summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/a1policymanagement/values.yaml2
-rw-r--r--kubernetes/aaf/components/aaf-sms/resources/config/osdf.json7
-rw-r--r--kubernetes/aaf/components/aaf-sms/templates/job.yaml6
-rw-r--r--kubernetes/aaf/components/aaf-sms/values.yaml10
-rw-r--r--kubernetes/cli/requirements.yaml3
-rw-r--r--kubernetes/cli/templates/deployment.yaml1
-rw-r--r--kubernetes/cli/values.yaml6
-rw-r--r--kubernetes/common/dgbuilder/values.yaml2
-rw-r--r--kubernetes/common/network-name-gen/values.yaml2
-rw-r--r--kubernetes/common/postgres-init/.helmignore21
-rw-r--r--kubernetes/common/postgres-init/Chart.yaml18
-rw-r--r--kubernetes/common/postgres-init/requirements.yaml21
-rw-r--r--kubernetes/common/postgres-init/resources/config/setup.sql19
-rw-r--r--kubernetes/common/postgres-init/templates/configmap.yaml29
-rw-r--r--kubernetes/common/postgres-init/templates/job.yaml121
-rw-r--r--kubernetes/common/postgres-init/templates/secrets.yaml16
-rw-r--r--kubernetes/common/postgres-init/values.yaml91
-rw-r--r--kubernetes/common/postgres/templates/_deployment.tpl5
-rw-r--r--kubernetes/common/roles-wrapper/templates/role.yaml16
-rw-r--r--kubernetes/common/timescaledb/templates/statefulset.yaml13
-rw-r--r--kubernetes/common/timescaledb/values.yaml45
-rwxr-xr-xkubernetes/contrib/components/awx/components/awx-postgres/requirements.yaml3
-rwxr-xr-xkubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml1
-rwxr-xr-xkubernetes/contrib/components/awx/components/awx-postgres/values.yaml6
-rwxr-xr-xkubernetes/contrib/components/awx/requirements.yaml3
-rw-r--r--kubernetes/contrib/components/awx/templates/serviceaccount.yaml (renamed from kubernetes/contrib/components/awx/templates/serviceaccout.yaml)0
-rwxr-xr-xkubernetes/contrib/components/awx/values.yaml6
-rw-r--r--kubernetes/contrib/components/ejbca/requirements.yaml3
-rw-r--r--kubernetes/contrib/components/ejbca/templates/deployment.yaml1
-rw-r--r--kubernetes/contrib/components/ejbca/values.yaml6
-rwxr-xr-xkubernetes/contrib/components/netbox/components/netbox-app/requirements.yaml3
-rwxr-xr-xkubernetes/contrib/components/netbox/components/netbox-app/templates/deployment.yaml1
-rwxr-xr-xkubernetes/contrib/components/netbox/components/netbox-app/values.yaml6
-rwxr-xr-xkubernetes/contrib/components/netbox/components/netbox-nginx/requirements.yaml3
-rwxr-xr-xkubernetes/contrib/components/netbox/components/netbox-nginx/templates/deployment.yaml1
-rwxr-xr-xkubernetes/contrib/components/netbox/components/netbox-nginx/values.yaml6
-rwxr-xr-xkubernetes/contrib/components/netbox/components/netbox-postgres/requirements.yaml3
-rwxr-xr-xkubernetes/contrib/components/netbox/components/netbox-postgres/templates/deployment.yaml1
-rwxr-xr-xkubernetes/contrib/components/netbox/components/netbox-postgres/values.yaml6
-rw-r--r--kubernetes/cps/components/cps-core/requirements.yaml6
-rw-r--r--kubernetes/cps/components/cps-core/resources/config/application-helm.yml5
-rw-r--r--kubernetes/cps/components/cps-core/values.yaml24
-rw-r--r--kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl1
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datafile-collector/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml8
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-des/requirements.yaml4
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-feeder/requirements.yaml4
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-heartbeat/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-kpi-ms/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pm-mapper/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml8
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml8
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-prh/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-restconf-collector/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml4
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-son-handler/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml6
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-mapper/requirements.yaml5
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml6
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml6
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml7
-rw-r--r--kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml6
-rw-r--r--kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-dashboard/values.yaml6
-rw-r--r--kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml3
-rwxr-xr-xkubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml5
-rw-r--r--kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml5
-rw-r--r--kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml6
-rw-r--r--kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml6
-rw-r--r--kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml8
-rw-r--r--kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml3
-rw-r--r--kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml1
-rw-r--r--kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml8
-rw-r--r--kubernetes/dcaegen2/values.yaml2
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml5
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties2
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml8
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-prov/values.yaml46
-rw-r--r--kubernetes/holmes/components/holmes-engine-mgmt/requirements.yaml3
-rw-r--r--kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml1
-rw-r--r--kubernetes/holmes/components/holmes-engine-mgmt/values.yaml6
-rw-r--r--kubernetes/holmes/components/holmes-rule-mgmt/requirements.yaml3
-rw-r--r--kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml1
-rw-r--r--kubernetes/holmes/components/holmes-rule-mgmt/values.yaml6
-rw-r--r--kubernetes/modeling/components/modeling-etsicatalog/requirements.yaml3
-rw-r--r--kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml2
-rw-r--r--kubernetes/modeling/components/modeling-etsicatalog/values.yaml6
-rw-r--r--kubernetes/msb/components/msb-eag/values.yaml2
-rw-r--r--kubernetes/msb/components/msb-iag/values.yaml2
-rw-r--r--kubernetes/multicloud/components/multicloud-k8s/values.yaml2
-rwxr-xr-xkubernetes/onap/requirements.yaml9
-rw-r--r--kubernetes/onap/resources/overrides/onap-all.yaml3
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-api/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-data/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml2
-rwxr-xr-xkubernetes/oof/components/oof-has/values.yaml2
-rwxr-xr-xkubernetes/oof/resources/config/conf/osdf_config.yaml7
-rw-r--r--kubernetes/oof/templates/deployment.yaml2
-rw-r--r--kubernetes/oof/values.yaml9
-rw-r--r--kubernetes/platform/components/oom-cert-service/values.yaml2
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml22
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/requirements.yaml31
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml79
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml103
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/templates/configmap.yaml38
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/templates/deployment.yaml131
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/templates/secrets.yaml21
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml21
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml154
-rw-r--r--kubernetes/policy/components/policy-gui/Chart.yaml22
-rw-r--r--kubernetes/policy/components/policy-gui/requirements.yaml28
-rw-r--r--kubernetes/policy/components/policy-gui/resources/config/default.conf32
-rw-r--r--kubernetes/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml59
-rw-r--r--kubernetes/policy/components/policy-gui/templates/NOTES.txt38
-rw-r--r--kubernetes/policy/components/policy-gui/templates/configmap.yaml34
-rw-r--r--kubernetes/policy/components/policy-gui/templates/deployment.yaml109
-rw-r--r--kubernetes/policy/components/policy-gui/templates/ingress.yaml21
-rw-r--r--kubernetes/policy/components/policy-gui/templates/secrets.yaml21
-rw-r--r--kubernetes/policy/components/policy-gui/templates/service.yaml46
-rw-r--r--kubernetes/policy/components/policy-gui/values.yaml156
-rwxr-xr-xkubernetes/policy/requirements.yaml9
-rwxr-xr-xkubernetes/policy/resources/config/db.sh3
-rwxr-xr-xkubernetes/policy/values.yaml20
-rw-r--r--kubernetes/sdc/components/sdc-be/values.yaml4
-rw-r--r--kubernetes/sdc/components/sdc-cs/values.yaml4
-rw-r--r--kubernetes/sdc/components/sdc-fe/values.yaml2
-rw-r--r--kubernetes/sdc/components/sdc-onboarding-be/values.yaml4
-rw-r--r--kubernetes/sdnc/components/dmaap-listener/values.yaml2
-rw-r--r--kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml2
-rw-r--r--kubernetes/sdnc/components/sdnc-ansible-server/values.yaml2
-rw-r--r--kubernetes/sdnc/components/sdnc-web/values.yaml2
-rw-r--r--kubernetes/sdnc/components/ueb-listener/values.yaml2
-rw-r--r--kubernetes/sdnc/values.yaml2
-rwxr-xr-xkubernetes/so/components/so-bpmn-infra/values.yaml2
-rwxr-xr-xkubernetes/so/components/so-catalog-db-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml1
-rwxr-xr-xkubernetes/so/components/so-cnf-adapter/values.yaml4
-rwxr-xr-xkubernetes/so/components/so-openstack-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/components/so-request-db-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/components/so-sdc-controller/values.yaml2
-rwxr-xr-xkubernetes/so/components/so-sdnc-adapter/values.yaml2
-rwxr-xr-xkubernetes/so/values.yaml2
-rw-r--r--kubernetes/uui/components/uui-server/values.yaml2
-rw-r--r--kubernetes/uui/values.yaml2
-rw-r--r--kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml2
-rw-r--r--kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml4
-rw-r--r--kubernetes/vfc/components/vfc-nslcm/values.yaml25
-rw-r--r--kubernetes/vfc/components/vfc-redis/values.yaml2
-rw-r--r--kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml6
-rw-r--r--kubernetes/vfc/components/vfc-vnflcm/values.yaml25
-rw-r--r--kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml6
-rw-r--r--kubernetes/vfc/components/vfc-vnfmgr/values.yaml24
-rw-r--r--kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml6
-rw-r--r--kubernetes/vfc/components/vfc-vnfres/values.yaml25
-rw-r--r--kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml2
-rw-r--r--kubernetes/vfc/requirements.yaml1
-rw-r--r--kubernetes/vfc/values.yaml39
197 files changed, 2222 insertions, 186 deletions
diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml
index 103a621f52..07d12343a8 100644
--- a/kubernetes/a1policymanagement/values.yaml
+++ b/kubernetes/a1policymanagement/values.yaml
@@ -63,7 +63,7 @@ certInitializer:
echo "*** change ownership of certificates to targeted user"
chown -R 1000 .
-image: onap/ccsdk-oran-a1policymanagementservice:1.1.3
+image: onap/ccsdk-oran-a1policymanagementservice:1.2.1
userID: 1000 #Should match with image-defined user ID
groupID: 999 #Should match with image-defined group ID
pullPolicy: IfNotPresent
diff --git a/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json b/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json
index add0808701..3ede31dc44 100644
--- a/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json
+++ b/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json
@@ -99,6 +99,13 @@
"UserName": "${OSDF_OPT_ENGINE_USER}",
"Password": "${OSDF_OPT_ENGINE_PASS}"
}
+ },
+ {
+ "name": "cps",
+ "values": {
+ "UserName": "${CPS_USER}",
+ "Password": "${CPS_PASS}"
+ }
}
]
}
diff --git a/kubernetes/aaf/components/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml
index 6e50620a99..6d9ecaa7cb 100644
--- a/kubernetes/aaf/components/aaf-sms/templates/job.yaml
+++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml
@@ -52,6 +52,7 @@ spec:
export OSDF_OPT_ENGINE_PASS=${OSDF_OPT_ENGINE_PASS_PLAIN};
export SO_PASS=${SO_PASS_PLAIN};
export SDC_PASS=${SDC_PASS_PLAIN};
+ export CPS_PASS=${CPS_PASS_PLAIN};
cd /config-input;
for PFILE in `find . -not -type d | grep -v -F ..`; do
envsubst <${PFILE} >/config/${PFILE};
@@ -137,6 +138,11 @@ spec:
- name: SDC_PASS_PLAIN
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "password") | indent 10 }}
+ - name: CPS_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "login") | indent 10 }}
+ - name: CPS_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "password") | indent 10 }}
+
volumeMounts:
- mountPath: /config-input
name: {{ include "common.name" . }}-preload-input
diff --git a/kubernetes/aaf/components/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml
index ab7d8fb71b..cde8529cc1 100644
--- a/kubernetes/aaf/components/aaf-sms/values.yaml
+++ b/kubernetes/aaf/components/aaf-sms/values.yaml
@@ -197,6 +197,12 @@ secrets:
login: '{{ .Values.oofCreds.sdcUsername }}'
password: '{{ .Values.oofCreds.sdcPassword }}'
passwordPolicy: required
+ - uid: cps-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.oofCreds.cpsUserExternalSecret) . }}'
+ login: '{{ .Values.oofCreds.cpsUsername }}'
+ password: '{{ .Values.oofCreds.cpsPassword }}'
+ passwordPolicy: required
oofCreds:
aaiUsername: oof@oof.onap.org
aaiPassword: demo123456!
