: - - baseaddr: "sdcfe" + - baseaddr: "sdc.api.fe" name: "sdc-fe" port: 9443 config: diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml index 3db3685b86..108c781f54 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/templates/deployment.yaml @@ -70,6 +70,19 @@ spec: mountPath: /config-input/ - name: sdc-environments-output mountPath: /config-output/ + - name: volume-permissions + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -c + - | + chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert + securityContext: + runAsUser: 0 + volumeMounts: + - name: {{ include "common.fullname" . }}-cert-storage + mountPath: "/onboard/cert" containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml index 946cb3491f..4cfebbf72f 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml @@ -103,6 +103,9 @@ cert: volumeReclaimPolicy: Retain mountSubPath: /sdc/onbaording/cert +securityContext: + fsGroup: 35953 + runAsUser: 352070 ingress: enabled: false diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index 5701a91f27..2694b5de80 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -28,6 +28,8 @@ global: wf_external_user_password: S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== ubuntuInitRepository: oomk8s ubuntuInitImage: ubuntu-init:1.0.0 + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:latest cassandra: #This flag allows SDC to instantiate its own cluster, serviceName #should be sdc-cs if this flag is enabled diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/aai.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/aai.properties index f9640a95db..6a4ca4ca16 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/aai.properties +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/aai.properties @@ -32,4 +32,4 @@ sessionstickinessrequired=NO DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt sdnc.odl.user=${ODL_USER} sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file +sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dhcpalert.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dhcpalert.properties index 96f40790c6..d2b55fb131 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dhcpalert.properties +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dhcpalert.properties @@ -32,4 +32,4 @@ sessionstickinessrequired=NO DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt sdnc.odl.user=${ODL_USER} sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations +sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties new file mode 100644 index 0000000000..eff236a962 --- /dev/null +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-CMNotify.properties @@ -0,0 +1,35 @@ +TransportType=HTTPNOAUTH +Latitude =50.000000 +Longitude =-100.000000 +Version =1.0 +ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +Environment =TEST +Partner = +routeOffer=MR1 +SubContextPath =/ +Protocol =http +MethodType =GET +username =UNUSED +password =UNUSED +contenttype =application/json +authKey=UNUSED +authDate=UNUSED +host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +topic=CM-NOTIFICATION +group=users +id=sdnc1 +timeout=15000 +limit=1000 +filter= +AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler +AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler +AFT_DME2_REQ_TRACE_ON=true +AFT_ENVIRONMENT=AFTUAT +AFT_DME2_EP_CONN_TIMEOUT=15000 +AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 +AFT_DME2_EP_READ_TIMEOUT_MS=50000 +sessionstickinessrequired=NO +DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt +sdnc.odl.user=${ODL_USER} +sdnc.odl.password=${ODL_PASSWORD} +sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties new file mode 100644 index 0000000000..944b63f4c2 --- /dev/null +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-a1Adapter-policy.properties @@ -0,0 +1,35 @@ +TransportType=HTTPNOAUTH +Latitude =50.000000 +Longitude =-100.000000 +Version =1.0 +ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +Environment =TEST +Partner = +routeOffer=MR1 +SubContextPath =/ +Protocol =http +MethodType =GET +username =UNUSED +password =UNUSED +contenttype =application/json +authKey=UNUSED +authDate=UNUSED +host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +topic=A1-P +group=users +id=sdnc1 +timeout=15000 +limit=1000 +filter= +AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler +AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler +AFT_DME2_REQ_TRACE_ON=true +AFT_ENVIRONMENT=AFTUAT +AFT_DME2_EP_CONN_TIMEOUT=15000 +AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 +AFT_DME2_EP_READ_TIMEOUT_MS=50000 +sessionstickinessrequired=NO +DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt +sdnc.odl.user=${ODL_USER} +sdnc.odl.password=${ODL_PASSWORD} +sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties new file mode 100644 index 0000000000..b670d436c0 --- /dev/null +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/dmaap-consumer-oofpcipoc.properties @@ -0,0 +1,35 @@ +TransportType=HTTPNOAUTH +Latitude =50.000000 +Longitude =-100.000000 +Version =1.0 +ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +Environment =TEST +Partner = +routeOffer=MR1 +SubContextPath =/ +Protocol =http +MethodType =GET +username =UNUSED +password =UNUSED +contenttype =application/json +authKey=UNUSED +authDate=UNUSED +host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}} +topic=SDNR-CL +group=users +id=sdnc1 +timeout=15000 +limit=1000 +filter= +AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler +AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler +AFT_DME2_REQ_TRACE_ON=true +AFT_ENVIRONMENT=AFTUAT +AFT_DME2_EP_CONN_TIMEOUT=15000 +AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000 +AFT_DME2_EP_READ_TIMEOUT_MS=50000 +sessionstickinessrequired=NO +DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt +sdnc.odl.user=$(ODL_USER} +sdnc.odl.password=${ODL_PASSWORD} +sdnc.odl.url-base=https://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations diff --git a/kubernetes/sdnc/charts/dmaap-listener/resources/config/lcm.properties b/kubernetes/sdnc/charts/dmaap-listener/resources/config/lcm.properties index 0b52b3febb..15f32c4248 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/resources/config/lcm.properties +++ b/kubernetes/sdnc/charts/dmaap-listener/resources/config/lcm.properties @@ -32,4 +32,4 @@ sessionstickinessrequired=NO DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt sdnc.odl.user=${ODL_USER} sdnc.odl.password=${ODL_PASSWORD} -sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file +sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file diff --git a/kubernetes/sdnc/charts/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/charts/dmaap-listener/templates/deployment.yaml index af78a12d09..e7f06ffda0 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/templates/deployment.yaml +++ b/kubernetes/sdnc/charts/dmaap-listener/templates/deployment.yaml @@ -101,6 +101,15 @@ spec: - mountPath: {{ .Values.config.configDir }}/aai.properties name: properties subPath: aai.properties + - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-CMNotify.properties + name: properties + subPath: dmaap-consumer-CMNotify.properties + - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-a1Adapter-policy.properties + name: properties + subPath: dmaap-consumer-a1Adapter-policy.properties + - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-oofpcipoc.properties + name: properties + subPath: dmaap-consumer-oofpcipoc.properties resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/sdnc/charts/dmaap-listener/values.yaml b/kubernetes/sdnc/charts/dmaap-listener/values.yaml index f5077cb53c..bcbad0d68e 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/charts/dmaap-listener/values.yaml @@ -56,7 +56,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-dmaap-listener-image:1.8.0 +image: onap/sdnc-dmaap-listener-image:1.8.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml index 621048a9d7..d0455d5647 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml @@ -56,7 +56,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ansible-server-image:1.8.0 +image: onap/sdnc-ansible-server-image:1.8.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/ingress.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/ingress.yaml new file mode 100644 index 0000000000..0cd8cfbd36 --- /dev/null +++ b/kubernetes/sdnc/charts/sdnc-portal/templates/ingress.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.ingress" . }} diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml index faa9e6bde8..71ebb69819 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml @@ -73,7 +73,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/admportal-sdnc-image:1.8.0 +image: onap/admportal-sdnc-image:1.8.2 config: dbFabricDB: mysql dbFabricUser: admin @@ -133,6 +133,12 @@ service: ingress: enabled: false + service: + - baseaddr: "sdnc-portal.api" + name: "sdnc-portal" + port: 8443 + config: + ssl: "redirect" #Resource limit flavor -By default using small flavor: small diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/charts/ueb-listener/values.yaml index 1f6c9de627..7a19b12865 100644 --- a/kubernetes/sdnc/charts/ueb-listener/values.