diff options
Diffstat (limited to 'kubernetes')
22 files changed, 306 insertions, 77 deletions
diff --git a/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml b/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml index 76e610f169..a44066461b 100644 --- a/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml +++ b/kubernetes/aaf/components/aaf-cert-service/templates/deployment.yaml @@ -78,7 +78,7 @@ spec: {{- end }} containers: - name: {{ include "common.name" . }} - image: {{ .Values.repository }}/{{ .Values.image }} + image: {{ include "common.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 10 }} env: diff --git a/kubernetes/aaf/components/aaf-cert-service/values.yaml b/kubernetes/aaf/components/aaf-cert-service/values.yaml index 17b0b758cd..ad4b7c459b 100644 --- a/kubernetes/aaf/components/aaf-cert-service/values.yaml +++ b/kubernetes/aaf/components/aaf-cert-service/values.yaml @@ -47,7 +47,7 @@ service: # Deployment configuration repository: nexus3.onap.org:10001 -image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.0.0 +image: onap/org.onap.aaf.certservice.aaf-certservice-api:1.1.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/aai b/kubernetes/aai -Subproject 2aba1f4b1c872ddf429f4635b982b3e15ecc4aa +Subproject e77bd83639f77e68f4c7df9b35c95a4d70e7038 diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/charts/clamp-backend/values.yaml index f354ad14a7..3e08bd606c 100644 --- a/kubernetes/clamp/charts/clamp-backend/values.yaml +++ b/kubernetes/clamp/charts/clamp-backend/values.yaml @@ -35,7 +35,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-backend:5.0.6 +image: onap/clamp-backend:5.0.7 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index 9446ca8eb3..2a27c140eb 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -58,7 +58,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-frontend:5.0.6 +image: onap/clamp-frontend:5.0.7 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/common/common/templates/_ingress.tpl b/kubernetes/common/common/templates/_ingress.tpl index c3c744358c..6b4f0ed36e 100644 --- a/kubernetes/common/common/templates/_ingress.tpl +++ b/kubernetes/common/common/templates/_ingress.tpl @@ -78,7 +78,7 @@ nginx.ingress.kubernetes.io/ssl-redirect: "false" {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" (default (dict) .Values.global.ingress) "var" "enabled") }} {{- $ingressEnabled := include "common.ingress._overrideIfDefined" (dict "currVal" $ingressEnabled "parent" .Values.ingress "var" "enabledOverride") }} {{- if $ingressEnabled }} -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: {{ include "common.fullname" . }}-ingress diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index 96cda89c1f..fcab51cb59 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -11,7 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: apps/v1beta1 +apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "common.fullname" . }} @@ -23,6 +23,9 @@ metadata: spec: serviceName: {{ include "common.servicename" .}} replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} template: metadata: labels: diff --git a/kubernetes/common/mariadb-init/resources/config/db_init.sh b/kubernetes/common/mariadb-init/resources/config/db_init.sh index b2fdb14b12..40254d469b 100755 --- a/kubernetes/common/mariadb-init/resources/config/db_init.sh +++ b/kubernetes/common/mariadb-init/resources/config/db_init.sh @@ -14,11 +14,14 @@ # See the License for the specific language governing permissions and # limitations under the License. +# make sure the script fails if any of commands failed +set -e + while read DB ; do USER_VAR="MYSQL_USER_${DB^^}" PASS_VAR="MYSQL_PASSWORD_${DB^^}" USER=${!USER_VAR} - PASS=${!PASS_VAR} + PASS=`echo -n ${!PASS_VAR} | sed -e "s/'/''/g"` MYSQL_OPTS=( -h ${DB_HOST} -P ${DB_PORT} -uroot -p${MYSQL_ROOT_PASSWORD} ) echo "Creating database ${DB} and user ${USER}..." diff --git a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml index 58866495db..fbdac61a9e 100644 --- a/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml +++ b/kubernetes/common/music/charts/music-cassandra/templates/statefulset.yaml @@ -15,7 +15,7 @@ */}} -apiVersion: apps/v1beta1 +apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "common.fullname" . }} @@ -39,6 +39,9 @@ spec: topologyKey: kubernetes.io/hostname serviceName: {{ include "common.servicename" . }} replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} podManagementPolicy: {{ .Values.podManagementPolicy }} updateStrategy: type: {{ .Values.updateStrategy.type }} diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index b1aae5f50d..456aa32bc0 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -18,7 +18,7 @@ {{- define "common.postgres.deployment" -}} {{- $dot := .dot }} {{- $pgMode := .pgMode }} -apiVersion: apps/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.fullname" $dot }}-{{ $pgMode }} @@ -32,6 +32,9 @@ metadata: spec: serviceName: {{ $dot.Values.service.name }} replicas: 1 + selector: + matchLabels: + app: {{ include "common.name" $dot }}-{{ $pgMode }} template: metadata: labels: diff --git a/kubernetes/common/serviceAccount/Chart.yaml b/kubernetes/common/serviceAccount/Chart.yaml new file mode 100644 index 0000000000..9e838af3a7 --- /dev/null +++ b/kubernetes/common/serviceAccount/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Template used to create the right Service Accounts / Role / RoleBinding +name: serviceAccount +version: 6.0.0 diff --git a/kubernetes/common/serviceAccount/requirements.yaml b/kubernetes/common/serviceAccount/requirements.yaml new file mode 100644 index 0000000000..237f1d1354 --- /dev/null +++ b/kubernetes/common/serviceAccount/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: 'file://../common' diff --git a/kubernetes/common/serviceAccount/templates/role-binding.yaml b/kubernetes/common/serviceAccount/templates/role-binding.yaml new file mode 100644 index 0000000000..2082f8466b --- /dev/null +++ b/kubernetes/common/serviceAccount/templates/role-binding.yaml @@ -0,0 +1,33 @@ +{{/* +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- $dot := . -}} +{{- range $role_type := $dot.Values.roles }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. +kind: RoleBinding +metadata: + name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot )}} + namespace: {{ include "common.namespace" $dot }} +subjects: +- kind: ServiceAccount + name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot )}} +roleRef: + kind: Role + name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot )}} + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/kubernetes/common/serviceAccount/templates/role.yaml b/kubernetes/common/serviceAccount/templates/role.yaml new file mode 100644 index 0000000000..73f45b5fce --- /dev/null +++ b/kubernetes/common/serviceAccount/templates/role.yaml @@ -0,0 +1,105 @@ +{{/* +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- $dot := . -}} +{{- range $role_type := $dot.Values.roles }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot )}} + namespace: {{ include "common.namespace" $dot }} +rules: +{{- if eq $role_type "read" }} +- apiGroups: + - "" # "" indicates the core API group + - apps + - batch + resources: + - pods + - deployments + - jobs + - jobs/status + - statefulsets + - replicasets + - daemonsets + verbs: + - get + - watch + - list +{{- else }} +{{- if eq $role_type "create" }} +- apiGroups: + - "" # "" indicates the core API group + - apps + - batch + resources: + - pods + - deployments + - jobs + - jobs/status + - statefulsets + - replicasets + - daemonsets + - secrets + verbs: + - get + - watch + - list +- apiGroups: + - "" # "" indicates the core API group + - apps + resources: + - statefulsets + verbs: + - patch +- apiGroups: + - "" # "" indicates the core API group + - apps + resources: + - deployments + - secrets + verbs: + - create +- apiGroups: + - "" # "" indicates the core API group + - apps + resources: + - pods + - persistentvolumeclaims + - secrets + - deployment + verbs: + - delete +- apiGroups: + - "" # "" indicates the core API group + - apps + resources: + - pods/exec + verbs: + - create +{{- else }} +{{- if hasKey $dot.Values.new_roles_definitions $role_type }} +{{ include "common.tplValue" ( dict "value" (index $dot.Values.new_roles_definitions $role_type ) "context" $dot) }} +{{- else}} +# if you don't match read or create, then you're not allowed to use API +- apiGroups: [] + resources: [] + verbs: [] +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/kubernetes/common/serviceAccount/templates/service-account.yaml b/kubernetes/common/serviceAccount/templates/service-account.yaml new file mode 100644 index 0000000000..449bea684c --- /dev/null +++ b/kubernetes/common/serviceAccount/templates/service-account.yaml @@ -0,0 +1,24 @@ +{{/* +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- $dot := . -}} +{{- range $role_type := $dot.Values.roles }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot )}} +{{- end }} diff --git a/kubernetes/common/serviceAccount/values.yaml b/kubernetes/common/serviceAccount/values.yaml new file mode 100644 index 0000000000..afa819421c --- /dev/null +++ b/kubernetes/common/serviceAccount/values.yaml @@ -0,0 +1,29 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +roles: + - nothing +# - read +# - create + +new_roles_definitions: {} +# few-read: +# - apiGroups: +# - "" +# resources: +# - "pods" +# verbs: +# - "get" +# - "watch" +# - "list" diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index e48e3c6853..8a94369d39 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -113,7 +113,7 @@ global: cmpv2Enabled: true aaf: certServiceClient: - image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.0.0 + image: onap/org.onap.aaf.certservice.aaf-certservice-client:1.1.0 secret: name: aaf-cert-service-client-tls-secret mountPath: /etc/onap/aaf/certservice/certs/ @@ -127,6 +127,7 @@ global: # Client configuration related caName: "RA" requestURL: "https://aaf-cert-service:8443/v1/certificate/" + outputType: "P12" requestTimeout: "20000" keystorePath: "/etc/onap/aaf/certservice/certs/certServiceClient-keystore.jks" keystorePassword: "secret" diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml index 05793d4f5b..8bab2c84ea 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-workflow-backend:1.7.0 -configInitImage: onap/sdc-workflow-init:1.7.0 +image: onap/workflow-backend:1.6.4 +configInitImage: onap/workflow-init:1.6.4 pullPolicy: Always initJob: diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml index aaa7795709..359c33ab61 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-workflow-frontend:1.7.0 +image: onap/workflow-frontend:1.6.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg b/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg index 46c5db0ea9..a2daef1833 100644 --- a/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg +++ b/kubernetes/sdnc/resources/config/log/org.ops4j.pax.logging.cfg @@ -16,13 +16,11 @@ # limitations under the License. # ################################################################################ - # Properties used as default values in MDC log4j2.property.ServiceName = INTERNAL log4j2.property.ErrorCode = 900 log4j2.property.ErrorDesc = UnknownError - # Common properties maxFileSize=100MB maxBackupIndex=20 @@ -30,11 +28,14 @@ logDir=/var/log/onap componentName=sdnc logDirectory=${logDir}/${componentName} karafLogName=karaf -errorLogName=error -metricsLogName=metrics auditLogName=audit debugLogName=debug +errorLogName=error +metricsLogName=metric +requestResponseLogName=request-response +securityLogName=security +log4j2.rootLogger.level = INFO log4j2.rootLogger.appenderRef.KarafFile.ref = KarafFile log4j2.rootLogger.appenderRef.PaxOsgi.ref = PaxOsgi log4j2.rootLogger.appenderRef.Console.ref = Console @@ -48,14 +49,7 @@ log4j2.bundle.info = %X{bundle.id} - %.50X{bundle.name} - %X{bundle.version} # \\R matches any new line character, any new line character will replaced with space (stripped) log4j2.pattern = %d{ISO8601} | %-5p | %-16t | %-32c{1} | ${log4j2.bundle.info} | %X{currentGraph} - %X{nodeId} | %replace{%m}{\\R}{ }%n -# Security audit logger -log4j2.logger.audit.name = org.apache.karaf.jaas.modules.audit -log4j2.logger.audit.level = INFO -log4j2.logger.audit.additivity = false -log4j2.logger.audit.appenderRef.AuditRollingFile.ref = AuditRollingFile - # Appenders configuration - # Console appender not used by default (see log4j2.rootLogger.appenderRefs) log4j2.appender.console.type = Console log4j2.appender.console.name = Console @@ -70,8 +64,8 @@ log4j2.appender.osgi.filter = * # KarafFile appender log4j2.appender.karaf.type = RollingRandomAccessFile log4j2.appender.karaf.name = KarafFile -log4j2.appender.karaf.fileName = ${logDirectory}/log/karaf.log -log4j2.appender.karaf.filePattern = ${logDirectory}/log/karaf.log.%i +log4j2.appender.karaf.fileName = ${logDirectory}/${karafLogName}.log +log4j2.appender.karaf.filePattern = ${logDirectory}/${karafLogName}.log.%i # uncomment to not force a disk flush #log4j2.appender.karaf.immediateFlush = false log4j2.appender.karaf.append = true @@ -83,28 +77,12 @@ log4j2.appender.karaf.policies.size.size = ${maxFileSize} log4j2.appender.karaf.strategy.type = DefaultRolloverStrategy log4j2.appender.karaf.strategy.max = ${maxBackupIndex} log4j2.appender.karaf.strategy.fileIndex = min -# Routing appender (log4j sift) -log4j2.appender.routing.type = Routing -log4j2.appender.routing.name = Routing -log4j2.appender.routing.routes.type = Routes -log4j2.appender.routing.routes.pattern = \$\$\\\{ctx:bundle.name\} -log4j2.appender.routing.routes.bundle.type = Route -log4j2.appender.routing.routes.bundle.appender.type = RollingRandomAccessFile -log4j2.appender.routing.routes.bundle.appender.name = Bundle-\$\\\{ctx:bundle.name\} -log4j2.appender.routing.routes.bundle.appender.fileName = ${logDirectory}/log/bundle-\$\\\{ctx:bundle.name\}.log -log4j2.appender.routing.routes.bundle.appender.filePattern= ${logDirectory}/log/bundle-\$\\\{ctx:bundle.name\}.log.%i -log4j2.appender.routing.routes.bundle.appender.append = true -log4j2.appender.routing.routes.bundle.appender.layout.type = PatternLayout -log4j2.appender.routing.routes.bundle.appender.layout.pattern = ${log4j2.pattern} -log4j2.appender.routing.routes.bundle.appender.policies.type = Policies -log4j2.appender.routing.routes.bundle.appender.policies.size.type = SizeBasedTriggeringPolicy -log4j2.appender.routing.routes.bundle.appender.policies.size.size = ${maxFileSize} #ecomp logging standards log4j2.appender.debug.type = RollingRandomAccessFile log4j2.appender.debug.name = DebugFile -log4j2.appender.debug.fileName = <%= @logDir %>/debug.log -log4j2.appender.debug.filePattern = <%= @logDir %>/debug.log.%i +log4j2.appender.debug.fileName = ${logDirectory}/${debugLogName}.log +log4j2.appender.debug.filePattern = ${logDirectory}/${debugLogName}.log.%i # uncomment to not force a disk flush #log4j2.appender.debug.immediateFlush = false log4j2.appender.debug.append = true @@ -117,11 +95,10 @@ log4j2.appender.debug.strategy.type = DefaultRolloverStrategy log4j2.appender.debug.strategy.max = ${maxBackupIndex} log4j2.appender.debug.strategy.fileIndex = min - log4j2.appender.error.type = RollingRandomAccessFile log4j2.appender.error.name = ErrorFile -log4j2.appender.error.fileName = <%= @logDir %>/error.log -log4j2.appender.error.filePattern = <%= @logDir %>/error.log.