@@ -246,6 +252,10 @@ oofCreds:
sdcUsername: aai
sdcPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ cpsUsername: ''
+ cpsPassword: ''
+ cpsUserExternalSecret: '{{ include "common.release" . }}-cps-core-app-user-creds'
+
# Configure resource requests and limits
resources:
small:
diff --git a/kubernetes/cli/requirements.yaml b/kubernetes/cli/requirements.yaml
index e2ce84d0a3..2394a6700d 100644
--- a/kubernetes/cli/requirements.yaml
+++ b/kubernetes/cli/requirements.yaml
@@ -25,3 +25,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/cli/templates/deployment.yaml b/kubernetes/cli/templates/deployment.yaml
index 735308754f..0a3f967eee 100644
--- a/kubernetes/cli/templates/deployment.yaml
+++ b/kubernetes/cli/templates/deployment.yaml
@@ -75,6 +75,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: lighttpd
configMap:
diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml
index 4dcee4568c..28d227645a 100644
--- a/kubernetes/cli/values.yaml
+++ b/kubernetes/cli/values.yaml
@@ -126,3 +126,9 @@ resources:
cpu: 2
memory: 4Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: cli
+ roles:
+ - read
diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml
index 0f91bbd882..681c6afc4f 100644
--- a/kubernetes/common/dgbuilder/values.yaml
+++ b/kubernetes/common/dgbuilder/values.yaml
@@ -69,7 +69,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-dgbuilder-image:1.1.1
+image: onap/ccsdk-dgbuilder-image:1.2.1
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml
index daf29ccca9..c1717c3d24 100644
--- a/kubernetes/common/network-name-gen/values.yaml
+++ b/kubernetes/common/network-name-gen/values.yaml
@@ -74,7 +74,7 @@ mariadb-init:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-apps-ms-neng:1.1.1
+image: onap/ccsdk-apps-ms-neng:1.2.0
pullPolicy: IfNotPresent
# application configuration
diff --git a/kubernetes/common/postgres-init/.helmignore b/kubernetes/common/postgres-init/.helmignore
new file mode 100644
index 0000000000..f0c1319444
--- /dev/null
+++ b/kubernetes/common/postgres-init/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/common/postgres-init/Chart.yaml b/kubernetes/common/postgres-init/Chart.yaml
new file mode 100644
index 0000000000..7de0d9acb6
--- /dev/null
+++ b/kubernetes/common/postgres-init/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Chart for Postgres init job
+name: postgres-init
+version: 8.0.0
diff --git a/kubernetes/common/postgres-init/requirements.yaml b/kubernetes/common/postgres-init/requirements.yaml
new file mode 100644
index 0000000000..1a4ab2f2cf
--- /dev/null
+++ b/kubernetes/common/postgres-init/requirements.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: 'file://../common'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: 'file://../repositoryGenerator'
diff --git a/kubernetes/common/postgres-init/resources/config/setup.sql b/kubernetes/common/postgres-init/resources/config/setup.sql
new file mode 100644
index 0000000000..06e07245be
--- /dev/null
+++ b/kubernetes/common/postgres-init/resources/config/setup.sql
@@ -0,0 +1,19 @@
+--- User Setup
+CREATE USER "${PG_USER}" LOGIN;
+ALTER USER "${PG_USER}" PASSWORD '${PG_PASSWORD}';
+
+CREATE DATABASE ${PG_DATABASE};
+GRANT ALL PRIVILEGES ON DATABASE ${PG_DATABASE} TO "${PG_USER}";
+
+--- PG_DATABASE Setup
+
+\c ${PG_DATABASE}
+
+CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+CREATE EXTENSION IF NOT EXISTS pgaudit;
+
+--- Create schema for PG_USER
+
+\c ${PG_DATABASE}
+
+CREATE SCHEMA IF NOT EXISTS "${PG_USER}" AUTHORIZATION "${PG_USER}";
diff --git a/kubernetes/common/postgres-init/templates/configmap.yaml b/kubernetes/common/postgres-init/templates/configmap.yaml
new file mode 100644
index 0000000000..66c28a0c69
--- /dev/null
+++ b/kubernetes/common/postgres-init/templates/configmap.yaml
@@ -0,0 +1,29 @@
+{{/*
+# Copyright © 2021 Orange
+#
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/common/postgres-init/templates/job.yaml b/kubernetes/common/postgres-init/templates/job.yaml
new file mode 100644
index 0000000000..01151bb4a9
--- /dev/null
+++ b/kubernetes/common/postgres-init/templates/job.yaml
@@ -0,0 +1,121 @@
+{{/*
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-config-job
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ name: {{ include "common.name" . }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - {{ .Values.global.postgres.container.name }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ function prepare_password {
+ echo -n $1 | sed -e "s/'/''/g"
+ }
+ export PG_PASSWORD=`prepare_password $PG_PASSWORD_INPUT`;
+ export PG_ROOT_PASSWORD=`prepare_password $PG_ROOT_PASSWORD_INPUT`;
+ cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done;
+ psql "postgresql://postgres:$PG_ROOT_PASSWORD@$PG_HOST" < /config/setup.sql
+ env:
+ - name: PG_HOST
+ value: "{{ .Values.global.postgres.service.name2 }}"
+ - name: PG_PRIMARY_USER
+ value: primaryuser
+ - name: MODE
+ value: postgres
+ - name: PG_PRIMARY_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
+ - name: PG_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
+ - name: PG_DATABASE
+ value: "{{ .Values.config.pgDatabase }}"
+ - name: PG_ROOT_PASSWORD_INPUT
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input/setup.sql
+ name: config
+ subPath: setup.sql
+ - mountPath: /config
+ name: pgconf
+ image: {{ include "repositoryGenerator.image.postgres" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /config-input/setup.sql
+ name: config
+ subPath: setup.sql
+ - mountPath: /config
+ name: pgconf
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: pgconf
+ emptyDir:
+ medium: Memory
+ restartPolicy: Never
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/common/postgres-init/templates/secrets.yaml b/kubernetes/common/postgres-init/templates/secrets.yaml
new file mode 100644
index 0000000000..f3bea1ff6d
--- /dev/null
+++ b/kubernetes/common/postgres-init/templates/secrets.yaml
@@ -0,0 +1,16 @@
+{{/*
+# Copyright © 2021 Orange
+# #
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# # http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/postgres-init/values.yaml b/kubernetes/common/postgres-init/values.yaml
new file mode 100644
index 0000000000..7bcd8e23b4
--- /dev/null
+++ b/kubernetes/common/postgres-init/values.yaml
@@ -0,0 +1,91 @@
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ postgres:
+ service:
+ name: pgset
+ container:
+ name: postgres
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: '{{ include "common.postgres.secret.rootPassUID" . }}'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.pgRootPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.pgRootPassword }}'
+ - uid: '{{ include "common.postgres.secret.userCredentialsUID" . }}'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.pgUserExternalSecret) . }}'
+ login: '{{ .Values.config.pgUserName }}'
+ password: '{{ .Values.config.pgUserPassword }}'
+ - uid: '{{ include "common.postgres.secret.primaryPasswordUID" . }}'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.pgPrimaryPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.pgPrimaryPassword }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+
+pullPolicy: Always
+
+# application configuration
+config:
+ pgUserName: testuser
+ pgDatabase: userdb
+ pgDataPath: data
+ pgRootPasswordExternalSecret: '{{ include "common.namespace" . }}-postgres-db-root-password'
+ # pgPrimaryPassword: password
+ # pgUserPassword: password
+ # pgRootPassword: password
+
+nodeSelector: {}
+
+affinity: {}
+
+flavor: small
+
+#resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 100m
+ memory: 300Mi
+ requests:
+ cpu: 10m
+ memory: 90Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl
index d93d401ebc..341b4c86c7 100644
--- a/kubernetes/common/postgres/templates/_deployment.tpl
+++ b/kubernetes/common/postgres/templates/_deployment.tpl
@@ -1,6 +1,7 @@
{{/*
# Copyright © 2018 Amdocs, AT&T, Bell Canada
# Copyright © 2020 Samsung Electronics
+# Copyright © 2021 Orange
# Modifications Copyright (C) 2021 Bell Canada.
# #
# # Licensed under the Apache License, Version 2.0 (the "License");
@@ -126,9 +127,9 @@ spec:
- name: PG_MODE
value: {{ $pgMode }}
- name: PG_PRIMARY_HOST
- value: "{{ $dot.Values.container.name.primary }}"
+ value: "{{ $dot.Values.service.name2 }}"
- name: PG_REPLICA_HOST
- value: "{{ $dot.Values.container.name.replica }}"
+ value: "{{ $dot.Values.service.name3 }}"
- name: PG_PRIMARY_PORT
value: "{{ $dot.Values.service.internalPort }}"
- name: PG_PRIMARY_PASSWORD
diff --git a/kubernetes/common/roles-wrapper/templates/role.yaml b/kubernetes/common/roles-wrapper/templates/role.yaml
index e2a84b4151..0be6c7bbd6 100644
--- a/kubernetes/common/roles-wrapper/templates/role.yaml
+++ b/kubernetes/common/roles-wrapper/templates/role.yaml
@@ -32,6 +32,7 @@ rules:
resources:
- pods
- deployments
+ - deployments/status
- jobs
- jobs/status
- statefulsets
@@ -52,6 +53,7 @@ rules:
resources:
- pods
- deployments
+ - deployments/status
- jobs
- jobs/status
- statefulsets
@@ -59,6 +61,7 @@ rules:
- replicasets/status
- daemonsets
- secrets
+ - services
verbs:
- get
- watch
@@ -68,6 +71,7 @@ rules:
- apps
resources:
- statefulsets
+ - configmaps
verbs:
- patch
- apiGroups:
@@ -76,6 +80,8 @@ rules:
resources:
- deployments
- secrets
+ - services
+ - pods
verbs:
- create
- apiGroups:
@@ -85,7 +91,8 @@ rules:
- pods
- persistentvolumeclaims
- secrets
- - deployment
+ - deployments
+ - services
verbs:
- delete
- apiGroups:
@@ -95,6 +102,13 @@ rules:
- pods/exec
verbs:
- create
+- apiGroups:
+ - cert-manager.io
+ resources:
+ - certificates
+ verbs:
+ - create
+ - delete
{{- else }}
# if you don't match read or create, then you're not allowed to use API
# except to see basic information about yourself
diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml
index 435c925eb2..a3d942fcfa 100644
--- a/kubernetes/common/timescaledb/templates/statefulset.yaml
+++ b/kubernetes/common/timescaledb/templates/statefulset.yaml
@@ -29,25 +29,26 @@ spec:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
- securityContext:
- {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ {{ include "common.podSecurityContext" . | indent 10 | trim}}
initContainers:
- - name: chowm-mount-path
+ # we shouldn't need this but for unknown reason, it's fsGroup is not
+ # applied
+ - name: fix-permission
command:
- /bin/sh
args:
- -c
- - chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }} /var/lib/postgresql/data
+ - chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /var/lib/postgresql/data
image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ runAsUser: 0
volumeMounts:
- mountPath: /var/lib/postgresql/data
name: {{ include "common.fullname" . }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
- securityContext:
- {{- toYaml .Values.securityContext | nindent 12 }}
imagePullPolicy: {{ .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
livenessProbe:
diff --git a/kubernetes/common/timescaledb/values.yaml b/kubernetes/common/timescaledb/values.yaml
index 55acd92847..258f516ff0 100644
--- a/kubernetes/common/timescaledb/values.yaml
+++ b/kubernetes/common/timescaledb/values.yaml
@@ -37,30 +37,45 @@ serviceAccount:
roles:
- read
-podSecurityContext: {}
- # fsGroup: 2000
-
securityContext:
# Uid and gid to run the entrypoint of the container process (uid 70 is postgres user and gid 70 is postgres group)
- runAsUser: 70
- runAsGroup: 70
+ user_id: 70
+ group_id: 70
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
+flavor: small
+
+#resources: {}
+# We usually recommend not to specify default resources and to leave this as a conscious
+# choice for the user. This also increases chances charts run on environments with little
+# resources, such as Minikube. If you do want to specify resources, uncomment the following
+# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+#
+# Example:
+# Configure resource requests and limits
+# ref: http://kubernetes.io/docs/user-guide/compute-resources/
+# Minimum memory for development is 2 CPU cores and 4GB memory
+# Minimum memory for production is 4 CPU cores and 8GB memory
resources:
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- limits:
- cpu: 0.5
- memory: 256Mi
- requests:
- cpu: 20m
- memory: 256Mi
+ small:
+ limits:
+ cpu: 100m
+ memory: 300Mi
+ requests:
+ cpu: 10m
+ memory: 90Mi
+ large:
+ limits:
+ cpu: 2
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 2Gi
+ unlimited: {}
nodeSelector: {}
diff --git a/kubernetes/contrib/components/awx/components/awx-postgres/requirements.yaml b/kubernetes/contrib/components/awx/components/awx-postgres/requirements.yaml
index d6f5f56197..b7c4d1e7f8 100755
--- a/kubernetes/contrib/components/awx/components/awx-postgres/requirements.yaml
+++ b/kubernetes/contrib/components/awx/components/awx-postgres/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml b/kubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml
index c0c6b914fb..3b4dad55ec 100755
--- a/kubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml
+++ b/kubernetes/contrib/components/awx/components/awx-postgres/templates/deployment.yaml
@@ -74,6 +74,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/contrib/components/awx/components/awx-postgres/values.yaml b/kubernetes/contrib/components/awx/components/awx-postgres/values.yaml
index a7234caceb..4cf03b2482 100755
--- a/kubernetes/contrib/components/awx/components/awx-postgres/values.yaml
+++ b/kubernetes/contrib/components/awx/components/awx-postgres/values.yaml
@@ -80,3 +80,9 @@ service:
externalPort: 5432
resources: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: awx-postgres
+ roles:
+ - read
diff --git a/kubernetes/contrib/components/awx/requirements.yaml b/kubernetes/contrib/components/awx/requirements.yaml
index b015bd1216..222db3890e 100755
--- a/kubernetes/contrib/components/awx/requirements.yaml
+++ b/kubernetes/contrib/components/awx/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: awx-postgres
version: ~8.x-0
repository: 'file://components/awx-postgres'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/contrib/components/awx/templates/serviceaccout.yaml b/kubernetes/contrib/components/awx/templates/serviceaccount.yaml
index 15baf0e308..15baf0e308 100644
--- a/kubernetes/contrib/components/awx/templates/serviceaccout.yaml
+++ b/kubernetes/contrib/components/awx/templates/serviceaccount.yaml
diff --git a/kubernetes/contrib/components/awx/values.yaml b/kubernetes/contrib/components/awx/values.yaml
index 02642fd3fd..0a247c5743 100755
--- a/kubernetes/contrib/components/awx/values.yaml
+++ b/kubernetes/contrib/components/awx/values.yaml
@@ -109,3 +109,9 @@ service:
externalPort: 5672
resources: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: awx
+ roles:
+ - read
diff --git a/kubernetes/contrib/components/ejbca/requirements.yaml b/kubernetes/contrib/components/ejbca/requirements.yaml
index 8762d969f9..284108c256 100644
--- a/kubernetes/contrib/components/ejbca/requirements.yaml
+++ b/kubernetes/contrib/components/ejbca/requirements.yaml
@@ -29,3 +29,6 @@ dependencies:
- name: cmpv2Config
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
index fc163ee2e2..6bd5b259ea 100644
--- a/kubernetes/contrib/components/ejbca/templates/deployment.yaml
+++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
@@ -94,6 +94,7 @@ spec:
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
resources: {{ include "common.resources" . | nindent 10 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- configMap:
name: "{{ include "common.fullname" . }}-config-script"
diff --git a/kubernetes/contrib/components/ejbca/values.yaml b/kubernetes/contrib/components/ejbca/values.yaml
index 57d1e7848e..52e0e750a0 100644
--- a/kubernetes/contrib/components/ejbca/values.yaml
+++ b/kubernetes/contrib/components/ejbca/values.yaml
@@ -124,3 +124,9 @@ resources:
cpu: 20m
memory: 1Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: ejbca
+ roles:
+ - read
diff --git a/kubernetes/contrib/components/netbox/components/netbox-app/requirements.yaml b/kubernetes/contrib/components/netbox/components/netbox-app/requirements.yaml
index 50ff87c18b..1b6f2d7c93 100755
--- a/kubernetes/contrib/components/netbox/components/netbox-app/requirements.yaml
+++ b/kubernetes/contrib/components/netbox/components/netbox-app/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/contrib/components/netbox/components/netbox-app/templates/deployment.yaml b/kubernetes/contrib/components/netbox/components/netbox-app/templates/deployment.yaml
index f1209cdb56..302166fcd6 100755
--- a/kubernetes/contrib/components/netbox/components/netbox-app/templates/deployment.yaml
+++ b/kubernetes/contrib/components/netbox/components/netbox-app/templates/deployment.yaml
@@ -138,6 +138,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/contrib/components/netbox/components/netbox-app/values.yaml b/kubernetes/contrib/components/netbox/components/netbox-app/values.yaml
index 92f97c2620..27cd811ec1 100755
--- a/kubernetes/contrib/components/netbox/components/netbox-app/values.yaml
+++ b/kubernetes/contrib/components/netbox/components/netbox-app/values.yaml
@@ -112,3 +112,9 @@ readiness:
periodSeconds: 10
resources: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: netbox-app
+ roles:
+ - read
diff --git a/kubernetes/contrib/components/netbox/components/netbox-nginx/requirements.yaml b/kubernetes/contrib/components/netbox/components/netbox-nginx/requirements.yaml
index 50ff87c18b..1b6f2d7c93 100755
--- a/kubernetes/contrib/components/netbox/components/netbox-nginx/requirements.yaml
+++ b/kubernetes/contrib/components/netbox/components/netbox-nginx/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/contrib/components/netbox/components/netbox-nginx/templates/deployment.yaml b/kubernetes/contrib/components/netbox/components/netbox-nginx/templates/deployment.yaml
index 7bdf46f252..2d115f74bf 100755
--- a/kubernetes/contrib/components/netbox/components/netbox-nginx/templates/deployment.yaml
+++ b/kubernetes/contrib/components/netbox/components/netbox-nginx/templates/deployment.yaml
@@ -61,6 +61,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/contrib/components/netbox/components/netbox-nginx/values.yaml b/kubernetes/contrib/components/netbox/components/netbox-nginx/values.yaml
index de131d30d0..a7d0dadbf1 100755
--- a/kubernetes/contrib/components/netbox/components/netbox-nginx/values.yaml
+++ b/kubernetes/contrib/components/netbox/components/netbox-nginx/values.yaml
@@ -81,3 +81,9 @@ service:
nodePort: 20
resources: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: netbox-nginx
+ roles:
+ - read
diff --git a/kubernetes/contrib/components/netbox/components/netbox-postgres/requirements.yaml b/kubernetes/contrib/components/netbox/components/netbox-postgres/requirements.yaml
index 50ff87c18b..1b6f2d7c93 100755
--- a/kubernetes/contrib/components/netbox/components/netbox-postgres/requirements.yaml
+++ b/kubernetes/contrib/components/netbox/components/netbox-postgres/requirements.yaml
@@ -19,3 +19,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/contrib/components/netbox/components/netbox-postgres/templates/deployment.yaml b/kubernetes/contrib/components/netbox/components/netbox-postgres/templates/deployment.yaml
index 2caddeba49..8e05524fd1 100755
--- a/kubernetes/contrib/components/netbox/components/netbox-postgres/templates/deployment.yaml
+++ b/kubernetes/contrib/components/netbox/components/netbox-postgres/templates/deployment.yaml
@@ -64,6 +64,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/contrib/components/netbox/components/netbox-postgres/values.yaml b/kubernetes/contrib/components/netbox/components/netbox-postgres/values.yaml
index 572e23d53c..7e0a324aa1 100755
--- a/kubernetes/contrib/components/netbox/components/netbox-postgres/values.yaml
+++ b/kubernetes/contrib/components/netbox/components/netbox-postgres/values.yaml
@@ -80,3 +80,9 @@ service:
externalPort: 5432
resources: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: netbox-postgres
+ roles:
+ - read
diff --git a/kubernetes/cps/components/cps-core/requirements.yaml b/kubernetes/cps/components/cps-core/requirements.yaml
index d6b6712852..c42e72a232 100644
--- a/kubernetes/cps/components/cps-core/requirements.yaml
+++ b/kubernetes/cps/components/cps-core/requirements.yaml
@@ -19,6 +19,12 @@ dependencies:
- name: postgres
version: ~8.x-0
repository: '@local'
+ condition: global.postgres.localCluster
+ - name: postgres-init
+ version: ~8.x-0
+ repository: '@local'
+ condition: not global.postgres.localCluster
+ #condition: global.postgres.postgresInit
- name: readinessCheck
version: ~8.x-0
repository: '@local'
diff --git a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
index 0bc7d5bccb..8f904efeae 100644
--- a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
+++ b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml
@@ -2,6 +2,7 @@
# Copyright (C) 2021 Pantheon.tech
# Modifications Copyright (C) 2020 Bell Canada.
# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,7 +19,11 @@
spring:
datasource:
+{{- if .Values.global.postgres.localCluster }}
url: jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }}
+{{- else }}
+ url: jdbc:postgresql://{{ .Values.global.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }}
+{{- end }}
username: ${DB_USERNAME}
password: ${DB_PASSWORD}
driverClassName: org.postgresql.Driver
diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml
index 4f788e7977..55d9fcde66 100644
--- a/kubernetes/cps/components/cps-core/values.yaml
+++ b/kubernetes/cps/components/cps-core/values.yaml
@@ -52,6 +52,16 @@ global:
ingress:
virtualhost:
baseurl: "simpledemo.onap.org"
+ #Service Names of the postgres db to connect to.
+ #Override it to cps-postgres if localCluster is enabled.