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/values.yaml @@ -62,7 +62,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdnc-ueb-listener-image:1.8.0 +image: onap/sdnc-ueb-listener-image:1.8.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml index 967a674c08..3f44c6dca1 100644 --- a/kubernetes/sdnc/requirements.yaml +++ b/kubernetes/sdnc/requirements.yaml @@ -30,3 +30,6 @@ dependencies: version: ~6.x-0 repository: '@local' condition: .global.mariadbGalera.localCluster + - name: elasticsearch + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/sdnc/templates/configmap.yaml b/kubernetes/sdnc/templates/configmap.yaml index 087ed30055..cd39425073 100644 --- a/kubernetes/sdnc/templates/configmap.yaml +++ b/kubernetes/sdnc/templates/configmap.yaml @@ -78,3 +78,16 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Get "resources/env.yaml") . | indent 2 }} + +{{ if .Values.global.aafEnabled }} +{{- if .Values.aafConfig.addconfig -}} +--- +apiVersion: v1 +kind: ConfigMap +{{- $suffix := "aaf-add-config" }} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} +data: + aaf-add-config.sh: |- + cd /opt/app/osaaf/local && /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.aafConfig.credsPath }}/.pass 2>&1 +{{- end -}} +{{- end -}} diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 4511ca9125..58ca866fca 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -92,54 +92,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness {{ if .Values.global.aafEnabled }} - - name: {{ include "common.name" . }}-aaf-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/ready.py - args: - - --container-name - - aaf-locate - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: {{ include "common.name" . }}-aaf - image: {{ .Values.global.repository }}/{{ .Values.aaf_init.agentImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: {{ .Values.certpersistence.certPath }} - name: {{ include "common.fullname" . }}-certs - command: - - bash - - -c - - | - /opt/app/aaf_config/bin/agent.sh && - cd /opt/app/osaaf/local && - /opt/app/aaf_config/bin/agent.sh local showpass | grep cadi_keystore_password= | cut -d= -f 2 > /opt/app/osaaf/local/.pass 2>&1 - env: - - name: APP_FQI - value: "{{ .Values.aaf_init.fqi }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:8095" - - name: aaf_locator_container - value: "oom" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_fqdn - value: "{{ .Values.aaf_init.fqdn }}" - - name: aaf_locator_app_ns - value: "{{ .Values.aaf_init.app_ns }}" - - name: DEPLOY_FQI - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 12 }} - - name: DEPLOY_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 12 }} - - name: cadi_longitude - value: "{{ .Values.aaf_init.cadi_longitude }}" - - name: cadi_latitude - value: "{{ .Values.aaf_init.cadi_latitude }}" +{{ include "common.aaf-config" . | indent 6 }} {{ end }} - name: {{ include "common.name" . }}-chown image: "busybox" @@ -147,8 +100,9 @@ spec: volumeMounts: - mountPath: {{ .Values.persistence.mdsalPath }} name: {{ include "common.fullname" . }}-data - - mountPath: {{ .Values.certpersistence.certPath }} - name: {{ include "common.fullname" . }}-certs +{{- if .Values.global.aafEnabled }} +{{ include "common.aaf-config-volume-mountpath" . | indent 10 }} +{{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -197,6 +151,9 @@ spec: - name: JAVA_HOME value: "{{ .Values.config.javaHome}}" volumeMounts: + {{- if .Values.global.aafEnabled }} +{{ include "common.aaf-config-volume-mountpath" . | indent 10 }} + {{- end }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -237,8 +194,6 @@ spec: name: {{ include "common.fullname" . }}-data - mountPath: /var/log/onap name: logs - - mountPath: {{ .Values.certpersistence.certPath }} - name: {{ include "common.fullname" . }}-certs - mountPath: {{ .Values.config.odl.salConfigDir }}/{{ .Values.config.odl.salConfigVersion}}/sal-clustering-config-{{ .Values.config.odl.salConfigVersion}}-akkaconf.xml name: properties subPath: akka.conf @@ -298,17 +253,13 @@ spec: - name: properties emptyDir: medium: Memory - - name: {{ include "common.fullname" . }}-certs - {{ if .Values.certpersistence.enabled }} - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-certs - {{ else }} - emptyDir: {} - {{ end }} {{ if not .Values.persistence.enabled }} - name: {{ include "common.fullname" . }}-data