%i +log4j2.appender.error.fileName = ${logDirectory}/${errorLogName}.log +log4j2.appender.error.filePattern = ${logDirectory}/${errorLogName}.log.%i # uncomment to not force a disk flush #log4j2.appender.error.immediateFlush = false log4j2.appender.error.append = true @@ -138,17 +115,15 @@ log4j2.appender.error.filter.threshold.type = ThresholdFilter log4j2.appender.error.filter.threshold.level = WARN log4j2.appender.error.filter.threshold.match = ACCEPT - - log4j2.appender.metric.type = RollingRandomAccessFile log4j2.appender.metric.name = MetricFile -log4j2.appender.metric.fileName = <%= @logDir %>/metric.log -log4j2.appender.metric.filePattern = <%= @logDir %>/metric.log.%i +log4j2.appender.metric.fileName = ${logDirectory}/${metricsLogName}.log +log4j2.appender.metric.filePattern = ${logDirectory}/${metricsLogName}.log.%i # uncomment to not force a disk flush #log4j2.appender.metric.immediateFlush = false log4j2.appender.metric.append = true log4j2.appender.metric.layout.type = PatternLayout -log4j2.appender.metric.layout.pattern=%X{InvokeTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%-16.16t|%X{ServerFQDN}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceID}|%p|%X{Severity}|<%= @hostIP %>|%X{ElapsedTime}|<%= @hostFQDN %>|%X{ClientIPAddress}|%C{1}|||%X{TargetElement}|%X{slf4j.marker}|%X|%X{currentGraph} - %X{nodeId}|${log4j2.bundle.info}|%m%n +log4j2.appender.metric.layout.pattern=%X{InvokeTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%-16.16t|%X{ServerFQDN}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceID}|%p|%X{Severity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{ClientIPAddress}|%C{1}|||%X{TargetElement}|%X{slf4j.marker}|%X|%X{currentGraph} - %X{nodeId}|${log4j2.bundle.info}|%m%n log4j2.appender.metric.policies.type = Policies log4j2.appender.metric.policies.size.type = SizeBasedTriggeringPolicy log4j2.appender.metric.policies.size.size = ${maxFileSize} @@ -156,16 +131,15 @@ log4j2.appender.metric.strategy.type = DefaultRolloverStrategy log4j2.appender.metric.strategy.max = 100 log4j2.appender.metric.strategy.fileIndex = min - log4j2.appender.audit.type = RollingRandomAccessFile log4j2.appender.audit.name = AuditFile -log4j2.appender.audit.fileName = <%= @logDir %>/audit.log -log4j2.appender.audit.filePattern = <%= @logDir %>/audit.log.%i +log4j2.appender.audit.fileName = ${logDirectory}/${auditLogName}.log +log4j2.appender.audit.filePattern = ${logDirectory}/${auditLogName}.log.%i # uncomment to not force a disk flush #log4j2.appender.audit.immediateFlush = false log4j2.appender.audit.append = true log4j2.appender.audit.layout.type = PatternLayout -log4j2.appender.audit.layout.pattern=%X{EntryTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%-16.16t|%X{ServerFQDN}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceID}|INFO|%X{Severity}|<%= @hostIP %>|%X{ElapsedTime}|<%= @hostFQDN %>|%X{ClientIPAddress}|%C{1}|%X{AUDIT-Unused}|%X{AUDIT-ProcessKey}|%X{slf4j.marker}|%X|%X{currentGraph} - %X{nodeId}|${log4j2.bundle.info}|%m%n +log4j2.appender.audit.layout.pattern=%X{EntryTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceID}|%-16.16t|%X{ServerFQDN}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceID}|INFO|%X{Severity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{ClientIPAddress}|%C{1}|%X{AUDIT-Unused}|%X{AUDIT-ProcessKey}|%X{slf4j.marker}|%X|%X{currentGraph} - %X{nodeId}|${log4j2.bundle.info}|%m%n log4j2.appender.audit.policies.type = Policies log4j2.appender.audit.policies.size.type = SizeBasedTriggeringPolicy log4j2.appender.audit.policies.size.size = ${maxFileSize} @@ -173,17 +147,37 @@ log4j2.appender.audit.strategy.type = DefaultRolloverStrategy log4j2.appender.audit.strategy.max = ${maxBackupIndex} log4j2.appender.audit.strategy.fileIndex = min -# Loggers - -log4j2.logger.metric.name = org.onap.ccsdk.sli.core.filters.metric -log4j2.logger.metric.level = INFO -log4j2.logger.metric.additivity = false -log4j2.logger.metric.appenderRef.MetricFile.ref = MetricFile +log4j2.appender.rr.name = RequestResponseFile +log4j2.appender.rr.type = RollingRandomAccessFile +log4j2.appender.rr.fileName = ${logDirectory}/${requestResponseLogName}.log +log4j2.appender.rr.filePattern = ${logDirectory}/${requestResponseLogName}.log.