+ postgres:
+ localCluster: false
+ service:
+ name: pgset
+ name2: tcp-pgset-primary
+ name3: tcp-pgset-replica
+ container:
+ name: postgres
image: onap/cps-and-ncmp:2.0.0
containerPort: &svc_port 8080
@@ -206,9 +216,21 @@ postgres:
pgUserExternalSecret: *pgUserCredsSecretName
pgRootPasswordExternalSecret: *pgRootPassSecretName
+postgres-init:
+ nameOverride: cps-postgres-init
+ config:
+ pgUserName: cps
+ pgDatabase: cpsdb
+ pgDataPath: data
+ pgUserExternalSecret: *pgUserCredsSecretName
+
+ # pgPrimaryPassword: password
+ # pgUserPassword: password
+ # pgRootPassword: password
+
readinessCheck:
wait_for:
- - *postgresName
+ - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
minReadySeconds: 10
updateStrategy:
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index 6be03de27b..dd0bf4bd48 100644
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -432,6 +432,7 @@ spec:
{{- end }}
{{- end }}
hostname: {{ include "common.name" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- configMap:
defaultMode: 420
diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/requirements.yaml
index c6804b76b4..e267e8931a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/requirements.yaml
@@ -27,4 +27,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local' \ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml
index 9815bf7ed6..572e812cf3 100644
--- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml
@@ -199,3 +199,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-bbs-eventprocessor-ms
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/requirements.yaml
index 9f1600ead3..540013e1db 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/requirements.yaml
@@ -30,4 +30,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local' \ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
index be7620733b..2342470877 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml
@@ -148,7 +148,7 @@ applicationConfig:
drFeedConfig:
- feedName: bulk_pm_feed
owner: dcaecm
- feedVersion: 0.0
+ feedVersion: "0.0"
asprClassification: unclassified
feedDescription: DFC Feed Creation
@@ -184,3 +184,9 @@ resources:
cpu: 1
memory: 1Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-datafile-collector
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/requirements.yaml
index 8e53236787..6412c80d48 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/requirements.yaml
@@ -28,3 +28,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml
index faff44cc56..0553b52265 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml
@@ -116,3 +116,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-datalake-admin-ui
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-des/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-des/requirements.yaml
index 34fe22ee16..e0ac99dc5c 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datalake-des/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-des/requirements.yaml
@@ -28,4 +28,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
-
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml
index bc5fe3b88c..9373e8256a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml
@@ -146,3 +146,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-datalake-des
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/requirements.yaml
index 5ef187132e..fded2cee84 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/requirements.yaml
@@ -31,4 +31,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
-
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml
index 56017b7e5c..2452dc8a18 100644
--- a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml
@@ -173,3 +173,9 @@ postgres:
pgUserName: datalake
pgDatabase: datalake
pgUserExternalSecret: *pgUserCredsSecretName
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-datalake-feeder
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/requirements.yaml
index 680c0d6711..ebfdcdb08c 100644
--- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/requirements.yaml
@@ -30,4 +30,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local' \ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
index 8847f298e8..bbf815d658 100644
--- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml
@@ -190,3 +190,9 @@ postgres:
pgUserName: heartbeat
pgDatabase: heartbeat
pgUserExternalSecret: *pgUserCredsSecretName
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-heartbeat
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml
index d45745404d..9a2dc1aa29 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml
@@ -30,3 +30,6 @@ dependencies:
- name: certManagerCertificate
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
index 07b10614a8..650ec03920 100644
--- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml
@@ -199,3 +199,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-hv-ves-collector
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/requirements.yaml
index 6b37d363b6..4239867c35 100644
--- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/requirements.yaml
@@ -28,5 +28,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
-
-
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
index 802c830005..5d8c6d59eb 100644
--- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml
@@ -159,3 +159,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-kpi-ms
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml
index 0697ceb1d6..3762a2acea 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml
index aa6af35c5e..8ec60a7bd1 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml
@@ -65,3 +65,8 @@ resources:
memory: 2Gi
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-ms-healthcheck
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/requirements.yaml
index 5e1b36e493..c39c2092ed 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/requirements.yaml
@@ -27,4 +27,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: 'file://../../common/dcaegen2-services-common' \ No newline at end of file
+ repository: 'file://../../common/dcaegen2-services-common'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
index 0dff427f49..caae1c319e 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
@@ -160,7 +160,7 @@ applicationConfig:
drFeedConfig:
- feedName: bulk_pm_feed
owner: dcaecm
- feedVersion: 0.0
+ feedVersion: "0.0"
asprClassification: unclassified
feedDescription: DFC Feed Creation
@@ -216,3 +216,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-pm-mapper
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml
index 4dfc837bf8..44c366438c 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/requirements.yaml
@@ -31,3 +31,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
index 512bd2643a..b9005f01b8 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml
@@ -192,4 +192,10 @@ postgres:
config:
pgUserName: pmsh
pgDatabase: pmsh
- pgUserExternalSecret: *pgUserCredsSecretName \ No newline at end of file
+ pgUserExternalSecret: *pgUserCredsSecretName
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-pmsh
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml
index 80e79fe28e..37ffafe9ce 100644
--- a/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml
@@ -26,3 +26,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
index c7d4c1d82f..a7f62912b1 100644
--- a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
@@ -168,3 +168,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-prh
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/requirements.yaml
index c6804b76b4..e267e8931a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/requirements.yaml
@@ -27,4 +27,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local' \ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
index 789a807d63..ad29e33a90 100644
--- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
@@ -159,3 +159,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-restconf-collector
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml
index 9cab8e92e6..c6ccf13b56 100644
--- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/requirements.yaml
@@ -31,4 +31,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
-
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
index 5974d80e81..3300306668 100644
--- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
@@ -210,3 +210,9 @@ postgres:
pgUserName: sliceanalysisms
pgDatabase: sliceanalysisms
pgUserExternalSecret: *pgUserCredsSecretName
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-slice-analysis-ms
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/requirements.yaml
index c6804b76b4..e267e8931a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/requirements.yaml
@@ -27,4 +27,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local' \ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml
index 60295b972a..266da24f7a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml
@@ -145,3 +145,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-snmptrap-collector
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/requirements.yaml
index 3f52d6fce8..907f8f3d26 100644
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/requirements.yaml
@@ -31,3 +31,6 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
index a0ab079e1d..420814f6c2 100644
--- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml
@@ -242,3 +242,9 @@ postgres:
pgUserName: sonhms
pgDatabase: sonhms
pgUserExternalSecret: *pgUserCredsSecretName
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-son-handler
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml
index 02a2a674c3..b1d9fb2332 100644
--- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml
@@ -26,3 +26,9 @@ dependencies:
- name: dcaegen2-services-common
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
index 778f6c94ed..e7707dcdb0 100644
--- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml
@@ -162,3 +162,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-tcagen2
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml
index d45745404d..9a2dc1aa29 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml
@@ -30,3 +30,6 @@ dependencies:
- name: certManagerCertificate
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
index bfea92aeb9..f863ff8641 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml
@@ -200,3 +200,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-ves-collector
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/requirements.yaml
index c6804b76b4..e267e8931a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/requirements.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/requirements.yaml
@@ -27,4 +27,7 @@ dependencies:
repository: '@local'
- name: dcaegen2-services-common
version: ~8.x-0
- repository: '@local' \ No newline at end of file
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml
index 7bde2e99fb..a7186a4d98 100644
--- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml
@@ -189,3 +189,9 @@ resources:
cpu: 2
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-ves-mapper
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml
index 353f4eaccb..b6eeb5bb45 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml
@@ -32,3 +32,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
index d95883ab09..4addb2b863 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml
@@ -136,6 +136,7 @@ spec:
value: {{ .Values.dcae_ns | default "" }}
- name: ONAP_NAMESPACE
value: {{ include "common.namespace" . }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-dcae-inputs-input
configMap:
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
index f3e6c29d53..b012ee4942 100644
--- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml
@@ -137,3 +137,9 @@ resources:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "onap"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-bootstrap
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml
index 413f997905..877839e40a 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: cmpv2Config
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
index 204a3e27d7..f5fc9cac30 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/deployment.yaml
@@ -169,6 +169,7 @@ spec:
readOnly: true
securityContext:
privileged: True
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
index e6567d9ac2..17ba5ec71e 100644
--- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml
@@ -127,3 +127,10 @@ persistence:
mountPath: /dockerdata-nfs
mountSubPath: dcae-cm/data
volumeReclaimPolicy: Retain
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-cloudify-manager
+ roles:
+ - create
+
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml
index be5f059ed9..f2c5b021ba 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
index 65d0b36927..c7e1d70030 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/templates/deployment.yaml
@@ -167,6 +167,7 @@ spec:
- name: {{ include "common.fullname" . }}-logs-i
mountPath: /var/log/onap/config-binding-service
{{ end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-fb-conf
configMap:
diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
index 1d421427c3..719e73f43c 100644
--- a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml
@@ -91,3 +91,9 @@ resources:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-config-binding-service
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml
index 2fe847961d..8759678489 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
index e93f8d8fb9..dbb6c67580 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml
@@ -161,6 +161,7 @@ spec:
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- emptyDir: {}
name: component-log
diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
index 6640f78e9a..a083b519d6 100644
--- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml
@@ -119,3 +119,9 @@ resources:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-dashboard
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml
index f19e4127c8..78bcd76a6d 100644
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml
index 1b39dc6e2f..1ad42e02b2 100755
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/templates/deployment.yaml
@@ -154,6 +154,7 @@ spec:
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- emptyDir: {}
name: component-log
diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
index fc4d07d39d..3435462c1d 100644
--- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml
@@ -91,3 +91,8 @@ resources:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+serviceAccount:
+ nameOverride: dcae-deployment-handler
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml
index 0697ceb1d6..3762a2acea 100644
--- a/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-healthcheck/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml
index 9514f41b86..641dfdf926 100644
--- a/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-healthcheck/templates/deployment.yaml
@@ -74,6 +74,7 @@ spec:
value: {{ include "common.release" . }}
- name: DEPLOY_LABEL
value: cfydeployment
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-expected-components
configMap:
diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
index 221e579943..1c6cff0657 100644
--- a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml
@@ -67,3 +67,8 @@ resources:
# If empty, use the common namespace
# dcae_ns: "onap"
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-healthcheck
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml
index 63ac56cca4..32d8b5b035 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml
@@ -23,3 +23,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
index d25d63c361..7c3746a0a3 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml
@@ -152,6 +152,7 @@ spec:
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- emptyDir: {}
name: component-log
diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
index 1bc13efc55..fe39269c27 100644
--- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml
@@ -110,3 +110,9 @@ resources:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-inventory-api
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml
index f19e4127c8..78bcd76a6d 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml
index 916c5f673f..b8c24355e6 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/templates/deployment.yaml
@@ -145,6 +145,7 @@ spec:
- mountPath: /usr/share/filebeat/filebeat.yml
name: filebeat-conf
subPath: filebeat.yml
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- emptyDir: {}
name: component-log
diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
index 8f6a1a7da9..00ce47b451 100644
--- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml
@@ -92,3 +92,9 @@ resources:
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-policy-handler
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml
index be5f059ed9..f2c5b021ba 100644
--- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/requirements.yaml
@@ -20,3 +20,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml
index 7c55628f25..6c4e695228 100644
--- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/templates/deployment.yaml
@@ -106,6 +106,7 @@ spec:
value: "/opt/cert/cacert.pem"
- name: SCH_ARGS
value: "prod /opt/config.json"
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-sch-config
configMap:
diff --git a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml
index c363626666..8686db49ba 100644
--- a/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-servicechange-handler/values.yaml
@@ -85,4 +85,10 @@ resources:
unlimited: {}
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
-# dcae_ns: "dcae" \ No newline at end of file
+# dcae_ns: "dcae"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-servicechange-handler
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml
index 16f38f80a8..9a3009ddec 100644
--- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml
+++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/requirements.yaml
@@ -24,3 +24,6 @@ dependencies:
- name: readinessCheck
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml
index f2826a77a0..1c6e3593ac 100644
--- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml
+++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml
@@ -52,6 +52,7 @@ spec:
volumeMounts:
- name: schema-map
mountPath: {{ .Values.schemaMap.directory }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: schema-map
configMap:
diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml
index 2209feb729..873579ee97 100644
--- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml
+++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml
@@ -64,4 +64,10 @@ resources:
requests:
cpu: 1
memory: 1Gi
- unlimited: {} \ No newline at end of file
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dcae-ves-openapi-manager
+ roles:
+ - read
diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml
index f82b410e1b..17b077b987 100644
--- a/kubernetes/dcaegen2/values.yaml
+++ b/kubernetes/dcaegen2/values.yaml
@@ -68,4 +68,4 @@ dcae-policy-handler:
dcae-servicechange-handler:
enabled: true
dcae-ves-openapi-manager:
- enabled: true \ No newline at end of file
+ enabled: true
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml
index 65867f50af..3c25c94388 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/requirements.yaml
@@ -23,7 +23,10 @@ dependencies:
version: ~8.x-0
repository: '@local'
- name: mariadb-galera
- alias: mariadb
+ version: ~8.x-0
+ repository: '@local'
+ condition: global.mariadbGalera.localCluster
+ - name: mariadb-init
version: ~8.x-0
repository: '@local'
- name: certInitializer
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
index a7472383e2..18ab41982a 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties
@@ -42,7 +42,7 @@ org.onap.dmaap.datarouter.provserver.isaddressauthenabled = false
# Database access
org.onap.dmaap.datarouter.db.driver = org.mariadb.jdbc.Driver
-org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{.Values.config.dmaapDrDb.mariadbServiceName}}:{{.Values.config.dmaapDrDb.mariadbServicePort}}/{{.Values.mariadb.db.name}}
+org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{index .Values "mariadb-galera" "db" "name"}}
org.onap.dmaap.datarouter.db.login = ${DB_USERNAME}
org.onap.dmaap.datarouter.db.password = ${DB_PASSWORD}
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
index 61678961cc..a3051eee5d 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml
@@ -42,8 +42,8 @@ spec:
command:
- /app/ready.py
args:
- - --container-name
- - {{ .Values.config.dmaapDrDb.mariadbContName }}
+ - --job-name
+ - {{ include "common.release" . }}-dmaap-dr-mariadb-init-config-job
env:
- name: NAMESPACE
valueFrom:
@@ -81,9 +81,9 @@ spec:
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: DB_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "login") | indent 12 }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "password") | indent 12 }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
index 7564ccfc78..cf25468fe1 100644
--- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml
@@ -19,17 +19,23 @@ global:
nodePortPrefix: 302
loggingDirectory: /opt/app/datartr/logs
persistence: {}
+ mariadbGalera: &mariadbGalera
+ #This flag allows DMAAP-DR to instantiate its own mariadb-galera cluster
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: dmaap-dr-db-user-secret
- name: &dbSecretName '{{ include "common.release" . }}-dmaap-dr-db-user-secret'
+ - name: &dbUserSecretName '{{ include "common.release" . }}-dmaap-dr-db-user-credentials'
+ uid: 'dmaap-dr-db-user-credentials'
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.dmaapDrDb.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.dmaapDrDb.userName }}'
- password: '{{ .Values.config.dmaapDrDb.userPassword }}'
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "db" "externalSecret")) .) (hasSuffix "dmaap-dr-db-user-credentials" (index .Values "mariadb-galera" "db" "externalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "db" "user" }}'
+ password: '{{ index .Values "mariadb-galera" "db" "password" }}'