emptyDir: {} {{ else }} + {{- if .Values.global.aafEnabled }} +{{ include "common.aaf-config-volumes" . | indent 8 }} + {{- end }} volumeClaimTemplates: - metadata: name: {{ include "common.fullname" . }}-data diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 99ff4b7760..96ea6e33fd 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -24,6 +24,7 @@ global: readinessImage: readiness-check:2.0.2 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + aafAgentImage: onap/aaf/aaf_agent:2.1.15 persistence: mountPath: /dockerdata-nfs aafEnabled: true @@ -69,7 +70,7 @@ secrets: password: '{{ .Values.config.odlPassword }}' # For now this is left hardcoded but should be revisited in a future passwordPolicy: required - - uid: aaf-creds + - uid: &aaf_secret_uid aaf-creds type: basicAuth externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}' login: '{{ .Values.aaf_init.deploy_fqi }}' @@ -118,7 +119,7 @@ secrets: # application images repository: nexus3.onap.org:10001 pullPolicy: Always -image: onap/sdnc-image:1.8.0 +image: onap/sdnc-image:1.8.2 # flag to enable debugging - application support required @@ -194,6 +195,20 @@ config: numberGGLogFiles: 10 # dependency / sub-chart configuration +aafConfig: + addconfig: true + fqdn: "sdnc" + app_ns: "org.osaaf.aaf" + fqi: "sdnc@sdnc.onap.org" + fqi_namespace: org.onap.sdnc + public_fqdn: "sdnc.onap.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + secret_uid: *aaf_secret_uid + credsPath: /opt/app/osaaf/local + aaf_init: agentImage: onap/aaf/aaf_agent:2.1.15 app_ns: "org.osaaf.aaf" @@ -289,6 +304,45 @@ dgbuilder: name: sdnc-dgbuilder nodePort: "03" + ingress: + enabled: false + service: + - baseaddr: "sdnc-dgbuilder" + name: "sdnc-dgbuilder" + port: 3000 + config: + ssl: "redirect" + +# local elasticsearch cluster +localElasticCluster: true +elasticsearch: + nameOverride: sdnrdb + name: sdnrdb-cluster + aafConfig: + fqdn: "sdnc" + fqi_namespace: org.onap.sdnc + fqi: "sdnc@sdnc.onap.org" + service: + name: sdnrdb + + master: + replicaCount: 3 + # dedicatednode: "yes" + # working as master node only, in this case increase replicaCount for elasticsearch-data + # dedicatednode: "no" + # handles master and data node functionality + dedicatednode: "no" + nameOverride: sdnrdb + + curator: + enabled: true + nameOverride: sdnrdb + data: + enabled: true + replicaCount: 1 + nameOverride: sdnrdb + + # default number of instances replicaCount: 1 @@ -379,7 +433,7 @@ certpersistence: ingress: enabled: false service: - - baseaddr: "sdnc" + - baseaddr: "sdnc.api" name: "sdnc" port: 8443 config: diff --git a/kubernetes/so/charts/so-nssmf-adapter/Chart.yaml b/kubernetes/so/charts/so-nssmf-adapter/Chart.yaml new file mode 100755 index 0000000000..b3311d1c8c --- /dev/null +++ b/kubernetes/so/charts/so-nssmf-adapter/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: so-nssmf-adapter +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/so/charts/so-nssmf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-nssmf-adapter/resources/config/overrides/override.yaml new file mode 100755 index 0000000000..10741b75e7 --- /dev/null +++ b/kubernetes/so/charts/so-nssmf-adapter/resources/config/overrides/override.yaml @@ -0,0 +1,66 @@ +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +aai: + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} + endpoint: https://aai.{{ include "common.namespace" . }}:8443 +logging: + path: logs +spring: + datasource: + jdbc-url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + jpa: + show-sql: false + hibernate: + dialect: org.hibernate.dialect.MySQL5Dialect + ddl-auto: validate + naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy + enable-lazy-load-no-trans: true + security: + usercredentials: + - username: ${BPEL_USERNAME} + password: ${BPEL_PASSWORD} + role: BPEL-Client + - username: ${ACTUATOR_USERNAME} + password: ${ACTUATOR_PASSWORD} + role: ACTUATOR +server: + port: {{ index .Values.containerPort }} + tomcat: + max-threads: 50 + +mso: + site-name: localSite + logPath: ./logs/nssmf + msb-ip: msb-iag.