%i +log4j2.appender.rr.immediateFlush = false +log4j2.appender.rr.append = true +log4j2.appender.rr.layout.type = PatternLayout +log4j2.appender.rr.layout.pattern = %d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestID}|%X{PartnerName}|%m%n +log4j2.appender.rr.policies.type = Policies +log4j2.appender.rr.policies.size.type = SizeBasedTriggeringPolicy +log4j2.appender.rr.policies.size.size = 50MB +log4j2.appender.rr.strategy.type = DefaultRolloverStrategy +log4j2.appender.rr.strategy.max = 100 +log4j2.appender.rr.strategy.fileIndex = min + +log4j2.appender.security.type = RollingRandomAccessFile +log4j2.appender.security.name = securityRollingFile +log4j2.appender.security.fileName = ${logDirectory}/${securityLogName}.log +log4j2.appender.security.filePattern = ${logDirectory}/${securityLogName}.log.%i +log4j2.appender.security.append = true +log4j2.appender.security.layout.type = PatternLayout +log4j2.appender.security.layout.pattern = ${log4j2.pattern} +log4j2.appender.security.policies.type = Policies +log4j2.appender.security.policies.size.type = SizeBasedTriggeringPolicy +log4j2.appender.security.policies.size.size = ${maxFileSize} -log4j2.logger.metric2.name = org.onap.logging.filter.base.AbstractBaseMetricLogFilter -log4j2.logger.metric2.level = INFO -log4j2.logger.metric2.additivity = false -log4j2.logger.metric2.appenderRef.MetricFile.ref = MetricFile +# Security audit logger +log4j2.logger.security.name = org.apache.karaf.jaas.modules.audit +log4j2.logger.security.level = INFO +log4j2.logger.security.additivity = false +log4j2.logger.security.appenderRef.AuditRollingFile.ref = AuditRollingFile log4j2.logger.audit.name = org.onap.logging.filter.base.AbstractAuditLogFilter log4j2.logger.audit.level = INFO @@ -200,12 +194,7 @@ log4j2.logger.metric2.level = INFO log4j2.logger.metric2.additivity = false log4j2.logger.metric2.appenderRef.MetricFile.ref = MetricFile -log4j2.logger.audit.name = org.onap.logging.filter.base.AbstractAuditLogFilter -log4j2.logger.audit.level = INFO -log4j2.logger.audit.additivity = false -log4j2.logger.audit.appenderRef.AuditFile.ref = AuditFile - log4j2.logger.rr.name = org.onap.logging.filter.base.PayloadLoggingServletFilter log4j2.logger.rr.level = INFO log4j2.logger.rr.additivity = false -log4j2.logger.rr.appenderRef.RequestResponseFile.ref = RequestResponseFile
\ No newline at end of file +log4j2.logger.rr.appenderRef.RequestResponseFile.ref = RequestResponseFile diff --git a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks Binary files differindex 9ebe9a8041..31ea6ba650 100644 --- a/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks +++ b/kubernetes/so/charts/so-secrets/resources/certs/org.onap.so.trust.jks diff --git a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml index 1166eab0c4..4128bc36ee 100755 --- a/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-vnfm-adapter/resources/config/overrides/override.yaml @@ -55,11 +55,11 @@ etsi-catalog-manager: vnfpkgm: {{- if .Values.global.msbEnabled }} endpoint: https://msb-iag:443/api/vnfpkgm/v1 - http: - client: - ssl: - trust-store: ${TRUSTSTORE} - trust-store-password: ${TRUSTSTORE_PASSWORD} + http: + client: + ssl: + trust-store: ${TRUSTSTORE} + trust-store-password: ${TRUSTSTORE_PASSWORD} {{- else }} endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api/vnfpkgm/v1 {{- end }} |