#################################################################
# Application configuration defaults.
@@ -92,31 +98,29 @@ config:
# and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
logLevel: "INFO"
- # dr-prov db configuration
- dmaapDrDb:
- mariadbServiceName: dmaap-dr-db
- mariadbServicePort: 3306
- mariadbContName: &dmaap-dr-db dmaap-dr-db
- userName: datarouter
-# userPassword: password
-# userCredentialsExternalSecret: some secret
-
# mariadb-galera configuration
-mariadb:
- name: *dmaap-dr-db
- nameOverride: *dmaap-dr-db
+mariadb-galera:
+ nameOverride: &dbServer dmaap-dr-db
replicaCount: 1
db:
- externalSecret: *dbSecretName
- name: datarouter
+ name: &mysqlDbName datarouter
+ user: datarouter
+ # password:
+ externalSecret: *dbUserSecretName
service:
- name: dmaap-dr-db
+ name: *dbServer
nfsprovisionerPrefix: dmaap-dr-db
persistence:
size: 1Gi
mountSubPath: data-router/dr-db-data
serviceAccount:
- nameOverride: *dmaap-dr-db
+ nameOverride: *dbServer
+
+mariadb-init:
+ config:
+ userCredentialsExternalSecret: *dbUserSecretName
+ mysqlDatabase: *mysqlDbName
+ nameOverride: dmaap-dr-mariadb-init
#################################################################
# AAF part
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/requirements.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/requirements.yaml
index 9366bd1e2b..ab839d0a5c 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/requirements.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: certInitializer
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
index fae06da475..45c268c6b6 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml
@@ -115,6 +115,7 @@ spec:
value: {{ .Values.config.pgConfig.dbHost }}
- name: DB_PORT
value: "{{ .Values.config.pgConfig.dbPort }}"
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-config
configMap:
diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
index bbdc3e09cd..1bdf35da21 100644
--- a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
+++ b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml
@@ -128,3 +128,9 @@ resources:
cpu: 250m
memory: 1Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: holmes-engine-mgmt
+ roles:
+ - read
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/requirements.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/requirements.yaml
index 9366bd1e2b..ab839d0a5c 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/requirements.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/requirements.yaml
@@ -22,3 +22,6 @@ dependencies:
- name: certInitializer
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
index e03c6cbb9c..d757b75d68 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml
@@ -114,6 +114,7 @@ spec:
value: {{ .Values.config.pgConfig.dbHost }}
- name: DB_PORT
value: "{{ .Values.config.pgConfig.dbPort }}"
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-config
configMap:
diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
index 4f4849a5a4..6261b4ebd7 100644
--- a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
+++ b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml
@@ -132,3 +132,9 @@ resources:
cpu: 500m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: holmes-rule-mgmt
+ roles:
+ - read
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/requirements.yaml b/kubernetes/modeling/components/modeling-etsicatalog/requirements.yaml
index b9e4a44df1..6070b0c468 100644
--- a/kubernetes/modeling/components/modeling-etsicatalog/requirements.yaml
+++ b/kubernetes/modeling/components/modeling-etsicatalog/requirements.yaml
@@ -30,3 +30,6 @@ dependencies:
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml b/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml
index 1a303ff7aa..8e28071ba6 100644
--- a/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml
+++ b/kubernetes/modeling/components/modeling-etsicatalog/templates/deployment.yaml
@@ -138,7 +138,7 @@ spec:
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-data-filebeat
mountPath: /usr/share/filebeat/data
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-etsicatalog
{{- if .Values.persistence.enabled }}
diff --git a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml
index 1672b6d3df..3af4bae554 100644
--- a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml
+++ b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml
@@ -177,3 +177,9 @@ resources:
cpu: 200m
memory: 500Mi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: modeling-etsicatalog
+ roles:
+ - read
diff --git a/kubernetes/msb/components/msb-eag/values.yaml b/kubernetes/msb/components/msb-eag/values.yaml
index ef36b13742..5faae36fb0 100644
--- a/kubernetes/msb/components/msb-eag/values.yaml
+++ b/kubernetes/msb/components/msb-eag/values.yaml
@@ -52,7 +52,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_apigateway:1.3.0
+image: onap/msb/msb_apigateway:1.3.1
pullPolicy: Always
istioSidecar: true
diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml
index 4610232e7b..9b9f805802 100644
--- a/kubernetes/msb/components/msb-iag/values.yaml
+++ b/kubernetes/msb/components/msb-iag/values.yaml
@@ -52,7 +52,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_apigateway:1.3.0
+image: onap/msb/msb_apigateway:1.3.1
pullPolicy: Always
istioSidecar: true
diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml
index ec3b9567c3..30319683a2 100644
--- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml
@@ -24,7 +24,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/k8s:0.9.0
+image: onap/multicloud/k8s:0.9.1
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml
index 61d4314be4..0a1e769921 100755
--- a/kubernetes/onap/requirements.yaml
+++ b/kubernetes/onap/requirements.yaml
@@ -1,6 +1,7 @@
# Copyright © 2019 Amdocs, Bell Canada
# Copyright (c) 2020 Nordix Foundation, Modifications
# Modifications Copyright © 2020 Nokia
+# Modifications Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -110,6 +111,10 @@ dependencies:
version: ~8.x-0
repository: '@local'
condition: portal.enabled
+ - name: postgres
+ version: ~8.x-0
+ repository: '@local'
+ condition: postgres.enabled
- name: oof
version: ~8.x-0
repository: '@local'
@@ -169,3 +174,7 @@ dependencies:
version: ~8.x-0
repository: '@local'
condition: roles-wrapper.enabled
+ - name: timescaledb
+ version: ~8.x-0
+ repository: '@local'
+ condition: timescaledb.enabled
diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml
index 91e0157aea..229717a990 100644
--- a/kubernetes/onap/resources/overrides/onap-all.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all.yaml
@@ -1,6 +1,7 @@
# Copyright © 2019 Amdocs, Bell Canada
# Copyright (c) 2020 Nordix Foundation, Modifications
# Modifications Copyright © 2020 Nokia
+# Modifications Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -24,6 +25,8 @@ cassandra:
enabled: true
mariadb-galera:
enabled: true
+postgres:
+ enabled: true
aaf:
enabled: true
aai:
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
index 63461d9c83..fb402143c6 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml
@@ -16,7 +16,7 @@
global: # global defaults
nodePortPrefix: 302
image:
- optf_has: onap/optf-has:2.2.0
+ optf_has: onap/optf-has:2.2.1
#################################################################
# secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
index 9e799e1045..aa5b8fca2e 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml
@@ -14,7 +14,7 @@
global:
image:
- optf_has: onap/optf-has:2.2.0
+ optf_has: onap/optf-has:2.2.1
#################################################################
# Secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
index 915ffc019f..666818da73 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml
@@ -14,7 +14,7 @@
global:
image:
- optf_has: onap/optf-has:2.2.0
+ optf_has: onap/optf-has:2.2.1
#################################################################
# secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
index 915ffc019f..666818da73 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml
@@ -14,7 +14,7 @@
global:
image:
- optf_has: onap/optf-has:2.2.0
+ optf_has: onap/optf-has:2.2.1
#################################################################
# secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
index 915ffc019f..666818da73 100755
--- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
+++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml
@@ -14,7 +14,7 @@
global:
image:
- optf_has: onap/optf-has:2.2.0
+ optf_has: onap/optf-has:2.2.1
#################################################################
# secrets metaconfig
diff --git a/kubernetes/oof/components/oof-has/values.yaml b/kubernetes/oof/components/oof-has/values.yaml
index 9a8b60574e..248d3afd57 100755
--- a/kubernetes/oof/components/oof-has/values.yaml
+++ b/kubernetes/oof/components/oof-has/values.yaml
@@ -19,7 +19,7 @@
global:
commonConfigPrefix: onap-oof-has
image:
- optf_has: onap/optf-has:2.2.0
+ optf_has: onap/optf-has:2.2.1
persistence:
enabled: true
diff --git a/kubernetes/oof/resources/config/conf/osdf_config.yaml b/kubernetes/oof/resources/config/conf/osdf_config.yaml
index aff63428eb..441a77ab5a 100755
--- a/kubernetes/oof/resources/config/conf/osdf_config.yaml
+++ b/kubernetes/oof/resources/config/conf/osdf_config.yaml
@@ -43,11 +43,18 @@ aaf_sms_timeout: {{ .Values.config.aaf_sms_timeout }}
secret_domain: {{ .Values.config.secret_domain }}
aaf_ca_certs: {{ .Values.config.aaf_ca_certs }}
+configClientType: {{ .Values.config.configClientType }}
+
# config db api
configDbUrl: {{ .Values.config.configDbUrl }}
configDbGetCellListUrl: {{ .Values.config.configDbGetCellListUrl }}
configDbGetNbrListUrl: {{ .Values.config.configDbGetNbrListUrl }}
+# cps api
+cpsUrl: {{ .Values.config.cps.Url }}
+cpsCellListUrl: {{ .Values.config.cps.cellListUrl }}
+cpsNbrListUrl: {{ .Values.config.cps.nbrListUrl }}
+
# AAI api
aaiUrl: {{ .Values.config.aaiUrl }}
aaiGetLinksUrl: {{ .Values.config.aaiGetLinksUrl }}
diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml
index 2b1eeba747..0b19678e1f 100644
--- a/kubernetes/oof/templates/deployment.yaml
+++ b/kubernetes/oof/templates/deployment.yaml
@@ -82,7 +82,7 @@ spec:
- |
grep -v '^$' /opt/osdf/osaaf/local/org.onap.oof.crt > /tmp/oof.crt
cat /tmp/oof.crt /opt/app/ssl_cert/intermediate_root_ca.pem /opt/app/ssl_cert/aaf_root_ca.cer >> /opt/osdf/org.onap.oof.crt
- ./osdfapp.sh -x osdfapp.py