{{ include "common.namespace" . }} + msb-port: 80 + adapters: + requestDb: + endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083 + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} +#Actuator +management: + endpoints: + web: + base-path: /manage + exposure: + include: "*" + metrics: + se-global-registry: false + export: + prometheus: + enabled: true # Whether exporting of metrics to Prometheus is enabled. + step: 1m # Step size (i.e. reporting frequency) to use. diff --git a/kubernetes/so/charts/so-nssmf-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-nssmf-adapter/templates/configmap.yaml new file mode 100755 index 0000000000..85d00fddf3 --- /dev/null +++ b/kubernetes/so/charts/so-nssmf-adapter/templates/configmap.yaml @@ -0,0 +1,26 @@ +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }} +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} diff --git a/kubernetes/so/charts/so-nssmf-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-nssmf-adapter/templates/deployment.yaml new file mode 100755 index 0000000000..8d1eaf8ea4 --- /dev/null +++ b/kubernetes/so/charts/so-nssmf-adapter/templates/deployment.yaml @@ -0,0 +1,131 @@ +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: + labels: {{- include "common.labels" . | nindent 8 }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} + - name: {{ include "common.name" . }}-readiness + command: + - /root/job_complete.py + args: + - --job-name + - {{ include "common.release" . }}-so-mariadb-config-job + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }} + command: + - sh + args: + - -c + - export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`; ./start-app.sh + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + ports: {{- include "common.containerPorts" . | nindent 12 }} + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.port + - name: DB_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }} + - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }} + - name: TRUSTSTORE + value: {{ .Values.global.client.certs.truststore }} + - name: TRUSTSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: trustStorePassword + - name: BPEL_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-bpel-creds" "key" "login") | indent 14 }} + - name: BPEL_PASSWORD_INPUT + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-bpel-creds" "key" "password") | indent 14 }} + - name: ACTUATOR_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }} + - name: ACTUATOR_PASSWORD_INPUT + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }} + {{- if eq .Values.global.security.aaf.enabled true }} + - name: KEYSTORE + value: {{ .Values.global.client.certs.keystore }} + - name: KEYSTORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name}}-so-client-certs-secret + key: keyStorePassword + {{- end }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-env + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + - name: {{ include "common.fullname" . }}-truststore + mountPath: /app/client + readOnly: true + livenessProbe: + httpGet: + path: {{ index .Values.livenessProbe.path}} + port: {{ index .Values.containerPort }} + scheme: {{ index .Values.livenessProbe.scheme}} + initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} + timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} + successThreshold: {{ index .Values.livenessProbe.successThreshold}} + failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + volumes: {{ include "so.certificate.volumes" . | nindent 8 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }} + - name: {{ include "common.fullname" . }}-truststore + secret: + secretName: {{ include "common.release" . }}-so-truststore-secret + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/charts/so-nssmf-adapter/templates/secret.yaml b/kubernetes/so/charts/so-nssmf-adapter/templates/secret.yaml new file mode 100644 index 0000000000..a39363ffdd --- /dev/null +++ b/kubernetes/so/charts/so-nssmf-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/charts/so-nssmf-adapter/templates/service.yaml b/kubernetes/so/charts/so-nssmf-adapter/templates/service.yaml new file mode 100755 index 0000000000..cf08482ad2 --- /dev/null +++ b/kubernetes/so/charts/so-nssmf-adapter/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/so/charts/so-nssmf-adapter/values.yaml b/kubernetes/so/charts/so-nssmf-adapter/values.yaml new file mode 100755 index 0000000000..44536a8a33 --- /dev/null +++ b/kubernetes/so/charts/so-nssmf-adapter/values.yaml @@ -0,0 +1,136 @@ +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + persistence: + mountPath: /dockerdata-nfs + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + - uid: "so-onap-certs" + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: '{{ .Values.secretsFilePaths }}' + - uid: server-bpel-creds + name: '{{ include "common.release" . }}-so-server-bpel-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.bpelCredsExternalSecret) . }}' + login: '{{ .Values.server.bpel.username }}' + password: '{{ .Values.server.bpel.password }}' + passwordPolicy: required + - uid: server-actuator-creds + name: '{{ include "common.release" . }}-so-server-actuator-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}' + login: '{{ .Values.server.actuator.username }}' + password: '{{ .Values.server.actuator.password }}' + passwordPolicy: required + + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# +# Application configuration defaults. +################################################################# +repository: nexus3.onap.org:10001 +image: onap/so/nssmf-adapter:1.6.0 +pullPolicy: Always + +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret +server: + actuator: + username: mso_admin + password: password1$ + bpel: + username: bpel + password: password1$ + +replicaCount: 1 +minReadySeconds: 10 +containerPort: 8088 +logPath: ./logs/nssmf/ +app: nssmf-adapter +service: + type: ClusterIP + ports: + - name: api + port: 8088 +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + path: /manage/health + port: 8088 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks Binary files differindex 96931ce168..9ebe9a8041 100644 --- a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks +++ b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks diff --git a/kubernetes/so/resources/config/log/logback.nssmf.xml b/kubernetes/so/resources/config/log/logback.nssmf.xml new file mode 100755 index 0000000000..b3117ee7a0 --- /dev/null +++ b/kubernetes/so/resources/config/log/logback.nssmf.xml @@ -0,0 +1,132 @@ +<configuration scan="false" debug="true"> + <!--<jmxConfigurator /> --> + <!-- directory path for all other type logs --> + <property name="logDir" value="/var/log/onap" /> + <!-- directory path for debugging type logs --> + <property name="debugDir" value="/var/log/onap" /> + <!-- specify the component name + <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy" | "SDNC" | "AC" --> + <property name="componentName" value="MSO"></property> + <property name="subComponentName" value="nssmfadapter"></property> + <!-- log file names --> + <property name="errorLogName" value="error" /> + <property name="metricsLogName" value="metrics" /> + <property name="auditLogName" value="audit" /> + <property name="debugLogName" value="debug" /> + + <property name="errorPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n" /> + <property name="debugPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%msg%n" /> + + <property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" /> + <property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" /> + <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> + <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" /> + + <!-- ============================================================================ --> + <!-- EELF Appenders --> + <!-- ============================================================================ --> + + <!-- The EELFAppender is used to record events to the general application + log --> + <!-- EELF Audit Appender. This appender is used to record audit engine + related logging events. The audit logger and appender are specializations + of the EELF application root logger and appender. This can be used to segregate + Policy engine events from other components, or it can be eliminated to record + these events as part of the application root log. --> + <appender name="EELFAudit" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${auditLogName}${jboss.server.name}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${auditLogName}${jboss.server.name}.log.%d</fileNamePattern> + <!--<maxHistory>30</maxHistory>--> + </rollingPolicy> + <encoder> + <pattern>${auditPattern}</pattern> + </encoder> + </appender> + <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFAudit" /> + </appender> + + <appender name="EELFMetrics" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${metricsLogName}${jboss.server.name}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${metricsLogName}${jboss.server.name}.log.%d</fileNamePattern> + <!--<maxHistory>30</maxHistory>--> + </rollingPolicy> + <encoder> + <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - + %msg%n"</pattern> --> + <pattern>${metricPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFMetrics"/> + </appender> + + <appender name="EELFError" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDirectory}/${errorLogName}${jboss.server.name}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${errorLogName}${jboss.server.name}.log.