+ python osdfapp.py
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml
index c7400e860f..64c3e0ad29 100644
--- a/kubernetes/oof/values.yaml
+++ b/kubernetes/oof/values.yaml
@@ -35,7 +35,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/optf-osdf:3.0.4
+image: onap/optf-osdf:3.0.6
pullPolicy: Always
# flag to enable debugging - application support required
@@ -83,10 +83,17 @@ config:
aaf_sms_timeout: 30
secret_domain: osdf
aaf_ca_certs: /opt/app/ssl_cert/aaf_root_ca.cer
+ configClientType: cps
# config db api
configDbUrl: http://configdb:8080
configDbGetCellListUrl: 'api/sdnc-config-db/v3/getCellList'
configDbGetNbrListUrl: 'api/sdnc-config-db/v3/getNbrList'
+ # cps api
+ cps:
+ url: cps-tbdmt:8080/execute
+ cellListUrl: 'ran-network/getCellList'
+ nbrListUrl: 'ran-network/getNbrList'
+
#aai api
aaiUrl: https://aai:8443
aaiGetLinksUrl: /aai/v16/network/logical-links
diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml
index fbd545c12e..6cabde79da 100644
--- a/kubernetes/platform/components/oom-cert-service/values.yaml
+++ b/kubernetes/platform/components/oom-cert-service/values.yaml
@@ -79,7 +79,7 @@ tls:
selfsigning:
name: &selfSigningIssuer cmpv2-selfsigning-issuer
ca:
- name: &caIssuer cmpv2-ca-issuer
+ name: &caIssuer cmpv2-issuer-onap
secret:
name: &caKeyPairSecret cmpv2-ca-key-pair
server:
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml
new file mode 100644
index 0000000000..b7c44d7c3b
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml
@@ -0,0 +1,22 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Policy Clamp Controlloop Runtime
+name: policy-clamp-cl-runtime
+version: 8.0.0
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/requirements.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/requirements.yaml
new file mode 100644
index 0000000000..7878f91d48
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/requirements.yaml
@@ -0,0 +1,31 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml
new file mode 100644
index 0000000000..250e91213c
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml
@@ -0,0 +1,79 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+spring:
+ security:
+ user:
+ name: ${RUNTIME_USER}
+ password: ${RUNTIME_PASSWORD}
+ http:
+ converters:
+ preferred-json-mapper: gson
+
+security:
+ enable-csrf: false
+
+server:
+ port: 6969
+ servlet:
+ context-path: /onap/controlloop
+ error:
+ path: /error
+
+
+runtime:
+ supervisionScannerIntervalSec: 1000
+ participantClUpdateIntervalSec: 1000
+ participantClStateChangeIntervalSec: 1000
+ participantParameters:
+ heartBeatMs: 120000
+ maxMessageAgeMs: 600000
+ maxStatusWaitMs: 100000
+ updateParameters:
+ maxRetryCount: 3
+ maxWaitMs: 100000
+ databaseProviderParameters:
+ name: PolicyProviderParameterGroup
+ implementation: org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl
+ databaseDriver: org.mariadb.jdbc.Driver
+ databaseUrl: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/controlloop
+ databaseUser: ${SQL_USER}
+ databasePassword: ${SQL_PASSWORD}
+ persistenceUnit: CommissioningMariaDb
+ topicParameterGroup:
+ topicSources:
+ -
+ topic: POLICY-CLRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ useHttps: true
+ fetchTimeout: 15000
+ topicSinks:
+ -
+ topic: POLICY-CLRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ useHttps: true
+
+management:
+ endpoints:
+ web:
+ exposure:
+ include: health, metrics, prometheus
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml
new file mode 100644
index 0000000000..43cea65306
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml
@@ -0,0 +1,103 @@
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2021 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/policy-clamp-cl-runtime/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pap/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/policy-clamp-cl-runtime/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/policy-clamp-cl-runtime/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/policy-clamp-cl-runtime/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/configmap.yaml
new file mode 100644
index 0000000000..66c096d439
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/configmap.yaml
@@ -0,0 +1,38 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{json,xml,yaml}").AsConfig . | indent 2 }}
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/deployment.yaml
new file mode 100644
index 0000000000..92e5c9e6c8
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/deployment.yaml
@@ -0,0 +1,131 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-policy-galera-config
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: RUNTIME_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }}
+ - name: RUNTIME_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: cl-runtime-config
+ - mountPath: /config
+ name: cl-runtime-config-processed
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["sh","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ /opt/app/policy/clamp/bin/controlloop-runtime.sh /opt/app/policy/clamp/etc/mounted/clRuntimeParameters.yaml"]
+{{- else }}
+ command: ["/opt/app/policy/clamp/bin/controlloop-runtime.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/clRuntimeParameters.yaml"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: cl-runtime-config-processed
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: cl-runtime-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: cl-runtime-config-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/secrets.yaml
new file mode 100644
index 0000000000..abbfa3fdba
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/secrets.yaml
@@ -0,0 +1,21 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml
new file mode 100644
index 0000000000..be2449f890
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml
@@ -0,0 +1,21 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml
new file mode 100644
index 0000000000..4cf9e67c99
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml
@@ -0,0 +1,154 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 304
+ persistence: {}
+ aafEnabled: true
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+ - uid: runtime-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
+ login: '{{ .Values.config.policyAppUserName }}'
+ password: '{{ .Values.config.policyAppUserPassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-clamp-cl-runtime-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/policy-clamp-cl-runtime:6.1.2
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ policyAppUserName: runtimeUser
+ policyAppUserPassword: none
+
+db:
+ user: policy_user
+ password: policy_user
+ service:
+ name: policy-mariadb
+ internalPort: 3306
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http-api
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ port: http-api
+
+service:
+ type: ClusterIP
+ name: policy-clamp-cl-runtime
+ useNodePortExt: true
+ ports:
+ - name: http-api
+ port: 6969
+ nodePort: 42
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-clamp-cl-runtime
+ roles:
+ - read
diff --git a/kubernetes/policy/components/policy-gui/Chart.yaml b/kubernetes/policy/components/policy-gui/Chart.yaml
new file mode 100644
index 0000000000..58ece9943c
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/Chart.yaml
@@ -0,0 +1,22 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Policy GUI
+name: policy-gui
+version: 8.0.0
diff --git a/kubernetes/policy/components/policy-gui/requirements.yaml b/kubernetes/policy/components/policy-gui/requirements.yaml
new file mode 100644
index 0000000000..c9b17cbd06
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/requirements.yaml
@@ -0,0 +1,28 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~8.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-gui/resources/config/default.conf b/kubernetes/policy/components/policy-gui/resources/config/default.conf
new file mode 100644
index 0000000000..98417cd822
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/resources/config/default.conf
@@ -0,0 +1,32 @@
+server {
+
+ listen 2443 default ssl;
+ ssl_protocols TLSv1.2;
+ {{ if .Values.global.aafEnabled }}
+ ssl_certificate {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_pem}};
+ ssl_certificate_key {{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.clamp_key}};
+ {{ else }}
+ ssl_certificate /etc/ssl/clamp.pem;
+ ssl_certificate_key /etc/ssl/clamp.key;
+ {{ end }}
+
+ ssl_verify_client optional_no_ca;
+ absolute_redirect off;
+
+ location / {
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+ try_files $uri $uri/ =404;
+ }
+
+ location /clamp/restservices/clds/ {
+ proxy_pass https://policy-clamp-be:8443/restservices/clds/;
+ proxy_set_header X-SSL-Cert $ssl_client_escaped_cert;
+ }
+
+ location = /50x.html {
+ root /var/lib/nginx/html;
+ }
+ error_page 500 502 503 504 /50x.html;
+ error_log /var/log/nginx/error.log warn;
+}
diff --git a/kubernetes/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml
new file mode 100644
index 0000000000..0b3951726b
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/resources/config/log/filebeat/filebeat.yml
@@ -0,0 +1,59 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+ #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+ paths:
+ - /var/log/onap/*/*/*/*.log
+ - /var/log/onap/*/*/*.log
+ - /var/log/onap/*/*.log
+ #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+ ignore_older: 48h
+ # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+ clean_inactive: 96h
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+
+
+output.logstash:
+ #List of logstash server ip addresses with port number.
+ #But, in our case, this will be the loadbalancer IP address.
+ #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
+ hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"]
+ #If enable will do load balancing among availabe Logstash, automatically.
+ loadbalance: true
+
+ #The list of root certificates for server verifications.
+ #If certificate_authorities is empty or not set, the trusted
+ #certificate authorities of the host system are used.
+ #ssl.certificate_authorities: $ssl.certificate_authorities
+
+ #The path to the certificate for SSL client authentication. If the certificate is not specified,
+ #client authentication is not available.
+ #ssl.certificate: $ssl.certificate
+
+ #The client certificate key used for client authentication.