%d</fileNamePattern> + <!--<maxHistory>30</maxHistory>--> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>INFO</level> + </filter> + <encoder> + <pattern>${errorPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFError"/> + </appender> + + <appender name="EELFDebug" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log</file> + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${debugLogDirectory}/${debugLogName}${jboss.server.name}.log.%d</fileNamePattern> + <!--<maxHistory>30</maxHistory>--> + </rollingPolicy> + <encoder> + <pattern>${debugPattern}</pattern> + </encoder> + </appender> + + <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>256</queueSize> + <appender-ref ref="EELFDebug" /> + <includeCallerData>true</includeCallerData> + </appender> + + <!-- ============================================================================ --> + <!-- EELF loggers --> + <!-- ============================================================================ --> + + <logger name="com.att.eelf.audit" level="info" additivity="false"> + <appender-ref ref="asyncEELFAudit" /> + </logger> + + <logger name="com.att.eelf.metrics" level="info" additivity="false"> + <appender-ref ref="asyncEELFMetrics" /> + </logger> + + <logger name="com.att.eelf.error" level="debug" additivity="false"> + <appender-ref ref="asyncEELFError" /> + </logger> + <root level="INFO"> + <appender-ref ref="asyncEELFDebug" /> + </root> + +</configuration> diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index e9c5637eef..feb0017979 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -211,7 +211,7 @@ mariadb-galera: ingress: enabled: false service: - - baseaddr: "so" + - baseaddr: "so.api" name: "so" port: 8080 config: @@ -407,6 +407,28 @@ so-vfc-adapter: requestDb: auth: Basic YnBlbDpwYXNzd29yZDEk +so-nssmf-adapter: + certSecret: *so-certs + db: + <<: *dbSecrets + aaf: + auth: + username: so@so.onap.org + password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA + aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 + mso: + key: 07a7159d3bf51a0e53be7a8f89699be7 + config: + cadi: + aafId: so@so.onap.org + aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 + apiEnforcement: org.onap.so.nssmfAdapterPerm + noAuthn: /manage/health + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + so-vnfm-adapter: certSecret: *so-certs aaf: diff --git a/kubernetes/uui/charts/uui-server/values.yaml b/kubernetes/uui/charts/uui-server/values.yaml index 567baabbdf..03265d4014 100644 --- a/kubernetes/uui/charts/uui-server/values.yaml +++ b/kubernetes/uui/charts/uui-server/values.yaml @@ -69,7 +69,7 @@ ingress: name: "uui-server" port: 8082 config: - ssl: "none" + ssl: "redirect" # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml index ca45b68727..2c15c9683c 100644 --- a/kubernetes/uui/values.yaml +++ b/kubernetes/uui/values.yaml @@ -65,11 +65,11 @@ service: ingress: enabled: false service: - - baseaddr: uui + - baseaddr: "uui.api" name: "uui" port: 8443 config: - ssl: "none" + ssl: "redirect" # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml index d7108a8fb0..8bc90fc79b 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/gvnfmdriver:1.3.8 +image: onap/vfc/gvnfmdriver:1.3.9 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-nslcm/values.yaml b/kubernetes/vfc/charts/vfc-nslcm/values.yaml index 023ec59104..e36efee902 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/values.yaml +++ b/kubernetes/vfc/charts/vfc-nslcm/values.yaml @@ -39,7 +39,7 @@ secrets: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/nslcm:1.3.8 +image: onap/vfc/nslcm:1.3.9 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml index 76eebe5090..48176a70a5 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml @@ -39,7 +39,7 @@ secrets: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/vnflcm:1.3.8 +image: onap/vfc/vnflcm:1.3.9 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index ebac50bc51..63c6307f06 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -116,11 +116,11 @@ service: ingress: enabled: false service: - - baseaddr: "vid" + - baseaddr: "vid.api" name: "vid-http" - port: 8080 + port: 8443 config: - ssl: "none" + ssl: "redirect" # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml index 96cacfbf82..28dea47cfc 100644 --- a/kubernetes/vnfsdk/values.yaml +++ b/kubernetes/vnfsdk/values.yaml @@ -105,6 +105,6 @@ ingress: service: - baseaddr: "refrepo" name: "refrepo" - port: 97 + port: 8703 config: - ssl: "none" + ssl: "redirect" |