+ #ssl.key: $ssl.key
+
+ #The passphrase used to decrypt an encrypted key stored in the configured key file
+ #ssl.key_passphrase: $ssl.key_passphrase
diff --git a/kubernetes/policy/components/policy-gui/templates/NOTES.txt b/kubernetes/policy/components/policy-gui/templates/NOTES.txt
new file mode 100644
index 0000000000..e44f333e11
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/templates/NOTES.txt
@@ -0,0 +1,38 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+ http://{{ . }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ echo "Visit https://127.0.0.1:8443 to use your application"
+ kubectl port-forward $POD_NAME 8443:{{ .Values.service.internalPort }}
+{{- end }}
diff --git a/kubernetes/policy/components/policy-gui/templates/configmap.yaml b/kubernetes/policy/components/policy-gui/templates/configmap.yaml
new file mode 100644
index 0000000000..4f600882e9
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/templates/configmap.yaml
@@ -0,0 +1,34 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+
+{{ include "common.log.configMap" . }}
diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
new file mode 100644
index 0000000000..b67fa273de
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/templates/deployment.yaml
@@ -0,0 +1,109 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --container-name
+ - policy-clamp-be
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+{{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ containers:
+ # side car containers
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
+ # main container
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - name: logs
+ mountPath: {{ .Values.log.path }}
+ - mountPath: /etc/nginx/conf.d/default.conf
+ name: {{ include "common.fullname" . }}-config
+ subPath: default.conf
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ items:
+ - key: default.conf
+ path: default.conf
+ - name: logs
+ emptyDir: {}
+ {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/components/policy-gui/templates/ingress.yaml b/kubernetes/policy/components/policy-gui/templates/ingress.yaml
new file mode 100644
index 0000000000..e3dd7cb0f6
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/templates/ingress.yaml
@@ -0,0 +1,21 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.ingress" . }}
diff --git a/kubernetes/policy/components/policy-gui/templates/secrets.yaml b/kubernetes/policy/components/policy-gui/templates/secrets.yaml
new file mode 100644
index 0000000000..2af7fae2d9
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/templates/secrets.yaml
@@ -0,0 +1,21 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/components/policy-gui/templates/service.yaml b/kubernetes/policy/components/policy-gui/templates/service.yaml
new file mode 100644
index 0000000000..44e66b8680
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/templates/service.yaml
@@ -0,0 +1,46 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+---
diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml
new file mode 100644
index 0000000000..460a83d9b2
--- /dev/null
+++ b/kubernetes/policy/components/policy-gui/values.yaml
@@ -0,0 +1,156 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global: # global defaults
+ nodePortPrefix: 304
+ centralizedLoggingEnabled: true
+ #AAF service
+ aafEnabled: true
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ permission_user: 1000
+ permission_group: 999
+ addconfig: true
+ keystoreFile: "org.onap.clamp.p12"
+ truststoreFile: "org.onap.clamp.trust.jks"
+ keyFile: "org.onap.clamp.keyfile"
+ truststoreFileONAP: "truststoreONAPall.jks"
+ clamp_key: "clamp.key"
+ clamp_pem: "clamp.pem"
+ clamp_ca_certs_pem: "clamp-ca-certs.pem"
+ nameOverride: policy-gui-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: clamp
+ fqi: clamp@clamp.onap.org
+ public_fqdn: clamp.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: >
+ cd {{ .Values.credsPath }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -nocerts -nodes -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_key }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -clcerts -nokeys -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_pem }};
+ openssl pkcs12 -in {{ .Values.keystoreFile }} -cacerts -nokeys -chain -passin pass:$cadi_keystore_password_p12 > {{ .Values.clamp_ca_certs_pem }};
+ chmod a+rx *;
+
+subChartsOnly:
+ enabled: true
+
+flavor: small
+
+# application image
+image: onap/policy-gui:2.1.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# log configuration
+log:
+ path: /var/log/nginx/
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+config:
+ log:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+ dataRootDir: /dockerdata-nfs
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ timeoutSeconds: 3
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 3
+
+service:
+ type: NodePort
+ name: policy-gui
+ portName: policy-gui
+ internalPort: 2443
+ nodePort: 43
+
+ # see https://wiki.onap.org/display/DW/OOM+NodePort+List
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "policygui.api"
+ name: "policygui"
+ port: 2443
+ config:
+ ssl: "redirect"
+
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 200Mi
+ requests:
+ cpu: 1m
+ memory: 50Mi
+ large:
+ limits:
+ cpu: 1
+ memory: 500Mi
+ requests:
+ cpu: 10m
+ memory: 50Mi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-gui
+ roles:
+ - read
diff --git a/kubernetes/policy/requirements.yaml b/kubernetes/policy/requirements.yaml
index 1bf1053689..0ba1535346 100755
--- a/kubernetes/policy/requirements.yaml
+++ b/kubernetes/policy/requirements.yaml
@@ -1,5 +1,6 @@
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018, 2020 AT&T
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -60,6 +61,14 @@ dependencies:
version: ~8.x-0
repository: 'file://components/policy-clamp-cl-k8s-ppnt'
condition: policy-clamp-cl-k8s-ppnt.enabled
+ - name: policy-clamp-cl-runtime
+ version: ~8.x-0
+ repository: 'file://components/policy-clamp-cl-runtime'
+ condition: policy-clamp-cl-runtime.enabled
+ - name: policy-gui
+ version: ~8.x-0
+ repository: 'file://components/policy-gui'
+ condition: policy-gui.enabled
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
diff --git a/kubernetes/policy/resources/config/db.sh b/kubernetes/policy/resources/config/db.sh
index 7b9437217d..787ec0adbe 100755
--- a/kubernetes/policy/resources/config/db.sh
+++ b/kubernetes/policy/resources/config/db.sh
@@ -2,6 +2,7 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
+# Modifications Copyright (C) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,7 +19,7 @@
mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
-for db in migration pooling policyadmin policyclamp operationshistory
+for db in migration pooling policyadmin policyclamp operationshistory controlloop
do
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index fba2d04fed..29603690b8 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -45,6 +45,13 @@ secrets:
login: '{{ index .Values "mariadb-galera" "db" "user" }}'
password: '{{ index .Values "mariadb-galera" "db" "password" }}'
passwordPolicy: generate
+ - uid: policy-app-user-creds
+ name: &policyAppCredsSecret '{{ include "common.release" . }}-policy-app-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.policyAppUserExternalSecret) . }}'
+ login: '{{ .Values.config.policyAppUserName }}'
+ password: '{{ .Values.config.policyAppUserPassword }}'
+ passwordPolicy: generate
db: &dbSecretsHook
credsExternalSecret: *dbSecretName
@@ -70,12 +77,21 @@ policy-distribution:
policy-clamp-be:
enabled: true
db: *dbSecretsHook
+ config:
+ appUserExternalSecret: *policyAppCredsSecret
policy-clamp-fe:
enabled: true
policy-clamp-cl-k8s-ppnt:
enabled: true
policy-nexus:
enabled: false
+policy-clamp-cl-runtime:
+ enabled: true
+ db: *dbSecretsHook
+ config:
+ appUserExternalSecret: *policyAppCredsSecret
+policy-gui:
+ enabled: true
#################################################################
# DB configuration defaults.
@@ -117,6 +133,10 @@ readiness:
initialDelaySeconds: 10
periodSeconds: 10
+
+config:
+ policyAppUserName: runtimeUser
+
mariadb-galera:
# mariadb-galera.config and global.mariadb.config must be equals
db:
diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml
index 070583bfc2..d769f628eb 100644
--- a/kubernetes/sdc/components/sdc-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-be/values.yaml
@@ -35,8 +35,8 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-backend-all-plugins:1.9.0
-backendInitImage: onap/sdc-backend-init:1.9.0
+image: onap/sdc-backend-all-plugins:1.9.3
+backendInitImage: onap/sdc-backend-init:1.9.3
pullPolicy: Always
diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml
index fed4769202..223e023b28 100644
--- a/kubernetes/sdc/components/sdc-cs/values.yaml
+++ b/kubernetes/sdc/components/sdc-cs/values.yaml
@@ -38,8 +38,8 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.9.0
-cassandraInitImage: onap/sdc-cassandra-init:1.9.0
+image: onap/sdc-cassandra:1.9.3
+cassandraInitImage: onap/sdc-cassandra-init:1.9.3
pullPolicy: Always
config:
diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml
index e9b2eee8db..d563e80f42 100644
--- a/kubernetes/sdc/components/sdc-fe/values.yaml
+++ b/kubernetes/sdc/components/sdc-fe/values.yaml
@@ -47,7 +47,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-frontend:1.9.0
+image: onap/sdc-frontend:1.9.3
pullPolicy: Always
config:
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
index aa7d535db3..1bce6b17af 100644
--- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
+++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml
@@ -59,8 +59,8 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-onboard-backend:1.9.0
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.0
+image: onap/sdc-onboard-backend:1.9.3
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.3
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml
index 0d180ec029..95aba913a3 100644
--- a/kubernetes/sdnc/components/dmaap-listener/values.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml
@@ -49,7 +49,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-dmaap-listener-image:2.1.6
+image: onap/sdnc-dmaap-listener-image:2.2.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml
index 1f0dbdeced..51263cf410 100644
--- a/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml
@@ -67,7 +67,7 @@ spec:
containers:
- name: {{ include "common.name" . }}
command: ["/bin/bash"]
- args: ["-c", "cd /opt/onap/ccsdk && ./startAnsibleServer.sh"]
+ args: ["-c", "cd /opt/ansible-server && ./startAnsibleServer.sh"]
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
index 13c53d3fe1..7294dbccc7 100644
--- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
@@ -49,7 +49,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ansible-server-image:2.1.6
+image: onap/sdnc-ansible-server-image:2.2.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml
index 3d9f86192f..803488b054 100644
--- a/kubernetes/sdnc/components/sdnc-web/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-web/values.yaml
@@ -23,7 +23,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: "onap/sdnc-web-image:2.1.6"
+image: "onap/sdnc-web-image:2.2.0"
pullPolicy: Always
config:
diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml
index c35095c158..b58154fd1a 100644
--- a/kubernetes/sdnc/components/ueb-listener/values.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/values.yaml
@@ -55,7 +55,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ueb-listener-image:2.1.6
+image: onap/sdnc-ueb-listener-image:2.2.0
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 1c9a422bab..785435a478 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -206,7 +206,7 @@ certificates:
# application images
pullPolicy: Always
-image: onap/sdnc-image:2.1.6
+image: onap/sdnc-image:2.2.0
# flag to enable debugging - application support required
debugEnabled: false
diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml
index 405017c400..d4333ef630 100755
--- a/kubernetes/so/components/so-bpmn-infra/values.yaml
+++ b/kubernetes/so/components/so-bpmn-infra/values.yaml
@@ -63,7 +63,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/bpmn-infra:1.9.0
+image: onap/so/bpmn-infra:1.9.2
pullPolicy: Always
db:
diff --git a/kubernetes/so/components/so-catalog-db-adapter/values.yaml b/kubernetes/so/components/so-catalog-db-adapter/values.yaml
index c3b615147c..57c4902167 100755
--- a/kubernetes/so/components/so-catalog-db-adapter/values.yaml
+++ b/kubernetes/so/components/so-catalog-db-adapter/values.yaml
@@ -62,7 +62,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/catalog-db-adapter:1.9.0
+image: onap/so/catalog-db-adapter:1.9.2
pullPolicy: Always
db:
diff --git a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml
index 922643404c..c99465b690 100755
--- a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml
+++ b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml
@@ -17,6 +17,7 @@
aai:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.server.aai.auth ) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
+ enabled: {{ .Values.global.aai.enabled }}
logging:
path: logs
spring:
diff --git a/kubernetes/so/components/so-cnf-adapter/values.yaml b/kubernetes/so/components/so-cnf-adapter/values.yaml
index f3d53c974c..b7e8dd9098 100755
--- a/kubernetes/so/components/so-cnf-adapter/values.yaml
+++ b/kubernetes/so/components/so-cnf-adapter/values.yaml
@@ -26,6 +26,8 @@ global:
aaf:
auth:
header: ${AAF_AUTH}
+ aai:
+ enabled: true
#################################################################
# Secrets metaconfig
#################################################################
@@ -74,7 +76,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/so-cnf-adapter:1.8.3
+image: onap/so/so-cnf-adapter:1.9.1
pullPolicy: Always
readinessCheck:
diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml
index 82b4061f4b..2ac829592c 100755
--- a/kubernetes/so/components/so-openstack-adapter/values.yaml
+++ b/kubernetes/so/components/so-openstack-adapter/values.yaml
@@ -58,7 +58,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.9.0
+image: onap/so/openstack-adapter:1.9.2
pullPolicy: Always
db:
diff --git a/kubernetes/so/components/so-request-db-adapter/values.yaml b/kubernetes/so/components/so-request-db-adapter/values.yaml
index 9461974a13..d49210fe37 100755
--- a/kubernetes/so/components/so-request-db-adapter/values.yaml
+++ b/kubernetes/so/components/so-request-db-adapter/values.yaml
@@ -58,7 +58,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/request-db-adapter:1.9.0
+image: onap/so/request-db-adapter:1.9.2
pullPolicy: Always
db:
diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml
index 9151468502..6f9885650d 100755
--- a/kubernetes/so/components/so-sdc-controller/values.yaml
+++ b/kubernetes/so/components/so-sdc-controller/values.yaml
@@ -58,7 +58,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/sdc-controller:1.9.0
+image: onap/so/sdc-controller:1.9.2
pullPolicy: Always
db:
diff --git a/kubernetes/so/components/so-sdnc-adapter/values.yaml b/kubernetes/so/components/so-sdnc-adapter/values.yaml
index b5352b09f9..6cb019c378 100755
--- a/kubernetes/so/components/so-sdnc-adapter/values.yaml
+++ b/kubernetes/so/components/so-sdnc-adapter/values.yaml
@@ -72,7 +72,7 @@ secrets:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/sdnc-adapter:1.9.0
+image: onap/so/sdnc-adapter:1.9.2
pullPolicy: Always
org:
diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml
index 064415927f..988b8ef585 100755
--- a/kubernetes/so/values.yaml
+++ b/kubernetes/so/values.yaml
@@ -181,7 +181,7 @@ dbCreds:
userName: so_user
adminName: so_admin
-image: onap/so/api-handler-infra:1.9.0
+image: onap/so/api-handler-infra:1.9.2
server:
aaf:
diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml
index 980e462b47..6017f2640e 100644
--- a/kubernetes/uui/components/uui-server/values.yaml
+++ b/kubernetes/uui/components/uui-server/values.yaml
@@ -25,7 +25,7 @@ flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:4.0.3
+image: onap/usecase-ui-server:4.0.5
pullPolicy: Always
# application configuration
diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml
index ddac84eca3..32b8449240 100644
--- a/kubernetes/uui/values.yaml
+++ b/kubernetes/uui/values.yaml
@@ -24,7 +24,7 @@ subChartsOnly:
flavor: small
# application image
-image: onap/usecase-ui:4.0.3
+image: onap/usecase-ui:4.0.5
pullPolicy: Always
# application configuration
diff --git a/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml b/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml
index ce52a3b0fe..dcdcef82ba 100644
--- a/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml
+++ b/kubernetes/vfc/components/vfc-generic-vnfm-driver/values.yaml
@@ -26,7 +26,7 @@ global:
# application image
flavor: small
-image: onap/vfc/gvnfmdriver:1.4.1
+image: onap/vfc/gvnfmdriver:1.4.3
pullPolicy: Always
#Istio sidecar injection policy
diff --git a/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml b/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml
index 40ca646e0f..17d8cc263e 100644
--- a/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml
+++ b/kubernetes/vfc/components/vfc-nslcm/templates/deployment.yaml
@@ -42,7 +42,7 @@ spec:
- /app/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbService }}
+ - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}'
env:
- name: NAMESPACE
valueFrom:
@@ -83,7 +83,7 @@ spec:
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- name: MYSQL_ADDR
- value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}'
- name: MYSQL_ROOT_USER
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
diff --git a/kubernetes/vfc/components/vfc-nslcm/values.yaml b/kubernetes/vfc/components/vfc-nslcm/values.yaml
index 5854a370a2..be7820006c 100644
--- a/kubernetes/vfc/components/vfc-nslcm/values.yaml
+++ b/kubernetes/vfc/components/vfc-nslcm/values.yaml
@@ -19,15 +19,20 @@ global:
nodePortPrefix: 302
config:
ssl_enabled: false
+ mariadbGalera:
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-root-pass"
- externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ - uid: db-root-pass
+ externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}'
type: password
- password: '{{ .Values.config.mariadbRootPassword }}'
+ password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}'
policy: required
#################################################################
@@ -36,7 +41,7 @@ secrets:
# application image
flavor: small
-image: onap/vfc/nslcm:1.4.3
+image: onap/vfc/nslcm:1.4.4
pullPolicy: Always
#Istio sidecar injection policy
@@ -45,13 +50,11 @@ istioSidecar: true
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- mariadbService: vfc-mariadb
- mariadbPort: 3306
- mariadbRootPassword: secretpassword
- # mariadbRootPasswordExternalSecret: some secret
-
+# Local mariadb galera instance default name
+mariadb-galera:
+ rootUser:
+ externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass'
+ nameOverride: vfc-mariadb
# default number of instances
replicaCount: 1
diff --git a/kubernetes/vfc/components/vfc-redis/values.yaml b/kubernetes/vfc/components/vfc-redis/values.yaml
index 6ea05d72a6..0bbb395938 100644
--- a/kubernetes/vfc/components/vfc-redis/values.yaml
+++ b/kubernetes/vfc/components/vfc-redis/values.yaml
@@ -24,7 +24,7 @@ global:
# application image
flavor: small
-image: onap/vfc/db:1.3.4
+image: onap/vfc/db:1.3.5
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml
index b93d7af02b..75968b2ffe 100644
--- a/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml
+++ b/kubernetes/vfc/components/vfc-vnflcm/templates/deployment.yaml
@@ -42,7 +42,7 @@ spec:
- /app/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbService }}
+ - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}'
env:
- name: NAMESPACE
valueFrom:
@@ -58,7 +58,7 @@ spec:
- sh
args:
- -c
- - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
+ - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
@@ -83,7 +83,7 @@ spec:
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- name: MYSQL_ADDR
- value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}'
- name: MYSQL_ROOT_USER
value: "{{ .Values.global.config.mariadb_admin }}"
- name: MYSQL_ROOT_PASSWORD
diff --git a/kubernetes/vfc/components/vfc-vnflcm/values.yaml b/kubernetes/vfc/components/vfc-vnflcm/values.yaml
index acdf006992..9098b4468b 100644
--- a/kubernetes/vfc/components/vfc-vnflcm/values.yaml
+++ b/kubernetes/vfc/components/vfc-vnflcm/values.yaml
@@ -19,15 +19,20 @@ global:
nodePortPrefix: 302
config:
ssl_enabled: false
+ mariadbGalera:
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-root-pass"
- externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ - uid: db-root-pass
+ externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}'
type: password
- password: '{{ .Values.config.mariadbRootPassword }}'
+ password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}'
policy: required
#################################################################
@@ -36,7 +41,7 @@ secrets:
# application image
flavor: small
-image: onap/vfc/vnflcm:1.4.1
+image: onap/vfc/vnflcm:1.4.2
pullPolicy: Always
#Istio sidecar injection policy
@@ -45,13 +50,11 @@ istioSidecar: true
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- mariadbService: vfc-mariadb
- mariadbPort: 3306
- mariadbRootPassword: secretpassword
- # mariadbRootPasswordExternalSecret: some secret
-
+# Local mariadb galera instance default name
+mariadb-galera:
+ rootUser:
+ externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass'
+ nameOverride: vfc-mariadb
# default number of instances
replicaCount: 1
diff --git a/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml
index 9c8430c9fc..f9a8ba71f2 100644
--- a/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml
+++ b/kubernetes/vfc/components/vfc-vnfmgr/templates/deployment.yaml
@@ -42,7 +42,7 @@ spec:
- /app/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbService }}
+ - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}'
env:
- name: NAMESPACE
valueFrom:
@@ -58,7 +58,7 @@ spec:
- sh
args:
- -c
- - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
+ - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
@@ -83,7 +83,7 @@ spec:
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- name: MYSQL_ADDR
- value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}'
- name: REDIS_HOST
value: "{{ .Values.global.config.redisServiceName }}"
- name: REDIS_PORT
diff --git a/kubernetes/vfc/components/vfc-vnfmgr/values.yaml b/kubernetes/vfc/components/vfc-vnfmgr/values.yaml
index aa327792b3..f8a5b28065 100644
--- a/kubernetes/vfc/components/vfc-vnfmgr/values.yaml
+++ b/kubernetes/vfc/components/vfc-vnfmgr/values.yaml
@@ -19,15 +19,20 @@ global:
nodePortPrefix: 302
config:
ssl_enabled: false
+ mariadbGalera:
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-root-pass"
- externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ - uid: db-root-pass
+ externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}'
type: password
- password: '{{ .Values.config.mariadbRootPassword }}'
+ password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}'
policy: required
#################################################################
@@ -36,7 +41,7 @@ secrets:
# application image
flavor: small
-image: onap/vfc/vnfmgr:1.4.0
+image: onap/vfc/vnfmgr:1.4.1
pullPolicy: Always
#Istio sidecar injection policy
@@ -45,12 +50,11 @@ istioSidecar: true
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- mariadbService: vfc-mariadb
- mariadbPort: 3306
- mariadbRootPassword: secretpassword
- # mariadbRootPasswordExternalSecret: some secret
+# Local mariadb galera instance default name
+mariadb-galera:
+ rootUser:
+ externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass'
+ nameOverride: vfc-mariadb
# default number of instances
replicaCount: 1
diff --git a/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml
index 2577887523..06258a0d7e 100644
--- a/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml
+++ b/kubernetes/vfc/components/vfc-vnfres/templates/deployment.yaml
@@ -42,7 +42,7 @@ spec:
- /app/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbService }}
+ - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}'
env:
- name: NAMESPACE
valueFrom:
@@ -58,7 +58,7 @@ spec:
- sh
args:
- -c
- - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
+ - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
@@ -83,7 +83,7 @@ spec:
- name: SSL_ENABLED
value: "{{ .Values.global.config.ssl_enabled }}"
- name: MYSQL_ADDR
- value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ value: '{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}'
- name: REDIS_HOST
value: "{{ .Values.global.config.redisServiceName }}"
- name: REDIS_PORT
diff --git a/kubernetes/vfc/components/vfc-vnfres/values.yaml b/kubernetes/vfc/components/vfc-vnfres/values.yaml
index 7683912aa2..74e5b21faf 100644
--- a/kubernetes/vfc/components/vfc-vnfres/values.yaml
+++ b/kubernetes/vfc/components/vfc-vnfres/values.yaml
@@ -19,15 +19,20 @@ global:
nodePortPrefix: 302
config:
ssl_enabled: false
+ mariadbGalera:
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-root-pass"
- externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ - uid: db-root-pass
+ externalSecret: '{{ ternary (index .Values "mariadb-galera" "rootUser" "externalSecret") (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride))) .Values.global.mariadbGalera.localCluster }}'
type: password
- password: '{{ .Values.config.mariadbRootPassword }}'
+ password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}'
policy: required
#################################################################
@@ -36,7 +41,7 @@ secrets:
# application image
flavor: small
-image: onap/vfc/vnfres:1.3.9
+image: onap/vfc/vnfres:1.4.0
pullPolicy: Always
#Istio sidecar injection policy
@@ -45,13 +50,11 @@ istioSidecar: true
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- mariadbService: vfc-mariadb
- mariadbPort: 3306
- mariadbRootPassword: secretpassword
- # mariadbRootPasswordExternalSecret: some secret
-
+# Local mariadb galera instance default name
+mariadb-galera:
+ rootUser:
+ externalSecret: '{{ include "common.release" . }}-vfc-db-root-pass'
+ nameOverride: vfc-mariadb
# default number of instances
replicaCount: 1
diff --git a/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml b/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml
index 9edcfbf5e1..643c3fbd84 100644
--- a/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml
+++ b/kubernetes/vfc/components/vfc-zte-vnfm-driver/values.yaml
@@ -26,7 +26,7 @@ global:
# application image
flavor: small
-image: onap/vfc/ztevnfmdriver:1.4.0
+image: onap/vfc/ztevnfmdriver:1.4.1
pullPolicy: Always
#Istio sidecar injection policy
diff --git a/kubernetes/vfc/requirements.yaml b/kubernetes/vfc/requirements.yaml
index ab3f4ae979..7f65b021f9 100644
--- a/kubernetes/vfc/requirements.yaml
+++ b/kubernetes/vfc/requirements.yaml
@@ -19,6 +19,7 @@ dependencies:
- name: mariadb-galera
version: ~8.x-0
repository: '@local'
+ condition: global.mariadbGalera.localCluster
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
diff --git a/kubernetes/vfc/values.yaml b/kubernetes/vfc/values.yaml
index 0560832a5f..64bd029bd1 100644
--- a/kubernetes/vfc/values.yaml
+++ b/kubernetes/vfc/values.yaml
@@ -26,42 +26,47 @@ global:
# we use this flag to determine who is responbile for serice registeration
# and it can reduce duplicate registration.
reg_to_msb_when_start: False
- mariadb_admin: root
+ mariadb_admin: &mariadbAdmin root
persistence:
mountPath: /dockerdata-nfs
+ mariadbGalera: &mariadbGalera
+ #This flag allows VFC to instantiate its own mariadb-galera cluster
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-root-pass"
+ - uid: db-root-pass
name: &dbRootPassSecret '{{ include "common.release" . }}-vfc-db-root-pass'
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "db-root-pass" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "rootUser" "user" }}'
+ password: '{{ index .Values "mariadb-galera" "rootUser" "password" }}'
type: password
- password: '{{ .Values.config.mariadbRootPassword }}'
# application configuration
config:
logstashServiceName: log-ls
logstashPort: 5044
-mariadb-galera:
+mariadb-galera: &localMariadb
rootUser:
+ user: *mariadbAdmin
+ # password:
externalSecret: *dbRootPassSecret
- nameOverride: &vfc-mariadb vfc-mariadb
+ nameOverride: &dbServer vfc-mariadb
nfsprovisionerPrefix: vfc
persistence:
mountSubPath: vfc/data
enabled: true
disableNfsProvisioner: true
serviceAccount:
- nameOverride: *vfc-mariadb
+ nameOverride: *dbServer
replicaCount: 1
-db: &dbConfig
- mariadbService: vfc-mariadb
- mariadbPort: 3306
- mariadbRootPasswordExternalSecret: *dbRootPassSecret
-
vfc-generic-vnfm-driver:
enabled: true
@@ -70,26 +75,22 @@ vfc-huawei-vnfm-driver:
vfc-nslcm:
enabled: true
- config:
- << : *dbConfig
+ mariadb-galera: *localMariadb
vfc-redis:
enabled: true
vfc-vnflcm:
enabled: true
- config:
- << : *dbConfig
+ mariadb-galera: *localMariadb
vfc-vnfmgr:
enabled: true
- config:
- << : *dbConfig
+ mariadb-galera: *localMariadb
vfc-vnfres:
enabled: true
- config:
- << : *dbConfig
+ mariadb-galera: *localMariadb
# sub-chart configuration
vfc-workflow: