diff options
Diffstat (limited to 'kubernetes')
303 files changed, 5800 insertions, 3642 deletions
diff --git a/kubernetes/aaf/charts/aaf-gui/values.yaml b/kubernetes/aaf/charts/aaf-gui/values.yaml index 1f7abd4b9d..a6033220a5 100644 --- a/kubernetes/aaf/charts/aaf-gui/values.yaml +++ b/kubernetes/aaf/charts/aaf-gui/values.yaml @@ -67,7 +67,7 @@ ingress: resources: small: limits: - cpu: 20m + cpu: 200m memory: 280Mi requests: cpu: 1m diff --git a/kubernetes/aaf/charts/aaf-sms/values.yaml b/kubernetes/aaf/charts/aaf-sms/values.yaml index 41bde75677..c0d43b88ee 100644 --- a/kubernetes/aaf/charts/aaf-sms/values.yaml +++ b/kubernetes/aaf/charts/aaf-sms/values.yaml @@ -89,7 +89,7 @@ resources: small: limits: cpu: 100m - memory: 30Mi + memory: 400Mi requests: cpu: 25m memory: 10Mi @@ -98,6 +98,6 @@ resources: cpu: 400m memory: 1Gi requests: - cpu: 10m + cpu: 25m memory: 100Mi unlimited: {} diff --git a/kubernetes/aai b/kubernetes/aai -Subproject 23f076495d36081f34a367067918d15fcc5ada8 +Subproject 3d1bbe894ff20bc8b1512591c6d8993b4d2009b diff --git a/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml b/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml index d47c278e15..2879964392 100644 --- a/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml +++ b/kubernetes/appc/charts/appc-cdt/templates/deployment.yaml @@ -57,9 +57,9 @@ spec: env: # This sets the port that CDT will use to connect to the main appc container. # The 11 is the node port suffix that is used in the main appc oom templates - # for nodePort4. This value will be configured in appc main chart in appc-cdt section. + # for nodePort3. This value will be configured in appc main chart in appc-cdt section. - name: CDT_PORT - value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort4 }}" + value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort3 }}" volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/installAppcDb.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/installAppcDb.sh index 1b951d0406..46d0e119be 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/installAppcDb.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/bin/installAppcDb.sh @@ -23,9 +23,10 @@ SDNC_HOME=${SDNC_HOME:-/opt/onap/ccsdk} APPC_HOME=${APPC_HOME:-/opt/onap/appc} MYSQL_PASSWD=${MYSQL_ROOT_PASSWORD} -APPC_DB_USER=${APPC_DB_USER:-appcctl} -APPC_DB_PASSWD=${APPC_DB_PASSWD:-appcctl} -APPC_DB_DATABASE=${SDN_DB_DATABASE:-appcctl} +APPC_DB_USER=${APPC_DB_USER} +APPC_DB_PASSWD=${APPC_DB_PASSWD} +APPC_DB_DATABASE={{.Values.config.appcdb.dbName}} +SDNC_DB_DATABASE={{.Values.config.sdncdb.dbName}} # Create tablespace and user account @@ -40,15 +41,15 @@ END if [ -f ${APPC_HOME}/data/appcctl.dump ] then - mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} appcctl < ${APPC_HOME}/data/appcctl.dump + mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} ${APPC_DB_DATABASE} < ${APPC_HOME}/data/appcctl.dump fi if [ -f ${APPC_HOME}/data/sdnctl.dump ] then - mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} sdnctl < ${APPC_HOME}/data/sdnctl.dump + mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} ${SDNC_DB_DATABASE} < ${APPC_HOME}/data/sdnctl.dump fi if [ -f ${APPC_HOME}/data/sqlData.dump ] then - mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} sdnctl < ${APPC_HOME}/data/sqlData.dump + mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} ${SDNC_DB_DATABASE} < ${APPC_HOME}/data/sqlData.dump fi diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties index 914d60850b..978dead538 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/appc.properties @@ -42,13 +42,13 @@ appc.topology.dg.method=topology-operation-all appc.topology.dg.version=2.0.0 # TEMP - Properties that might be needed to make the AAI-APPC connection -org.onap.appc.db.url.appcctl=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}:3306/appcctl -org.onap.appc.db.user.appcctl=appcctl -org.onap.appc.db.pass.appcctl=appcctl +org.onap.appc.db.url.appcctl=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}:3306/{{.Values.config.appcdb.dbName}} +org.onap.appc.db.user.appcctl=${APPC_DB_USER} +org.onap.appc.db.pass.appcctl=${APPC_DB_PASSWD} -org.onap.appc.db.url.sdnctl=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}:3306/sdnctl -org.onap.appc.db.user.sdnctl=sdnctl -org.onap.appc.db.pass.sdnctl=gamma +org.onap.appc.db.url.sdnctl=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}:3306/{{.Values.config.sdncdb.dbName}} +org.onap.appc.db.user.sdnctl=${SDNC_DB_USER} +org.onap.appc.db.pass.sdnctl=${SDNC_DB_PASSWD} ### ### diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/dblib.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/dblib.properties index a5660522af..0c54883cd2 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/dblib.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/dblib.properties @@ -23,11 +23,11 @@ org.onap.ccsdk.sli.dbtype=jdbc org.onap.ccsdk.sli.jdbc.hosts=dbhost -org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl +org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}} org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver -org.onap.ccsdk.sli.jdbc.database=sdnctl -org.onap.ccsdk.sli.jdbc.user=sdnctl -org.onap.ccsdk.sli.jdbc.password=gamma +org.onap.ccsdk.sli.jdbc.database={{.Values.config.sdncdb.dbName}} +org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER} +org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWD} org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01 org.onap.ccsdk.sli.jdbc.connection.timeout=50 org.onap.ccsdk.sli.jdbc.request.timeout=100 @@ -35,4 +35,3 @@ org.onap.ccsdk.sli.jdbc.limit.init=10 org.onap.ccsdk.sli.jdbc.limit.min=10 org.onap.ccsdk.sli.jdbc.limit.max=20 org.onap.dblib.connection.recovery=false - diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/svclogic.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/svclogic.properties index 5b22ccbba6..7bec30d11e 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/svclogic.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/data/properties/svclogic.properties @@ -21,10 +21,9 @@ org.onap.ccsdk.sli.dbtype = dblib #Note : the next 4 fields are only used if org.onap.ccsdk.sli.dbtype = jdbc -org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl -org.onap.ccsdk.sli.jdbc.database=sdnctl -org.onap.ccsdk.sli.jdbc.user=sdnctl -org.onap.ccsdk.sli.jdbc.password=gamma +org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}} +org.onap.ccsdk.sli.jdbc.database={{.Values.config.sdncdb.dbName}} +org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER} +org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWD} org.xml.sax.driver=org.apache.xerces.parsers.SAXParser - diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/bin/showActiveGraphs.sh b/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/bin/showActiveGraphs.sh index 92e8a36f3d..79acc4042c 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/bin/showActiveGraphs.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/bin/showActiveGraphs.sh @@ -20,9 +20,9 @@ # ECOMP is a trademark and service mark of AT&T Intellectual Property. ### -MYSQL_USER=${MYSQL_USER:-sdnctl} -MYSQL_PWD=${MYSQL_PWD:-gamma} -MYSQL_DB=${MYSQL_DB:-sdnctl} +MYSQL_USER=${SDNC_DB_USER} +MYSQL_PWD=${SDNC_DB_PASSWD} +MYSQL_DB={{.Values.config.sdncdb.dbName}} MYSQL_HOST=${MYSQL_HOST:-{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}} mysql --user=${MYSQL_USER} --password=${MYSQL_PWD} --host=${MYSQL_HOST} ${MYSQL_DB} <<-END diff --git a/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/config/svclogic.properties b/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/config/svclogic.properties index 247e1ac7c6..2a4b4328f4 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/config/svclogic.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/appc/svclogic/config/svclogic.properties @@ -21,8 +21,7 @@ ### org.onap.ccsdk.sli.dbtype = jdbc -org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl -org.onap.ccsdk.sli.jdbc.database = sdnctl -org.onap.ccsdk.sli.jdbc.user = sdnctl -org.onap.ccsdk.sli.jdbc.password = gamma - +org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}} +org.onap.ccsdk.sli.jdbc.database = {{.Values.config.sdncdb.dbName}} +org.onap.ccsdk.sli.jdbc.user = ${SDNC_DB_USER} +org.onap.ccsdk.sli.jdbc.password = ${SDNC_DB_PASSWD} diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh index c3e692158c..6e9eef33ac 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/bin/installSdncDb.sh @@ -25,9 +25,9 @@ SDNC_HOME=${SDNC_HOME:-/opt/onap/ccsdk} MYSQL_PASSWD=${MYSQL_ROOT_PASSWORD} -SDNC_DB_USER=${SDNC_DB_USER:-sdnctl} -SDNC_DB_PASSWD=${SDNC_DB_PASSWD:-gamma} -SDNC_DB_DATABASE=${SDN_DB_DATABASE:-sdnctl} +SDNC_DB_USER=${SDNC_DB_USER} +SDNC_DB_PASSWD=${SDNC_DB_PASSWD} +SDNC_DB_DATABASE={{.Values.config.sdncdb.dbName}} # Create tablespace and user account @@ -42,5 +42,5 @@ END if [ -f ${SDNC_HOME}/data/odlsli.dump ] then -mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} sdnctl < ${SDNC_HOME}/data/odlsli.dump +mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} ${SDNC_DB_DATABASE} < ${SDNC_HOME}/data/odlsli.dump fi diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/dblib.properties b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/dblib.properties index 6142032642..5d65be7c28 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/dblib.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/dblib.properties @@ -24,11 +24,11 @@ org.onap.ccsdk.sli.dbtype=jdbc org.onap.ccsdk.sli.jdbc.hosts=dbhost -org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl +org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}} org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver -org.onap.ccsdk.sli.jdbc.database=sdnctl -org.onap.ccsdk.sli.jdbc.user=sdnctl -org.onap.ccsdk.sli.jdbc.password=gamma +org.onap.ccsdk.sli.jdbc.database={{.Values.config.sdncdb.dbName}} +org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER} +org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWD} org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01 org.onap.ccsdk.sli.jdbc.connection.timeout=50 org.onap.ccsdk.sli.jdbc.request.timeout=100 @@ -36,4 +36,3 @@ org.onap.ccsdk.sli.jdbc.limit.init=10 org.onap.ccsdk.sli.jdbc.limit.min=10 org.onap.ccsdk.sli.jdbc.limit.max=20 org.onap.dblib.connection.recovery=false - diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/svclogic.properties b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/svclogic.properties index ed35d5b4d0..485b935459 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/svclogic.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/data/properties/svclogic.properties @@ -22,10 +22,9 @@ org.onap.ccsdk.sli.dbtype = dblib #Note : the next 4 fields are only used if org.onap.ccsdk.sli.dbtype = jdbc -org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl -org.onap.ccsdk.sli.jdbc.database=sdnctl -org.onap.ccsdk.sli.jdbc.user=sdnctl -org.onap.ccsdk.sli.jdbc.password=gamma +org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}} +org.onap.ccsdk.sli.jdbc.database={{.Values.config.sdncdb.dbName}} +org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER} +org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWD} org.xml.sax.driver=org.apache.xerces.parsers.SAXParser - diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/bin/showActiveGraphs.sh b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/bin/showActiveGraphs.sh index 698bbb19ed..9359530a1a 100755 --- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/bin/showActiveGraphs.sh +++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/bin/showActiveGraphs.sh @@ -20,12 +20,11 @@ # ============LICENSE_END========================================================= ### -MYSQL_USER=${MYSQL_USER:-sdnctl} -MYSQL_PWD=${MYSQL_PWD:-gamma} -MYSQL_DB=${MYSQL_DB:-sdnctl} +MYSQL_USER=${SDNC_DB_USER} +MYSQL_PWD=${SDNC_DB_PASSWD} +MYSQL_DB={{.Values.config.sdncdb.dbName}} MYSQL_HOST=${MYSQL_HOST:-{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}} mysql --user=${MYSQL_USER} --password=${MYSQL_PWD} --host=${MYSQL_HOST} ${MYSQL_DB} <<-END SELECT module, rpc, version, mode from SVC_LOGIC where active='Y'; END - diff --git a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/config/svclogic.properties b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/config/svclogic.properties index 914a4a1813..1ec9f48758 100644 --- a/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/config/svclogic.properties +++ b/kubernetes/appc/resources/config/appc/opt/onap/ccsdk/svclogic/config/svclogic.properties @@ -21,8 +21,7 @@ ### org.onap.ccsdk.sli.dbtype = jdbc -org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl -org.onap.ccsdk.sli.jdbc.database = sdnctl -org.onap.ccsdk.sli.jdbc.user = sdnctl -org.onap.ccsdk.sli.jdbc.password = gamma - +org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}} +org.onap.ccsdk.sli.jdbc.database = {{.Values.config.sdncdb.dbName}} +org.onap.ccsdk.sli.jdbc.user = ${SDNC_DB_USER} +org.onap.ccsdk.sli.jdbc.password = ${SDNC_DB_PASSWD} diff --git a/kubernetes/appc/templates/service.yaml b/kubernetes/appc/templates/service.yaml index 98b2c79631..bd181e1e57 100644 --- a/kubernetes/appc/templates/service.yaml +++ b/kubernetes/appc/templates/service.yaml @@ -41,31 +41,24 @@ spec: - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: "{{ .Values.service.portName }}-8282" + name: "{{ .Values.service.portName }}-8443" - port: {{ .Values.service.externalPort2 }} targetPort: {{ .Values.service.internalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: "{{ .Values.service.portName }}-8443" + name: "{{ .Values.service.portName }}-1830" - port: {{ .Values.service.externalPort3 }} targetPort: {{ .Values.service.internalPort3 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} - name: "{{ .Values.service.portName }}-1830" - - port: {{ .Values.service.externalPort4 }} - targetPort: {{ .Values.service.internalPort4 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }} name: "{{ .Values.service.portName }}-9090" {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}-8282 + name: {{ .Values.service.portName }}-8443 - port: {{ .Values.service.externalPort2 }} targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName }}-8443 + name: {{ .Values.service.portName }}-1830 - port: {{ .Values.service.externalPort3 }} targetPort: {{ .Values.service.internalPort3 }} - name: {{ .Values.service.portName }}-1830 - - port: {{ .Values.service.externalPort4 }} - targetPort: {{ .Values.service.internalPort4 }} name: {{ .Values.service.portName }}-9090 {{- end}} selector: diff --git a/kubernetes/appc/templates/statefulset.yaml b/kubernetes/appc/templates/statefulset.yaml index 5ed2970c45..e219c45fe6 100644 --- a/kubernetes/appc/templates/statefulset.yaml +++ b/kubernetes/appc/templates/statefulset.yaml @@ -33,6 +33,41 @@ spec: release: {{ include "common.release" . }} spec: initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done" + env: + - name: APPC_DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "appcdb-user-creds" "key" "login") | indent 10 }} + - name: APPC_DB_PASSWD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "appcdb-user-creds" "key" "password") | indent 10 }} + - name: SDNC_DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "sdncdb-user-creds" "key" "login") | indent 10 }} + - name: SDNC_DB_PASSWD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "sdncdb-user-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input/appc-data-properties + name: onap-appc-data-properties-input + - mountPath: /config-input/appc-svclogic-config + name: onap-appc-svclogic-config-input + - mountPath: /config-input/sdnc-data-properties + name: onap-sdnc-data-properties-input + - mountPath: /config-input/sdnc-svclogic-config + name: onap-sdnc-svclogic-config-input + - mountPath: /config/appc-data-properties + name: onap-appc-data-properties + - mountPath: /config/appc-svclogic-config + name: onap-appc-svclogic-config + - mountPath: /config/sdnc-data-properties + name: onap-sdnc-data-properties + - mountPath: /config/sdnc-svclogic-config + name: onap-sdnc-svclogic-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - name: {{ include "common.name" . }}-readiness command: - /root/ready.py @@ -70,6 +105,14 @@ spec: env: - name: MYSQL_ROOT_PASSWORD {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} + - name: APPC_DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "appcdb-user-creds" "key" "login") | indent 14 }} + - name: APPC_DB_PASSWD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "appcdb-user-creds" "key" "password") | indent 14 }} + - name: SDNC_DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "sdncdb-user-creds" "key" "login") | indent 14 }} + - name: SDNC_DB_PASSWD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "sdncdb-user-creds" "key" "password") | indent 14 }} - name: SDNC_CONFIG_DIR value: "{{ .Values.config.configDir }}" - name: APPC_CONFIG_DIR @@ -102,7 +145,7 @@ spec: name: onap-appc-data-properties subPath: cadi.properties - mountPath: /opt/onap/appc/data/properties/aaa-app-config.xml - name: onap-appc-data-properties + name: onap-appc-data-properties-input subPath: aaa-app-config.xml - mountPath: /opt/onap/appc/data/properties/bath_config.csv name: onap-appc-data-properties @@ -184,10 +227,10 @@ spec: emptyDir: {} - name: data-filebeat emptyDir: {} - - name: onap-appc-data-properties + - name: onap-appc-data-properties-input configMap: name: {{ include "common.fullname" . }}-onap-appc-data-properties - - name: onap-appc-svclogic-config + - name: onap-appc-svclogic-config-input configMap: name: {{ include "common.fullname" . }}-onap-appc-svclogic-config - name: onap-appc-svclogic-bin @@ -198,10 +241,10 @@ spec: configMap: name: {{ include "common.fullname" . }}-onap-appc-bin defaultMode: 0755 - - name: onap-sdnc-data-properties + - name: onap-sdnc-data-properties-input configMap: name: {{ include "common.fullname" . }}-onap-sdnc-data-properties - - name: onap-sdnc-svclogic-config + - name: onap-sdnc-svclogic-config-input configMap: name: {{ include "common.fullname" . }}-onap-sdnc-svclogic-config - name: onap-sdnc-svclogic-bin @@ -212,6 +255,18 @@ spec: configMap: name: {{ include "common.fullname" . }}-onap-sdnc-bin defaultMode: 0755 + - name: onap-appc-data-properties + emptyDir: + medium: Memory + - name: onap-appc-svclogic-config + emptyDir: + medium: Memory + - name: onap-sdnc-data-properties + emptyDir: + medium: Memory + - name: onap-sdnc-svclogic-config + emptyDir: + medium: Memory {{ if not .Values.persistence.enabled }} - name: {{ include "common.fullname" . }}-data emptyDir: {} diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml index ac96820c35..8e8c4219ac 100644 --- a/kubernetes/appc/values.yaml +++ b/kubernetes/appc/values.yaml @@ -22,6 +22,8 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + # envsusbt + envsubstImage: dibi/envsubst persistence: mountPath: /dockerdata-nfs @@ -30,8 +32,23 @@ global: ################################################################# secrets: - uid: "db-root-pass" - externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}' + name: '{{ include "common.release" . }}-appc-db-root-pass' + externalSecret: '{{ .Values.config.dbRootPassExternalSecret }}' type: password + password: '{{ .Values.config.dbRootPass }}' + - uid: 'appcdb-user-creds' + name: '{{ include "common.release" . }}-appcdb-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.appcdb.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.appcdb.userName }}' + password: '{{ .Values.config.appcdb.password }}' + - uid: 'sdncdb-user-creds' + name: '{{ include "common.release" . }}-sdncdb-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.sdncdb.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.sdncdb.userName }}' + password: '{{ .Values.config.sdncdb.password }}' + ################################################################# # Application configuration defaults. @@ -47,13 +64,26 @@ debugEnabled: false # application configuration config: +# dbRootPassExternalSecret: some secret +# dbRootPass: password + appcdb: + # Warning: changing this config option may not work. + # It seems that the DB name is hardcoded. + dbName: appcctl + userName: appcctl + password: appcctl + # userCredsExternalSecret: some secret + sdncdb: + # Warning: changing this config option may not work. + # It seems that the DB name is hardcoded. + dbName: sdnctl + userName: sdnctl + password: gamma + # userCredsExternalSecret: some secret odlUid: 100 odlGid: 101 ansibleServiceName: appc-ansible-server ansiblePort: 8000 - userName: my-user - userPassword: my-password - mysqlDatabase: my-database mariadbGaleraSVCName: appc-dbhost mariadbGaleraContName: appc-db enableAAF: true @@ -85,6 +115,8 @@ appc-ansible-server: mariadb-galera: nameOverride: appc-db + config: + mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass' service: name: appc-dbhost portName: appc-dbhost @@ -98,14 +130,17 @@ mariadb-galera: dgbuilder: nameOverride: appc-dgbuilder config: + db: + rootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass' + userCredentialsExternalSecret: '{{ include "common.release" . }}-sdncdb-user-creds' dbPodName: appc-db dbServiceName: appc-dbhost service: name: appc-dgbuilder -#passing value to cdt chart. value of nodePort4 will be same as appc.service.nodePort4. +#passing value to cdt chart. value of nodePort3 will be same as appc.service.nodePort3. appc-cdt: - nodePort4: 11 + nodePort3: 11 # default number of instances replicaCount: 1 @@ -130,21 +165,17 @@ service: name: appc portName: appc - internalPort: 8181 - externalPort: 8282 - nodePort: "08" - - internalPort2: 8443 - externalPort2: 8443 - nodePort2: 30 + internalPort: 8443 + externalPort: 8443 + nodePort: 30 - externalPort3: 1830 - nodePort3: 31 + externalPort2: 1830 + nodePort2: 31 clusterPort: 2550 - internalPort4: 9191 - externalPort4: 9090 - nodePort4: 11 + internalPort3: 9191 + externalPort3: 9090 + nodePort3: 11 ## Persist data to a persitent volume persistence: diff --git a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml index 35661c29e9..9bcf03ad3e 100755 --- a/kubernetes/cds/charts/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/charts/cds-blueprints-processor/values.yaml @@ -76,11 +76,10 @@ readiness: service: http: - type: NodePort + type: ClusterIP portName: blueprints-processor-http internalPort: 8080 externalPort: 8080 - nodePort: 99 grpc: type: ClusterIP portName: blueprints-processor-grpc diff --git a/kubernetes/cds/charts/cds-sdc-listener/resources/config/application.yaml b/kubernetes/cds/charts/cds-sdc-listener/resources/config/application.yaml index cc611a129b..b3e95a2a21 100644 --- a/kubernetes/cds/charts/cds-sdc-listener/resources/config/application.yaml +++ b/kubernetes/cds/charts/cds-sdc-listener/resources/config/application.yaml @@ -1,8 +1,8 @@ listenerservice: config: - asdcAddress: sdc-be:8443 #SDC-BE - messageBusAddress: message-router #Message-Router - user: vid #SDC-username + asdcAddress: sdc-be.{{include "common.namespace" .}}:8443 #SDC-BE + messageBusAddress: message-router.{{include "common.namespace" .}} #Message-Router + user: cds #SDC-username password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U #SDC-password pollingInterval: 15 pollingTimeout: 60 diff --git a/kubernetes/clamp/charts/clamp-dash-es/values.yaml b/kubernetes/clamp/charts/clamp-dash-es/values.yaml index ae7abd5ec4..27158a6668 100644 --- a/kubernetes/clamp/charts/clamp-dash-es/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-es/values.yaml @@ -32,7 +32,7 @@ busyboxImage: library/busybox:latest # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-elasticsearch:5.0.2 +image: onap/clamp-dashboard-elasticsearch:5.0.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml index be0c40e1e1..8e640a4b3a 100644 --- a/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-kibana/values.yaml @@ -34,7 +34,7 @@ busyboxImage: library/busybox:latest # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-kibana:5.0.2 +image: onap/clamp-dashboard-kibana:5.0.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml b/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml index 9a0321a478..3ec5684f6b 100644 --- a/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml +++ b/kubernetes/clamp/charts/clamp-dash-logstash/values.yaml @@ -30,7 +30,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-dashboard-logstash:5.0.2 +image: onap/clamp-dashboard-logstash:5.0.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml index dfa0a3e250..090dbcc2a2 100644 --- a/kubernetes/common/cassandra/values.yaml +++ b/kubernetes/common/cassandra/values.yaml @@ -27,7 +27,7 @@ global: # global defaults # application image repository: nexus3.onap.org:10001 -image: library/cassandra:2.2.14 +image: library/cassandra:3.11.4 pullPolicy: Always # flag to enable debugging - application support required @@ -90,6 +90,7 @@ service: port: 7199 - name: tcp-cql port: 9042 + ## thrift protocol is deprecated . Should be removed. Being left until all project removes it. - name: tcp-thrift port: 9160 - name: tcp-agent diff --git a/kubernetes/common/common/documentation.rst b/kubernetes/common/common/documentation.rst new file mode 100644 index 0000000000..e6cf948d79 --- /dev/null +++ b/kubernetes/common/common/documentation.rst @@ -0,0 +1,549 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International +.. License. +.. http://creativecommons.org/licenses/by/4.0 +.. Copyright 2020 Orange. All rights reserved. + +.. _developer-guide-label: + + +Current given templating functions +================================== + + +In order to have a consistent deployments of ONAP components, several templating +functions are proposed in `kubernets/common/common/templates` folder. +This file list them and gives examples for the most used. +All these templating functions have a description in their own file, here we +only give an overview. + +* conditional functions + + +----------------------------------------------------+-----------------------+ + | Function | File | + +----------------------------------------------------+-----------------------+ + | `common.needPV` | `_storage.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.onServiceMesh` | `_serviceMesh.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.common.needTLS` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + +* template generation functions + + +----------------------------------------------------+-----------------------+ + | Function | File | + +----------------------------------------------------+-----------------------+ + | `common.masterPassword` | `_createPassword.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.createPassword` | `_createPassword.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.secret.genName` | `_secret.yaml` | + +----------------------------------------------------+-----------------------+ + | `common.secret.getSecretName` | `_secret.yaml` | + +----------------------------------------------------+-----------------------+ + | `common.secret.envFromSecret` | `_secret.yaml` | + +----------------------------------------------------+-----------------------+ + | `common.secret` | `_secret.yaml` | + +----------------------------------------------------+-----------------------+ + | `ingress.config.port` | `_ingress.tpl` | + +----------------------------------------------------+-----------------------+ + | `ingress.config.annotations.ssl` | `_ingress.tpl` | + +----------------------------------------------------+-----------------------+ + | `ingress.config.annotations` | `_ingress.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.ingress` | `_ingress.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.labels` | `_labels.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.matchLabels` | `_labels.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.resourceMetadata` | `_labels.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.templateMetadata` | `_labels.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.selectors` | `_labels.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.name` | `_name.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.fullname` | `_name.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.fullnameExplicit` | `_name.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.release` | `_name.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.chart` | `_name.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.namespace` | `_namespace.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.repository` | `_repository.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.repository.secret` | `_repository.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.flavor` | `_resources.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.resources` | `_resources.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.storageClass` | `_storage.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.replicaPV` | `_storage.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.servicename` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.serviceMetadata` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.servicePorts` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.genericService` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.service` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.headlessService` | `_service.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadb.secret.rootPassUID` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadb.secret.rootPassSecretName` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadb.secret.userCredentialsUID` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadb.secret.userCredentialsSecretName` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadbService` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadbPort` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadbSecret` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.mariadbSecretParam` | `_mariadb.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.postgres.secret.rootPassUID` | `_postgres.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.postgres.secret.rootPassSecretName` | `_postgres.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.postgres.secret.userCredentialsUID` | `_postgres.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.postgres.secret.userCredentialsSecretName` | `_postgres.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.postgres.secret.primaryPasswordUID` | `_postgres.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.postgres.secret.primaryPasswordSecretName` | `_postgres.tpl` | + +----------------------------------------------------+-----------------------+ + | `common.tplValue` | `_tplValue.tpl` | + +----------------------------------------------------+-----------------------+ + + +Passwords +--------- + +These functions are defined in +`kubernetes/common/common/templates/_createPassword.tpl`. + +* `common.masterPassword`: Resolve the master password to be used to derive + other passwords. +* `common.createPassword`: Generate a new password based on masterPassword. + +Secrets +------- + +These functions are defined in +`kubernetes/common/common/templates/_secret.yaml`. + +* `common.secret.genName`: Generate a secret name based on provided name or UID. +* `common.secret.getSecretName`: Get the real secret name by UID or name, based + on the configuration provided by user. +* `common.secret.envFromSecret`: Convenience template which can be used to + easily set the value of environment variable to the value of a key in a + secret. +* `common.secret`: Define secrets to be used by chart. + +The most widely use templates is the last (`common.secret`). +It should be the only (except license part) line of your secret file: + +.. code-block:: yaml + + {{ include "common.secret" . }} + +In order to have the right values set, you need to create the right +configuration in `values.yaml` (example taken from mariadb configuration): + +.. code-block:: yaml + + secrets: + - uid: 'db-root-password' + type: password + externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}' + password: '{{ .Values.config.dbRootPassword }}' + - uid: 'db-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.dbSdnctlPassword }}' + +Ingress +------- + +These functions are defined in +`kubernetes/common/common/templates/_ingress.tpl`. + +* `ingress.config.port`: generate the port path on an Ingress resource. +* `ingress.config.annotations.ssl`: generate the ssl annotations of an Ingress + resource. +* `ingress.config.annotations`: generate the annotations of an Ingress resource. +* `common.ingress`: generate an Ingress resource (if needed). + +The most widely use templates is the last (`common.ingress`) . + +It should be the only (except license part) line of your ingress file: + +.. code-block:: yaml + + {{ include "common.ingress" . }} + +In order to have the right values set, you need to create the right +configuration in `values.yaml` (example taken from clamp configuration): + +.. code-block:: yaml + + ingress: + enabled: false + service: + - baseaddr: "clamp" + name: "clamp" + port: 443 + config: + ssl: "redirect" + +Labels +------ + +These functions are defined in `kubernetes/common/common/templates/_labels.tpl`. + +The goal of these functions is to always create the right labels for all the +resource in a consistent way. + +* `common.labels`: generate the common labels for a resource +* `common.matchLabels`: generate the labels to match (to be used in conjunction + with `common.labels` or `common.resourceMetadata`) +* `common.resourceMetadata`: generate the "top" metadatas for a resource + (Deployment, StatefulSet, Service, ConfigMap, ...) +* `common.templateMetadata`: generate the metadata put in the template part + (for example `spec.template.metadata` for a Deployment) +* `common.selectors`: generate the right selectors for Service / Deployment / + StatefulSet, ... (to be used in conjunction with `common.labels` or + `common.resourceMetadata`) + + +Here's an example of use of these functions in a Deployment template (example +taken on nbi): + +.. code-block:: yaml + + apiVersion: apps/v1 + kind: Deployment + metadata: {{- include "common.resourceMetadata" . | nindent 2 }} + spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + ... + +Name +---- + +These functions are defined in `kubernetes/common/common/templates/_name.tpl`. + +The goal of these functions is to always name the resource the same way. + +* `common.name`: Generate the name for a chart. +* `common.fullname`: Create a default fully qualified application name. +* `common.fullnameExplicit`: The same as common.full name but based on passed + dictionary instead of trying to figure out chart name on its own. +* `common.release`: Retrieve the "original" release from the component release. +* `common.chart`: Generate the chart name + +Here's an example of use of these functions in a Deployment template (example +taken on mariadb-galera): + +.. code-block:: yaml + + apiVersion: apps/v1beta1 + kind: StatefulSet + ... + spec: + serviceName: {{ .Values.service.name }} + replicas: {{ .Values.replicaCount }} + template: + ... + spec: + {{- if .Values.nodeSelector }} + nodeSelector: + {{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + volumes: + {{- if .Values.externalConfig }} + - name: config + configMap: + name: {{ include "common.fullname" . }}-external-config + {{- end}} + ... + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + ... + +Namespace +--------- + +These functions are defined in +`kubernetes/common/common/templates/_namespace.tpl`. + +The goal of these functions is to always retrieve the namespace the same way. + +* `common.namespace`: Generate the namespace for a chart. Shouldn't be used + directly but use `common.resourceMetadata` (which uses it). + + +Repository +---------- + +These functions are defined in +`kubernetes/common/common/templates/_repository.tpl`. + +The goal of these functions is to generate image name the same way. + +* `common.repository`: Resolve the name of the common image repository. +* `common.repository.secret`: Resolve the image repository secret token. + + +Resources +--------- + +These functions are defined in +`kubernetes/common/common/templates/_resources.tpl`. + +The goal of these functions is to generate resources for pods the same way. + +* `common.flavor`: Resolve the name of the common resource limit/request flavor. + Shouldn't be used alone. +* `common.resources`: Resolve the resource limit/request flavor using the + desired flavor value. + + +Storage +------- + +These functions are defined in +`kubernetes/common/common/templates/_storage.tpl`. + +The goal of these functions is to generate storage part of Deployment / +Statefulset and storage resource (PV, PVC, ...) in a consistent way. + +* `common.storageClass`: Expand the name of the storage class. +* `common.needPV`: Calculate if we need a PV. If a storageClass is provided, + then we don't need. +* `common.replicaPV`: Generate N PV for a statefulset + + +Pod +--- + +These functions are defined in `kubernetes/common/common/templates/_pod.tpl`. + +* `common.containerPorts`: generate the port list for containers. See Service + part to know how to declare the port list. + +Here's an example of use of these functions in a Deployment template (example +taken on nbi): + +.. code-block:: yaml + + apiVersion: apps/v1 + kind: Deployment + ... + spec: + ... + template: + ... + spec: + containers: + - name: {{ include "common.name" . }} + ports: {{- include "common.containerPorts" . | nindent 8 } + + +Service +------- + +These functions are defined in +`kubernetes/common/common/templates/_service.tpl`. + +The goal of these functions is to generate services in a consistent way. + +* `common.servicename`: Expand the service name for a chart. +* `common.serviceMetadata`: Define the metadata of Service. Shouldn't be used + directly but used through `common.service` or `common.headlessService`. +* `common.servicePorts`: Define the ports of Service. Shouldn't be used directly + but used through `common.service` or `common.headlessService`. +* `common.genericService`: Template for creating any Service. Shouldn't be used + directly but used through `common.service` or `common.headlessService`. May be + used if you want to create a Service with some specificities (on the ports for + example). +* `common.needTLS`: Calculate if we need to use TLS ports on services +* `common.service`: Create service template. +* `common.headlessService`: Create headless service template + + +The most widely used templates are the two last (`common.service` and +`common.headlessService`). +It should use with only one (except license part) line of your service (or +service-headless) file: + +.. code-block:: yaml + + {{ include "common.service" . }} + +In order to have the right values set, you need to create the right +configuration in `values.yaml` (example taken from nbi configuration + other +part): + +.. code-block:: yaml + + service: + type: NodePort + name: nbi + annotations: + my: super-annotation + ports: + - name: api + port: 8443 + plain_port: 8080 + port_protocol: http + nodePort: 74 + - name: tcp-raw + port: 8459 + nodePort: 89 + + +would generate: + +.. code-block:: yaml + + apiVersion: v1 + kind: Service + metadata: + annotations: + my: super-annotation + name: nbi + namespace: default + labels: + app.kubernetes.io/name: nbi + helm.sh/chart: nbi-5.0.0 + app.kubernetes.io/instance: release + app.kubernetes.io/managed-by: Tiller + spec: + ports: + - port: 8443 + targetPort: api + name: https-api + nodePort: 30274 + - port: 8459 + targetPort: tcp-raw + name: tcp-raw + nodePort: 30289 + type: NodePort + selector: + app.kubernetes.io/name: nbi + app.kubernetes.io/instance: release + + +`plain_port` is used only if we mandate to use http (see ServiceMesh part). +Today a port can be http or https but not both. +headless configuration is equivalent (example taken from cassandra): + +.. code-block:: yaml + + service: + name: cassandra + headless: + suffix: "" + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + publishNotReadyAddresses: true + headlessPorts: + - name: tcp-intra + port: 7000 + - name: tls + port: 7001 + - name: tcp-jmx + port: 7199 + - name: tcp-cql + port: 9042 + - name: tcp-thrift + port: 9160 + - name: tcp-agent + port: 61621 + + +ServiceMesh +----------- + +These functions are defined in +`kubernetes/common/common/templates/_serviceMesh.tpl`. + +The goal of these functions is to handle onboarding of ONAP on service mesh. + +* `common.onServiceMesh`: Calculate if we if we are on service mesh + + + +MariaDB +------- + +These functions are defined in +`kubernetes/common/common/templates/_mariadb.tpl`. + +The goal of these functions is to simplify use of mariadb and its different +values. + +* `common.mariadb.secret.rootPassUID`: UID of mariadb root password +* `common.mariadb.secret.rootPassSecretName`: Name of mariadb root password + secret +* `common.mariadb.secret.userCredentialsUID`: UID of mariadb user credentials +* `common.mariadb.secret.userCredentialsSecretName`: Name of mariadb user + credentials secret +* `common.mariadbService`: Choose the name of the mariadb service to use +* `common.mariadbPort`: Choose the value of mariadb port to use +* `common.mariadbSecret`: Choose the value of secret to retrieve user value +* `common.mariadbSecretParam`: Choose the value of secret param to retrieve user + value + +PostgreSQL +---------- + +These functions are defined in +`kubernetes/common/common/templates/_postgres.tpl`. + +The goal of these functions is to simplify use of postgres and its different +values. + +* `common.postgres.secret.rootPassUID`: UID of postgres root password +* `common.postgres.secret.rootPassSecretName`: Name of postgres root password + secret +* `common.postgres.secret.userCredentialsUID`: UID of postgres user credentials +* `common.postgres.secret.userCredentialsSecretName`: Name of postgres user + credentials secret +* `common.postgres.secret.primaryPasswordUID`: UID of postgres primary password +* `common.postgres.secret.primaryPasswordSecretName`: Name of postgres primary + credentials secret + + +Utilities +--------- + +These functions are defined in +`kubernetes/common/common/templates/_tplValue.tpl`. + +The goal of these functions is provide utility function, usually used in other +templating functions. + +* `common.tplValue`: Renders a value that contains template. diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl index 9329572a92..d3fc25ad6e 100644 --- a/kubernetes/common/common/templates/_pod.tpl +++ b/kubernetes/common/common/templates/_pod.tpl @@ -19,10 +19,12 @@ Will use first ".Values.service.ports" list. Will append ports from ".Values.service.headlessPorts" only if port number is not already in port list. + Will add tls port AND plain port if both_tls_and_plain is set to true */}} {{- define "common.containerPorts" -}} {{- $ports := default (list) .Values.service.ports }} {{- $portsNumber := list }} +{{- $both_tls_and_plain:= default false .Values.service.both_tls_and_plain }} {{- range $index, $port := $ports }} {{- $portsNumber = append $portsNumber $port.port }} {{- end }} @@ -31,8 +33,17 @@ {{- $ports = append $ports $port }} {{- end }} {{- end }} +{{- $global := . }} {{- range $index, $port := $ports }} +{{- if (include "common.needTLS" $global) }} - containerPort: {{ $port.port }} +{{- else }} +- containerPort: {{ default $port.port $port.plain_port }} +{{- end }} name: {{ $port.name }} +{{- if (and $port.plain_port (and (include "common.needTLS" $global) $both_tls_and_plain)) }} +- containerPort: {{ $port.plain_port }} + name: {{ $port.name }}-plain +{{- end }} {{- end }} {{- end -}} diff --git a/kubernetes/common/common/templates/_secret.yaml b/kubernetes/common/common/templates/_secret.yaml index e24a2e4ba7..9f41906c9e 100644 --- a/kubernetes/common/common/templates/_secret.yaml +++ b/kubernetes/common/common/templates/_secret.yaml @@ -22,6 +22,7 @@ The template takes two arguments: - .global: environment (.) - .name: name of the secret + - .annotations: annotations which should be used Example call: {{ include "common.secret._header" (dict "global" . "name" "myFancyName") }} @@ -39,6 +40,9 @@ metadata: chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }} release: {{ include "common.release" $global }} heritage: {{ $global.Release.Service }} +{{- if .annotations }} + annotations: {{- include "common.tplValue" (dict "value" .annotations "context" $global) | nindent 4 }} +{{- end }} type: Opaque {{- end -}} @@ -204,6 +208,8 @@ valueFrom: - name: Overrides default secret name generation and allows to set immutable and globaly unique name + - annotations: + List of annotations to be used while defining a secret To allow sharing a secret between the components and allow to pre-deploy secrets before ONAP deployment it is possible to use already existing secret instead of @@ -239,11 +245,12 @@ valueFrom: {{- range $secret := .Values.secrets }} {{- $uid := tpl (default "" $secret.uid) $global }} {{- $name := include "common.secret.genName" (dict "global" $global "uid" $uid "name" $secret.name) }} + {{- $annotations := default "" $secret.annotations }} {{- $type := default "generic" $secret.type }} {{- $externalSecret := tpl (default "" $secret.externalSecret) $global }} {{- if not $externalSecret }} --- - {{ include "common.secret._header" (dict "global" $global "name" $name) }} + {{ include "common.secret._header" (dict "global" $global "name" $name "annotations" $annotations) }} {{- if eq $type "generic" }} data: diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index 075f7965b9..cd1595b0ca 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -35,6 +35,7 @@ - .dot : environment (.) - .suffix : a string which will be added at the end of the name (with a '-'). - .annotations: the annotations to add + - .msb_informations: msb information in order to create msb annotation Usage example: {{ include "common.serviceMetadata" ( dict "suffix" "myService" "dot" .) }} {{ include "common.serviceMetadata" ( dict "annotations" .Values.service.annotation "dot" .) }} @@ -43,8 +44,24 @@ {{- $dot := default . .dot -}} {{- $suffix := default "" .suffix -}} {{- $annotations := default "" .annotations -}} -{{- if $annotations -}} -annotations: {{- include "common.tplValue" (dict "value" $annotations "context" $dot) | nindent 2 }} + {{- $msb_informations := default "" .msb_informations -}} +{{- if or $annotations $msb_informations -}} +annotations: +{{- if $annotations }} +{{ include "common.tplValue" (dict "value" $annotations "context" $dot) | indent 2 }} +{{- end }} +{{- if $msb_informations }} + msb.onap.org/service-info: '[ + { + "serviceName": "{{ include "common.servicename" $dot }}", + "version": "{{ default "v1" $msb_informations.version }}", + "url": "{{ default "/" $msb_informations.url }}", + "protocol": "{{ default "REST" $msb_informations.protocol }}", + "port": "{{ $msb_informations.port }}", + "visualRange":"{{ default "1" $msb_informations.visualRange }}" + } + ]' +{{- end}} {{- end }} name: {{ include "common.servicename" $dot }}{{ if $suffix }}{{ print "-" $suffix }}{{ end }} namespace: {{ include "common.namespace" $dot }} @@ -55,62 +72,121 @@ labels: {{- include "common.labels" $dot | nindent 2 -}} The function takes three arguments (inside a dictionary): - .dot : environment (.) - .ports : an array of ports - - .portType: the type of the service + - .serviceType: the type of the service + - .add_plain_port: add tls port AND plain port */}} {{- define "common.servicePorts" -}} -{{- $portType := .portType -}} -{{- $dot := .dot -}} -{{- range $index, $port := .ports }} +{{- $serviceType := .serviceType }} +{{- $dot := .dot }} +{{- $add_plain_port := default false .add_plain_port }} +{{- range $index, $port := .ports }} +{{- if (include "common.needTLS" $dot) }} - port: {{ $port.port }} targetPort: {{ $port.name }} - {{- if (eq $portType "NodePort") }} +{{- if $port.port_protocol }} + name: {{ printf "%ss-%s" $port.port_protocol $port.name }} +{{- else }} + name: {{ $port.name }} +{{- end }} +{{- if (eq $serviceType "NodePort") }} nodePort: {{ $dot.Values.global.nodePortPrefix | default $dot.Values.nodePortPrefix }}{{ $port.nodePort }} - {{- end }} +{{- end }} +{{- else }} +- port: {{ default $port.port $port.plain_port }} + targetPort: {{ $port.name }} +{{- if $port.port_protocol }} + name: {{ printf "%s-%s" $port.port_protocol $port.name }} +{{- else }} name: {{ $port.name }} -{{- end -}} +{{- end }} +{{- end }} +{{- if (and (and (include "common.needTLS" $dot) $add_plain_port) $port.plain_port) }} +{{- if (eq $serviceType "ClusterIP") }} +- port: {{ $port.plain_port }} + targetPort: {{ $port.name }}-plain +{{- if $port.port_protocol }} + name: {{ printf "%s-%s" $port.port_protocol $port.name }} +{{- else }} + name: {{ $port.name }}-plain +{{- end }} +{{- end }} +{{- end }} +{{- end }} {{- end -}} {{/* Create generic service template The function takes several arguments (inside a dictionary): - .dot : environment (.) - .ports : an array of ports - - .portType: the type of the service + - .serviceType: the type of the service - .suffix : a string which will be added at the end of the name (with a '-') - .annotations: the annotations to add + - .msb_informations: msb information in order to create msb annotation - .publishNotReadyAddresses: if we publish not ready address - .headless: if the service is headless + - .add_plain_port: add tls port AND plain port */}} {{- define "common.genericService" -}} {{- $dot := default . .dot -}} {{- $suffix := default "" .suffix -}} {{- $annotations := default "" .annotations -}} +{{- $msb_informations := default "" .msb_informations -}} {{- $publishNotReadyAddresses := default false .publishNotReadyAddresses -}} -{{- $portType := .portType -}} +{{- $serviceType := .serviceType -}} {{- $ports := .ports -}} {{- $headless := default false .headless -}} +{{- $add_plain_port := default false .add_plain_port }} apiVersion: v1 kind: Service -metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "dot" $dot ) | nindent 2 }} +metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" $dot) | nindent 2 }} spec: {{- if $headless }} clusterIP: None {{- end }} - ports: {{- include "common.servicePorts" (dict "portType" $portType "ports" $ports "dot" $dot) | nindent 4 }} + ports: {{- include "common.servicePorts" (dict "serviceType" $serviceType "ports" $ports "dot" $dot "add_plain_port" $add_plain_port) | nindent 4 }} {{- if $publishNotReadyAddresses }} publishNotReadyAddresses: true {{- end }} - type: {{ $portType }} + type: {{ $serviceType }} selector: {{- include "common.matchLabels" $dot | nindent 4 }} {{- end -}} -{{/* Create service template */}} +{{/* + Create service template + Will create one or two service templates according to this table: + + | serviceType | both_tls_and_plain | result | + |---------------|--------------------|--------------| + | ClusterIP | any | one Service | + | Not ClusterIP | not present | one Service | + | Not ClusterIP | false | one Service | + | Not ClusterIP | true | two Services | + + If two services are created, one is ClusterIP with both crypted and plain + ports and the other one is NodePort (or LoadBalancer) with crypted port only. +*/}} {{- define "common.service" -}} -{{- $suffix := default "" .Values.service.suffix -}} -{{- $annotations := default "" .Values.service.annotations -}} -{{- $publishNotReadyAddresses := default false .Values.service.publishNotReadyAddresses -}} -{{- $portType := .Values.service.type -}} -{{- $ports := .Values.service.ports -}} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "portType" $portType) }} +{{- $suffix := default "" .Values.service.suffix -}} +{{- $annotations := default "" .Values.service.annotations -}} +{{- $publishNotReadyAddresses := default false .Values.service.publishNotReadyAddresses -}} +{{- $msb_informations := default "" .Values.service.msb -}} +{{- $serviceType := .Values.service.type -}} +{{- $ports := .Values.service.ports -}} +{{- $both_tls_and_plain:= default false .Values.service.both_tls_and_plain }} +{{- if (and (include "common.needTLS" .) $both_tls_and_plain) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true) }} +{{- if (ne $serviceType "ClusterIP") }} +--- +{{- if $suffix }} +{{- $suffix = printf "%s-external" $suffix }} +{{- else }} +{{- $suffix = "external" }} +{{- end }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType) }} +{{- end }} +{{- else }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType) }} +{{- end }} {{- end -}} {{/* Create headless service template */}} @@ -119,7 +195,7 @@ spec: {{- $annotations := default "" .Values.service.headless.annotations -}} {{- $publishNotReadyAddresses := default false .Values.service.headless.publishNotReadyAddresses -}} {{- $ports := .Values.service.headlessPorts -}} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "portType" "ClusterIP" "headless" true ) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true ) }} {{- end -}} {{/* @@ -132,3 +208,45 @@ spec: {{- print "headless" }} {{- end }} {{- end -}} + +{{/* + Calculate if we need to use TLS ports. + We use TLS by default unless we're on service mesh with TLS. + We can also override this behavior with override toggles: + - .Values.global.tlsEnabled : override default TLS behavior for all charts + - .Values.tlsOverride : override global and default TLS on a per chart basis + + this will give these combinations: + | tlsOverride | global.tlsEnabled | global.serviceMesh.enabled | global.serviceMesh.tls | result | + |-------------|-------------------|----------------------------|------------------------|--------| + | not present | not present | not present | any | true | + | not present | not present | false | any | true | + | not present | not present | true | false | true | + | not present | not present | true | true | false | + | not present | true | any | any | true | + | not present | false | any | any | false | + | true | any | any | any | true | + | false | any | any | any | false | + +*/}} +{{- define "common.needTLS" -}} +{{- if hasKey .Values "tlsOverride" }} +{{- if .Values.tlsOverride -}} +true +{{- end }} +{{- else }} +{{- if hasKey .Values.global "tlsEnabled" }} +{{- if .Values.global.tlsEnabled }} +true +{{- end }} +{{- else }} +{{- if not (include "common.onServiceMesh" .) -}} +true +{{- else }} +{{- if not (default false .Values.global.serviceMesh.tls) -}} +true +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/Chart.yaml b/kubernetes/common/common/templates/_serviceMesh.tpl index 921865dcbe..6b6a26fc45 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/Chart.yaml +++ b/kubernetes/common/common/templates/_serviceMesh.tpl @@ -1,5 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +{/* +# Copyright © 2020 Amdocs, Bell Canada, Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,9 +12,16 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: v1 -description: ONAP Message Router Kafka Service -name: message-router-mirrormaker -version: 5.0.0 +{/* + Calculate if we are on service mesh. +*/}} +{{- define "common.onServiceMesh" -}} +{{- if .Values.global.serviceMesh -}} +{{- if (default false .Values.global.serviceMesh.enabled) -}} +true +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/common/templates/_storage.tpl b/kubernetes/common/common/templates/_storage.tpl index ae9335909d..45c8b7504a 100644 --- a/kubernetes/common/common/templates/_storage.tpl +++ b/kubernetes/common/common/templates/_storage.tpl @@ -15,6 +15,13 @@ */}} {{/* + Give the root folder for ONAP when using host pathes +*/}} +{{- define "common.persistencePath" -}} +{{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} +{{- end -}} + +{{/* Expand the name of the storage class. The value "common.fullname"-data is used by default, unless either override mechanism is used. @@ -55,6 +62,31 @@ {{- end -}} {{/* + Generate a PV +*/}} +{{- define "common.PV" -}} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- if (include "common.needPV" .) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-data + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} +spec: + capacity: + storage: {{ .Values.persistence.size }} + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: "{{ include "common.fullname" . }}-data" + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + hostPath: + path: {{ include "common.persistencePath" . }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Generate N PV for a statefulset */}} {{- define "common.replicaPV" -}} @@ -77,8 +109,30 @@ spec: persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} storageClassName: "{{ include "common.fullname" $global }}-data" hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} + path: {{ include "common.persistencePath" $global }}-{{$i}} +{{- end -}} +{{- end -}} {{- end -}} {{- end -}} + +{{/* + Generate a PVC +*/}} +{{- define "common.PVC" -}} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: {{ include "common.storageClass" . }} + resources: + requests: + storage: {{ .Values.persistence.size }} {{- end -}} {{- end -}} diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pgpool.conf b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pgpool.conf deleted file mode 100644 index f335174f40..0000000000 --- a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pgpool.conf +++ /dev/null @@ -1,677 +0,0 @@ -# ---------------------------- -# pgPool-II configuration file a custom version -# ---------------------------- -# -# This file consists of lines of the form: -# -# name = value -# -# Whitespace may be used. Comments are introduced with "#" anywhere on a line. -# The complete list of parameter names and allowed values can be found in the -# pgPool-II documentation. -# -# This file is read on server startup and when the server receives a SIGHUP -# signal. If you edit the file on a running system, you have to SIGHUP the -# server for the changes to take effect, or use "pgpool reload". Some -# parameters, which are marked below, require a server shutdown and restart to -# take effect. -# - - -#------------------------------------------------------------------------------ -# CONNECTIONS -#------------------------------------------------------------------------------ - -# - pgpool Connection Settings - - -listen_addresses = '*' - # Host name or IP address to listen on: - # '*' for all, '' for no TCP/IP connections - # (change requires restart) -#port = 9999 -port = 5432 - # Port number - # (change requires restart) -socket_dir = '/tmp' - # Unix domain socket path - # The Debian package defaults to - # /var/run/postgresql - # (change requires restart) - - -# - pgpool Communication Manager Connection Settings - - -pcp_port = 9898 - # Port number for pcp - # (change requires restart) -pcp_socket_dir = '/tmp' - # Unix domain socket path for pcp - # The Debian package defaults to - # /var/run/postgresql - # (change requires restart) - -# - Backend Connection Settings - - -backend_hostname0 = '{{.Values.container.name.primary}}' -backend_port0 = 5432 -backend_weight0= 1 -backend_flag0= 'DISALLOW_TO_FAILOVER' - -backend_hostname1 = '{{.Values.container.name.replica}}' -backend_port1 = 5432 -backend_weight1= 1 -backend_flag1= 'DISALLOW_TO_FAILOVER' - -#backend_hostname0 = 'master' - # Host name or IP address to connect to for backend 0 -#backend_port0 = 5432 - # Port number for backend 0 -#backend_weight0 = 1 - # Weight for backend 0 (only in load balancing mode) -#backend_data_directory0 = '/data' - # Data directory for backend 0 -#backend_flag0 = 'ALLOW_TO_FAILOVER' - # Controls various backend behavior - # ALLOW_TO_FAILOVER or DISALLOW_TO_FAILOVER -#backend_hostname1 = 'standby' -#backend_port1 = 5432 -#backend_weight1 = 1 -#backend_data_directory1 = '/data1' -#backend_flag1 = 'ALLOW_TO_FAILOVER' - -# - Authentication - - -enable_pool_hba = on - # Use pool_hba.conf for client authentication -pool_passwd = 'pool_passwd' - # File name of pool_passwd for md5 authentication. - # "" disables pool_passwd. - # (change requires restart) -authentication_timeout = 60 - # Delay in seconds to complete client authentication - # 0 means no timeout. - -# - SSL Connections - - -ssl = off - # Enable SSL support - # (change requires restart) -#ssl_key = './server.key' - # Path to the SSL private key file - # (change requires restart) -#ssl_cert = './server.cert' - # Path to the SSL public certificate file - # (change requires restart) -#ssl_ca_cert = '' - # Path to a single PEM format file - # containing CA root certificate(s) - # (change requires restart) -#ssl_ca_cert_dir = '' - # Directory containing CA root certificate(s) - # (change requires restart) - - -#------------------------------------------------------------------------------ -# POOLS -#------------------------------------------------------------------------------ - -# - Pool size - - -num_init_children = 5 - # Number of pools - # (change requires restart) -max_pool = 1 - # Number of connections per pool - # (change requires restart) - -# - Life time - - -child_life_time = 300 - # Pool exits after being idle for this many seconds -child_max_connections = 0 - # Pool exits after receiving that many connections - # 0 means no exit -connection_life_time = 0 - # Connection to backend closes after being idle for this many seconds - # 0 means no close -client_idle_limit = 0 - # Client is disconnected after being idle for that many seconds - # (even inside an explicit transactions!) - # 0 means no disconnection - - -#------------------------------------------------------------------------------ -# LOGS -#------------------------------------------------------------------------------ - -# - Where to log - - -log_destination = 'stderr' - # Where to log - # Valid values are combinations of stderr, - # and syslog. Default to stderr. - -# - What to log - - -print_timestamp = on - # Print timestamp on each line - # (change requires restart) - -log_connections = on - # Log connections -log_hostname = on - # Hostname will be shown in ps status - # and in logs if connections are logged -log_statement = on - # Log all statements -log_per_node_statement = off - # Log all statements - # with node and backend informations -log_standby_delay = 'if_over_threshold' - # Log standby delay - # Valid values are combinations of always, - # if_over_threshold, none - -# - Syslog specific - - -syslog_facility = 'LOCAL0' - # Syslog local facility. Default to LOCAL0 -syslog_ident = 'pgpool' - # Syslog program identification string - # Default to 'pgpool' - -# - Debug - - -debug_level = 1 - # Debug message verbosity level - # 0 means no message, 1 or more mean verbose - - -#------------------------------------------------------------------------------ -# FILE LOCATIONS -#------------------------------------------------------------------------------ - -pid_file_name = '/tmp/pgpool.pid' - # PID file name - # (change requires restart) -logdir = '/tmp' - # Directory of pgPool status file - # (change requires restart) - - -#------------------------------------------------------------------------------ -# CONNECTION POOLING -#------------------------------------------------------------------------------ - -connection_cache = off - # Activate connection pools - # (change requires restart) - - # Semicolon separated list of queries - # to be issued at the end of a session - # The default is for 8.3 and later -reset_query_list = 'ABORT; DISCARD ALL' - # The following one is for 8.2 and before -#reset_query_list = 'ABORT; RESET ALL; SET SESSION AUTHORIZATION DEFAULT' - - -#------------------------------------------------------------------------------ -# REPLICATION MODE -#------------------------------------------------------------------------------ - -replication_mode = off - # Activate replication mode - # (change requires restart) -replicate_select = off - # Replicate SELECT statements - # when in replication or parallel mode - # replicate_select is higher priority than - # load_balance_mode. - -insert_lock = off - # Automatically locks a dummy row or a table - # with INSERT statements to keep SERIAL data - # consistency - # Without SERIAL, no lock will be issued -lobj_lock_table = '' - # When rewriting lo_creat command in - # replication mode, specify table name to - # lock - -# - Degenerate handling - - -replication_stop_on_mismatch = off - # On disagreement with the packet kind - # sent from backend, degenerate the node - # which is most likely "minority" - # If off, just force to exit this session - -failover_if_affected_tuples_mismatch = off - # On disagreement with the number of affected - # tuples in UPDATE/DELETE queries, then - # degenerate the node which is most likely - # "minority". - # If off, just abort the transaction to - # keep the consistency - - -#------------------------------------------------------------------------------ -# LOAD BALANCING MODE -#------------------------------------------------------------------------------ - -load_balance_mode = on - # Activate load balancing mode - # (change requires restart) -ignore_leading_white_space = on - # Ignore leading white spaces of each query -white_function_list = '' - # Comma separated list of function names - # that don't write to database - # Regexp are accepted -black_function_list = 'currval,lastval,nextval,setval' - # Comma separated list of function names - # that write to database - # Regexp are accepted - - -#------------------------------------------------------------------------------ -# MASTER/SLAVE MODE -#------------------------------------------------------------------------------ - -master_slave_mode = on - # Activate master/slave mode - # (change requires restart) -master_slave_sub_mode = 'stream' - # Master/slave sub mode - # Valid values are combinations slony or - # stream. Default is slony. - # (change requires restart) - -# - Streaming - - -sr_check_period = 10 - # Streaming replication check period - # Disabled (0) by default -sr_check_user = '{{.Values.credentials.pgusername}}' - # Streaming replication check user - # This is neccessary even if you disable streaming - # replication delay check by sr_check_period = 0 -sr_check_password = '{{.Values.credentials.pgpassword}}' - # Password for streaming replication check user -delay_threshold = 10000000 - # Threshold before not dispatching query to standby node - # Unit is in bytes - # Disabled (0) by default - -# - Special commands - - -follow_master_command = '' - # Executes this command after master failover - # Special values: - # %d = node id - # %h = host name - # %p = port number - # %D = database cluster path - # %m = new master node id - # %H = hostname of the new master node - # %M = old master node id - # %P = old primary node id - # %r = new master port number - # %R = new master database cluster path - # %% = '%' character - - -#------------------------------------------------------------------------------ -# PARALLEL MODE -#------------------------------------------------------------------------------ - -parallel_mode = off - # Activates parallel query mode - # (change requires restart) -pgpool2_hostname = '' - # Set pgpool2 hostname - # (change requires restart) - -# - System DB info - - -#system_db_hostname = 'localhost' - # (change requires restart) -#system_db_port = 5432 - # (change requires restart) -#system_db_dbname = 'pgpool' - # (change requires restart) -#system_db_schema = 'pgpool_catalog' - # (change requires restart) -#system_db_user = 'pgpool' - # (change requires restart) -#system_db_password = '' - # (change requires restart) - - -#------------------------------------------------------------------------------ -# HEALTH CHECK -#------------------------------------------------------------------------------ - -health_check_period = 20 - # Health check period - # Disabled (0) by default -health_check_timeout = 10 - # Health check timeout - # 0 means no timeout -health_check_user = '{{.Values.credentials.pgusername}}' - # Health check user -health_check_password = '{{.Values.credentials.pgpassword}}' - # Password for health check user -health_check_max_retries = 3 -connect_timeout = 10000 # Timeout value in milliseconds before giving up to connect to backend. - - # Maximum number of times to retry a failed health check before giving up. -health_check_retry_delay = 1 - # Amount of time to wait (in seconds) between retries. - - -#------------------------------------------------------------------------------ -# FAILOVER AND FAILBACK -#------------------------------------------------------------------------------ - -failover_command = '' - # Executes this command at failover - # Special values: - # %d = node id - # %h = host name - # %p = port number - # %D = database cluster path - # %m = new master node id - # %H = hostname of the new master node - # %M = old master node id - # %P = old primary node id - # %r = new master port number - # %R = new master database cluster path - # %% = '%' character -failback_command = '' - # Executes this command at failback. - # Special values: - # %d = node id - # %h = host name - # %p = port number - # %D = database cluster path - # %m = new master node id - # %H = hostname of the new master node - # %M = old master node id - # %P = old primary node id - # %r = new master port number - # %R = new master database cluster path - # %% = '%' character - -fail_over_on_backend_error = off - # Initiates failover when reading/writing to the - # backend communication socket fails - # If set to off, pgpool will report an - # error and disconnect the session. - -search_primary_node_timeout = 10 - # Timeout in seconds to search for the - # primary node when a failover occurs. - # 0 means no timeout, keep searching - # for a primary node forever. - -#------------------------------------------------------------------------------ -# ONLINE RECOVERY -#------------------------------------------------------------------------------ - -recovery_user = '{{.Values.credentials.pgusername}}' - # Online recovery user -recovery_password = '{{.Values.credentials.pgpassword}}' - # Online recovery password -recovery_1st_stage_command = '' - # Executes a command in first stage -recovery_2nd_stage_command = '' - # Executes a command in second stage -recovery_timeout = 90 - # Timeout in seconds to wait for the - # recovering node's postmaster to start up - # 0 means no wait -client_idle_limit_in_recovery = 0 - # Client is disconnected after being idle - # for that many seconds in the second stage - # of online recovery - # 0 means no disconnection - # -1 means immediate disconnection - - -#------------------------------------------------------------------------------ -# WATCHDOG -#------------------------------------------------------------------------------ - -# - Enabling - - -use_watchdog = off - # Activates watchdog - # (change requires restart) - -# -Connection to up stream servers - - -trusted_servers = '' - # trusted server list which are used - # to confirm network connection - # (hostA,hostB,hostC,...) - # (change requires restart) -ping_path = '/bin' - # ping command path - # (change requires restart) - -# - Watchdog communication Settings - - -wd_hostname = '' - # Host name or IP address of this watchdog - # (change requires restart) -wd_port = 9000 - # port number for watchdog service - # (change requires restart) -wd_authkey = '' - # Authentication key for watchdog communication - # (change requires restart) - -# - Virtual IP control Setting - - -delegate_IP = '' - # delegate IP address - # If this is empty, virtual IP never bring up. - # (change requires restart) -ifconfig_path = '/sbin' - # ifconfig command path - # (change requires restart) -if_up_cmd = 'ifconfig eth0:0 inet $_IP_$ netmask 255.255.255.0' - # startup delegate IP command - # (change requires restart) -if_down_cmd = 'ifconfig eth0:0 down' - # shutdown delegate IP command - # (change requires restart) - -arping_path = '/usr/sbin' # arping command path - # (change requires restart) - -arping_cmd = 'arping -U $_IP_$ -w 1' - # arping command - # (change requires restart) - -# - Behaivor on escalation Setting - - -clear_memqcache_on_escalation = on - # Clear all the query cache on shared memory - # when standby pgpool escalate to active pgpool - # (= virtual IP holder). - # This should be off if client connects to pgpool - # not using virtual IP. - # (change requires restart) -wd_escalation_command = '' - # Executes this command at escalation on new active pgpool. - # (change requires restart) - -# - Lifecheck Setting - - -# -- common -- - -wd_lifecheck_method = 'heartbeat' - # Method of watchdog lifecheck ('heartbeat' or 'query') - # (change requires restart) -wd_interval = 10 - # lifecheck interval (sec) > 0 - # (change requires restart) - -# -- heartbeat mode -- - -wd_heartbeat_port = 9694 - # Port number for receiving heartbeat signal - # (change requires restart) -wd_heartbeat_keepalive = 2 - # Interval time of sending heartbeat signal (sec) - # (change requires restart) -wd_heartbeat_deadtime = 30 - # Deadtime interval for heartbeat signal (sec) - # (change requires restart) -heartbeat_destination0 = 'host0_ip1' - # Host name or IP address of destination 0 - # for sending heartbeat signal. - # (change requires restart) -heartbeat_destination_port0 = 9694 - # Port number of destination 0 for sending - # heartbeat signal. Usually this is the - # same as wd_heartbeat_port. - # (change requires restart) -heartbeat_device0 = '' - # Name of NIC device (such like 'eth0') - # used for sending/receiving heartbeat - # signal to/from destination 0. - # This works only when this is not empty - # and pgpool has root privilege. - # (change requires restart) - -#heartbeat_destination1 = 'host0_ip2' -#heartbeat_destination_port1 = 9694 -#heartbeat_device1 = '' - -# -- query mode -- - -wd_life_point = 3 - # lifecheck retry times - # (change requires restart) -wd_lifecheck_query = 'SELECT 1' - # lifecheck query to pgpool from watchdog - # (change requires restart) -wd_lifecheck_dbname = 'template1' - # Database name connected for lifecheck - # (change requires restart) -wd_lifecheck_user = 'nobody' - # watchdog user monitoring pgpools in lifecheck - # (change requires restart) -wd_lifecheck_password = '' - # Password for watchdog user in lifecheck - # (change requires restart) - -# - Other pgpool Connection Settings - - -#other_pgpool_hostname0 = 'host0' - # Host name or IP address to connect to for other pgpool 0 - # (change requires restart) -#other_pgpool_port0 = 5432 - # Port number for othet pgpool 0 - # (change requires restart) -#other_wd_port0 = 9000 - # Port number for othet watchdog 0 - # (change requires restart) -#other_pgpool_hostname1 = 'host1' -#other_pgpool_port1 = 5432 -#other_wd_port1 = 9000 - - -#------------------------------------------------------------------------------ -# OTHERS -#------------------------------------------------------------------------------ -relcache_expire = 0 - # Life time of relation cache in seconds. - # 0 means no cache expiration(the default). - # The relation cache is used for cache the - # query result against PostgreSQL system - # catalog to obtain various information - # including table structures or if it's a - # temporary table or not. The cache is - # maintained in a pgpool child local memory - # and being kept as long as it survives. - # If someone modify the table by using - # ALTER TABLE or some such, the relcache is - # not consistent anymore. - # For this purpose, cache_expiration - # controls the life time of the cache. -relcache_size = 256 - # Number of relation cache - # entry. If you see frequently: - # "pool_search_relcache: cache replacement happend" - # in the pgpool log, you might want to increate this number. - -check_temp_table = on - # If on, enable temporary table check in SELECT statements. - # This initiates queries against system catalog of primary/master - # thus increases load of master. - # If you are absolutely sure that your system never uses temporary tables - # and you want to save access to primary/master, you could turn this off. - # Default is on. - - -#------------------------------------------------------------------------------ -# ON MEMORY QUERY MEMORY CACHE -#------------------------------------------------------------------------------ -memory_cache_enabled = off - # If on, use the memory cache functionality, off by default -memqcache_method = 'shmem' - # Cache storage method. either 'shmem'(shared memory) or - # 'memcached'. 'shmem' by default - # (change requires restart) -memqcache_memcached_host = 'localhost' - # Memcached host name or IP address. Mandatory if - # memqcache_method = 'memcached'. - # Defaults to localhost. - # (change requires restart) -memqcache_memcached_port = 11211 - # Memcached port number. Mondatory if memqcache_method = 'memcached'. - # Defaults to 11211. - # (change requires restart) -memqcache_total_size = 67108864 - # Total memory size in bytes for storing memory cache. - # Mandatory if memqcache_method = 'shmem'. - # Defaults to 64MB. - # (change requires restart) -memqcache_max_num_cache = 1000000 - # Total number of cache entries. Mandatory - # if memqcache_method = 'shmem'. - # Each cache entry consumes 48 bytes on shared memory. - # Defaults to 1,000,000(45.8MB). - # (change requires restart) -memqcache_expire = 0 - # Memory cache entry life time specified in seconds. - # 0 means infinite life time. 0 by default. - # (change requires restart) -memqcache_auto_cache_invalidation = on - # If on, invalidation of query cache is triggered by corresponding - # DDL/DML/DCL(and memqcache_expire). If off, it is only triggered - # by memqcache_expire. on by default. - # (change requires restart) -memqcache_maxcache = 409600 - # Maximum SELECT result size in bytes. - # Must be smaller than memqcache_cache_block_size. Defaults to 400KB. - # (change requires restart) -memqcache_cache_block_size = 1048576 - # Cache block size in bytes. Mandatory if memqcache_method = 'shmem'. - # Defaults to 1MB. - # (change requires restart) -memqcache_oiddir = '/var/log/pgpool/oiddir' - # Temporary work directory to record table oids - # (change requires restart) -white_memqcache_table_list = '' - # Comma separated list of table names to memcache - # that don't write to database - # Regexp are accepted -black_memqcache_table_list = '' - # Comma separated list of table names not to memcache - # that don't write to database - # Regexp are accepted diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_hba.conf b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_hba.conf deleted file mode 100644 index d8918409e8..0000000000 --- a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_hba.conf +++ /dev/null @@ -1,67 +0,0 @@ -# pgpool Client Authentication Configuration File a custom version -# =============================================== -# -# The format rule in this file follows the rules in the PostgreSQL -# Administrator's Guide. Refer to chapter "Client Authentication" for a -# complete description. A short synopsis follows. -# -# This file controls: which hosts are allowed to connect, how clients -# are authenticated, which user names they can use, which databases they -# can access. Records take one of these forms: -# -# local DATABASE USER METHOD [OPTION] -# host DATABASE USER CIDR-ADDRESS METHOD [OPTION] -# -# (The uppercase items must be replaced by actual values.) -# -# The first field is the connection type: "local" is a Unix-domain -# socket, "host" is either a plain or SSL-encrypted TCP/IP socket. -# -# DATABASE can be "all", "sameuser", a database name, or a comma-separated -# list thereof. Note that "samegroup" like in PostgreSQL's pg_hba.conf -# file is not supported, since pgpool does not know which group a user -# belongs to. Also note that the database specified here may not exist in -# the backend PostgreSQL. pgpool will authenticate based on the database's -# name, not based on whether it exists or not. -# -# USER can be "all", a user name, or a comma-separated list thereof. In -# both the DATABASE and USER fields you can also write a file name prefixed -# with "@" to include names from a separate file. Note that a group name -# prefixed with "+" like in PostgreSQL's pg_hba.conf file is not supported -# because of the same reason as "samegroup" token. Also note that a user -# name specified here may not exist in the backend PostgreSQL. pgpool will -# authenticate based on the user's name, not based on whether he/she exists. -# -# CIDR-ADDRESS specifies the set of hosts the record matches. -# It is made up of an IP address and a CIDR mask that is an integer -# (between 0 and 32 (IPv4) that specifies the number of significant bits in -# the mask. Alternatively, you can write an IP address and netmask in -# separate columns to specify the set of hosts. -# -# METHOD can be "trust", "reject", "md5" or "pam". Note that "pam" sends passwords -# in clear text. -# -# OPTION is the name of the PAM service. Default service name is "pgpool" -# -# Database and user names containing spaces, commas, quotes and other special -# characters must be quoted. Quoting one of the keywords "all" or "sameuser" -# makes the name lose its special character, and just match a database or -# username with that name. -# -# This file is read on pgpool startup. If you edit the file on a running -# system, you have to restart the pgpool for the changes to take effect. - -# Put your actual configuration here -# ---------------------------------- -# -# If you want to allow non-local connections, you need to add more -# "host" records. In that case you will also need to make pgpool listen -# on a non-local interface via the listen_addresses configuration parameter. -# - -# TYPE DATABASE USER CIDR-ADDRESS METHOD - -# "local" is for Unix domain socket connections only -#local all all trust -# IPv4 local connections: -host all all 0.0.0.0/0 md5 diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_passwd b/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_passwd deleted file mode 100644 index 3636d1de74..0000000000 --- a/kubernetes/common/postgres-legacy/charts/pgpool/configs/pool_passwd +++ /dev/null @@ -1,2 +0,0 @@ -testuser:md599e8713364988502fa6189781bcf648f -postgres:md53175bce1d3201d16594cebf9d7eb3f9d diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/templates/deployment.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/templates/deployment.yaml deleted file mode 100644 index 7572d7f444..0000000000 --- a/kubernetes/common/postgres-legacy/charts/pgpool/templates/deployment.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -kind: Deployment -apiVersion: extensions/v1beta1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: 2 - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - containers: - - image: "{{.Values.repository}}/{{.Values.image}}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }} - env: - - name: PG_PRIMARY_SERVICE_NAME - value: {{.Values.container.name.primary}} - - name: PG_REPLICA_SERVICE_NAME - value: {{.Values.container.name.replica}} - - name: PG_USERNAME - value: {{.Values.credentials.pgusername}} - - name: PG_PASSWORD - value: {{.Values.credentials.pgpassword}} - ports: - - containerPort: 5432 - name: pgpool - protocol: TCP - readinessProbe: - tcpSocket: - port: 5432 - initialDelaySeconds: 20 - periodSeconds: 10 - livenessProbe: - tcpSocket: - port: 5432 - initialDelaySeconds: 15 - periodSeconds: 20 - volumeMounts: - - name: pgpool-pgconf - mountPath: /pgconf/pgpoolconfigdir - readOnly: false - volumes: - - name: pgpool-pgconf - configMap: - name: {{ include "common.fullname" . }}-pgpool-configmap diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/templates/service.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/templates/service.yaml deleted file mode 100644 index 8c066e5b7a..0000000000 --- a/kubernetes/common/postgres-legacy/charts/pgpool/templates/service.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.name }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/values.yaml b/kubernetes/common/postgres-legacy/charts/pgpool/values.yaml deleted file mode 100644 index cb732b7cd7..0000000000 --- a/kubernetes/common/postgres-legacy/charts/pgpool/values.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - persistence: {} - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: crunchydata -image: crunchy-pgpool:centos7-10.4-2.0.0 -pullPolicy: Always - -container: - port: 5432 - name: - primary: pgset-primary - replica: pgset-replica -credentials: - pgusername: testuser - pgpassword: password -service: - name: pgpool - type: ClusterIP - externalPort: 5432 - internalPort: 5432 diff --git a/kubernetes/common/postgres-legacy/templates/pv.yaml b/kubernetes/common/postgres-legacy/templates/pv.yaml deleted file mode 100644 index 2ac5d979d5..0000000000 --- a/kubernetes/common/postgres-legacy/templates/pv.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -{{- $global := . }} -{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) -}} -{{- range $i := until (int $global.Values.replicaCount)}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-data-{{ $i }} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.fullname" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }} -spec: - capacity: - storage: {{ $global.Values.persistence.size}} - accessModes: - - {{ $global.Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" $global }}-data" - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/common/postgres-legacy/templates/secrets.yaml b/kubernetes/common/postgres-legacy/templates/secrets.yaml deleted file mode 100644 index db1bc5bb15..0000000000 --- a/kubernetes/common/postgres-legacy/templates/secrets.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - pg-primary-password: {{ .Values.config.pgPrimaryPassword | b64enc | quote }} - pg-user-password: {{ .Values.config.pgUserPassword | b64enc | quote }} - pg-root-password: {{ .Values.config.pgRootPassword | b64enc | quote }} - diff --git a/kubernetes/common/postgres-legacy/templates/service.yaml b/kubernetes/common/postgres-legacy/templates/service.yaml deleted file mode 100644 index 30d824bbd7..0000000000 --- a/kubernetes/common/postgres-legacy/templates/service.yaml +++ /dev/null @@ -1,95 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.name }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name2 }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type2 }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.name2 }} - {{- else -}} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.name2 }} - {{- end}} - selector: - name: "{{.Values.container.name.primary}}" - release: {{ include "common.release" . }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name3 }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: -spec: - type: {{ .Values.service.type3 }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort3 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} - name: {{ .Values.service.name3 }} - {{- else -}} - - port: {{ .Values.service.externalPort3 }} - targetPort: {{ .Values.service.internalPort3 }} - name: {{ .Values.service.name3 }} - {{- end}} - selector: - name: "{{.Values.container.name.replica}}" - release: {{ include "common.release" . }} diff --git a/kubernetes/common/postgres-legacy/templates/statefulset.yaml b/kubernetes/common/postgres-legacy/templates/statefulset.yaml deleted file mode 100644 index 5333a0d310..0000000000 --- a/kubernetes/common/postgres-legacy/templates/statefulset.yaml +++ /dev/null @@ -1,143 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# # -# # Licensed under the Apache License, Version 2.0 (the "License"); -# # you may not use this file except in compliance with the License. -# # You may obtain a copy of the License at -# # -# # http://www.apache.org/licenses/LICENSE-2.0 -# # -# # Unless required by applicable law or agreed to in writing, software -# # distributed under the License is distributed on an "AS IS" BASIS, -# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# # See the License for the specific language governing permissions and -# # limitations under the License. -*/}} -apiVersion: apps/v1beta1 -kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - serviceName: {{ .Values.service.name }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - /bin/sh - - -c - - | - chown -R 26:26 /podroot/; - chmod 700 /podroot/; - image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-prepare - volumeMounts: - - name: {{ include "common.fullname" . }}-data - mountPath: /podroot/ - containers: - - name: {{ include "common.name" . }} - image: "{{ .Values.postgresRepository }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - name: postgres - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - {{end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - env: - - name: PGHOST - value: /tmp - - name: PG_PRIMARY_USER - value: primaryuser - - name: PG_MODE - value: set - - name: PG_PRIMARY_HOST - value: "{{.Values.container.name.primary}}" - - name: PG_REPLICA_HOST - value: "{{.Values.container.name.replica}}" - - name: PG_PRIMARY_PORT - value: "{{.Values.service.internalPort}}" - - name: PG_PRIMARY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: pg-primary-password - - name: PG_USER - value: "{{.Values.config.pgUserName}}" - - name: PG_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: pg-user-password - - name: PG_DATABASE - value: "{{.Values.config.pgDatabase}}" - - name: PG_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: pg-root-password - volumeMounts: - - mountPath: /pgdata - name: {{ include "common.fullname" . }}-data - - mountPath: /backup - name: {{ include "common.fullname" . }}-backup - readOnly: true - resources: -{{ include "common.resources" . | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} - {{- end }} - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-backup - emptyDir: {} -{{- if not .Values.persistence.enabled }} - - name: {{ include "common.fullname" . }}-data - emptyDir: {} -{{- else }} - volumeClaimTemplates: - - metadata: - name: {{ include "common.fullname" . }}-data - labels: - name: {{ include "common.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - spec: - accessModes: - - {{ .Values.persistence.accessMode | quote }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} -{{- end }} diff --git a/kubernetes/common/postgres-legacy/values.yaml b/kubernetes/common/postgres-legacy/values.yaml deleted file mode 100644 index 8dd5d0aaac..0000000000 --- a/kubernetes/common/postgres-legacy/values.yaml +++ /dev/null @@ -1,139 +0,0 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - persistence: {} - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.0 - -################################################################# -# Application configuration defaults. -################################################################# - -# BusyBox image -busyboxRepository: registry.hub.docker.com -busyboxImage: library/busybox:latest - -postgresRepository: crunchydata -image: crunchy-postgres:centos7-10.4-2.0.0 -pullPolicy: Always - -# application configuration -config: - pgUserName: testuser - pgDatabase: userdb - pgPrimaryPassword: password - pgUserPassword: password - pgRootPassword: password - -container: - name: - primary: pgset-primary - replica: pgset-replica - -pgpool: - container: - port: 5432 - name: - primary: pgset-primary - replica: pgset-replica - credentials: - pgusername: testuser - pgpassword: password - service: - name: pgpool - - -# default number of instances -replicaCount: 2 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 300 - periodSeconds: 10 - timeoutSeconds: 5 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -## Persist data to a persitent volume -persistence: - enabled: true - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - volumeReclaimPolicy: Retain - - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: <storageClass> - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - accessMode: ReadWriteOnce - size: 1Gi - mountPath: /dockerdata-nfs - mountSubPath: postgres/data - mountInitPath: postgres - -service: - type: ClusterIP - name: pgset - externalPort: 5432 - internalPort: 5432 - type2: ClusterIP - name2: pgset-primary - externalPort2: 5432 - internalPort2: 5432 - type3: ClusterIP - name3: pgset-replica - externalPort3: 5432 - internalPort3: 5432 - -ingress: - enabled: false - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # - # Example: - # Configure resource requests and limits - # ref: http://kubernetes.io/docs/user-guide/compute-resources/ - # Minimum memory for development is 2 CPU cores and 4GB memory - # Minimum memory for production is 4 CPU cores and 8GB memory -#resources: -# limits: -# cpu: 2 -# memory: 4Gi -# requests: -# cpu: 2 -# memory: 4Gi - diff --git a/kubernetes/common/postgres/configs/setup.sql b/kubernetes/common/postgres/configs/setup.sql new file mode 100644 index 0000000000..f60b473242 --- /dev/null +++ b/kubernetes/common/postgres/configs/setup.sql @@ -0,0 +1,40 @@ +--- System Setup +SET application_name="container_setup"; + +CREATE EXTENSION IF NOT EXISTS pg_stat_statements; +CREATE EXTENSION IF NOT EXISTS pgaudit; + +ALTER USER postgres PASSWORD '${PG_ROOT_PASSWORD}'; + +CREATE USER ${PG_PRIMARY_USER} WITH REPLICATION; +ALTER USER ${PG_PRIMARY_USER} PASSWORD '${PG_PRIMARY_PASSWORD}'; + +CREATE USER "${PG_USER}" LOGIN; +ALTER USER "${PG_USER}" PASSWORD '${PG_PASSWORD}'; + +CREATE DATABASE ${PG_DATABASE}; +GRANT ALL PRIVILEGES ON DATABASE ${PG_DATABASE} TO "${PG_USER}"; + +CREATE TABLE IF NOT EXISTS primarytable (key varchar(20), value varchar(20)); +GRANT ALL ON primarytable TO ${PG_PRIMARY_USER}; + +--- PG_DATABASE Setup + +\c ${PG_DATABASE} + +CREATE EXTENSION IF NOT EXISTS pg_stat_statements; +CREATE EXTENSION IF NOT EXISTS pgaudit; + +--- Verify permissions via PG_USER + +\c ${PG_DATABASE} "${PG_USER}"; + +CREATE SCHEMA IF NOT EXISTS "${PG_USER}"; + +CREATE TABLE IF NOT EXISTS "${PG_USER}".testtable ( + name varchar(30) PRIMARY KEY, + value varchar(50) NOT NULL, + updatedt timestamp NOT NULL +); + +INSERT INTO "${PG_USER}".testtable (name, value, updatedt) VALUES ('CPU', '256', now()); diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index 3777c1b2e4..361e64847e 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -40,6 +40,34 @@ spec: name: "{{ index $dot.Values "container" "name" $pgMode }}" spec: initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: PG_PRIMARY_USER + value: primaryuser + - name: PG_PRIMARY_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }} + - name: PG_USER + {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }} + - name: PG_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }} + - name: PG_DATABASE + value: "{{ $dot.Values.config.pgDatabase }}" + - name: PG_ROOT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input/setup.sql + name: config + subPath: setup.sql + - mountPath: /config + name: pgconf + image: "{{ $dot.Values.global.envsubstImage }}" + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} + name: {{ include "common.name" $dot }}-update-config + - name: init-sysctl command: - /bin/sh @@ -98,9 +126,12 @@ spec: - name: PG_ROOT_PASSWORD {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }} volumeMounts: - - name: pool-hba-conf + - name: config mountPath: /pgconf/pool_hba.conf subPath: pool_hba.conf + - name: pgconf + mountPath: /pgconf/setup.sql + subPath: setup.sql - mountPath: /pgdata name: {{ include "common.fullname" $dot }}-data - mountPath: /backup @@ -129,7 +160,10 @@ spec: {{- else }} emptyDir: {} {{ end }} - - name: pool-hba-conf + - name: config configMap: name: {{ include "common.fullname" $dot }} -{{- end -}}
\ No newline at end of file + - name: pgconf + emptyDir: + medium: Memory +{{- end -}} diff --git a/kubernetes/common/postgres/values.yaml b/kubernetes/common/postgres/values.yaml index 7aff189ba9..10f9405de6 100644 --- a/kubernetes/common/postgres/values.yaml +++ b/kubernetes/common/postgres/values.yaml @@ -21,6 +21,9 @@ global: readinessRepository: oomk8s readinessImage: readiness-check:2.0.0 + # envsusbt + envsubstImage: dibi/envsubst + ################################################################# # Secrets metaconfig ################################################################# diff --git a/kubernetes/consul/charts/consul-server/values.yaml b/kubernetes/consul/charts/consul-server/values.yaml index 2eb3c25717..e9c96d1bc6 100644 --- a/kubernetes/consul/charts/consul-server/values.yaml +++ b/kubernetes/consul/charts/consul-server/values.yaml @@ -56,7 +56,7 @@ service: name: consul-server portName: consul-join internalPort: 8301 - type2: NodePort + type2: ClusterIP portName2: consul-ui internalPort2: 8500 nodePort2: 70 diff --git a/kubernetes/contrib/tools/rke/rke_setup.sh b/kubernetes/contrib/tools/rke/rke_setup.sh index 409da3987c..cde7d4caa0 100755 --- a/kubernetes/contrib/tools/rke/rke_setup.sh +++ b/kubernetes/contrib/tools/rke/rke_setup.sh @@ -21,7 +21,7 @@ # https://wiki.onap.org/display/DW/OOM+RKE+Kubernetes+Deployment # source from https://jira.onap.org/browse/OOM-1598 # -# master/dublin +# master/dublin # RKE 0.1.16 Kubernetes 1.11.6, kubectl 1.11.6, Helm 2.9.1, Docker 18.06 # 20190428 RKE 0.2.1, Kubernetes 1.13.5, kubectl 1.13.5, Helm 2.12.3, Docker 18.09.5 # single node install, HA pending @@ -30,7 +30,7 @@ usage() { cat <<EOF Usage: $0 [PARAMs] example -sudo ./rke_setup.sh -b dublin -s rke.onap.cloud -e onap -l amdocs -v true +sudo ./rke_setup.sh -b master -s rke.onap.cloud -e onap -l amdocs -v true -u : Display usage -b [branch] : branch = master or dublin (required) -s [server] : server = IP or DNS name (required) @@ -48,16 +48,16 @@ install_onap() { KUBECTL_VERSION=1.13.5 HELM_VERSION=2.12.3 DOCKER_VERSION=18.09 - + # copy your private ssh key and cluster.yml file to the vm # on your dev machine #sudo cp ~/.ssh/onap_rsa . - #sudo chmod 777 onap_rsa + #sudo chmod 777 onap_rsa #scp onap_rsa ubuntu@192.168.241.132:~/ # on this vm - #sudo chmod 400 onap_rsa + #sudo chmod 400 onap_rsa #sudo cp onap_rsa ~/.ssh - # make sure public key is insetup correctly in + # make sure public key is insetup correctly in # sudo vi ~/.ssh/authorized_keys echo "please supply your ssh key as provided by the -k keyname - it must be be chmod 400 and chown user:user in ~/.ssh/" @@ -66,8 +66,8 @@ install_onap() { echo "specifically" echo "address: $SERVER" echo "user: $USERNAME" - echo "ssh_key_path: $SSHPATH_PREFIX/$SSHKEY" - + echo "ssh_key_path: $SSHPATH_PREFIX/$SSHKEY" + RKETOOLS= HYPERCUBE= POD_INFRA_CONTAINER= diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml index 6b90aa3144..c404c32d70 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/requirements.yaml @@ -20,7 +20,10 @@ dependencies: - name: common version: ~5.x-0 repository: '@local' - - name: postgres-legacy + - name: postgres version: ~5.x-0 repository: '@local' alias: postgres + - name: mongo + version: ~5.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json index e5057427e8..a0ec3b4a6d 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/config/k8s-plugin.json @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== #================================================================================= -# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); @@ -34,6 +34,7 @@ { "cert_path": "/opt/app/osaaf", "image": "{{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}", + "component_cert_dir": "/opt/dcae/cacert", "component_ca_cert_path": "/opt/dcae/cacert/cacert.pem", "ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert" } diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml index a6fbea1e1d..5ece12c46b 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-hv_ves-inputs.yaml @@ -18,3 +18,4 @@ {{ if .Values.componentImages.hv_ves }} tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.hv_ves }} {{ end }} +use_tls: true
\ No newline at end of file diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml new file mode 100644 index 0000000000..5074cb8a7f --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-tcagen2-inputs.yaml @@ -0,0 +1,22 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +{{ if .Values.componentImages.tcagen2 }} +tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.tcagen2 }} +{{ end }} +tca_handle_in_subscribe_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/" +tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.TCAGEN2_OUTPUT/" diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml new file mode 100644 index 0000000000..17d0fc4254 --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs-tls.yaml @@ -0,0 +1,32 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2020 Nokia. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +{{ if .Values.componentImages.ves }} +tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.ves }} +{{ end }} +external_port: 0 +external_port_tls: {{ .Values.config.address.ves.portSecure }} +auth_method: "certBasicAuth" +component_name: "dcae-ves-collector-tls" +dns_component_name: "dcae-ves-collector-tls" +enable_tls: true +ves_other_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_OTHER_OUTPUT/" +ves_heartbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT/" +ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_FAULT_OUTPUT/" +ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/" +ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/" +ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
\ No newline at end of file diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml index 69e7cb76de..c113d643af 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/resources/inputs/k8s-ves-inputs.yaml @@ -2,6 +2,7 @@ #================================================================================= # Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada +# Modifications (c) 2020 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,11 +20,14 @@ {{ if .Values.componentImages.ves }} tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.ves }} {{ end }} -external_port : {{ .Values.config.address.ves.port }} -external_tls_port : {{ .Values.config.address.ves.portSecure }} +external_port_tls: 0 +external_port: {{ .Values.config.address.ves.port }} +auth_method: "noAuth" +component_name: "dcae-ves-collector" +dns_component_name: "dcae-ves-collector" ves_other_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_OTHER_OUTPUT/" ves_heartbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT/" ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_FAULT_OUTPUT/" ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/" ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/" -ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/" +ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
\ No newline at end of file diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml index 7a28812278..a36164d164 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/templates/deployment.yaml @@ -53,8 +53,11 @@ spec: - dcae-config-binding-service
- --container-name
- dcae-db
+ - --container-name
+ - dcae-inventory-api
- "-t"
- "15"
+
env:
- name: NAMESPACE
valueFrom:
diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 20caa5c122..872d01d6ae 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -93,9 +93,23 @@ postgres: primary: dcae-pgpool-primary replica: dcae-pgpool-replica +mongo: + nameOverride: dcae-mongo + config: + dbName: dcaecommondb + service: + name: dcae-mongohost + internalPort: 27017 + nfsprovisionerPrefix: dcaemongo + sdnctlPrefix: tcagen2 + persistence: + mountSubPath: dcae/mongo/data + enabled: true + disableNfsProvisioner: true + # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.9.0 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.0 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager @@ -104,10 +118,11 @@ componentImages: holmes_rules: onap/holmes/rule-management:1.2.7 holmes_engine: onap/holmes/engine-management:1.2.6 tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2 - ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.2 + tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.0 + ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.3 snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0 prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.0 - hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.3.0 + hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index 673b01776e..d2bda88577 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -46,7 +46,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.cm-container:2.0.2 +image: onap/org.onap.dcaegen2.deployments.cm-container:2.1.0 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters diff --git a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml index 98faef0792..a27fba52ae 100644 --- a/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-config-binding-service/values.yaml @@ -63,7 +63,7 @@ readiness: path: /healthcheck service: - type: NodePort + type: ClusterIP name: config-binding-service # TLS service secure: diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml index 116a77fd8b..a926fb396b 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/templates/deployment.yaml @@ -104,6 +104,8 @@ spec: volumeMounts: - mountPath: /usr/local/share/ca-certificates/ name: tls-info + - mountPath: /opt/logs/dcae/dashboard + name: component-log env: - name: CONSUL_HOST value: consul-server.{{ include "common.namespace" . }} diff --git a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml index 03cb99ad14..9d38659f61 100644 --- a/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-dashboard/values.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -44,7 +44,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.1.0 +image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.1 pullPolicy: Always # probe configuration parameters @@ -60,13 +60,13 @@ readiness: initialDelaySeconds: 30 periodSeconds: 30 path: /ccsdk-app/health - scheme: HTTP + scheme: HTTPS service: type: NodePort name: dashboard - externalPort: 8080 - internalPort: 8080 + externalPort: 8443 + internalPort: 8443 nodePort: 18 # application configuration override for postgres postgres: diff --git a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml index c78625227a..8a3440dae5 100644 --- a/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-deployment-handler/values.yaml @@ -46,7 +46,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.deployment-handler:4.2.0 +image: onap/org.onap.dcaegen2.platform.deployment-handler:4.3.0 pullPolicy: Always # probe configuration parameters diff --git a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml index fb5a195e60..ba8648a5be 100644 --- a/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-healthcheck/values.yaml @@ -28,7 +28,7 @@ global: service: name: dcae-healthcheck - internalPort: 80 + internalPort: 8080 externalPort: 80 type: ClusterIP @@ -45,7 +45,7 @@ readiness: periodSeconds: 10 # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.2.5 +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.3.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml index 3e79830cc1..4c4f567956 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/requirements.yaml @@ -17,7 +17,7 @@ dependencies: - name: common version: ~5.x-0 repository: '@local' - - name: postgres-legacy + - name: postgres version: ~5.x-0 repository: '@local' alias: postgres diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json b/kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json index c8c7dd79f1..d9927314e1 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/resources/config/config.json @@ -36,7 +36,7 @@ "type": "https", "port": 8080, "keyStorePath": "/opt/cert/cert.jks", - "keyStorePassword": "hD:!w:CxF]lGvM6Mz9l^j[7U", + "keyStorePassword": "/opt/cert/jks.pass", "keyStoreType": "JKS" }] } diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/resources/log/filebeat.yml b/kubernetes/dcaegen2/components/dcae-inventory-api/resources/log/filebeat.yml new file mode 100644 index 0000000000..0e5ee9bffa --- /dev/null +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/resources/log/filebeat.yml @@ -0,0 +1,72 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase + +logging: + level: debug + + # enable file rotation with default configuration + to_files: true + + # do not log to syslog + to_syslog: false + + files: + path: /usr/share/filebeat/logs + name: mybeat.log + keepfiles: 7 diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/configmap.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/configmap.yaml index 96ba64f945..5b7a244835 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/configmap.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/configmap.yaml @@ -24,3 +24,11 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{include "common.fullname" . }}-filebeat-configmap + namespace: {{include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }} diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml index 2bfb01d970..6769c00a2d 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/templates/deployment.yaml @@ -52,6 +52,8 @@ spec: fieldPath: metadata.namespace - name: init-tls env: + - name: aaf_locator_fqdn + value: dcae - name: POD_IP valueFrom: fieldRef: @@ -61,7 +63,7 @@ spec: imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} resources: {} volumeMounts: - - mountPath: /opt/tls/shared + - mountPath: /opt/app/osaaf name: tls-info containers: - name: {{ include "common.name" . }} @@ -101,10 +103,38 @@ spec: subPath: config.json - mountPath: /opt/cert/ name: tls-info + - mountPath: /opt/logs/ + name: component-log env: - name: CONSUL_HOST value: consul.{{ include "common.namespace" . }} + - name: {{ include "common.name" . }}-filebeat + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }} + imagePullPolicy: IfNotPresent + resources: {} + volumeMounts: + - mountPath: /var/log/onap/inventory + name: component-log + - mountPath: /usr/share/filebeat/data + name: filebeat-data + - mountPath: /usr/share/filebeat/filebeat.yml + name: filebeat-conf + subPath: filebeat.yml volumes: + - emptyDir: {} + name: component-log + - emptyDir: {} + name: filebeat-data + - configMap: + defaultMode: 420 + name: {{ include "common.fullname" . }}-filebeat-configmap + name: filebeat-conf - name: {{ include "common.fullname" . }}-inv-config configMap: name: {{ include "common.fullname" . }}-configmap @@ -112,3 +142,4 @@ spec: name: tls-info imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" + diff --git a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml index 8e4430c37e..51af963343 100644 --- a/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-inventory-api/values.yaml @@ -25,7 +25,7 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 tlsRepository: nexus3.onap.org:10001 - tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 repositoryCred: user: docker password: docker @@ -44,7 +44,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.inventory-api:3.4.0 +image: onap/org.onap.dcaegen2.platform.inventory-api:3.4.1 pullPolicy: Always diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json b/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json index 7342ca633a..b459a989d7 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json @@ -13,20 +13,27 @@ "policy_engine": { "url": "https://{{ .Values.config.address.policy_xacml_pdp }}:6969", "path_decision": "/policy/pdpx/v1/decision", - "path_notifications": "/pdp/notifications", - "path_api": "/pdp/api/", "headers": { "Accept": "application/json", "Content-Type": "application/json", - "ClientAuth": "cHl0aG9uOnRlc3Q=", "Authorization": "Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0", "Environment": "TEST" }, "target_entity": "policy_engine", "tls_ca_mode": "cert_directory", - "tls_wss_ca_mode": "cert_directory", - "timeout_in_secs": 60, - "ws_ping_interval_in_secs": 180 + "timeout_in_secs": 60 + }, + "dmaap_mr" : { + "url" : "https://message-router:3904/events/unauthenticated.POLICY-NOTIFICATION/policy-handler/ph1", + "query": { + "timeout": 15000 + }, + "headers" : { + "Content-Type" : "application/json" + }, + "target_entity" : "dmaap_mr", + "tls_ca_mode" : "cert_directory", + "timeout_in_secs": 60 }, "deploy_handler": { "target_entity": "deployment_handler", diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml index 8517073729..717497f4d4 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/values.yaml @@ -1,6 +1,6 @@ #============LICENSE_START======================================================== # ================================================================================ -# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -47,7 +47,7 @@ config: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/org.onap.dcaegen2.platform.policy-handler:5.0.0 +image: onap/org.onap.dcaegen2.platform.policy-handler:5.1.0 pullPolicy: Always # probe configuration parameters @@ -68,7 +68,7 @@ readiness: service: type: ClusterIP name: policy-handler - externalPort: 25577 + externalPort: 80 internalPort: 25577 diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml index dfc4dbf949..25ddfc7558 100644 --- a/kubernetes/dcaegen2/values.yaml +++ b/kubernetes/dcaegen2/values.yaml @@ -19,8 +19,7 @@ global: nodePortPrefix: 302 tlsRepository: nexus3.onap.org:10001 -# Have to use locally-define tlsImage until inventory API can use 2.x.y -# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 + tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 consulLoaderRepository: nexus3.onap.org:10001 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 redis: diff --git a/kubernetes/common/postgres-legacy/.helmignore b/kubernetes/dcaemod/.helmignore index f0c1319444..f0c1319444 100644 --- a/kubernetes/common/postgres-legacy/.helmignore +++ b/kubernetes/dcaemod/.helmignore diff --git a/kubernetes/dcaemod/Chart.yaml b/kubernetes/dcaemod/Chart.yaml new file mode 100644 index 0000000000..9fe96fb7e2 --- /dev/null +++ b/kubernetes/dcaemod/Chart.yaml @@ -0,0 +1,21 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP DCAE MOD +name: dcaemod +version: 6.0.0 diff --git a/kubernetes/dcaemod/Makefile b/kubernetes/dcaemod/Makefile new file mode 100644 index 0000000000..b1e5a7355e --- /dev/null +++ b/kubernetes/dcaemod/Makefile @@ -0,0 +1,36 @@ +# Copyright © 2020 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +make-dcaemod: make-dcaemod-distributor-api make-dcaemod-genprocessor make-dcaemod-designtool make-dcaemod-onboarding-api make-dcaemod-runtime-api make-dcaemod-nifi-registry + +make-dcaemod-distributor-api: + cd components && helm dep up dcaemod-genprocessor && helm lint dcaemod-genprocessor + +make-dcaemod-genprocessor: + cd components && helm dep up dcaemod-distributor-api && helm lint dcaemod-distributor-api + +make-dcaemod-designtool: + cd components && helm dep up dcaemod-designtool && helm lint dcaemod-designtool + +make-dcaemod-onboarding-api: + cd components && helm dep up dcaemod-onboarding-api && helm lint dcaemod-onboarding-api + +make-dcaemod-runtime-api: + cd components && helm dep up dcaemod-runtime-api && helm lint dcaemod-runtime-api + +make-dcaemod-nifi-registry: + cd components && helm dep up dcaemod-nifi-registry && helm lint dcaemod-nifi-registry + +clean: + @find . -type f -name '*.tgz' -delete + @find . -type f -name '*.lock' -delete diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/Chart.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/Chart.yaml new file mode 100644 index 0000000000..eeda833f76 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-designtool/Chart.yaml @@ -0,0 +1,21 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP DCAE MOD Design Tool +name: dcaemod-designtool +version: 6.0.0 diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml new file mode 100644 index 0000000000..54c2049db2 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-designtool/requirements.yaml @@ -0,0 +1,21 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~5.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml new file mode 100644 index 0000000000..2144418fbb --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-designtool/templates/deployment.yaml @@ -0,0 +1,86 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: 1 + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - dcaemod-genprocessor-http + - --container-name + - dcaemod-nifi-registry + - --container-name + - dcaemod-distributor-api + - "-t" + - "15" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-create-bucket + image: {{ .Values.config.curlImage }} + args: + - -kv + - -X + - POST + - -H + - "Content-Type: application/json" + - --data-binary + - '{"name": "dcaemod-flows"}' + - http://dcaemod-nifi-registry:18080/nifi-registry-api/buckets + + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + httpGet: + path: {{ .Values.readiness.path }} + port: {{ .Values.readiness.port }} + scheme: {{ .Values.readiness.scheme }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: {{ include "common.resources" . | nindent 12 }} + env: + - name: NIFI_DCAE_JARS_INDEX_URL + value: {{ .Values.config.nifiJarsIndexURL }} + - name: NIFI_DCAE_DISTRIBUTOR_API_URL + value: {{ .Values.config.distributorAPIURL }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/templates/ingress.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/templates/ingress.yaml new file mode 100644 index 0000000000..6bc21e341d --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-designtool/templates/ingress.yaml @@ -0,0 +1,16 @@ +# ================================================================================ +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +{{ include "common.ingress" . }}
\ No newline at end of file diff --git a/kubernetes/dcaemod/components/dcaemod-designtool/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/templates/service.yaml new file mode 100644 index 0000000000..85d137b4b3 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-designtool/templates/service.yaml @@ -0,0 +1,18 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +{{ include "common.service" . }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/values.yaml b/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml index 676f6342f4..d9e00ace0f 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-designtool/values.yaml @@ -1,100 +1,95 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +# ============LICENSE_END========================================================= ################################################################# # Global configuration defaults. ################################################################# global: + persistence: {} nodePortPrefix: 302 + nodePortPrefixExt: 304 readinessRepository: oomk8s readinessImage: readiness-check:2.0.0 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - persistence: {} - ubuntuInitRepository: registry.hub.docker.com - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/dmaap/kafka111:1.0.1 -pullPolicy: Always -ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 - -zookeeper: - name: message-router-zookeeper - port: 2181 -messagerouter: - container: message-router + ingress: + enabled: true + virtualhost: + enabled: false -# flag to enable debugging - application support required -debugEnabled: false +config: + nifiJarsIndexURL: http://dcaemod-genprocessor/nifi-jars + distributorAPIURL: /distributor + curlImage: curlimages/curl:7.68.0 -# default number of instances -replicaCount: 1 -kafkaHeapOptions: -Xmx4G -Xms2G +# application image +repository: nexus3.onap.org:10001 +image: onap/org.onap.dcaegen2.platform.mod.designtool-web:1.0.0 -nodeSelector: {} +service: + type: ClusterIP + name: dcaemod-designtool + ports: + - name: http + port: 8080 -affinity: {} +ingress: + enabled: true + service: + - baseaddr: "nifi" + name: "dcaemod-designtool" + port: 8080 + - baseaddr: "nifi-api" + name: "dcaemod-designtool" + port: 8080 + config: + ssl: "none" # probe configuration parameters liveness: - initialDelaySeconds: 60 - periodSeconds: 20 - timeoutSeconds: 5 + initialDelaySeconds: 90 + periodSeconds: 30 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: http readiness: initialDelaySeconds: 60 periodSeconds: 20 - timeoutSeconds: 5 - - -service: - type: NodePort - name: message-router-mirrormaker - portName: message-router-mirrormaker - internalPort: 9092 - - - -ingress: - enabled: false + path: /nifi-api/system-diagnostics + scheme: HTTP + port: http # Resource Limit flavor -By Default using small -flavor: large +flavor: small # Segregation for Different environment (Small and Large) resources: small: limits: - cpu: 2000m - memory: 4Gi + cpu: 2 + memory: 2Gi requests: - cpu: 500m + cpu: 1 memory: 1Gi large: limits: - cpu: 4000m - memory: 8Gi + cpu: 4 + memory: 4Gi requests: - cpu: 1000m + cpu: 2 memory: 2Gi unlimited: {} - diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/Chart.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/Chart.yaml new file mode 100644 index 0000000000..e56e62f701 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/Chart.yaml @@ -0,0 +1,21 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP DCAE MOD Distributor API +name: dcaemod-distributor-api +version: 6.0.0 diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml new file mode 100644 index 0000000000..f6868efb55 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/requirements.yaml @@ -0,0 +1,21 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~5.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml new file mode 100644 index 0000000000..a70cc4af5a --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/deployment.yaml @@ -0,0 +1,74 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: 1 + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - dcaemod-runtime-api + - --container-name + - dcaemod-nifi-registry + - --container-name + - dcaemod-onboarding-api + - "-t" + - "15" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + httpGet: + path: {{ .Values.readiness.path }} + port: {{ .Values.readiness.port }} + scheme: {{ .Values.readiness.scheme }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: NIFI_REGISTRY_URL + value: {{ .Values.config.nifiRegistryURL }} + - name : ONBOARDING_API_URL + value: {{ .Values.config.onboardingAPIURL }} + resources: {{ include "common.resources" . | nindent 12 }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/ingress.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/ingress.yaml new file mode 100644 index 0000000000..a996d3c1ad --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/ingress.yaml @@ -0,0 +1,16 @@ +# ================================================================================ +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +{{ include "common.ingress" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/service.yaml new file mode 100644 index 0000000000..2314610a04 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/templates/service.yaml @@ -0,0 +1,18 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +{{ include "common.service" . }}
\ No newline at end of file diff --git a/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml new file mode 100644 index 0000000000..3d9c377885 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-distributor-api/values.yaml @@ -0,0 +1,94 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + nodePortPrefix: 302 + nodePortPrefixExt: 304 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + + ingress: + enabled: true + virtualhost: + enabled: false + +config: + nifiRegistryURL: http://dcaemod-nifi-registry:18080/nifi-registry-api + onboardingAPIURL: http://dcaemod-onboarding-api/onboarding + +# application image +repository: nexus3.onap.org:10001 +image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.0.0 + +service: + type: ClusterIP + name: dcaemod-distributor-api + ports: + - name: http + port: 80 + +ingress: + enabled: true + service: + - baseaddr: "distributor" + name: dcaemod-distributor-api + port: 80 + config: + ssl: "none" + +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + periodSeconds: 30 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: http + +readiness: + initialDelaySeconds: 60 + periodSeconds: 20 + # Should have a proper readiness endpoint + # This will be OK as long as we have a small number + # of distribution targets + path: /distributor/distribution-targets + scheme: HTTP + port: http + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 4Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/Chart.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/Chart.yaml new file mode 100644 index 0000000000..781c30e41a --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/Chart.yaml @@ -0,0 +1,21 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP DCAE MOD Genprocessor +name: dcaemod-genprocessor +version: 6.0.0 diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml new file mode 100644 index 0000000000..f6868efb55 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/requirements.yaml @@ -0,0 +1,21 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~5.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml new file mode 100644 index 0000000000..6b15abe909 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/deployment.yaml @@ -0,0 +1,63 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: 1 + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: GENPROC_ONBOARDING_API_HOST + value: {{ .Values.config.onboardingAPIURL }} + volumeMounts: + - mountPath: /work/ + name: genprocessor-data + resources: {{ include "common.resources" . | nindent 12 }} + - name: {{ include "common.name" . }}-http + image: "{{ include "common.repository" . }}/{{ .Values.httpImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /www/data + name: genprocessor-data + readOnly: true + volumes: + - name: genprocessor-data + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/ingress.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/ingress.yaml new file mode 100644 index 0000000000..6bc21e341d --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/ingress.yaml @@ -0,0 +1,16 @@ +# ================================================================================ +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +{{ include "common.ingress" . }}
\ No newline at end of file diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pv.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pv.yaml new file mode 100644 index 0000000000..c97ef736bb --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pv.yaml @@ -0,0 +1,18 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +{{ include "common.PV" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pvc.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pvc.yaml new file mode 100644 index 0000000000..cdf2728359 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/pvc.yaml @@ -0,0 +1,17 @@ +# ================================================================================ +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +{{ include "common.PVC" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/service.yaml new file mode 100644 index 0000000000..b20e564065 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/templates/service.yaml @@ -0,0 +1,18 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +{{ include "common.service" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml new file mode 100644 index 0000000000..7096a16a1b --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-genprocessor/values.yaml @@ -0,0 +1,99 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + nodePortPrefix: 302 + nodePortPrefixExt: 304 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + ingress: + enabled: true + virtualhost: + enabled: false + +config: + onboardingAPIURL: http://dcaemod-onboarding-api/onboarding + +# application image +repository: nexus3.onap.org:10001 +image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.0 +httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.0 + +service: + type: ClusterIP + name: dcaemod-genprocessor + ports: + - name: http + port: 80 + +ingress: + enabled: true + service: + - baseaddr: "nifi-jars" + name: dcaemod-genprocessor + port: 80 + config: + ssl: "none" + +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + periodSeconds: 30 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: http + +readiness: + initialDelaySeconds: 60 + periodSeconds: 20 + port: http + # Should have a proper readiness endpoint or script + +# Parameters for persistent storage +persistence: + enabled: true +# Only the genprocessor-job writes, genprocessor-http mounts readOnly + accessMode: ReadWriteMany + size: 4Gi + mountPath: /dockerdata-nfs + mountSubPath: dcae-mod-genprocessor/data + volumeReclaimPolicy: Retain + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 4Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/Chart.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/Chart.yaml new file mode 100644 index 0000000000..81a7a54967 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/Chart.yaml @@ -0,0 +1,21 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP DCAE MOD Nifi Registry +name: dcaemod-nifi-registry +version: 6.0.0 diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml new file mode 100644 index 0000000000..f6868efb55 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/requirements.yaml @@ -0,0 +1,21 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~5.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml new file mode 100644 index 0000000000..17ca948ade --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/deployment.yaml @@ -0,0 +1,75 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: 1 + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + # nifi-registry app runs as user "nifi", uid 1000, group "nifi", gid 1000 + # the volume is mounted with root permissions + # this initContainer changes ownership to uid 1000 gid 1000 + # (tried using a securityContext in the pod spec, but it didn't seem to work) + - name: set-permissions + image: busybox:latest + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + - -c + - chown -R 1000:1000 /opt/nifi-registry/nifi-registry-0.4.0/flow_storage + volumeMounts: + - mountPath: /opt/nifi-registry/nifi-registry-0.4.0/flow_storage + name: flow-storage + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /opt/nifi-registry/nifi-registry-0.4.0/flow_storage + name: flow-storage + resources: {{ include "common.resources" . | nindent 12 }} + env: + - name: NIFI_REGISTRY_DB_URL + value: {{ .Values.config.dbURL }} + - name: NIFI_REGISTRY_DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dbsecret" "key" "login") | indent 12 }} + - name: NIFI_REGISTRY_DB_PASS + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dbsecret" "key" "password") | indent 12 }} + volumes: + - name: flow-storage + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pv.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pv.yaml new file mode 100644 index 0000000000..13c5357e45 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pv.yaml @@ -0,0 +1,19 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + + +{{ include "common.PV" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pvc.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pvc.yaml new file mode 100644 index 0000000000..cdf2728359 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/pvc.yaml @@ -0,0 +1,17 @@ +# ================================================================================ +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +{{ include "common.PVC" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/secrets.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/secrets.yaml new file mode 100644 index 0000000000..3c2bb3300f --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/secrets.yaml @@ -0,0 +1,17 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +{{ include "common.secret" . }}
\ No newline at end of file diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/service.yaml new file mode 100644 index 0000000000..b20e564065 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/templates/service.yaml @@ -0,0 +1,18 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +{{ include "common.service" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml b/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml new file mode 100644 index 0000000000..058768ea08 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-nifi-registry/values.yaml @@ -0,0 +1,93 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + nodePortPrefix: 302 + nodePortPrefixExt: 304 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + +config: + dbURL: jdbc:h2:./database/nifi-registry-primary + dbUser: nobody + dbPassword: nobody + +secrets: + - uid: "dbsecret" + type: basicAuth + login: '{{ .Values.config.dbUser }}' + password: '{{ .Values.config.dbPassword }}' + passwordPolicy: generate + +# application image +repository: docker.io +image: apache/nifi-registry:0.5.0 + +service: + type: ClusterIP + name: dcaemod-nifi-registry + ports: + - name: http + port: 18080 + +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + periodSeconds: 30 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: http + +readiness: + initialDelaySeconds: 60 + periodSeconds: 20 + port: http + # Should have a proper readiness endpoint or script + +# Parameters for persistent storage +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 4Gi + mountPath: /dockerdata-nfs + mountSubPath: dcae-mod-nifi-registry/data + volumeReclaimPolicy: Retain + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 4Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} diff --git a/kubernetes/sdc/charts/sdc-es/.helmignore b/kubernetes/dcaemod/components/dcaemod-onboarding-api/.helmignore index 542b3390d8..f0c1319444 100644 --- a/kubernetes/sdc/charts/sdc-es/.helmignore +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/.helmignore @@ -1,21 +1,21 @@ -# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
\ No newline at end of file +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/Chart.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/Chart.yaml new file mode 100644 index 0000000000..defe9d9957 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/Chart.yaml @@ -0,0 +1,21 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP DCAE MOD Onboarding API +name: dcaemod-onboarding-api +version: 6.0.0 diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml new file mode 100644 index 0000000000..de4a8f4835 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/requirements.yaml @@ -0,0 +1,24 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~5.x-0 + repository: '@local' + - name: postgres + version: ~5.x-0 + repository: '@local' diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml new file mode 100644 index 0000000000..2a7a6c14ee --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/deployment.yaml @@ -0,0 +1,80 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: 1 + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - {{ .Values.postgres.nameOverride }} + - "-t" + - "15" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + containers: + - name: {{ include "common.name" . }} + command: + - sh + args: + - -c + - 'PG_CONN=postgresql://${PG_USER}:${PG_PASSWORD}@${PG_ADDR}:${PG_PORT}/${PG_DB_NAME} ./start.sh' + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: {{ include "common.resources" . | nindent 12 }} + env: + - name: PG_ADDR + value: {{ .Values.postgres.service.name2 }} + # This should be kept in secret but it needs a fix in postgres common chart + - name: PG_USER + value: postgres + - name: PG_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14 }} + - name: PG_PORT + value: "5432" + - name: PG_DB_NAME + value: dcae_onboarding_db + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/ingress.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/ingress.yaml new file mode 100644 index 0000000000..6bc21e341d --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/ingress.yaml @@ -0,0 +1,16 @@ +# ================================================================================ +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +{{ include "common.ingress" . }}
\ No newline at end of file diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/secret.yaml index 5b097f3ab7..dee311c336 100644 --- a/kubernetes/common/postgres-legacy/charts/pgpool/requirements.yaml +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/secret.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,7 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -dependencies: - - name: common - version: ~5.x-0 - repository: '@local' +{{ include "common.secret" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/service.yaml new file mode 100644 index 0000000000..b20e564065 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/templates/service.yaml @@ -0,0 +1,18 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +{{ include "common.service" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml new file mode 100644 index 0000000000..656fd69742 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-onboarding-api/values.yaml @@ -0,0 +1,116 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + ingress: + enabled: true + virtualhost: + enabled: false +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-root-pass + name: &rootPassSecretName '{{ include "common.release" . }}-dcaemod-db-root-pass' + type: password + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcaemod-db-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret)}}' + password: '{{ .Values.postgres.config.pgRootPassword }}' + - uid: db-primary-pass + name: &primaryPassSecretName '{{ include "common.release" . }}-dcaemod-db-primary-pass' + type: password + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgPrimaryPasswordExternalSecret) .) (hasSuffix "dcaemod-db-primary-pass" .Values.postgres.config.pgPrimaryPasswordExternalSecret)}}' + password: '{{ .Values.postgres.config.pgPrimaryPassword }}' + +service: + type: ClusterIP + name: dcaemod-onboarding-api + ports: + - name: http + port: 80 +ingress: + enabled: true + service: + - baseaddr: "onboarding" + name: dcaemod-onboarding-api + port: 80 + config: + ssl: "none" + +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + periodSeconds: 30 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: http + +readiness: + initialDelaySeconds: 60 + periodSeconds: 20 + port: http + # Should have a proper readiness endpoint or script + +# postgres values--overriding defaults in the postgres subchart +postgres: + nameOverride: dcaemod-db + service: + name: dcaemod-postgres + name2: dcaemod-pg-primary + name3: dcaemod-pg-replica + suffix: svc.cluster.local + container: + name: + primary: dcaemod-pg-primary + replica: dcaemod-pg-replica + config: + pgPrimaryPasswordExternalSecret: *primaryPassSecretName + pgRootPasswordExternalSecret: *rootPassSecretName + persistence: + mountSubPath: dcaemod/data + mountInitPath: dcaemod + +# application image +repository: nexus3.onap.org:10001 +image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.0 + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 4Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} diff --git a/kubernetes/sdc/charts/sdc-kb/.helmignore b/kubernetes/dcaemod/components/dcaemod-runtime-api/.helmignore index ce90c2db1e..f0c1319444 100644 --- a/kubernetes/sdc/charts/sdc-kb/.helmignore +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/.helmignore @@ -1,25 +1,21 @@ -# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-
-
-#TODO:REMOVE
-sdc-kb.yaml
\ No newline at end of file +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/Chart.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/Chart.yaml new file mode 100644 index 0000000000..0abc522e45 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/Chart.yaml @@ -0,0 +1,21 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP DCAE MOD Runtime API +name: dcaemod-runtime-api +version: 6.0.0 diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml new file mode 100644 index 0000000000..a7ee037690 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/requirements.yaml @@ -0,0 +1,22 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~5.x-0 + repository: '@local' + diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml new file mode 100644 index 0000000000..0043e8a95d --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/deployment.yaml @@ -0,0 +1,55 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: 1 + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: {{ include "common.resources" . | nindent 12 }} + env: + - name: DASHBOARD_URL + value: {{ .Values.config.dashboardURL }} + - name: DASHBOARD_USERNAME + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dashsecret" "key" "login") | indent 14 }} + - name: DASHBOARD_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dashsecret" "key" "password") | indent 14 }} + - name: ONAPDUBLIN_TOPICURL + value: {{ .Values.config.mrTopicURL }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/secrets.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/secrets.yaml new file mode 100644 index 0000000000..3c2bb3300f --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/secrets.yaml @@ -0,0 +1,17 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +{{ include "common.secret" . }}
\ No newline at end of file diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/service.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/service.yaml new file mode 100644 index 0000000000..b20e564065 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/templates/service.yaml @@ -0,0 +1,18 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +{{ include "common.service" . }} diff --git a/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml new file mode 100644 index 0000000000..f21b7f9cb5 --- /dev/null +++ b/kubernetes/dcaemod/components/dcaemod-runtime-api/values.yaml @@ -0,0 +1,89 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.0 + +config: + dashboardURL: https://inventory:8080/dcae-service-types + # The dashboard credentials aren't actually used, since + # the inventory API and the dashboard pass-through to the + # inventory API don't require authentication. + # Since the password doesn't matter, we let it be + # generated by the common secret template. + dashboardUser: nobody + #dashboardPassword: doesntmatter + mrTopicURL: http://message-router:3904/events + +secrets: + - uid: "dashsecret" + type: basicAuth + login: '{{ .Values.config.dashboardUser }}' + password: '{{ .Values.config.dashboardPassword }}' + passwordPolicy: generate + +service: + type: ClusterIP + name: dcaemod-runtime-api + ports: + - name: http + port: 9090 + +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + periodSeconds: 30 + port: http + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 60 + periodSeconds: 20 + port: http + # Should have a proper readiness endpoint or script + +# application image +repository: nexus3.onap.org:10001 +image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.0 + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 4Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} diff --git a/kubernetes/dcaemod/requirements.yaml b/kubernetes/dcaemod/requirements.yaml new file mode 100644 index 0000000000..9c417b069b --- /dev/null +++ b/kubernetes/dcaemod/requirements.yaml @@ -0,0 +1,37 @@ +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~5.x-0 + repository: '@local' + - name: dcaemod-genprocessor + version: ~6.x-0 + repository: 'file://components/dcaemod-genprocessor' + condition: dcaemod-genprocessor.enabled + - name: dcaemod-distributor-api + version: ~6.x-0 + repository: 'file://components/dcaemod-distributor-api' + - name: dcaemod-designtool + version: ~6.x-0 + repository: 'file://components/dcaemod-designtool' + - name: dcaemod-onboarding-api + version: ~6.x-0 + repository: 'file://components/dcaemod-onboarding-api' + - name: dcaemod-runtime-api + version: ~6.x-0 + repository: 'file://components/dcaemod-runtime-api' + - name: dcaemod-nifi-registry + version: ~6.x-0 + repository: 'file://components/dcaemod-nifi-registry'
\ No newline at end of file diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml index a434439b14..3e08185a20 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/deployment.yaml @@ -12,31 +12,28 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + selector: {{- include "common.selectors" . | nindent 4 }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: +{{- if or .Values.global.aafEnabled .Values.PG.enabled }} initContainers: {{- if .Values.global.aafEnabled }} - - command: + - name: {{ include "common.name" . }}-aaf-readiness + command: - /root/ready.py args: - --container-name - aaf-locate + - --container-name + - aaf-cm + - --container-name + - aaf-service env: - name: NAMESPACE valueFrom: @@ -45,8 +42,7 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-aaf-readiness - - name: {{ include "common.name" . }}-dbc-aaf-config + - name: {{ include "common.name" . }}-aaf-config image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"] @@ -81,7 +77,8 @@ spec: value: "{{ .Values.aafConfig.cadiLatitude }}" {{- end }} {{- if .Values.PG.enabled }} - - command: + - name: {{ include "common.name" . }}-postgres-readiness + command: - /root/ready.py args: - --container-name @@ -94,30 +91,29 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-postgres-readiness -{{- end}} +{{- end }} +{{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort2 }} + ports: {{ include "common.containerPorts" . | nindent 10 }} {{ if eq .Values.liveness.enabled true -}} livenessProbe: httpGet: - port: {{ .Values.service.internalPort }} - path: /webapi/info + port: {{ .Values.liveness.port }} + path: /webapi/topics + scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} readinessProbe: httpGet: - host: {{ .Values.dmaapMessageRouterService }} - port: 3904 - path: /topics + port: {{ .Values.readiness.port }} + path: /webapi/topics + scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - {{ end -}} volumeMounts: - mountPath: /etc/localtime name: localtime @@ -129,15 +125,12 @@ spec: - name: {{ include "common.name" . }}-aaf-config mountPath: /opt/app/dmaapbc/etc/org.onap.dmaap-bc.props subPath: org.onap.dmaap-bc.props - resources: -{{ include "common.resources" . }} + resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} volumes: - name: localtime diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/post-install-job.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/post-install-job.yaml index a8833c11c9..c06d4e1130 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/post-install-job.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/post-install-job.yaml @@ -2,11 +2,8 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ include "common.fullname" . }}-post-install - labels: - app.kubernetes.io/managed-by: {{.Release.Service | quote }} - app.kubernetes.io/instance: {{include "common.release" . | quote }} - helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" - release: {{ include "common.release" . }} + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} annotations: # This is what defines this resource as a hook. Without this line, the # job is considered part of the release. @@ -15,16 +12,9 @@ metadata: "helm.sh/hook-delete-policy": hook-succeeded spec: template: - metadata: - name: {{ include "common.fullname" . }} - labels: - app.kubernetes.io/managed-by: {{.Release.Service | quote }} - app.kubernetes.io/instance: {{include "common.release" . | quote }} - helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: restartPolicy: Never - containers: - name: post-install-job image: "{{ include "common.repository" . }}/{{ .Values.global.clientImage }}" @@ -33,9 +23,15 @@ spec: - name: DELAY value: "0" - name: PROTO +{{- if (include "common.needTLS" .) }} value: "https" - name: PORT value: "8443" +{{- else }} + value: "http" + - name: PORT + value: "8080" +{{- end }} - name: REQUESTID value: "{{.Chart.Name}}-post-install" volumeMounts: @@ -50,15 +46,12 @@ spec: mountPath: /opt/app/config/dmaap/ - name: {{ include "common.fullname" . }}-dbc-dcaelocations mountPath: /opt/app/config/dcaeLocations/ - resources: -{{ include "common.resources" . | indent 10 }} + resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} volumes: - name: localtime diff --git a/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml b/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml index ea26452c01..9c9414f48d 100644 --- a/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/templates/service.yaml @@ -13,38 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - {{- if .Values.global.allow_http }} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.name }} - {{- end}} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.name }}2 - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.name }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.name }}2 - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }} diff --git a/kubernetes/dmaap/components/dmaap-bc/values.yaml b/kubernetes/dmaap/components/dmaap-bc/values.yaml index 513963067f..28c77eb54c 100644 --- a/kubernetes/dmaap/components/dmaap-bc/values.yaml +++ b/kubernetes/dmaap/components/dmaap-bc/values.yaml @@ -30,7 +30,7 @@ pullPolicy: Always # application images repository: nexus3.onap.org:10001 -image: onap/dmaap/dmaap-bc:1.1.5 +image: onap/dmaap/dmaap-bc:2.0.3 # application configuration @@ -79,24 +79,24 @@ liveness: periodSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container - enabled: false + port: api + enabled: true readiness: initialDelaySeconds: 10 periodSeconds: 10 + port: api service: type: NodePort name: dmaap-bc - portName: dmaap-bc - portName2: dmaap-bc - externalPort: 8080 - internalPort: 8080 - externalPort2: 8443 - internalPort2: 8443 - nodePort: 41 - nodePort2: 42 + ports: + - name: api + port: 8443 + plain_port: 8080 + port_protocol: http + nodePort: 42 # application configuration override for postgres diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml index 47427737f5..4c30f58a6c 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml @@ -22,7 +22,7 @@ {{- if .Values.global.aafEnabled }} {{- $global := . }} {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) -}} +{{- if (include "common.needPV" .) -}} {{- range $i := until (int $global.Values.replicaCount)}} --- kind: PersistentVolume @@ -33,7 +33,7 @@ metadata: labels: app: {{ include "common.name" $global }} chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" + release: "{{ include "common.release" $global }}" heritage: "{{ $global.Release.Service }}" name: {{ include "common.fullname" $global }}-aaf-props spec: @@ -44,7 +44,7 @@ spec: storageClassName: "{{ include "common.fullname" $global }}-data-aaf-props" persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ $global.Values.persistence.aafCredsMountSubPath }}-{{$i}} + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.aafCredsMountSubPath }}-{{$i}} {{if ne $i (int $global.Values.replicaCount) }} --- {{- end -}} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml index c1d8c8fdb3..3f2d39e0d1 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml @@ -31,7 +31,7 @@ metadata: labels: app: {{ include "common.fullname" $global }} chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" + release: "{{ include "common.release" $global }}" heritage: "{{ $global.Release.Service }}" name: {{ include "common.fullname" $global }}-event-logs spec: @@ -42,7 +42,7 @@ spec: persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} storageClassName: "{{ include "common.fullname" $global }}-data-event-logs" hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ $global.Values.persistence.eventLogsMountSubPath }}-{{$i}} + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.eventLogsMountSubPath }}-{{$i}} {{if ne $i (int $global.Values.replicaCount) }} --- {{- end -}} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml index 280e034f3a..094e92a4ad 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml @@ -20,7 +20,7 @@ {{- $global := . }} {{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if eq "True" (include "common.needPV" .) -}} +{{- if (include "common.needPV" .) -}} {{- range $i := until (int $global.Values.replicaCount)}} kind: PersistentVolume apiVersion: v1 @@ -30,7 +30,7 @@ metadata: labels: app: {{ include "common.fullname" $global }} chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" + release: "{{ include "common.release" $global }}" heritage: "{{ $global.Release.Service }}" name: {{ include "common.fullname" $global }}-spool-data spec: @@ -41,7 +41,7 @@ spec: persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} storageClassName: "{{ include "common.fullname" $global }}-data" hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ $global.Values.persistence.spoolMountSubPath }}-{{$i}} + path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.spoolMountSubPath }}-{{$i}} {{if ne $i (int $global.Values.replicaCount) }} --- {{- end -}} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index 871a4228a2..9478a762ff 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -17,12 +17,13 @@ ################################################################# global: loggingDirectory: /var/log/onap/datarouter + persistence: {} ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-node:2.1.4 +image: onap/dmaap/datarouter-node:2.1.5 pullPolicy: Always # flag to enable debugging - application support required @@ -51,6 +52,7 @@ readiness: ## Persist data to a persitent volume persistence: + enabled: true volumeReclaimPolicy: Retain accessMode: ReadWriteOnce mountPath: /dockerdata-nfs @@ -69,7 +71,7 @@ persistence: #AAF local config aafConfig: - aafDeployFqi: dmaap-dr@dmaap-dr.onap.org + aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! fqdn: dmaap-dr-node fqi: dmaap-dr-node@dmaap-dr.onap.org diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties index 34662ae9e3..b6723117a3 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties +++ b/kubernetes/dmaap/components/dmaap-dr-prov/resources/config/provserver.properties @@ -7,9 +7,9 @@ # * Licensed under the Apache License, Version 2.0 (the "License"); # * you may not use this file except in compliance with the License. # * You may obtain a copy of the License at -# * +# * # * http://www.apache.org/licenses/LICENSE-2.0 -# * +# * # * Unless required by applicable law or agreed to in writing, software # * distributed under the License is distributed on an "AS IS" BASIS, # * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -40,9 +40,9 @@ org.onap.dmaap.datarouter.provserver.isaddressauthenabled = false # Database access org.onap.dmaap.datarouter.db.driver = org.mariadb.jdbc.Driver -org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{.Values.config.dmaapDrDb.mariadbServiceName}}:{{.Values.config.dmaapDrDb.mariadbServicePort}}/datarouter -org.onap.dmaap.datarouter.db.login = datarouter -org.onap.dmaap.datarouter.db.password = datarouter +org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{.Values.config.dmaapDrDb.mariadbServiceName}}:{{.Values.config.dmaapDrDb.mariadbServicePort}}/{{.Values.mariadb.config.mysqlDatabase}} +org.onap.dmaap.datarouter.db.login = ${DB_USERNAME} +org.onap.dmaap.datarouter.db.password = ${DB_PASSWORD} # PROV - DEFAULT ENABLED TLS PROTOCOLS org.onap.dmaap.datarouter.provserver.https.include.protocols = TLSv1.1|TLSv1.2 @@ -55,4 +55,3 @@ org.onap.dmaap.datarouter.provserver.aaf.sub.type = org.onap.dmaap-dr.su org.onap.dmaap.datarouter.provserver.aaf.instance = legacy org.onap.dmaap.datarouter.provserver.aaf.action.publish = publish org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe - diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index 6435b0a641..104fcdc54a 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -56,6 +56,8 @@ spec: - aaf-locate - --container-name - aaf-cm + - --container-name + - aaf-service env: - name: NAMESPACE valueFrom: @@ -118,6 +120,11 @@ spec: port: {{ .Values.config.dmaapDrProv.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: DB_USERNAME + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }} volumeMounts: {{- if .Values.global.aafEnabled }} - mountPath: {{ .Values.persistence.aafCredsPath }} diff --git a/kubernetes/common/postgres-legacy/requirements.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml index 5b097f3ab7..dee311c336 100644 --- a/kubernetes/common/postgres-legacy/requirements.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/secret.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,7 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -dependencies: - - name: common - version: ~5.x-0 - repository: '@local' +{{ include "common.secret" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml index 4dcd7c3319..06f68e7ca9 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/values.yaml @@ -18,12 +18,24 @@ global: nodePortPrefix: 302 loggingDirectory: /opt/app/datartr/logs + persistence: {} + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: dmaap-dr-db-user-secret + name: '{{ include "common.release" . }}-dmaap-dr-db-user-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.dmaapDrDb.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.dmaapDrDb.userName }}' + password: '{{ .Values.config.dmaapDrDb.userPassword }}' ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/datarouter-prov:2.1.4 +image: onap/dmaap/datarouter-prov:2.1.5 pullPolicy: Always # flag to enable debugging - application support required @@ -52,6 +64,7 @@ readiness: ## Persist data to a persitent volume persistence: + enabled: true volumeReclaimPolicy: Retain accessMode: ReadWriteOnce mountPath: /dockerdata-nfs @@ -88,6 +101,9 @@ config: mariadbServiceName: dmaap-dr-db-svc mariadbServicePort: 3306 mariadbContName: dmaap-dr-db + userName: datarouter +# userPassword: password +# userCredentialsExternalSecret: some secret # mariadb-galera configuration mariadb: @@ -95,9 +111,7 @@ mariadb: nameOverride: dmaap-dr-db replicaCount: 2 config: - mariadbRootPassword: datarouter - userName: datarouter - userPassword: datarouter + userCredentialsExternalSecret: '{{ include "common.release" . }}-dmaap-dr-db-user-secret' mysqlDatabase: datarouter service: name: dmaap-dr-db-svc @@ -110,7 +124,7 @@ mariadb: #AAF local config aafConfig: - aafDeployFqi: dmaap-dr@dmaap-dr.onap.org + aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! fqdn: dmaap-dr-prov fqi: dmaap-dr-prov@dmaap-dr.onap.org @@ -136,4 +150,4 @@ resources: requests: cpu: 1000m memory: 2Gi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties index 1e7d7d38ac..977699d83a 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/cadi.properties @@ -2,13 +2,13 @@ aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 aaf_env=DEV aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm -cadi_truststore=/opt/kafka/config/org.onap.dmaap.mr.trust.jks +cadi_truststore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.trust.jks cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw -cadi_keyfile=/opt/kafka/config/org.onap.dmaap.mr.keyfile +cadi_keyfile=/etc/kafka/secrets/cert/org.onap.dmaap.mr.keyfile cadi_alias=dmaapmr@mr.dmaap.onap.org -cadi_keystore=/opt/kafka/config/org.onap.dmaap.mr.p12 +cadi_keystore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.p12 cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/jmx-kafka-prometheus.yml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/jmx-kafka-prometheus.yml new file mode 100644 index 0000000000..2ab713e789 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/jmx-kafka-prometheus.yml @@ -0,0 +1,23 @@ +jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.jmx.port }}/jmxrmi +lowercaseOutputName: true +lowercaseOutputLabelNames: true +ssl: false +rules: +- pattern : kafka.server<type=ReplicaManager, name=(.+)><>(Value|OneMinuteRate) + name: "cp_kafka_server_replicamanager_$1" +- pattern : kafka.controller<type=KafkaController, name=(.+)><>Value + name: "cp_kafka_controller_kafkacontroller_$1" +- pattern : kafka.server<type=BrokerTopicMetrics, name=(.+)><>OneMinuteRate + name: "cp_kafka_server_brokertopicmetrics_$1" +- pattern : kafka.network<type=RequestMetrics, name=RequestsPerSec, request=(.+)><>OneMinuteRate + name: "cp_kafka_network_requestmetrics_requestspersec_$1" +- pattern : kafka.network<type=SocketServer, name=NetworkProcessorAvgIdlePercent><>Value + name: "cp_kafka_network_socketserver_networkprocessoravgidlepercent" +- pattern : kafka.server<type=ReplicaFetcherManager, name=MaxLag, clientId=(.+)><>Value + name: "cp_kafka_server_replicafetchermanager_maxlag_$1" +- pattern : kafka.server<type=KafkaRequestHandlerPool, name=RequestHandlerAvgIdlePercent><>OneMinuteRate + name: "cp_kafka_kafkarequesthandlerpool_requesthandleravgidlepercent" +- pattern : kafka.controller<type=ControllerStats, name=(.+)><>OneMinuteRate + name: "cp_kafka_controller_controllerstats_$1" +- pattern : kafka.server<type=SessionExpireListener, name=(.+)><>OneMinuteRate + name: "cp_kafka_server_sessionexpirelistener_$1" diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/log4j.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/log4j.properties deleted file mode 100644 index 8e20fa48aa..0000000000 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/log4j.properties +++ /dev/null @@ -1,74 +0,0 @@ -log4j.rootLogger=INFO, stdout, kafkaAppender - -log4j.appender.stdout=org.apache.log4j.ConsoleAppender -log4j.appender.stdout.layout=org.apache.log4j.PatternLayout -log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n - -log4j.appender.kafkaAppender=org.apache.log4j.DailyRollingFileAppender -log4j.appender.kafkaAppender.DatePattern='.'yyyy-MM-dd-HH -log4j.appender.kafkaAppender.File=${kafka.logs.dir}/server.log -log4j.appender.kafkaAppender.layout=org.apache.log4j.PatternLayout -log4j.appender.kafkaAppender.layout.ConversionPattern=[%d] %p %m (%c)%n - -log4j.appender.stateChangeAppender=org.apache.log4j.DailyRollingFileAppender -log4j.appender.stateChangeAppender.DatePattern='.'yyyy-MM-dd-HH -log4j.appender.stateChangeAppender.File=${kafka.logs.dir}/state-change.log -log4j.appender.stateChangeAppender.layout=org.apache.log4j.PatternLayout -log4j.appender.stateChangeAppender.layout.ConversionPattern=[%d] %p %m (%c)%n - -log4j.appender.requestAppender=org.apache.log4j.DailyRollingFileAppender -log4j.appender.requestAppender.DatePattern='.'yyyy-MM-dd-HH -log4j.appender.requestAppender.File=${kafka.logs.dir}/kafka-request.log -log4j.appender.requestAppender.layout=org.apache.log4j.PatternLayout -log4j.appender.requestAppender.layout.ConversionPattern=[%d] %p %m (%c)%n - -log4j.appender.cleanerAppender=org.apache.log4j.DailyRollingFileAppender -log4j.appender.cleanerAppender.DatePattern='.'yyyy-MM-dd-HH -log4j.appender.cleanerAppender.File=${kafka.logs.dir}/log-cleaner.log -log4j.appender.cleanerAppender.layout=org.apache.log4j.PatternLayout -log4j.appender.cleanerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n - -log4j.appender.controllerAppender=org.apache.log4j.DailyRollingFileAppender -log4j.appender.controllerAppender.DatePattern='.'yyyy-MM-dd-HH -log4j.appender.controllerAppender.File=${kafka.logs.dir}/controller.log -log4j.appender.controllerAppender.layout=org.apache.log4j.PatternLayout -log4j.appender.controllerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n - -log4j.appender.authorizerAppender=org.apache.log4j.DailyRollingFileAppender -log4j.appender.authorizerAppender.DatePattern='.'yyyy-MM-dd-HH -log4j.appender.authorizerAppender.File=${kafka.logs.dir}/kafka-authorizer.log -log4j.appender.authorizerAppender.layout=org.apache.log4j.PatternLayout -log4j.appender.authorizerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n - -# Change the two lines below to adjust ZK client logging -log4j.logger.org.I0Itec.zkclient.ZkClient=INFO -log4j.logger.org.apache.zookeeper=INFO - -# Change the two lines below to adjust the general broker logging level (output to server.log and stdout) -log4j.logger.kafka=INFO -log4j.logger.org.apache.kafka=INFO - -# Change to DEBUG or TRACE to enable request logging -log4j.logger.kafka.request.logger=WARN, requestAppender -log4j.additivity.kafka.request.logger=false - -# Uncomment the lines below and change log4j.logger.kafka.network.RequestChannel$ to TRACE for additional output -# related to the handling of requests -#log4j.logger.kafka.network.Processor=TRACE, requestAppender -#log4j.logger.kafka.server.KafkaApis=TRACE, requestAppender -#log4j.additivity.kafka.server.KafkaApis=false -log4j.logger.kafka.network.RequestChannel$=WARN, requestAppender -log4j.additivity.kafka.network.RequestChannel$=false - -log4j.logger.kafka.controller=TRACE, controllerAppender -log4j.additivity.kafka.controller=false - -log4j.logger.kafka.log.LogCleaner=INFO, cleanerAppender -log4j.additivity.kafka.log.LogCleaner=false - -log4j.logger.state.change.logger=TRACE, stateChangeAppender -log4j.additivity.state.change.logger=false - -# Access denials are logged at INFO level, change to DEBUG to also log allowed accesses -log4j.logger.kafka.authorizer.logger=INFO, authorizerAppender -log4j.additivity.kafka.authorizer.logger=false diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/server.properties b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/server.properties deleted file mode 100644 index 5016507bfd..0000000000 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/config/server.properties +++ /dev/null @@ -1,122 +0,0 @@ -############################# Socket Server Settings ############################# - -# The address the socket server listens on. It will get the value returned from -# java.net.InetAddress.getCanonicalHostName() if not configured. -# FORMAT: -# listeners = listener_name://host_name:port -# EXAMPLE: -# listeners = PLAINTEXT://your.host.name:9092 -listeners=EXTERNAL_SASL_PLAINTEXT://0.0.0.0:9093,INTERNAL_SASL_PLAINTEXT://0.0.0.0:9092 - -# Maps listener names to security protocols, the default is for them to be the same. See the config documentation for more details -listener.security.protocol.map=INTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT - -# The number of threads that the server uses for receiving requests from the network and sending responses to the network -num.network.threads=3 - -# The number of threads that the server uses for processing requests, which may include disk I/O -num.io.threads=8 - -# The send buffer (SO_SNDBUF) used by the socket server -socket.send.buffer.bytes=102400 - -#The number of hours to keep a log file before deleting it -log.retention.hours=168 -#The maximum size of the log before deleting it -log.retention.bytes=21474836480 - -# The receive buffer (SO_RCVBUF) used by the socket server -socket.receive.buffer.bytes=102400 - -# The maximum size of a request that the socket server will accept (protection against OOM) -socket.request.max.bytes=104857600 - - -############################# Log Basics ############################# - -# A comma separated list of directories under which to store log files -log.dirs=/opt/kafka/data - -# The default number of log partitions per topic. More partitions allow greater -# parallelism for consumption, but this will also result in more files across -# the brokers. -num.partitions={{ .Values.defaultpartitions }} - -# The number of threads per data directory to be used for log recovery at startup and flushing at shutdown. -# This value is recommended to be increased for installations with data dirs located in RAID array. -num.recovery.threads.per.data.dir=1 - -############################# Internal Topic Settings ############################# -# The replication factor for the group metadata internal topics "__consumer_offsets" and "__transaction_state" -# For anything other than development testing, a value greater than 1 is recommended for to ensure availability such as 3. -offsets.topic.replication.factor={{ .Values.replicaCount }} -transaction.state.log.replication.factor=1 -transaction.state.log.min.isr=1 - -############################# Log Flush Policy ############################# - -# Messages are immediately written to the filesystem but by default we only fsync() to sync -# the OS cache lazily. The following configurations control the flush of data to disk. -# There are a few important trade-offs here: -# 1. Durability: Unflushed data may be lost if you are not using replication. -# 2. Latency: Very large flush intervals may lead to latency spikes when the flush does occur as there will be a lot of data to flush. -# 3. Throughput: The flush is generally the most expensive operation, and a small flush interval may lead to excessive seeks. -# The settings below allow one to configure the flush policy to flush data after a period of time or -# every N messages (or both). This can be done globally and overridden on a per-topic basis. - -# The number of messages to accept before forcing a flush of data to disk -#log.flush.interval.messages=10000 - -# The maximum amount of time a message can sit in a log before we force a flush -#log.flush.interval.ms=1000 - -############################# Log Retention Policy ############################# - -# The following configurations control the disposal of log segments. The policy can -# be set to delete segments after a period of time, or after a given size has accumulated. -# A segment will be deleted whenever *either* of these criteria are met. Deletion always happens -# from the end of the log. - -# The minimum age of a log file to be eligible for deletion due to age -log.retention.hours=168 - -# A size-based retention policy for logs. Segments are pruned from the log unless the remaining -# segments drop below log.retention.bytes. Functions independently of log.retention.hours. -#log.retention.bytes=1073741824 - -# The maximum size of a log segment file. When this size is reached a new log segment will be created. -log.segment.bytes=1073741824 - -# The interval at which log segments are checked to see if they can be deleted according -# to the retention policies -log.retention.check.interval.ms=300000 - -############################# Zookeeper ############################# - -# Zookeeper connection string (see zookeeper docs for details). -# This is a comma separated host:port pairs, each corresponding to a zk -# server. e.g. "127.0.0.1:3000,127.0.0.1:3001,127.0.0.1:3002". -# You can also append an optional chroot string to the urls to specify the -# root directory for all kafka znodes. -zookeeper.connect={{ include "common.release" . }}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}} - -# Timeout in ms for connecting to zookeeper -zookeeper.connection.timeout.ms=6000 - - -############################# Group Coordinator Settings ############################# - -# The following configuration specifies the time, in milliseconds, that the GroupCoordinator will delay the initial consumer rebalance. -# The rebalance will be further delayed by the value of group.initial.rebalance.delay.ms as new members join the group, up to a maximum of max.poll.interval.ms. -# The default value for this is 3 seconds. -# We override this to 0 here as it makes for a better out-of-the-box experience for development and testing. -# However, in production environments the default value of 3 seconds is more suitable as this will help to avoid unnecessary, and potentially expensive, rebalances during application startup. -group.initial.rebalance.delay.ms=0 - -inter.broker.listener.name=INTERNAL_SASL_PLAINTEXT -default.replication.factor={{ .Values.replicaCount }} -delete.topic.enable=true -sasl.enabled.mechanisms=PLAIN -authorizer.class.name=org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer -version=1.1.1 -sasl.mechanism.inter.broker.protocol=PLAIN diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/kafka_server_jaas.conf b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/kafka_server_jaas.conf new file mode 100644 index 0000000000..ff43fbb141 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/kafka_server_jaas.conf @@ -0,0 +1,11 @@ +KafkaServer { + org.onap.dmaap.kafkaAuthorize.PlainLoginModule1 required + username="${KAFKA_ADMIN}" + password="${KAFKA_PSWD}" + user_${KAFKA_ADMIN}="${KAFKA_PSWD}"; +}; +Client { + org.apache.zookeeper.server.auth.DigestLoginModule required + username="${ZK_ADMIN}" + password="${ZK_PSWD}"; + }; diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/zk_client_jaas.conf b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/zk_client_jaas.conf new file mode 100644 index 0000000000..0755c1e2b7 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/resources/jaas/zk_client_jaas.conf @@ -0,0 +1,5 @@ +Client { + org.apache.zookeeper.server.auth.DigestLoginModule required + username="${ZK_ADMIN}" + password="${ZK_PSWD}"; + };
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml index e579d82780..50398987d2 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/configmap.yaml @@ -12,10 +12,11 @@ # See the License for the specific language governing permissions and # limitations under the License. +{{- if .Values.global.aafEnabled }} apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-server-prop-configmap + name: {{ include "common.fullname" . }}-cadi-prop-configmap namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -23,12 +24,12 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/server.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/cadi.properties").AsConfig . | indent 2 }} --- apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-cadi-prop-configmap + name: {{ include "common.fullname" . }}-jaas-configmap namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -36,13 +37,14 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/cadi.properties").AsConfig . | indent 2 }} ---- +{{ tpl (.Files.Glob "resources/jaas/kafka_server_jaas.conf").AsConfig . | indent 2 }} + +{{ else }} apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-log4j-prop-configmap + name: {{ include "common.fullname" . }}-jaas-configmap namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -50,6 +52,22 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/log4j.properties").AsConfig . | indent 2 }} ---- +{{ tpl (.Files.Glob "resources/jaas/zk_client_jaas.conf").AsConfig . | indent 2 }} + +{{- end }} +{{- if .Values.prometheus.jmx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-prometheus-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig | indent 2 }} +--- +{{- end }}
\ No newline at end of file diff --git a/kubernetes/common/postgres-legacy/Chart.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml index eff8e36eba..58a10662e8 100644 --- a/kubernetes/common/postgres-legacy/Chart.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/secrets.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada +# Copyright © 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,7 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -description: ONAP Postgres Server -name: postgres-legacy -version: 5.0.0 +{{ include "common.secret" . }}
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml index aa97e32a9a..ab3a6bf852 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/templates/statefulset.yaml @@ -1,4 +1,3 @@ -# Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -32,6 +31,11 @@ spec: labels: app: {{ include "common.name" . }} release: {{ include "common.release" . }} + {{- if .Values.prometheus.jmx.enabled }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }} + {{- end }} spec: podAntiAffinity: {{if eq .Values.podAntiAffinityType "hard" -}} @@ -47,10 +51,14 @@ spec: operator: In values: - {{ include "common.name" . }} + - key: "release" + operator: In + values: + - {{ include "common.release" . }} topologyKey: "kubernetes.io/hostname" {{- if .Values.nodeAffinity }} nodeAffinity: - {{ toYaml .Values.nodeAffinity | indent 10 }} + {{ toYaml .Values.nodeAffinity | indent 10 }} {{- end }} initContainers: - name: {{ include "common.name" . }}-initcontainer @@ -74,24 +82,58 @@ spec: - sh - -exec - | - chown -R 1000:1000 /opt/kafka/data; - rm -rf '/opt/kafka/data/lost+found'; - cp /opt/kafka/tmpconfig/server.properties /opt/kafka/config/; - chown 1000:1000 /opt/kafka/config/server.properties; - cd /opt/kafka/config; - ls; + chown -R 1000:0 /var/lib/kafka/data; image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - - mountPath: /opt/kafka/data + - mountPath: /var/lib/kafka/data name: kafka-data - - mountPath: /opt/kafka/tmpconfig/server.properties - subPath: server.properties - name: server - - mountPath: /opt/kafka/config - name: config-data name: {{ include "common.name" . }}-permission-fixer + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/kafka/secrets/jaas/${PFILE}; done" + env: + - name: ZK_ADMIN + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-client" "key" "login") | indent 10 }} + - name: ZK_PSWD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-client" "key" "password") | indent 10 }} + - name: KAFKA_ADMIN + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "kafka-admin" "key" "login") | indent 10 }} + - name: KAFKA_PSWD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "kafka-admin" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /etc/kafka/secrets/jaas + name: jaas-config + - mountPath: /config-input + name: jaas + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config containers: + {{- if .Values.prometheus.jmx.enabled }} + - name: prometheus-jmx-exporter + image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - java + - -XX:+UnlockExperimentalVMOptions + - -XX:+UseCGroupMemoryLimitForHeap + - -XX:MaxRAMFraction=1 + - -XshowSettings:vm + - -jar + - jmx_prometheus_httpserver.jar + - {{ .Values.prometheus.jmx.port | quote }} + - /etc/jmx-kafka/jmx-kafka-prometheus.yml + ports: + - containerPort: {{ .Values.prometheus.jmx.port }} + resources: +{{ toYaml .Values.prometheus.jmx.resources | indent 10 }} + volumeMounts: + - name: jmx-config + mountPath: /etc/jmx-kafka + {{- end }} - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -100,14 +142,21 @@ spec: - -exc - | export KAFKA_BROKER_ID=${HOSTNAME##*-} && \ - export ENDPOINT_PORT=$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )) && \ + {{- if .Values.global.aafEnabled }} export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_SASL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_SASL_PLAINTEXT://:{{ .Values.service.internalPort }} && \ - exec start-kafka.sh + {{ else }} + export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_PLAINTEXT://:{{ .Values.service.internalPort }} && \ + {{- end }} + exec /etc/confluent/docker/run resources: {{ include "common.resources" . | indent 12 }} ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.externalPort }} + {{- if .Values.prometheus.jmx.enabled }} + - containerPort: {{ .Values.jmx.port }} + name: jmx + {{- end }} {{ if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: @@ -128,28 +177,63 @@ spec: fieldRef: apiVersion: v1 fieldPath: status.hostIP + - name: KAFKA_ZOOKEEPER_CONNECT + value: {{ include "common.release" . }}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}} + - name: KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE + value: "{{ .Values.kafka.enableSupport }}" + - name: KAFKA_OPTS + value: "{{ .Values.kafka.jaasOptions }}" + {{- if .Values.global.aafEnabled }} + - name: KAFKA_OPTS + value: "{{ .Values.kafka.jaasOptionsAaf }}" - name: aaf_locate_url value: https://aaf-locate.{{ include "common.namespace" . }}:8095 - + - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP + value: "{{ .Values.kafka.protocolMapAaf }}" + - name: KAFKA_LISTENERS + value: "{{ .Values.kafka.listenersAaf }}" + - name: KAFKA_SASL_ENABLED_MECHANISMS + value: "{{ .Values.kafka.saslMech }}" + - name: KAFKA_INTER_BROKER_LISTENER_NAME + value: "{{ .Values.kafka.interBrokerListernerAaf }}" + - name: KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL + value: "{{ .Values.kafka.saslInterBrokerProtocol }}" + - name: KAFKA_AUTHORIZER_CLASS_NAME + value: "{{ .Values.kafka.authorizer }}" + {{ else }} + - name: KAFKA_OPTS + value: "{{ .Values.kafka.jaasOptions }}" + - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP + value: "{{ .Values.kafka.protocolMap }}" + - name: KAFKA_LISTENERS + value: "{{ .Values.kafka.listeners }}" + - name: KAFKA_INTER_BROKER_LISTENER_NAME + value: "{{ .Values.kafka.interBrokerListerner }}" + {{- end }} + {{- range $key, $value := .Values.configurationOverrides }} + - name: {{ printf "KAFKA_%s" $key | replace "." "_" | upper | quote }} + value: {{ $value | quote }} + {{- end }} + {{- if .Values.jmx.port }} + - name: KAFKA_JMX_PORT + value: "{{ .Values.jmx.port }}" + {{- end }} + - name: enableCadi + value: "{{ .Values.global.aafEnabled }}" volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /var/run/docker.sock name: docker-socket - - mountPath: /opt/kafka/tmpconfig/server.properties - subPath: server.properties - name: server - - mountPath: /opt/kafka/config/server.properties - subPath: server.properties - name: config-data - - mountPath: /opt/kafka/config/log4j.properties - subPath: log4j.properties - name: log4j - - mountPath: /opt/kafka/config/cadi.properties + {{- if .Values.global.aafEnabled }} + - mountPath: /etc/kafka/data/cadi.properties subPath: cadi.properties name: cadi - - mountPath: /opt/kafka/data + {{ end }} + - name: jaas-config + mountPath: /etc/kafka/secrets/jaas + - mountPath: /var/lib/kafka/data name: kafka-data {{- if .Values.tolerations }} tolerations: @@ -159,20 +243,25 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: config-data - emptyDir: {} + - name: jaas-config + emptyDir: + medium: Memory - name: docker-socket hostPath: path: /var/run/docker.sock - - name: server - configMap: - name: {{ include "common.fullname" . }}-server-prop-configmap - - name: log4j - configMap: - name: {{ include "common.fullname" . }}-log4j-prop-configmap + {{- if .Values.global.aafEnabled }} - name: cadi configMap: name: {{ include "common.fullname" . }}-cadi-prop-configmap + {{ end }} + - name: jaas + configMap: + name: {{ include "common.fullname" . }}-jaas-configmap + {{- if .Values.prometheus.jmx.enabled }} + - name: jmx-config + configMap: + name: {{ include "common.fullname" . }}-prometheus-configmap + {{- end }} {{ if not .Values.persistence.enabled }} - name: kafka-data emptyDir: {} @@ -194,4 +283,4 @@ spec: storage: {{ .Values.persistence.size | quote }} {{ end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml index 873e72e0d2..0399c3aefb 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-kafka/values.yaml @@ -24,13 +24,14 @@ global: loggingImage: beats/filebeat:5.5.0 persistence: {} ubuntuInitRepository: registry.hub.docker.com + envsubstImage: dibi/envsubst ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/kafka111:1.0.1 +image: onap/dmaap/kafka111:1.0.3 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 busyBoxImage: busybox:1.30 @@ -41,15 +42,76 @@ zookeeper: name: message-router-zookeeper port: 2181 +kafka: + heapOptions: -Xmx5G -Xms1G + jaasOptions: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf + jaasOptionsAaf: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/kafka_server_jaas.conf + enableSupport: false + protocolMapAaf: INTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT + protocolMap: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT + listenersAaf: EXTERNAL_SASL_PLAINTEXT://0.0.0.0:9091,INTERNAL_SASL_PLAINTEXT://0.0.0.0:9092 + listeners: EXTERNAL_PLAINTEXT://0.0.0.0:9091,INTERNAL_PLAINTEXT://0.0.0.0:9092 + authorizer: org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer + saslInterBrokerProtocol: PLAIN + saslMech: PLAIN + interBrokerListernerAaf: INTERNAL_SASL_PLAINTEXT + interBrokerListerner: INTERNAL_PLAINTEXT + + +configurationOverrides: + "offsets.topic.replication.factor": "3" + "log.dirs": "/var/lib/kafka/data" + "log.retention.hours": "168" + "num.partitions": "3" + "offsets.topic.replication.factor": "3" + "transaction.state.log.replication.factor": "1" + "transaction.state.log.min.isr": "1" + "num.recovery.threads.per.data.dir": "5" + "log.retention.hours": "168" + "zookeeper.connection.timeout.ms": "6000" + "default.replication.factor": "3" + +jmx: + port: 5555 + +prometheus: + jmx: + enabled: false + image: solsson/kafka-prometheus-jmx-exporter@sha256 + imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143 + imageRepository: docker.io + port: 5556 + +jaas: + config: + zkClient: kafka + zkClientPassword: kafka_secret + kafkaAdminUser: admin + kafkaAdminPassword: admin_secret + #kafkaAdminUserExternal: some secret + #zkClientPasswordExternal: some secret + + +secrets: + - uid: zk-client + type: basicAuth + externalSecret: '{{ .Values.jaas.config.zkClientPasswordExternal}}' + login: '{{ .Values.jaas.config.zkClient }}' + password: '{{ .Values.jaas.config.zkClientPassword }}' + passwordPolicy: required + - uid: kafka-admin + type: basicAuth + externalSecret: '{{ .Values.jaas.config.kafkaAdminUserExternal}}' + login: '{{ .Values.jaas.config.kafkaAdminUser }}' + password: '{{ .Values.jaas.config.kafkaAdminPassword }}' + passwordPolicy: required + # flag to enable debugging - application support required debugEnabled: false # default number of instances replicaCount: 3 -#Kafka custom authorizer class name -kafkaCustomAuthorizer: org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer -deleteTopicEnable: true # To access Kafka outside cluster, this value must be set to hard and the number of nodes in K8S cluster must be equal or greater then replica count podAntiAffinityType: soft @@ -69,17 +131,17 @@ tolerations: {} # probe configuration parameters liveness: - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 1 + initialDelaySeconds: 70 + periodSeconds: 20 + timeoutSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 1 + initialDelaySeconds: 90 + periodSeconds: 20 + timeoutSeconds: 100 ## Persist data to a persitent volume persistence: @@ -109,7 +171,8 @@ service: name: message-router-kafka portName: message-router-kafka internalPort: 9092 - externalPort: 9093 + internalSSLPort: 9093 + externalPort: 9091 baseNodePort: 30490 diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/templates/NOTES.txt b/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/templates/NOTES.txt deleted file mode 100644 index a44d0f76ee..0000000000 --- a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/templates/NOTES.txt +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright © 2018 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright © 2018 Amdocs, Bell Canada -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/templates/deployment.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/templates/deployment.yaml deleted file mode 100644 index 9c8a43b96a..0000000000 --- a/kubernetes/dmaap/components/message-router/charts/message-router-mirrormaker/templates/deployment.yaml +++ /dev/null @@ -1,105 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - serviceName: {{ .Values.service.name }} - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: {{ include "common.name" . }}-initcontainer - image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - - command: - - /root/ready.py - args: - - --container-name - - {{ .Values.messagerouter.container }} - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - - -exc - - | - exec start-mirrormaker.sh - resources: -{{ include "common.resources" . | indent 12 }} - ports: - - containerPort: {{ .Values.service.internalPort }} - {{ if eq .Values.liveness.enabled true }} - livenessProbe: - exec: - command: - - sh - - -c - - "touch /tmp/lprobe.txt" - - "rm /tmp/lprobe.txt" - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} - {{ end }} - readinessProbe: - exec: - command: - - sh - - -c - - "touch /tmp/rprobe.txt" - - "rm /tmp/rprobe.txt" - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} - env: - - name: KAFKA_HEAP_OPTS - value: "{{ .Values.kafkaHeapOptions }}" - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/run/docker.sock - name: docker-socket - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: docker-socket - hostPath: - path: /var/run/docker.sock - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml new file mode 100644 index 0000000000..a75b644c5f --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/jmx-zookeeper-prometheus.yml @@ -0,0 +1,21 @@ +jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.jmx.port }}/jmxrmi +lowercaseOutputName: true +lowercaseOutputLabelNames: true +ssl: false +rules: +- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+)><>(\\w+)" + name: "message-router-zookeeper_$2" +- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+)><>(\\w+)" + name: "message-router-zookeeper_$3" + labels: + replicaId: "$2" +- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+)><>(\\w+)" + name: "message-router-zookeeper_$4" + labels: + replicaId: "$2" + memberType: "$3" +- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+), name3=(\\w+)><>(\\w+)" + name: "message-router-zookeeper_$4_$5" + labels: + replicaId: "$2" + memberType: "$3" diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/zk_server_jaas.conf b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/zk_server_jaas.conf new file mode 100644 index 0000000000..8266f6b2c6 --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/resources/config/zk_server_jaas.conf @@ -0,0 +1,4 @@ +Server { + org.apache.zookeeper.server.auth.DigestLoginModule required + user_${ZK_ADMIN}="${ZK_PSWD}"; +};
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-kb/templates/service.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml index 2d1c27df86..907111d898 100644 --- a/kubernetes/sdc/charts/sdc-kb/templates/service.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/configmap.yaml @@ -1,5 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T, ZTE +# Copyright © 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,28 +12,31 @@ # See the License for the specific language governing permissions and # limitations under the License. +{{- if .Values.prometheus.jmx.enabled }} apiVersion: v1 -kind: Service +kind: ConfigMap metadata: - name: {{ include "common.servicename" . }} + name: {{ include "common.fullname" . }}-prometheus-configmap namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: +data: +{{ (.Files.Glob "resources/config/jmx-zookeeper-prometheus.yml").AsConfig | indent 2 }} +--- +{{ end }} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-jaas-configmap + namespace: {{ include "common.namespace" . }} + labels: app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ (.Files.Glob "resources/config/zk_server_jaas.conf").AsConfig | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml new file mode 100644 index 0000000000..729cad4cac --- /dev/null +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml index af4c1719fb..e98e614d93 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/templates/statefulset.yaml @@ -36,6 +36,11 @@ spec: labels: app: {{ include "common.name" . }} release: {{ include "common.release" . }} + {{- if .Values.prometheus.jmx.enabled }} + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }} + {{- end }} spec: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -47,6 +52,10 @@ spec: operator: In values: - {{ include "common.name" . }} + - key: "release" + operator: In + values: + - {{ include "common.release" . }} topologyKey: "kubernetes.io/hostname" {{- if .Values.nodeAffinity }} nodeAffinity: @@ -58,13 +67,53 @@ spec: - sh - -exec - > - chown -R 1000:1000 /tmp/zookeeper/apikeys; + chown -R 1000:0 /tmp/zookeeper/apikeys; image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /tmp/zookeeper/apikeys name: zookeeper-data + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/zookeeper/secrets/jaas/${PFILE}; done" + env: + - name: ZK_ADMIN + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-admin" "key" "login") | indent 10 }} + - name: ZK_PSWD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "zk-admin" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /etc/zookeeper/secrets/jaas + name: jaas-config + - mountPath: /config-input + name: jaas + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config containers: + {{- if .Values.prometheus.jmx.enabled }} + - name: prometheus-jmx-exporter + image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - java + - -XX:+UnlockExperimentalVMOptions + - -XX:+UseCGroupMemoryLimitForHeap + - -XX:MaxRAMFraction=1 + - -XshowSettings:vm + - -jar + - jmx_prometheus_httpserver.jar + - {{ .Values.prometheus.jmx.port | quote }} + - /etc/jmx-zookeeper/jmx-zookeeper-prometheus.yml + ports: + - containerPort: {{ .Values.prometheus.jmx.port }} + resources: +{{ toYaml .Values.prometheus.jmx.resources | indent 10 }} + volumeMounts: + - name: jmx-config + mountPath: /etc/jmx-zookeeper + {{- end }} - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -77,39 +126,71 @@ spec: name: {{ .Values.service.serverPortName }} - containerPort: {{ .Values.service.leaderElectionPort }} name: {{ .Values.service.leaderElectionPortName }} + {{- if .Values.prometheus.jmx.enabled }} + - containerPort: {{ .Values.jmx.port }} + name: jmx + {{- end }} {{ if eq .Values.liveness.enabled true }} livenessProbe: exec: - command: - - sh - - -c - - "zookeeper-ready.sh 2181" + command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 -q 2 localhost 2181 | grep imok'] initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{ end }} readinessProbe: exec: - command: - - sh - - -c - - "zookeeper-ready.sh 2181" + command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 -q 2 localhost 2181 | grep imok'] initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} + resources: +{{ toYaml .Values.resources | indent 10 }} env: - - name: ZK_REPLICAS + - name : KAFKA_HEAP_OPTS + value: "{{ .Values.zkConfig.heapOptions }}" + {{- if .Values.jmx.port }} + - name : KAFKA_JMX_PORT + value: "{{ .Values.jmx.port }}" + {{- end }} + - name : ZOOKEEPER_REPLICAS value: "{{ .Values.replicaCount }}" - - name: ZK_INIT_LIMIT - value: "{{ .Values.zk.initLimit }}" - - name: ZK_SYNC_LIMIT - value: "{{ .Values.zk.syncLimit }}" + - name : ZOOKEEPER_TICK_TIME + value: "{{ .Values.zkConfig.tickTime }}" + - name : ZOOKEEPER_SYNC_LIMIT + value: "{{ .Values.zkConfig.syncLimit }}" + - name : ZOOKEEPER_INIT_LIMIT + value: "{{ .Values.zkConfig.initLimit }}" + - name : ZOOKEEPER_MAX_CLIENT_CNXNS + value: "{{ .Values.zkConfig.maxClientCnxns }}" + - name : ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT + value: "{{ .Values.zkConfig.autoPurgeSnapRetainCount}}" + - name : ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL + value: "{{ .Values.zkConfig.autoPurgePurgeInterval}}" + - name: ZOOKEEPER_CLIENT_PORT + value: "{{ .Values.zkConfig.clientPort }}" + - name: KAFKA_OPTS + value: "{{ .Values.zkConfig.kafkaOpts }}" + - name: EXTRA_ARGS + value: "{{ .Values.zkConfig.extraArgs }}" + - name: ZOOKEEPER_SERVER_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + command: + - "bash" + - "-c" + - | + ZOOKEEPER_SERVER_ID=$((${HOSTNAME##*-}+1)) \ + /etc/confluent/docker/run volumeMounts: - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /var/lib/zookeeper/data name: zookeeper-data + - name: jaas-config + mountPath: /etc/zookeeper/secrets/jaas {{- if .Values.tolerations }} tolerations: {{ toYaml .Values.tolerations | indent 10 }} @@ -118,15 +199,29 @@ spec: - name: localtime hostPath: path: /etc/localtime + - name: jaas-config + emptyDir: + medium: Memory + - name: docker-socket + hostPath: + path: /var/run/docker.sock + - name: jaas + configMap: + name: {{ include "common.fullname" . }}-jaas-configmap + {{- if .Values.prometheus.jmx.enabled }} + - name: jmx-config + configMap: + name: {{ include "common.fullname" . }}-prometheus-configmap + {{- end }} {{ if not .Values.persistence.enabled }} - name: zookeeper-data emptyDir: {} {{ else }} volumeClaimTemplates: - metadata: - name: zookeeper-data + name: zookeeper-data labels: - app: {{ include "common.fullname" . }} + app: {{ include "common.fullname" . }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: "{{ include "common.release" . }}" heritage: "{{ .Release.Service }}" @@ -139,4 +234,4 @@ spec: storage: {{ .Values.persistence.size | quote }} {{ end }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml index eeb77ba7fd..4abb6e3c4a 100644 --- a/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml +++ b/kubernetes/dmaap/components/message-router/charts/message-router-zookeeper/values.yaml @@ -24,13 +24,14 @@ global: loggingImage: beats/filebeat:5.5.0 ubuntuInitRepository: registry.hub.docker.com persistence: {} + envsubstImage: dibi/envsubst ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/dmaap/zookeeper:6.0.0 +image: onap/dmaap/zookeeper:6.0.2 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 busyBoxImage: busybox:1.30 @@ -39,12 +40,6 @@ busyBoxRepository: docker.io # flag to enable debugging - application support required debugEnabled: false -# application configuration -config: - # gerrit branch where the latest code is checked in - gerritBranch: master - # gerrit project where the latest code is checked in - gerritProject: http://gerrit.onap.org/r/dmaap/messagerouter/messageservice.git # default number of instances replicaCount: 3 @@ -59,22 +54,55 @@ tolerations: {} # probe configuration parameters liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 + initialDelaySeconds: 40 + periodSeconds: 20 + timeoutSeconds: 10 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 + initialDelaySeconds: 40 + periodSeconds: 20 + timeoutSeconds: 10 #Zookeeper properties -zk: - initLimit: 5 - syncLimit: 2 +zkConfig: + tickTime: 2000 + syncLimit: 5 + initLimit: 10 + maxClientCnxns: 200 + autoPurgeSnapRetainCount: 3 + autoPurgePurgeInterval: 24 + heapOptions: -Xmx2G -Xms2G + kafkaOpts: -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider + extraArgs: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf + clientPort: 2181 + +jmx: + port: 5555 + +prometheus: + jmx: + enabled: false + image: solsson/kafka-prometheus-jmx-exporter@sha256 + imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143 + imageRepository: docker.io + port: 5556 + +jaas: + config: + zkAdminUser: kafka + zkAdminPassword: kafka_secret + #zkAdminPasswordExternal= some password + +secrets: + - uid: zk-admin + type: basicAuth + externalSecret: '{{ .Values.jaas.config.zkAdminPasswordExternal}}' + login: '{{ .Values.jaas.config.zkAdminUser }}' + password: '{{ .Values.jaas.config.zkAdminPassword }}' + passwordPolicy: required ## Persist data to a persitent volume persistence: diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml index 5dac1c0de7..f02a2db764 100644 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/logback.xml @@ -6,207 +6,203 @@ you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 - + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - ============LICENSE_END========================================================= + ============LICENSE_END========================================================= --> <configuration scan="true" scanPeriod="3 seconds" debug="false"> - <contextName>${module.ajsc.namespace.name}</contextName> - <jmxConfigurator /> - <property name="logDirectory" value="${AJSC_HOME}/log" /> - <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>ERROR</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - <encoder> - <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n - </pattern> - </encoder> - </appender> - - <appender name="INFO" - class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>INFO</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - </appender> - - <appender name="DEBUG" class="ch.qos.logback.core.ConsoleAppender"> - - <encoder> - <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> - </encoder> - </appender> - - <appender name="ERROR" class="ch.qos.logback.core.ConsoleAppender"> - class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.LevelFilter"> - <level>ERROR</level> - <onMatch>ACCEPT</onMatch> - <onMismatch>DENY</onMismatch> - </filter> - <encoder> - <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> - </encoder> - </appender> - - - <!-- Msgrtr related loggers --> - <logger name="org.onap.dmaap.dmf.mr.service" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.service.impl" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.resources" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.resources.streamReaders" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.backends" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.backends.kafka" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.backends.memory" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.beans" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.constants" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.exception" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.listener" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.metrics.publisher" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.metrics.publisher.impl" level="INFO" /> - - - - <logger name="org.onap.dmaap.dmf.mr.security" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.security.impl" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.transaction" level="INFO" /> - <logger name="com.att.dmf.mr.transaction.impl" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" /> - <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" /> - - <logger name="org.onap.dmaap.dmf.mr.utils" level="INFO" /> - <logger name="org.onap.dmaap.mr.filter" level="INFO" /> - - <!--<logger name="com.att.nsa.cambria.*" level="INFO" />--> - - <!-- Msgrtr loggers in ajsc --> - <logger name="org.onap.dmaap.service" level="INFO" /> - <logger name="org.onap.dmaap" level="INFO" /> - - - <!-- Spring related loggers --> - <logger name="org.springframework" level="WARN" additivity="false"/> - <logger name="org.springframework.beans" level="WARN" additivity="false"/> - <logger name="org.springframework.web" level="WARN" additivity="false" /> - <logger name="com.blog.spring.jms" level="WARN" additivity="false" /> - - <!-- AJSC Services (bootstrap services) --> - <logger name="ajsc" level="WARN" additivity="false"/> - <logger name="ajsc.RouteMgmtService" level="INFO" additivity="false"/> - <logger name="ajsc.ComputeService" level="INFO" additivity="false" /> - <logger name="ajsc.VandelayService" level="WARN" additivity="false"/> - <logger name="ajsc.FilePersistenceService" level="WARN" additivity="false"/> - <logger name="ajsc.UserDefinedJarService" level="WARN" additivity="false" /> - <logger name="ajsc.UserDefinedBeansDefService" level="WARN" additivity="false" /> - <logger name="ajsc.LoggingConfigurationService" level="WARN" additivity="false" /> - - <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet - logging) --> - <logger name="ajsc.utils" level="WARN" additivity="false"/> - <logger name="ajsc.utils.DME2Helper" level="INFO" additivity="false" /> - <logger name="ajsc.filters" level="DEBUG" additivity="false" /> - <logger name="ajsc.beans.interceptors" level="DEBUG" additivity="false" /> - <logger name="ajsc.restlet" level="DEBUG" additivity="false" /> - <logger name="ajsc.servlet" level="DEBUG" additivity="false" /> - <logger name="com.att" level="WARN" additivity="false" /> - <logger name="com.att.ajsc.csi.logging" level="WARN" additivity="false" /> - <logger name="com.att.ajsc.filemonitor" level="WARN" additivity="false"/> - - <logger name="com.att.nsa.dmaap.util" level="INFO" additivity="false"/> - <logger name="com.att.cadi.filter" level="INFO" additivity="false" /> - - - <!-- Other Loggers that may help troubleshoot --> - <logger name="net.sf" level="WARN" additivity="false" /> - <logger name="org.apache.commons.httpclient" level="WARN" additivity="false"/> - <logger name="org.apache.commons" level="WARN" additivity="false" /> - <logger name="org.apache.coyote" level="WARN" additivity="false"/> - <logger name="org.apache.jasper" level="WARN" additivity="false"/> - - <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. - May aid in troubleshooting) --> - <logger name="org.apache.camel" level="WARN" additivity="false" /> - <logger name="org.apache.cxf" level="WARN" additivity="false" /> - <logger name="org.apache.camel.processor.interceptor" level="WARN" additivity="false"/> - <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" additivity="false" /> - <logger name="org.apache.cxf.service" level="WARN" additivity="false" /> - <logger name="org.restlet" level="DEBUG" additivity="false" /> - <logger name="org.apache.camel.component.restlet" level="DEBUG" additivity="false" /> - <logger name="org.apache.kafka" level="DEBUG" additivity="false" /> - <logger name="org.apache.zookeeper" level="INFO" additivity="false" /> - <logger name="org.I0Itec.zkclient" level="DEBUG" additivity="false" /> - - <!-- logback internals logging --> - <logger name="ch.qos.logback.classic" level="INFO" additivity="false"/> - <logger name="ch.qos.logback.core" level="INFO" additivity="false" /> - - <!-- logback jms appenders & loggers definition starts here --> - <!-- logback jms appenders & loggers definition starts here --> - <appender name="auditLogs" - class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - </filter> - <encoder> - <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> - </encoder> - </appender> - <appender name="perfLogs" - class="ch.qos.logback.core.ConsoleAppender"> - <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> - </filter> - <encoder> - <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> - </encoder> - </appender> - <appender name="ASYNC-audit" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>1000</queueSize> - <discardingThreshold>0</discardingThreshold> - <appender-ref ref="Audit-Record-Queue" /> - </appender> - - <logger name="AuditRecord" level="INFO" additivity="FALSE"> - <appender-ref ref="STDOUT" /> - </logger> - <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE"> - <appender-ref ref="STDOUT" /> - </logger> - <appender name="ASYNC-perf" class="ch.qos.logback.classic.AsyncAppender"> - <queueSize>1000</queueSize> - <discardingThreshold>0</discardingThreshold> - <appender-ref ref="Performance-Tracker-Queue" /> - </appender> - <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE"> - <appender-ref ref="ASYNC-perf" /> - <appender-ref ref="perfLogs" /> - </logger> - <!-- logback jms appenders & loggers definition ends here --> - - <root level="DEBUG"> - <appender-ref ref="DEBUG" /> - <appender-ref ref="ERROR" /> - <appender-ref ref="INFO" /> - <appender-ref ref="STDOUT" /> - </root> - -</configuration>
\ No newline at end of file + <contextName>${module.ajsc.namespace.name}</contextName> + <jmxConfigurator /> + <property name="logDirectory" value="${AJSC_HOME}/log" /> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>ERROR</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <encoder> + <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n + </pattern> + </encoder> + </appender> + + <appender name="INFO" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>INFO</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + </appender> + + <appender name="DEBUG" class="ch.qos.logback.core.ConsoleAppender"> + + <encoder> + <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> + </encoder> + </appender> + + <appender name="ERROR" class="ch.qos.logback.core.ConsoleAppender"> class="ch.qos.logback.core.ConsoleAppender"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>ERROR</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <encoder> + <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> + </encoder> + </appender> + + + <!-- Msgrtr related loggers --> + <logger name="org.onap.dmaap.dmf.mr.service" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.service.impl" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.resources" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.resources.streamReaders" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.backends" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.backends.kafka" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.backends.memory" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.beans" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.constants" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.exception" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.listener" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.metrics.publisher" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.metrics.publisher.impl" level="INFO" /> + + + + <logger name="org.onap.dmaap.dmf.mr.security" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.security.impl" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.transaction" level="INFO" /> + <logger name="com.att.dmf.mr.transaction.impl" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" /> + <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" /> + + <logger name="org.onap.dmaap.dmf.mr.utils" level="INFO" /> + <logger name="org.onap.dmaap.mr.filter" level="INFO" /> + + <!--<logger name="com.att.nsa.cambria.*" level="INFO" />--> + + <!-- Msgrtr loggers in ajsc --> + <logger name="org.onap.dmaap.service" level="INFO" /> + <logger name="org.onap.dmaap" level="INFO" /> + + + <!-- Spring related loggers --> + <logger name="org.springframework" level="WARN" additivity="false"/> + <logger name="org.springframework.beans" level="WARN" additivity="false"/> + <logger name="org.springframework.web" level="WARN" additivity="false" /> + <logger name="com.blog.spring.jms" level="WARN" additivity="false" /> + + <!-- AJSC Services (bootstrap services) --> + <logger name="ajsc" level="WARN" additivity="false"/> + <logger name="ajsc.RouteMgmtService" level="INFO" additivity="false"/> + <logger name="ajsc.ComputeService" level="INFO" additivity="false" /> + <logger name="ajsc.VandelayService" level="WARN" additivity="false"/> + <logger name="ajsc.FilePersistenceService" level="WARN" additivity="false"/> + <logger name="ajsc.UserDefinedJarService" level="WARN" additivity="false" /> + <logger name="ajsc.UserDefinedBeansDefService" level="WARN" additivity="false" /> + <logger name="ajsc.LoggingConfigurationService" level="WARN" additivity="false" /> + + <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet + logging) --> + <logger name="ajsc.utils" level="WARN" additivity="false"/> + <logger name="ajsc.utils.DME2Helper" level="INFO" additivity="false" /> + <logger name="ajsc.filters" level="DEBUG" additivity="false" /> + <logger name="ajsc.beans.interceptors" level="DEBUG" additivity="false" /> + <logger name="ajsc.restlet" level="DEBUG" additivity="false" /> + <logger name="ajsc.servlet" level="DEBUG" additivity="false" /> + <logger name="com.att" level="WARN" additivity="false" /> + <logger name="com.att.ajsc.csi.logging" level="WARN" additivity="false" /> + <logger name="com.att.ajsc.filemonitor" level="WARN" additivity="false"/> + + <logger name="com.att.nsa.dmaap.util" level="INFO" additivity="false"/> + <logger name="com.att.cadi.filter" level="INFO" additivity="false" /> + + + <!-- Other Loggers that may help troubleshoot --> + <logger name="net.sf" level="WARN" additivity="false" /> + <logger name="org.apache.commons.httpclient" level="WARN" additivity="false"/> + <logger name="org.apache.commons" level="WARN" additivity="false" /> + <logger name="org.apache.coyote" level="WARN" additivity="false"/> + <logger name="org.apache.jasper" level="WARN" additivity="false"/> + + <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging. + May aid in troubleshooting) --> + <logger name="org.apache.camel" level="WARN" additivity="false" /> + <logger name="org.apache.cxf" level="WARN" additivity="false" /> + <logger name="org.apache.camel.processor.interceptor" level="WARN" additivity="false"/> + <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" additivity="false" /> + <logger name="org.apache.cxf.service" level="WARN" additivity="false" /> + <logger name="org.restlet" level="DEBUG" additivity="false" /> + <logger name="org.apache.camel.component.restlet" level="DEBUG" additivity="false" /> + <logger name="org.apache.kafka" level="DEBUG" additivity="false" /> + <logger name="org.apache.zookeeper" level="INFO" additivity="false" /> + <logger name="org.I0Itec.zkclient" level="DEBUG" additivity="false" /> + + <!-- logback internals logging --> + <logger name="ch.qos.logback.classic" level="INFO" additivity="false"/> + <logger name="ch.qos.logback.core" level="INFO" additivity="false" /> + + <!-- logback jms appenders & loggers definition starts here --> + <!-- logback jms appenders & loggers definition starts here --> + <appender name="auditLogs" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + </filter> + <encoder> + <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> + </encoder> + </appender> + <appender name="perfLogs" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + </filter> + <encoder> + <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> + </encoder> + </appender> + <appender name="ASYNC-audit" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <discardingThreshold>0</discardingThreshold> + <appender-ref ref="Audit-Record-Queue" /> + </appender> + + <logger name="AuditRecord" level="INFO" additivity="FALSE"> + <appender-ref ref="STDOUT" /> + </logger> + <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE"> + <appender-ref ref="STDOUT" /> + </logger> + <appender name="ASYNC-perf" class="ch.qos.logback.classic.AsyncAppender"> + <queueSize>1000</queueSize> + <discardingThreshold>0</discardingThreshold> + <appender-ref ref="Performance-Tracker-Queue" /> + </appender> + <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE"> + <appender-ref ref="ASYNC-perf" /> + <appender-ref ref="perfLogs" /> + </logger> + <!-- logback jms appenders & loggers definition ends here --> + + <root level="DEBUG"> + <appender-ref ref="DEBUG" /> + <appender-ref ref="ERROR" /> + <appender-ref ref="INFO" /> + <appender-ref ref="STDOUT" /> + </root> + +</configuration> diff --git a/kubernetes/dmaap/components/message-router/resources/topics/mirrormakeragent.json b/kubernetes/dmaap/components/message-router/resources/topics/mirrormakeragent.json index 7ae77cd8a8..ff1a5732e2 100644 --- a/kubernetes/dmaap/components/message-router/resources/topics/mirrormakeragent.json +++ b/kubernetes/dmaap/components/message-router/resources/topics/mirrormakeragent.json @@ -1,7 +1,7 @@ { "topicName": "mirrormakeragent", "topicDescription": "the topic used to provision the MM agent whitelist", - "replicationCase": "REPLICATION_NONE", + "replicationCase": "REPLICATION_NONE", "owner": "dmaap", "txenabled": false, "partitionCount": "1", @@ -10,33 +10,28 @@ "dcaeLocationName": "san-francisco", "clientIdentity": "dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org", "action": [ - "pub", + "pub", "sub", - "view" + "view" ] - }, - { + { "dcaeLocationName": "san-francisco", "clientIdentity": "dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org", "action": [ - "pub", + "pub", "sub", - "view" + "view" ] - }, - { + { "dcaeLocationName": "san-francisco", "clientIdentity": "demo@people.osaaf.org", "action": [ - "pub", + "pub", "sub", - "view" + "view" ] - } - ] -} - +}
\ No newline at end of file diff --git a/kubernetes/dmaap/components/message-router/templates/service.yaml b/kubernetes/dmaap/components/message-router/templates/service.yaml index db3bc76c6a..2b0b44e246 100644 --- a/kubernetes/dmaap/components/message-router/templates/service.yaml +++ b/kubernetes/dmaap/components/message-router/templates/service.yaml @@ -13,45 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - msb.onap.org/service-info: '[ - { - "serviceName": "{{ include "common.servicename" . }}", - "version": "v1", - "url": "/", - "protocol": "REST", - "port": "{{.Values.service.internalPort}}", - "visualRange":"1" - } - ]' - -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - {{- if .Values.global.allow_http }} - - port: {{ .Values.service.externalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }} - {{- end}} - - port: {{ .Values.service.externalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} +{{ include "common.service" . }} diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml index 35cc5e7405..c17fda1108 100644 --- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml @@ -12,23 +12,16 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: apps/v1beta1 + +apiVersion: apps/v1 kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + selector: {{- include "common.selectors" . | nindent 4 }} + serviceName: {{ include "common.servicename" . }} replicas: {{ .Values.replicaCount }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - command: @@ -51,20 +44,18 @@ spec: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.externalPort }} - - containerPort: {{ .Values.service.externalPort2 }} + ports: {{ include "common.containerPorts" . | nindent 10 }} {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{ .Values.service.externalPort }} + port: {{ .Values.liveness.port }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{ .Values.service.externalPort }} + port: {{ .Values.readiness.port }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} @@ -87,8 +78,7 @@ spec: - mountPath: /appl/dmaapMR1/etc/keyfile subPath: mykey name: mykey - resources: -{{ include "common.resources" . }} + resources: {{ include "common.resources" . | nindent 12 }} volumes: - name: localtime hostPath: diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml index 935c090751..b14c35f183 100644 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ b/kubernetes/dmaap/components/message-router/values.yaml @@ -58,21 +58,31 @@ liveness: timeoutSeconds: 1 # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container + port: api enabled: true readiness: initialDelaySeconds: 70 periodSeconds: 10 timeoutSeconds: 1 + port: api service: type: NodePort name: message-router - portName: message-router - externalPort: 3904 - nodePort: 27 - externalPort2: 3905 - nodePort2: 26 + both_tls_and_plain: true + msb: + port: api + url: "/" + version: "v1" + protocol: "REST" + visualRange: "1" + ports: + - name: api + port: 3905 + plain_port: 3904 + port_protocol: http + nodePort: 26 ingress: enabled: false diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml index 4c0d8d584e..ecc5689668 100644 --- a/kubernetes/dmaap/values.yaml +++ b/kubernetes/dmaap/values.yaml @@ -29,7 +29,7 @@ global: busyBoxRepository: docker.io #Global DMaaP app config - allow_http: true + allow_http: false #Logstash config logstashServiceName: log-ls diff --git a/kubernetes/esr/charts/esr-gui/values.yaml b/kubernetes/esr/charts/esr-gui/values.yaml index 952dd0ab48..a191739948 100644 --- a/kubernetes/esr/charts/esr-gui/values.yaml +++ b/kubernetes/esr/charts/esr-gui/values.yaml @@ -26,7 +26,7 @@ global: repository: nexus3.onap.org:10001 image: onap/aai/esr-gui:1.4.0 pullPolicy: Always -msbaddr: msb-iag.{{ include "common.namespace" . }}:80 +msbaddr: msb-iag.{{ include "common.namespace" . }}:443 # default number of instances replicaCount: 1 diff --git a/kubernetes/esr/charts/esr-server/values.yaml b/kubernetes/esr/charts/esr-server/values.yaml index 5316210f38..f3f4f88ebf 100644 --- a/kubernetes/esr/charts/esr-server/values.yaml +++ b/kubernetes/esr/charts/esr-server/values.yaml @@ -27,9 +27,9 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/aai/esr-server:1.5.1 +image: onap/aai/esr-server:1.5.2 pullPolicy: Always -msbaddr: msb-iag.{{ include "common.namespace" . }}:80 +msbaddr: msb-iag.{{ include "common.namespace" . }}:443 # application configuration config: diff --git a/kubernetes/multicloud/charts/multicloud-fcaps/values.yaml b/kubernetes/multicloud/charts/multicloud-fcaps/values.yaml index 4b34784ccd..6182cbe6c1 100644 --- a/kubernetes/multicloud/charts/multicloud-fcaps/values.yaml +++ b/kubernetes/multicloud/charts/multicloud-fcaps/values.yaml @@ -23,7 +23,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/multicloud/openstack-fcaps:1.5.3 +image: onap/multicloud/openstack-fcaps:1.5.5 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/multicloud/charts/multicloud-pike/values.yaml b/kubernetes/multicloud/charts/multicloud-pike/values.yaml index a4c7100730..ec79a1a847 100644 --- a/kubernetes/multicloud/charts/multicloud-pike/values.yaml +++ b/kubernetes/multicloud/charts/multicloud-pike/values.yaml @@ -23,7 +23,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/multicloud/openstack-pike:1.4.1 +image: onap/multicloud/openstack-pike:1.5.5 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/multicloud/charts/multicloud-starlingx/values.yaml b/kubernetes/multicloud/charts/multicloud-starlingx/values.yaml index 2dffd1c959..cb065d6f20 100644 --- a/kubernetes/multicloud/charts/multicloud-starlingx/values.yaml +++ b/kubernetes/multicloud/charts/multicloud-starlingx/values.yaml @@ -23,7 +23,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/multicloud/openstack-starlingx:1.5.3 +image: onap/multicloud/openstack-starlingx:1.5.5 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/multicloud/charts/multicloud-windriver/values.yaml b/kubernetes/multicloud/charts/multicloud-windriver/values.yaml index 1104fa0696..8ab4d56010 100644 --- a/kubernetes/multicloud/charts/multicloud-windriver/values.yaml +++ b/kubernetes/multicloud/charts/multicloud-windriver/values.yaml @@ -26,7 +26,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/multicloud/openstack-windriver:1.5.3 +image: onap/multicloud/openstack-windriver:1.5.5 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index 29939722d6..4e22af6494 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -45,7 +45,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/externalapi/nbi:5.0.1 +image: onap/externalapi/nbi:6.0.0 pullPolicy: IfNotPresent sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU= aai_authorization: Basic QUFJOkFBSQ== diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml index 314622f4c6..28fb49aa6d 100755 --- a/kubernetes/onap/requirements.yaml +++ b/kubernetes/onap/requirements.yaml @@ -60,6 +60,10 @@ dependencies: version: ~6.x-0 repository: '@local' condition: dcaegen2.enabled + - name: dcaemod + version: ~6.x-0 + repository: '@local' + condition: dcaemod.enabled - name: dmaap version: ~5.x-0 repository: '@local' diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml new file mode 100644 index 0000000000..545359efea --- /dev/null +++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml @@ -0,0 +1,172 @@ +# Copyright © 2019 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration overrides. +# +# These overrides will affect all helm charts (ie. applications) +# that are listed below and are 'enabled'. +################################################################# +global: + # Change to an unused port prefix range to prevent port conflicts + # with other instances running within the same k8s cluster + nodePortPrefix: 302 + nodePortPrefixExt: 304 + + # ONAP Repository + # Uncomment the following to enable the use of a single docker + # repository but ONLY if your repository mirrors all ONAP + # docker images. This includes all images from dockerhub and + # any other repository that hosts images for ONAP components. + #repository: nexus3.onap.org:10001 + repositoryCred: + user: docker + password: docker + + # readiness check - temporary repo until images migrated to nexus3 + readinessRepository: oomk8s + # logging agent - temporary repo until images migrated to nexus3 + loggingRepository: docker.elastic.co + + # image pull policy + pullPolicy: IfNotPresent + + # default mount path root directory referenced + # by persistent volumes and log files + persistence: + mountPath: /dockerdata-nfs + enableDefaultStorageclass: false + parameters: {} + storageclassProvisioner: kubernetes.io/no-provisioner + volumeReclaimPolicy: Retain + + # override default resource limit flavor for all charts + flavor: small + + # flag to enable debugging - application support required + debugEnabled: false + + #Global ingress configuration + ingress: + enabled: false + virtualhost: + enabled: true + baseurl: "simpledemo.onap.org" +################################################################# +# Enable/disable and configure helm charts (ie. applications) +# to customize the ONAP deployment. +################################################################# +aaf: + enabled: true +aai: + enabled: true +appc: + enabled: false + config: + openStackType: OpenStackProvider + openStackName: OpenStack + openStackKeyStoneUrl: http://localhost:8181/apidoc/explorer/index.html + openStackServiceTenantName: default + openStackDomain: default + openStackUserName: admin + openStackEncryptedPassword: admin +cassandra: + enabled: true +cds: + enabled: true +clamp: + enabled: false +cli: + enabled: false +consul: + enabled: false +contrib: + enabled: false +dcaegen2: + enabled: false +pnda: + enabled: false +dmaap: + enabled: true +esr: + enabled: true +log: + enabled: true +sniro-emulator: + enabled: false +oof: + enabled: true +mariadb-galera: + enabled: true +msb: + enabled: true +multicloud: + enabled: false +nbi: + enabled: false + config: + # openstack configuration + openStackRegion: "Yolo" + openStackVNFTenantId: "1234" +policy: + enabled: true +pomba: + enabled: false +portal: + enabled: true +robot: + enabled: false + config: + # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment + openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" +sdc: + enabled: true +sdnc: + enabled: false + + replicaCount: 1 + + mysql: + replicaCount: 1 +so: + enabled: true + + replicaCount: 1 + + liveness: + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: false + + # so server configuration + config: + # message router configuration + dmaapTopic: "AUTO" + # openstack configuration + openStackUserName: "vnf_user" + openStackRegion: "RegionOne" + openStackKeyStoneUrl: "http://1.2.3.4:5000" + openStackServiceTenantName: "service" + openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" + +uui: + enabled: true +vfc: + enabled: false +vid: + enabled: false +vnfsdk: + enabled: false +modeling: + enabled: false diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index c93f2c44f7..d302298b1a 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -38,6 +38,8 @@ contrib: enabled: true dcaegen2: enabled: true +dcaemod: + enabled: true dmaap: enabled: true esr: diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 2395495df3..4d69b9d3cb 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -63,6 +63,57 @@ global: virtualhost: enabled: true baseurl: "simpledemo.onap.org" + + # Global Service Mesh configuration + # POC Mode, don't use it in production + serviceMesh: + enabled: false + tls: true + + # Disabling AAF + # POC Mode, don't use it in production + aafEnabled: true + + # TLS + # Set to false if you want to disable TLS for NodePorts. Be aware that this + # will loosen your security. + # if set this element will force or not tls even if serviceMesh.tls is set. + # tlsEnabled: false + + +# Example of specific for the components where you want to disable TLS only for +# it: +# if set this element will force or not tls even if global.serviceMesh.tls and +# global.tlsEnabled is set otherwise. +# robot: +# tlsOverride: false + + # Global storage configuration + # Set to "-" for default, or with the name of the storage class + # Please note that if you use AAF, CDS, SDC, Netbox or Robot, you need a + # storageclass with RWX capabilities (or set specific configuration for these + # components). + # persistence: + # storageClass: "-" + +# Example of specific for the components which requires RWX: +# aaf: +# persistence: +# storageClassOverride: "My_RWX_Storage_Class" +# contrib: +# netbox: +# netbox-app: +# persistence: +# storageClassOverride: "My_RWX_Storage_Class" +# cds: +# cds-blueprints-processor: +# persistence: +# storageClassOverride: "My_RWX_Storage_Class" +# sdc: +# sdc-onboarding-be: +# persistence: +# storageClassOverride: "My_RWX_Storage_Class" + ################################################################# # Enable/disable and configure helm charts (ie. applications) # to customize the ONAP deployment. @@ -95,6 +146,8 @@ contrib: enabled: false dcaegen2: enabled: false +dcaemod: + enabled: false pnda: enabled: false dmaap: diff --git a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf b/kubernetes/oof/charts/oof-has/resources/config/conductor.conf index 2b5a0115bb..fd87adc4b4 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf +++ b/kubernetes/oof/charts/oof-has/resources/config/conductor.conf @@ -560,8 +560,7 @@ concurrent = true #table_prefix = sdnc # Base URL for SDN-C, up to and including the version. (string value) -#server_url = https://controller:8443/restconf/ -server_url = https://sdncodl-conexus-e2e.ecomp.cci.att.com:8543/restconf/ +server_url = https://controller:8443/restconf/ # Basic Authentication Username (string value) #username = <None> @@ -577,7 +576,6 @@ password = Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U # Retry Numbers for SDNC Rest Call (string value) #sdnc_retries = 3 - [service_controller] # diff --git a/kubernetes/policy/charts/policy-pap/Chart.yaml b/kubernetes/policy/charts/pap/Chart.yaml index 85e44e75d3..25e481b9fc 100644 --- a/kubernetes/policy/charts/policy-pap/Chart.yaml +++ b/kubernetes/policy/charts/pap/Chart.yaml @@ -18,5 +18,5 @@ apiVersion: v1 description: ONAP Policy Administration (PAP) -name: policy-pap +name: pap version: 5.0.0 diff --git a/kubernetes/policy/charts/policy-pap/requirements.yaml b/kubernetes/policy/charts/pap/requirements.yaml index f035fb9801..f035fb9801 100644 --- a/kubernetes/policy/charts/policy-pap/requirements.yaml +++ b/kubernetes/policy/charts/pap/requirements.yaml diff --git a/kubernetes/policy/charts/policy-pap/resources/config/config.json b/kubernetes/policy/charts/pap/resources/config/config.json index 48065aeb4b..48065aeb4b 100644 --- a/kubernetes/policy/charts/policy-pap/resources/config/config.json +++ b/kubernetes/policy/charts/pap/resources/config/config.json diff --git a/kubernetes/policy/charts/policy-pap/templates/NOTES.txt b/kubernetes/policy/charts/pap/templates/NOTES.txt index 170b03e6db..170b03e6db 100644 --- a/kubernetes/policy/charts/policy-pap/templates/NOTES.txt +++ b/kubernetes/policy/charts/pap/templates/NOTES.txt diff --git a/kubernetes/policy/charts/policy-pap/templates/configmap.yaml b/kubernetes/policy/charts/pap/templates/configmap.yaml index 372bf4dcca..372bf4dcca 100644 --- a/kubernetes/policy/charts/policy-pap/templates/configmap.yaml +++ b/kubernetes/policy/charts/pap/templates/configmap.yaml diff --git a/kubernetes/policy/charts/policy-pap/templates/deployment.yaml b/kubernetes/policy/charts/pap/templates/deployment.yaml index caef5218ef..caef5218ef 100644 --- a/kubernetes/policy/charts/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/charts/pap/templates/deployment.yaml diff --git a/kubernetes/policy/charts/policy-pap/templates/service.yaml b/kubernetes/policy/charts/pap/templates/service.yaml index a23352a17e..a23352a17e 100644 --- a/kubernetes/policy/charts/policy-pap/templates/service.yaml +++ b/kubernetes/policy/charts/pap/templates/service.yaml diff --git a/kubernetes/policy/charts/policy-pap/values.yaml b/kubernetes/policy/charts/pap/values.yaml index bcf08f20e8..bcf08f20e8 100644 --- a/kubernetes/policy/charts/policy-pap/values.yaml +++ b/kubernetes/policy/charts/pap/values.yaml diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index ca1a8a3c21..ba2073994e 100644 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -26,7 +26,7 @@ global: pdp: nameOverride: pdp pap: - nameOverride: policy + nameOverride: pap drools: nameOverride: drools brmwgw: diff --git a/kubernetes/portal/charts/portal-app/resources/server/web.xml b/kubernetes/portal/charts/portal-app/resources/server/web.xml new file mode 100644 index 0000000000..8f88e12666 --- /dev/null +++ b/kubernetes/portal/charts/portal-app/resources/server/web.xml @@ -0,0 +1,155 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ============LICENSE_START========================================== + ONAP Portal + =================================================================== + Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + =================================================================== + + Unless otherwise specified, all software contained herein is licensed + under the Apache License, Version 2.0 (the "License"); + you may not use this software except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + Unless otherwise specified, all documentation contained herein is licensed + under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + you may not use this documentation except in compliance with the License. + You may obtain a copy of the License at + + https://creativecommons.org/licenses/by/4.0/ + + Unless required by applicable law or agreed to in writing, documentation + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + ============LICENSE_END============================================ + + + --> + +<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4"> + <display-name>fusion</display-name> + + <!-- + <context-param> + <param-name>log4jConfigLocation</param-name> + <param-value>/WEB-INF/conf/log4j.properties</param-value> + </context-param> + + <listener> + <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class> + </listener> + --> + + <!-- The Portal app can function on a HA cluster --> + <distributable/> + + <!-- <context-param> + <param-name>contextConfigLocation</param-name> + <param-value>/WEB-INF/oid-context.xml</param-value> + </context-param> + + <listener> + <listener-class> + org.springframework.web.context.ContextLoaderListener + </listener-class> + </listener> --> + + + <listener> + <listener-class>org.onap.portalapp.portal.listener.UserSessionListener</listener-class> + </listener> + <!-- + <filter> + <filter-name>springSessionRepositoryFilter</filter-name> + <filter-class>org.onap.portalapp.music.filter.MusicSessionRepositoryFilter</filter-class> + </filter> + <filter-mapping> + <filter-name>springSessionRepositoryFilter</filter-name> + <url-pattern>/*</url-pattern> + <dispatcher>REQUEST</dispatcher> + <dispatcher>ERROR</dispatcher> + </filter-mapping> + --> + <filter> + <filter-name>CorsFilter</filter-name> + <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> + <init-param> + <param-name>cors.allowed.origins</param-name> + <param-value>http://www.portal.onap.org:9200,http://www.portal.onap.org:9000</param-value> + </init-param> + <init-param> + <param-name>cors.allowed.methods</param-name> + <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value> + </init-param> + <init-param> + <param-name>cors.allowed.headers</param-name> + <param-value>EPService,JSESSIONID,X-ECOMP-RequestID,X-Widgets-Type,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value> + </init-param> + <init-param> + <param-name>cors.exposed.headers</param-name> + <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value> + </init-param> + <init-param> + <param-name>cors.support.credentials</param-name> + <param-value>true</param-value> + </init-param> + <init-param> + <param-name>cors.preflight.maxage</param-name> + <param-value>10</param-value> + </init-param> + </filter> + + <filter-mapping> + <filter-name>CorsFilter</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> + + <filter> + <filter-name>SecurityXssFilter</filter-name> + <filter-class>org.onap.portalapp.filter.SecurityXssFilter</filter-class> + </filter> + + <filter-mapping> + <filter-name>SecurityXssFilter</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> +<!-- <filter> --> +<!-- <filter-name>CadiAuthFilter</filter-name> --> +<!-- <filter-class>org.onap.portalsdk.core.onboarding.crossapi.CadiAuthFilter</filter-class> --> +<!-- <init-param> --> +<!-- <param-name>cadi_prop_files</param-name> --> +<!-- Add Absolute path of cadi.properties --> +<!-- <param-value>{Path}/cadi.properties --> +<!-- </param-value> --> +<!-- </init-param> --> +<!-- Add param values with comma delimited values --> +<!-- <init-param> --> +<!-- <param-name>include_url_endpoints</param-name> --> +<!-- <param-value>/auxapi/*</param-value> --> +<!-- </init-param> --> +<!-- <init-param> --> +<!-- <param-name>exclude_url_endpoints</param-name> --> +<!-- <param-value>/api/v3/analytics,/api/v3/storeAnalytics</param-value> --> +<!-- </init-param> --> +<!-- </filter> --> +<!-- <filter-mapping> --> +<!-- <filter-name>CadiAuthFilter</filter-name> --> +<!-- <url-pattern>/auxapi/v3/*</url-pattern> --> +<!-- </filter-mapping> --> +<!-- <filter-mapping> --> +<!-- <filter-name>CadiAuthFilter</filter-name> --> +<!-- <url-pattern>/auxapi/v4/*</url-pattern> --> + +<!-- </filter-mapping> --> +</web-app> diff --git a/kubernetes/portal/charts/portal-app/templates/deployment.yaml b/kubernetes/portal/charts/portal-app/templates/deployment.yaml index fe44c76ca6..eb0dee0f73 100644 --- a/kubernetes/portal/charts/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/charts/portal-app/templates/deployment.yaml @@ -114,6 +114,9 @@ spec: - name: properties-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml" subPath: server.xml + - name: properties-onapportal + mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml" + subPath: web.xml - name: authz-onapportal mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.keystoreFile}}" subPath: {{ .Values.global.keystoreFile}} diff --git a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties index 3bbb1a7f9b..063ba3d122 100755 --- a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties +++ b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties @@ -81,3 +81,14 @@ authenticate_user_server=http://{{.Values.global.portalHostName}}:8383/openid-co #cookie domain cookie_domain = onap.org + +{{- if .Values.global.aafEnabled }} +# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now) +ext_central_access_user_name = aaf_admin@people.osaaf.org +ext_central_access_password = thiswillbereplacedatruntime +ext_central_access_url = {{ .Values.aafURL }}/authz/ +ext_central_access_user_domain = @people.osaaf.org + +# External Central Auth system access +remote_centralized_system_access = true +{{- end }}
\ No newline at end of file diff --git a/kubernetes/portal/charts/portal-sdk/resources/server/server.xml b/kubernetes/portal/charts/portal-sdk/resources/server/server.xml new file mode 100644 index 0000000000..506a1ca4cd --- /dev/null +++ b/kubernetes/portal/charts/portal-sdk/resources/server/server.xml @@ -0,0 +1,155 @@ +<?xml version='1.0' encoding='utf-8'?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + + Modifications to this file for use in ONAP are also subject to the Apache-2.0 license. +--> +<!-- Note: A "Server" is not itself a "Container", so you may not + define subcomponents such as "Valves" at this level. + Documentation at /docs/config/server.html + --> +<Server port="8005" shutdown="SHUTDOWN"> + <Listener className="org.apache.catalina.startup.VersionLoggerListener" logArgs="false"/> + <!-- Security listener. Documentation at /docs/config/listeners.html + <Listener className="org.apache.catalina.security.SecurityListener" /> + --> + <!--APR library loader. Documentation at /docs/apr.html --> + <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> + <!-- Prevent memory leaks due to use of particular java/javax APIs--> + <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> + <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> + <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> + + <!-- Global JNDI resources + Documentation at /docs/jndi-resources-howto.html + --> + <GlobalNamingResources> + <!-- Editable user database that can also be used by + UserDatabaseRealm to authenticate users + --> + <Resource name="UserDatabase" auth="Container" + type="org.apache.catalina.UserDatabase" + description="User database that can be updated and saved" + factory="org.apache.catalina.users.MemoryUserDatabaseFactory" + pathname="conf/tomcat-users.xml" /> + </GlobalNamingResources> + + <!-- A "Service" is a collection of one or more "Connectors" that share + a single "Container" Note: A "Service" is not itself a "Container", + so you may not define subcomponents such as "Valves" at this level. + Documentation at /docs/config/service.html + --> + <Service name="Catalina"> + + <!--The connectors can use a shared executor, you can define one or more named thread pools--> + <!-- + <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" + maxThreads="150" minSpareThreads="4"/> + --> + + + <!-- A "Connector" represents an endpoint by which requests are received + and responses are returned. Documentation at : + Java HTTP Connector: /docs/config/http.html (blocking & non-blocking) + Java AJP Connector: /docs/config/ajp.html + APR (HTTP/AJP) Connector: /docs/apr.html + Define a non-SSL/TLS HTTP/1.1 Connector on port 8080 + --> + <Connector port="8080" protocol="HTTP/1.1" + connectionTimeout="20000" + {{ if .Values.global.aafEnabled }} + redirectPort="8443" + {{ end }} + /> + <!-- A "Connector" using the shared thread pool--> + <!-- + <Connector executor="tomcatThreadPool" + port="8080" protocol="HTTP/1.1" + connectionTimeout="20000" + redirectPort="8443" /> + --> + <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 + This connector uses the NIO implementation that requires the JSSE + style configuration. When using the APR/native implementation, the + OpenSSL style configuration is required as described in the APR/native + documentation --> + <!-- + <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" + maxThreads="150" SSLEnabled="true" scheme="https" secure="true" + clientAuth="false" sslProtocol="TLS" /> + --> + {{ if .Values.global.aafEnabled }} + <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" + maxThreads="150" SSLEnabled="true" scheme="https" secure="true" + keystoreFile="{{.Values.persistence.aafCredsPath}}/{{.Values.aafConfig.keystoreFile}}" + keystorePass="${javax.net.ssl.keyStorePassword}" + clientAuth="false" sslProtocol="TLS" /> + {{ end }} + <!-- Define an AJP 1.3 Connector on port 8009 --> + <Connector port="8009" protocol="AJP/1.3" + {{ if .Values.global.aafEnabled }} + redirectPort="8443" + {{ end }} + /> + + + <!-- An Engine represents the entry point (within Catalina) that processes + every request. The Engine implementation for Tomcat stand alone + analyzes the HTTP headers included with the request, and passes them + on to the appropriate Host (virtual host). + Documentation at /docs/config/engine.html --> + + <!-- You should set jvmRoute to support load-balancing via AJP ie : + <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> + --> + <Engine name="Catalina" defaultHost="localhost"> + + <!--For clustering, please take a look at documentation at: + /docs/cluster-howto.html (simple how to) + /docs/config/cluster.html (reference documentation) --> + <!-- + <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> + --> + + <!-- Use the LockOutRealm to prevent attempts to guess user passwords + via a brute-force attack --> + <Realm className="org.apache.catalina.realm.LockOutRealm"> + <!-- This Realm uses the UserDatabase configured in the global JNDI + resources under the key "UserDatabase". Any edits + that are performed against this UserDatabase are immediately + available for use by the Realm. --> + <Realm className="org.apache.catalina.realm.UserDatabaseRealm" + resourceName="UserDatabase"/> + </Realm> + + <Host name="localhost" appBase="webapps" + unpackWARs="true" autoDeploy="true"> + + <!-- SingleSignOn valve, share authentication between web applications + Documentation at: /docs/config/valve.html --> + <!-- + <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> + --> + <!-- Access log processes all example. + Documentation at: /docs/config/valve.html + Note: The pattern used is equivalent to using pattern="common" --> + <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" + prefix="localhost_access_log" suffix=".txt" + pattern="%h %l %u %t "%r" %s %b" /> + </Host> + </Engine> + </Service> +</Server>
\ No newline at end of file diff --git a/kubernetes/portal/charts/portal-sdk/templates/configmap.yaml b/kubernetes/portal/charts/portal-sdk/templates/configmap.yaml index 51346197db..154276ea26 100644 --- a/kubernetes/portal/charts/portal-sdk/templates/configmap.yaml +++ b/kubernetes/portal/charts/portal-sdk/templates/configmap.yaml @@ -25,3 +25,4 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTALSDK/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml index ccdd013cbc..09080fca94 100644 --- a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml +++ b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018,2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -46,14 +46,75 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.name" . }}-aaf-readiness + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /root/ready.py + args: + - --container-name + - aaf-locate + - --container-name + - aaf-cm + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: {{ include "common.name" . }}-aaf-config + image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["bash","-c"] + args: ["/opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.persistence.aafCredsPath }}/mycreds.prop"] + volumeMounts: + - mountPath: {{ .Values.persistence.aafCredsPath }} + name: {{ include "common.fullname" . }}-aaf-config-vol + env: + - name: APP_FQI + value: "{{ .Values.aafConfig.fqi }}" + - name: aaf_locate_url + value: "https://aaf-locate.{{ .Release.Namespace }}:8095" + - name: aaf_locator_container + value: "{{ .Values.global.aafLocatorContainer }}" + - name: aaf_locator_container_ns + value: "{{ .Release.Namespace }}" + - name: aaf_locator_fqdn + value: "{{ .Values.aafConfig.fqdn }}" + - name: aaf_locator_public_fqdn + value: "{{.Values.aafConfig.publicFqdn}}" + - name: aaf_locator_app_ns + value: "{{ .Values.global.aafAppNs }}" + - name: DEPLOY_FQI + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 12 }} + - name: DEPLOY_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 12 }} + - name: cadi_longitude + value: "{{ .Values.aafConfig.cadiLongitude }}" + - name: cadi_latitude + value: "{{ .Values.aafConfig.cadiLatitude }}" + {{ end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /start-apache-tomcat.sh - - -b - - "{{ .Values.global.env.tomcatDir }}" + command: ["bash","-c"] + {{- if .Values.global.aafEnabled }} + args: ["export $(grep '^c' {{ .Values.persistence.aafCredsPath }}/mycreds.prop | xargs -0);\ + export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \ + -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\ + cat /dev/null > {{ .Values.persistence.aafCredsPath }}/mycreds.prop;\ + /start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"] + env: + - name: _CATALINA_OPTS + value: > + -Djavax.net.ssl.keyStore="{{ .Values.persistence.aafCredsPath }}/{{ .Values.aafConfig.keystoreFile }}" + -Djavax.net.ssl.trustStore="{{ .Values.persistence.aafCredsPath }}/{{ .Values.aafConfig.truststoreFile }}" + {{- else }} + args: ["/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"] + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} {{- if eq .Values.liveness.enabled true }} @@ -69,6 +130,13 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: + {{- if .Values.global.aafEnabled }} + - mountPath: {{ .Values.persistence.aafCredsPath }} + name: {{ include "common.fullname" . }}-aaf-config-vol + {{- end }} + - name: properties-onapportalsdk + mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml" + subPath: server.xml - mountPath: /etc/localtime name: localtime readOnly: true @@ -129,5 +197,10 @@ spec: emptyDir: {} - name: portal-tomcat-logs emptyDir: {} + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.fullname" . }}-aaf-config-vol + emptyDir: + medium: Memory + {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/portal/charts/portal-sdk/templates/secrets.yaml b/kubernetes/portal/charts/portal-sdk/templates/secrets.yaml new file mode 100644 index 0000000000..b79179bc6b --- /dev/null +++ b/kubernetes/portal/charts/portal-sdk/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/portal/charts/portal-sdk/values.yaml b/kubernetes/portal/charts/portal-sdk/values.yaml index 8572ff83da..34c29b5be1 100644 --- a/kubernetes/portal/charts/portal-sdk/values.yaml +++ b/kubernetes/portal/charts/portal-sdk/values.yaml @@ -1,5 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Modifications Copyright © 2018, 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,15 +22,48 @@ global: readinessImage: readiness-check:2.0.0 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 - + persistence: {} + #AAF global config overrides + aafEnabled: true + aafAgentImage: onap/aaf/aaf_agent:2.1.15 + aafAppNs: org.osaaf.aaf + aafLocatorContainer: oom ################################################################# # Application configuration defaults. ################################################################# +secrets: + - uid: aaf-deploy-creds + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aafConfig.aafDeployFqi }}' + password: '{{ .Values.aafConfig.aafDeployPass }}' + passwordPolicy: required + +## Persist cert data to a memory volume +persistence: + aafCredsPath: /opt/app/osaaf/local + # application image repository: nexus3.onap.org:10001 image: onap/portal-sdk:2.6.0 pullPolicy: Always +#AAF service +aafURL: https://aaf-service:8100/ +aafLocateUrl: https://aaf-locate:8095 + +#AAF local config +aafConfig: + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: portal + fqi: portal@portal.onap.org + publicFqdn: portal.onap.org + cadiLatitude: 0.0 + cadiLongitude: 0.0 + keystoreFile: "org.onap.portal.p12" + truststoreFile: "org.onap.portal.trust.jks" + # flag to enable debugging - application support required debugEnabled: false @@ -57,8 +90,8 @@ service: type: NodePort name: portal-sdk portName: portal-sdk - internalPort: 8080 - externalPort: 8080 + internalPort: 8443 + externalPort: 8443 nodePort: 12 mariadb: @@ -85,7 +118,7 @@ ingress: service: - baseaddr: portalsdk name: "portal-sdk" - port: 8080 + port: 8443 config: ssl: "none" diff --git a/kubernetes/robot b/kubernetes/robot -Subproject 591bfdea4f1d833abee3c7e60f084da546d9082 +Subproject 3fa8381f2a1e5f030ee1388466417817dda0fbe diff --git a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml index ca1390a407..1aa0010289 100644 --- a/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-be/templates/deployment.yaml @@ -70,7 +70,7 @@ spec: {{ if eq .Values.liveness.enabled true }} livenessProbe: httpGet: - path: /sdc2/rest/version + path: /sdc2/rest/healthCheck port: {{ .Values.service.internalPort }} scheme: HTTPS initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml index 8ac6c27dba..a58e950b3e 100644 --- a/kubernetes/sdc/charts/sdc-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-backend:1.5.2 -backendInitImage: onap/sdc-backend-init:1.5.2 +image: onap/sdc-backend:1.6.2 +backendInitImage: onap/sdc-backend-init:1.6.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/charts/sdc-cs/values.yaml b/kubernetes/sdc/charts/sdc-cs/values.yaml index 21b35cefd8..c7c8da96b0 100644 --- a/kubernetes/sdc/charts/sdc-cs/values.yaml +++ b/kubernetes/sdc/charts/sdc-cs/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.5.2 -cassandraInitImage: onap/sdc-cassandra-init:1.5.2 +image: onap/sdc-cassandra:1.6.2 +cassandraInitImage: onap/sdc-cassandra-init:1.6.2 pullPolicy: Always @@ -61,10 +61,8 @@ service: type: ClusterIP name: sdc-cs portName: sdc-cs - externalPort: 9160 - internalPort: 9160 - externalPort2: 9042 - internalPort2: 9042 + externalPort: 9042 + internalPort: 9042 ## Persist data to a persitent volume diff --git a/kubernetes/sdc/charts/sdc-es/Chart.yaml b/kubernetes/sdc/charts/sdc-es/Chart.yaml deleted file mode 100644 index d1c46d06ba..0000000000 --- a/kubernetes/sdc/charts/sdc-es/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T, ZTE -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -description: ONAP Service Design and Creation Elasticsearch -name: sdc-es -version: 5.0.0 diff --git a/kubernetes/sdc/charts/sdc-es/templates/NOTES.txt b/kubernetes/sdc/charts/sdc-es/templates/NOTES.txt deleted file mode 100644 index 3a5553b84f..0000000000 --- a/kubernetes/sdc/charts/sdc-es/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada, AT&T, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/sdc/charts/sdc-es/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-es/templates/deployment.yaml deleted file mode 100644 index c5ab2be09c..0000000000 --- a/kubernetes/sdc/charts/sdc-es/templates/deployment.yaml +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# Modifications Copyright © 2018 ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - - containerPort: {{ .Values.service.internalPort2 }} - {{ if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - httpGet: - path: "_cluster/health?wait_for_status=yellow&timeout=120s" - port: {{ .Values.service.internalPort }} - scheme: HTTP - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} - env: - - name: ENVNAME - value: {{ .Values.global.env.name }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: ES_HEAP_SIZE - value: {{ .Values.config.JvmHeapSize }} - - name: ES_JAVA_OPTS - value: {{ .Values.config.JvmOptions }} - volumeMounts: - - name: {{ include "common.fullname" . }}-environments - mountPath: /root/chef-solo/environments/ - - name: {{ include "common.fullname" . }}-localtime - mountPath: /etc/localtime - readOnly: true - - name: {{ include "common.fullname" . }}-data - mountPath: /usr/share/elasticsearch/data/ - volumes: - - name: {{ include "common.fullname" . }}-localtime - hostPath: - path: /etc/localtime - {{- if .Values.persistence.enabled }} - - name: {{ include "common.fullname" . }}-data - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }} - {{- else }} - emptyDir: {} - {{- end }} - - name: {{ include "common.fullname" . }}-environments - configMap: - name: {{ include "common.release" . }}-sdc-environments-configmap - defaultMode: 0755 - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-es/templates/job.yaml b/kubernetes/sdc/charts/sdc-es/templates/job.yaml deleted file mode 100644 index 8a73eaec17..0000000000 --- a/kubernetes/sdc/charts/sdc-es/templates/job.yaml +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright © 2017 Amdocs, AT&T, Bell Canada -# Modifications Copyright © 2018 ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.fullname" . }}-config-elasticsearch - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-job - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - backoffLimit: 20 - template: - metadata: - labels: - app: {{ include "common.name" . }}-job - release: {{ include "common.release" . }} - spec: - restartPolicy: Never - initContainers: - - name: {{ include "common.name" . }}-init-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/ready.py - args: - - --container-name - - sdc-es - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - containers: - - name: {{ include "common.name" . }}-job - image: "{{ include "common.repository" . }}/{{ .Values.elasticInitImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - name: {{ include "common.fullname" . }}-environments - mountPath: /root/chef-solo/environments/ - env: - - name: ENVNAME - value: {{ .Values.global.env.name }} - volumes: - - name: {{ include "common.fullname" . }}-environments - configMap: - name: {{ include "common.release" . }}-sdc-environments-configmap - defaultMode: 0755 - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - restartPolicy: Never diff --git a/kubernetes/sdc/charts/sdc-es/templates/pv.yaml b/kubernetes/sdc/charts/sdc-es/templates/pv.yaml deleted file mode 100644 index 4733fed749..0000000000 --- a/kubernetes/sdc/charts/sdc-es/templates/pv.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if eq "True" (include "common.needPV" .) -}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ .Values.persistence.size}} - accessModes: - - {{ .Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" . }}-data" - hostPath: - path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} -{{- end -}} -{{- end -}} diff --git a/kubernetes/sdc/charts/sdc-es/templates/pvc.yaml b/kubernetes/sdc/charts/sdc-es/templates/pvc.yaml deleted file mode 100644 index ab97f9541a..0000000000 --- a/kubernetes/sdc/charts/sdc-es/templates/pvc.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ include "common.release" . }}" - heritage: "{{ .Release.Service }}" -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} -spec: - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.size }} -{{- end -}}
\ No newline at end of file diff --git a/kubernetes/sdc/charts/sdc-es/templates/service.yaml b/kubernetes/sdc/charts/sdc-es/templates/service.yaml deleted file mode 100644 index a49982c432..0000000000 --- a/kubernetes/sdc/charts/sdc-es/templates/service.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName }}2 - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - - port: {{ .Values.service.externalPort2 }} - targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName }}2 - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/sdc/charts/sdc-es/values.yaml b/kubernetes/sdc/charts/sdc-es/values.yaml deleted file mode 100644 index adb0595b3d..0000000000 --- a/kubernetes/sdc/charts/sdc-es/values.yaml +++ /dev/null @@ -1,119 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - ubuntuInitRepository: oomk8s - ubuntuInitImage: ubuntu-init:1.0.0 - - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/sdc-elasticsearch:1.5.2 -elasticInitImage: onap/sdc-init-elasticsearch:1.5.2 -pullPolicy: Always - -# flag to enable debugging - application support required -debugEnabled: false - -# application configuration -config: - JvmHeapSize: "1024M" - JvmOptions: "-Xms512m -Xmx512m" - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 60 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true - -readiness: - initialDelaySeconds: 60 - periodSeconds: 10 - -service: - type: ClusterIP - name: sdc-es - portName: sdc-es - externalPort: 9200 - internalPort: 9200 - externalPort2: 9300 - internalPort2: 9300 - -## Persist data to a persitent volume -persistence: - enabled: true - - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - volumeReclaimPolicy: Retain - - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: <storageClass> - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessMode: ReadWriteOnce - size: 2Gi - mountPath: /dockerdata-nfs - mountSubPath: /sdc/sdc-es/ES - -ingress: - enabled: false - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 20m - memory: 2Gi - unlimited: {} - diff --git a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml index 4c2baaf57f..6f35f6bd06 100644 --- a/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/charts/sdc-fe/templates/deployment.yaml @@ -32,20 +32,6 @@ spec: release: {{ include "common.release" . }} spec: initContainers: - - name: {{ include "common.name" . }}-readiness - command: - - /root/ready.py - args: - - --container-name - - "sdc-kb" - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-job-completion image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml index c6f39f9822..ce77dfda4a 100644 --- a/kubernetes/sdc/charts/sdc-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-frontend:1.5.2 +image: onap/sdc-frontend:1.6.2 pullPolicy: Always config: diff --git a/kubernetes/sdc/charts/sdc-kb/Chart.yaml b/kubernetes/sdc/charts/sdc-kb/Chart.yaml deleted file mode 100644 index d6f0b32e26..0000000000 --- a/kubernetes/sdc/charts/sdc-kb/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -description: ONAP Service Design and Creation Kibana -name: sdc-kb -version: 5.0.0 diff --git a/kubernetes/sdc/charts/sdc-kb/templates/NOTES.txt b/kubernetes/sdc/charts/sdc-kb/templates/NOTES.txt deleted file mode 100644 index 3a5553b84f..0000000000 --- a/kubernetes/sdc/charts/sdc-kb/templates/NOTES.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright © 2018 Amdocs, Bell Canada, AT&T, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/sdc/charts/sdc-kb/templates/deployment.yaml b/kubernetes/sdc/charts/sdc-kb/templates/deployment.yaml deleted file mode 100644 index 8911dbc5a3..0000000000 --- a/kubernetes/sdc/charts/sdc-kb/templates/deployment.yaml +++ /dev/null @@ -1,93 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - name: {{ include "common.name" . }}-job-completion - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" - command: - - /root/job_complete.py - args: - - --job-name - - {{ include "common.release" . }}-sdc-es-config-elasticsearch - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - containers: - - name: {{ include "common.name" . }} - image: "{{ include "common.repository" . }}/{{ .Values.image }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{ .Values.service.internalPort }} - {{ if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end }} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - resources: -{{ include "common.resources" . | indent 12 }} - env: - - name: ENVNAME - value: {{ .Values.global.env.name }} - - name: NODE_OPTIONS - value: {{ .Values.config.nodeOptions }} - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - volumeMounts: - - name: {{ include "common.fullname" . }}-environments - mountPath: /root/chef-solo/environments/ - - name: {{ include "common.fullname" . }}-localtime - mountPath: /etc/localtime - readOnly: true - volumes: - - name: {{ include "common.fullname" . }}-localtime - hostPath: - path: /etc/localtime - - name: {{ include "common.fullname" . }}-environments - configMap: - name: {{ include "common.release" . }}-sdc-environments-configmap - defaultMode: 0755 - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/charts/sdc-kb/values.yaml b/kubernetes/sdc/charts/sdc-kb/values.yaml deleted file mode 100644 index c2859e2983..0000000000 --- a/kubernetes/sdc/charts/sdc-kb/values.yaml +++ /dev/null @@ -1,89 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T, ZTE -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# Global configuration defaults. -################################################################# -global: - nodePortPrefix: 302 - readinessRepository: oomk8s - readinessImage: readiness-check:2.0.2 - loggingRepository: docker.elastic.co - loggingImage: beats/filebeat:5.5.0 - -################################################################# -# Application configuration defaults. -################################################################# -# application image -repository: nexus3.onap.org:10001 -image: onap/sdc-kibana:1.5.2 -pullPolicy: Always - -config: - nodeOptions: "--max-old-space-size=200" - -# default number of instances -replicaCount: 1 - -nodeSelector: {} - -affinity: {} - -# probe configuration parameters -liveness: - initialDelaySeconds: 10 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: false - -readiness: - initialDelaySeconds: 10 - periodSeconds: 10 - -service: - type: ClusterIP - name: sdc-kb - portName: sdc-kb - externalPort: 5601 - internalPort: 5601 - - -sdc-es: - service: - name: sdc-es - -ingress: - enabled: false - -# Resource Limit flavor -By Default using small -flavor: small -# Segregation for Different environment (Small and Large) -resources: - small: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 10m - memory: 1Gi - large: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 20m - memory: 2Gi - unlimited: {} diff --git a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml index a7deeaeca0..727d0a389b 100644 --- a/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-onboarding-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-onboard-backend:1.5.2 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.5.2 +image: onap/sdc-onboard-backend:1.6.2 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml index 97caae2727..cc9f38be6d 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/templates/job.yaml @@ -56,7 +56,7 @@ spec: - name: CS_HOST value: "{{ .Values.global.cassandra.serviceName }}" - name: CS_PORT - value: "{{ .Values.config.cassandraThriftClientPort }}" + value: "{{ .Values.config.cassandraClientPort }}" - name: CS_AUTHENTICATE value: "{{ .Values.config.cassandraAuthenticationEnabled }}" - name: CS_USER diff --git a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml index 68f487674d..3e5a83aee7 100644 --- a/kubernetes/sdc/charts/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-be/values.yaml @@ -28,8 +28,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-backend:1.6.0 -configInitImage: onap/workflow-init:1.6.0 +image: onap/workflow-backend:1.6.1 +configInitImage: onap/workflow-init:1.6.1 pullPolicy: Always initJob: @@ -38,7 +38,6 @@ initJob: config: javaOptions: "-Xmx1536m -Xms1536m" cassandraAuthenticationEnabled: true - cassandraThriftClientPort: 9160 cassandraClientPort: 9042 sdcProtocol: HTTPS diff --git a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml index fc30297885..66eb22e50c 100644 --- a/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-wfd-fe/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/workflow-frontend:1.6.0 +image: onap/workflow-frontend:1.6.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json index b642e859f7..2d99ab0c3a 100755 --- a/kubernetes/sdc/resources/config/environments/AUTO.json +++ b/kubernetes/sdc/resources/config/environments/AUTO.json @@ -16,19 +16,17 @@ "DCAE_FE_VIP": "sdc-dcae-fe.{{include "common.namespace" .}}", "DCAE_TOSCA_LAB_VIP": "sdc-dcae-tosca-lab.{{include "common.namespace" .}}", "FE_VIP": "sdc-fe.{{include "common.namespace" .}}", - "ES_VIP": "sdc-es.{{include "common.namespace" .}}", - "KB_VIP": "sdc-kb.{{include "common.namespace" .}}", "interfaces": { "application": "eth0", "private": "eth0" }, "ECompP": { - "ecomp_rest_url": "http://portal-app.{{include "common.namespace" .}}:8989/ONAPPORTAL/auxapi", + "ecomp_rest_url": "https://portal-app.{{include "common.namespace" .}}:8443/ONAPPORTAL/auxapi", "ueb_url_list": "message-router.{{include "common.namespace" .}}, message-router.{{include "common.namespace" .}}", "app_secret": "XftIATw9Jr3VzAcPqt3NnJOu", "app_key": "x9UfO7JsDn8BESVX", "inbox_name": "ECOMP-PORTAL-INBOX", - "ecomp_redirect_url": "http://portal-app.{{include "common.namespace" .}}:8989/ONAPPORTAL/login.htm", + "ecomp_redirect_url": "https://portal-app.{{include "common.namespace" .}}:30225/ONAPPORTAL/login.htm", "app_topic_name": "ECOMP-PORTAL-OUTBOX-SDC1", "decryption_key": "AGLDdG4D04BKm2IxIWEr8o==" }, @@ -46,11 +44,7 @@ ], "BE": "sdc-be.{{include "common.namespace" .}}", "ONBOARDING_BE": "sdc-onboarding-be.{{include "common.namespace" .}}", - "FE": "sdc-fe.{{include "common.namespace" .}}", - "ES": [ - "sdc-es.{{include "common.namespace" .}}" - ], - "KB": "sdc-kb.{{include "common.namespace" .}}" + "FE": "sdc-fe.{{include "common.namespace" .}}" }, "VnfRepo": { "vnfRepoPort": "{{.Values.config.environment.vnfRepoPort}}", @@ -71,14 +65,6 @@ "https_port": "8445", "catalog_notification_url": "%s://%s:%s/sdc2/rest/v1/catalog/notif/vsp/" }, - "elasticsearch": { - "cluster_name": "SDC-ES-", - "ES_path_home": "/usr/share/elasticsearch", - "ES_path_data": "/usr/share/elasticsearch/data", - "num_of_replicas": "0", - "num_of_shards": "1" - }, - "cassandra": { "cassandra_port": 9042, "concurrent_reads": "32", @@ -99,6 +85,25 @@ "socket_connect_timeout": "20000", "janusgraph_connection_timeout": "10000", "replication_factor": "{{.Values.global.cassandra.replicaCount}}" - } + }, + "DMAAP": { + "consumer": { + "host": "dcae-mrtr.com:3905", + "topic": "operationalEnvironmentEvent", + "serviceName": "dcae-mrtr.com:3905/events", + "environment": "TEST", + "partner": "BOT_R", + "username": "user1@sdc.com", + "password": "password==" + }, + "producer": { + "host": "olsd004.com:3905", + "topic": "SDC-FACADE-NOTIF-v1 ", + "serviceName": "dmaap.com:3905/events", + "environment": "TEST", + "username": "user1@sdc.com", + "password": "password==" + } + } } } diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index 6abf911a89..3d35814f2e 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -47,10 +47,6 @@ config: workflowUrl: 10.0.2.15 vnfRepoPort: 8702 -sdc-es: - service: - name: sdc-es - #Used only if localCluster is enabled. Instantiates SDC's own cassandra cluster cassandra: nameOverride: sdc-cs diff --git a/kubernetes/sdnc/charts/dmaap-listener/templates/secret.yaml b/kubernetes/sdnc/charts/dmaap-listener/templates/secret.yaml new file mode 100644 index 0000000000..dee311c336 --- /dev/null +++ b/kubernetes/sdnc/charts/dmaap-listener/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/sdnc/charts/dmaap-listener/values.yaml b/kubernetes/sdnc/charts/dmaap-listener/values.yaml index d90da63e6d..bec4d1cac1 100644 --- a/kubernetes/sdnc/charts/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/charts/dmaap-listener/values.yaml @@ -46,7 +46,7 @@ secrets: passwordPolicy: required - uid: odl-creds type: basicAuth - externalSecret: '{{ .Values.config.odlCredsExternalSecret }}' + externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}' login: '{{ .Values.config.odlUser }}' password: '{{ .Values.config.odlPassword }}' passwordPolicy: required diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml index b0b3c81c8f..4ee7c6f25d 100644 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/values.yaml @@ -46,7 +46,7 @@ secrets: passwordPolicy: required - uid: rest-creds type: basicAuth - externalSecret: '{{ .Values.config.restCredsExternalSecret }}' + externalSecret: '{{ tpl (default "" .Values.config.restCredsExternalSecret) . }}' login: '{{ .Values.config.restUser }}' password: '{{ .Values.config.restPassword }}' passwordPolicy: required diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json b/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json index 8560ca1acc..e845e96b7f 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json +++ b/kubernetes/sdnc/charts/sdnc-portal/resources/config/admportal.json @@ -27,26 +27,26 @@ }, "svclogicPropertiesDb01": "{{.Values.config.configDir}}/svclogic.properties.sdnctldb01", "databases": [ - "{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}|sdnc-sdnctldb01.{{.Release.Namespace}}" + "{{include "common.mariadbService" $}}|sdnc-sdnctldb01.{{.Release.Namespace}}" ], "dbFabricServer": "localhost", "dbFabricPort": "32275", "dbFabricGroupId": "hagroup1", - "dbFabricUser": "admin", - "dbFabricPassword": "admin", - "dbFabricDB": "mysql", - "dbUser": "sdnctl", - "dbPassword": "{{.Values.config.dbSdnctlPassword}}", - "dbName": "sdnctl", + "dbFabricUser": "${DB_FABRIC_USER}", + "dbFabricPassword": "${DB_FABRIC_PASSWORD", + "dbFabricDB": "{{.Values.config.dbFabricDB}}", + "dbUser": "${SDNC_DB_USER}", + "dbPassword": "${SDNC_DB_PASSWORD}", + "dbName": "{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}", "odlProtocol": "http", "odlHost": "sdnc.{{.Release.Namespace}}", "odlConexusHost": "sdnc.{{.Release.Namespace}}", "odlPort": "8181", "odlConexusPort": "8181", - "odlUser": "admin", - "odlPasswd": "{{.Values.config.odlPassword}}", + "odlUser": "${ODL_USER}", + "odlPasswd": "${ODL_PASSWORD}", "ConexusNetwork_sslCert": "{{.Values.config.storesDir}}/org.onap.sdnc.p12", - "ConexusNetwork_sslKey": "{{.Values.config.keystorePwd}}", + "ConexusNetwork_sslKey": "${KEYSTORE_PASSWORD}", "AppNetwork_sslCert": "", "AppNetwork_sslKey": "", "hostnameList": [ diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties b/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties index 7a5475ed20..beb514e583 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties +++ b/kubernetes/sdnc/charts/sdnc-portal/resources/config/dblib.properties @@ -1,7 +1,6 @@ ### # ============LICENSE_START======================================================= -# Copyright (C) 2018 ONAP Intellectual Property. All rights -# reserved. +# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,11 +17,11 @@ ### org.onap.ccsdk.sli.dbtype=jdbc org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01 -org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl +org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver -org.onap.ccsdk.sli.jdbc.database=sdnctl -org.onap.ccsdk.sli.jdbc.user=sdnctl -org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}} +org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} +org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER} +org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD} org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01 org.onap.ccsdk.sli.jdbc.connection.timeout=50 org.onap.ccsdk.sli.jdbc.request.timeout=100 diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties b/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties index cc13a9d707..a2570cd8a1 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties +++ b/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties @@ -1,5 +1,5 @@ org.openecomp.sdnctl.sli.dbtype = jdbc -org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb01:3306/sdnctl -org.openecomp.sdnctl.sli.jdbc.database = sdnctl -org.openecomp.sdnctl.sli.jdbc.user = sdnctl -org.openecomp.sdnctl.sli.jdbc.password = {{.Values.config.dbSdnctlPassword}}
\ No newline at end of file +org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb01:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} +org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} +org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER} +org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD} diff --git a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02 b/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02 index c75c603f22..267bc2085a 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02 +++ b/kubernetes/sdnc/charts/sdnc-portal/resources/config/svclogic.properties.sdnctldb02 @@ -1,5 +1,5 @@ org.openecomp.sdnctl.sli.dbtype = jdbc -org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb02:3306/sdnctl -org.openecomp.sdnctl.sli.jdbc.database = sdnctl -org.openecomp.sdnctl.sli.jdbc.user = sdnctl -org.openecomp.sdnctl.sli.jdbc.password = {{.Values.config.dbSdnctlPassword}}
\ No newline at end of file +org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb02:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} +org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}} +org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER} +org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD} diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml index db92b20186..3a728ad92f 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml @@ -32,10 +32,39 @@ spec: spec: initContainers: - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: SDNC_DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: SDNC_DB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: DB_FABRIC_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "fabric-db-creds" "key" "login") | indent 10 }} + - name: DB_FABRIC_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "fabric-db-creds" "key" "password") | indent 10 }} + - name: ODL_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }} + - name: ODL_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} + - name: KEYSTORE_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "keystore-password" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: config-input + - mountPath: /config + name: properties + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + + - command: - /root/ready.py args: - --container-name - - {{ .Values.config.mariadbGalera.chartName }} + - {{ include "common.mariadbService" . }} - --container-name - {{ .Values.config.sdncChartName }} env: @@ -71,10 +100,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} env: - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14 }} - name: SDNC_CONFIG_DIR value: "{{ .Values.config.configDir }}" volumeMounts: @@ -110,9 +136,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: properties + - name: config-input configMap: name: {{ include "common.fullname" . }} defaultMode: 0644 + - name: properties + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/secrets.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/secrets.yaml index 239f734276..dee311c336 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/templates/secrets.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/templates/secrets.yaml @@ -1,13 +1,15 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }} +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/sdnc/charts/sdnc-portal/values.yaml b/kubernetes/sdnc/charts/sdnc-portal/values.yaml index 7ff000e8cb..94ea5d75fc 100644 --- a/kubernetes/sdnc/charts/sdnc-portal/values.yaml +++ b/kubernetes/sdnc/charts/sdnc-portal/values.yaml @@ -21,6 +21,52 @@ global: readinessImage: readiness-check:2.0.2 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 + # envsusbt + envsubstImage: dibi/envsubst + + mariadbGalera: + #This flag allows SO to instantiate its own mariadb-galera cluster + #If shared instance is used, this chart assumes that DB already exists + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-root-password + type: password + externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}' + password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword" }}' + passwordPolicy: required + - uid: db-secret + name: &dbSecretName '{{ include "common.release" . }}-sdnc-portal-db-secret' + type: basicAuth + # This is a nasty trick that allows you override this secret using external one + # with the same field that is used to pass this to subchart + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-portal-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "config" "userName" }}' + password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + passwordPolicy: required + - uid: odl-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}' + login: '{{ .Values.config.odlUser }}' + password: '{{ .Values.config.odlPassword }}' + passwordPolicy: required + - uid: fabric-db-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}' + login: '{{ .Values.config.dbFabricUser }}' + password: '{{ .Values.config.dbFabricPassword }}' + passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.config.KeyStorePwdExternalSecret) . }}' + password: '{{ .Values.config.keystorePwd }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -29,17 +75,34 @@ global: repository: nexus3.onap.org:10001 image: onap/admportal-sdnc-image:1.7.6 config: - dbRootPassword: secretpassword - dbSdnctlPassword: gamma + dbFabricDB: mysql + dbFabricUser: admin + dbFabricPassword: admin + # dbFabricDBCredsExternalSecret: some secret sdncChartName: sdnc configDir: /opt/onap/sdnc/data/properties storesDir: /opt/onap/sdnc/data/stores + odlUser: admin odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + # odlCredsExternalSecret: some secret keystorePwd: ff^G9D]yf&r}Ktum@BJ0YB?N - mariadbGalera: - chartName: mariadb-galera - serviceName: mariadb-galera + # keystorePwdExternalSecret: some secret + +mariadb-galera: + config: + userCredentialsExternalSecret: *dbSecretName + userName: sdnctl + userPassword: gamma + mysqlDatabase: sdnctl + nameOverride: sdnc-portal-galera + service: + name: sdnc-portal-galera + portName: sdnc-portal-galera internalPort: 3306 + replicaCount: 1 + persistence: + enabled: true + mountSubPath: sdnc-portal/maria/data # default number of instances replicaCount: 0 diff --git a/kubernetes/sdnc/charts/ueb-listener/values.yaml b/kubernetes/sdnc/charts/ueb-listener/values.yaml index 03fbf52f9b..254d76a05e 100644 --- a/kubernetes/sdnc/charts/ueb-listener/values.yaml +++ b/kubernetes/sdnc/charts/ueb-listener/values.yaml @@ -46,13 +46,13 @@ secrets: passwordPolicy: required - uid: odl-creds type: basicAuth - externalSecret: '{{ .Values.config.odlCredsExternalSecret }}' + externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}' login: '{{ .Values.config.odlUser }}' password: '{{ .Values.config.odlPassword }}' passwordPolicy: required - uid: ueb-creds type: basicAuth - externalSecret: '{{ .Values.config.odlCredsExternalSecret }}' + externalSecret: '{{ tpl (default "" .Values.config.uebCredsExternalSecret) . }}' login: '{{ .Values.config.uebUser }}' password: '{{ .Values.config.uebPassword }}' passwordPolicy: required diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml index c3b757ae14..58db6ad7a0 100644 --- a/kubernetes/sdnc/requirements.yaml +++ b/kubernetes/sdnc/requirements.yaml @@ -29,5 +29,4 @@ dependencies: - name: mariadb-galera version: ~5.x-0 repository: '@local' - condition: config.localDBCluster - + condition: .global.mariadbGalera.localCluster diff --git a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh index 455cb834f9..754ff2c5cc 100644..100755 --- a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh +++ b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh @@ -25,11 +25,11 @@ SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc} ETC_DIR=${ETC_DIR:-${SDNC_HOME}/data} BIN_DIR=${BIN_DIR-${SDNC_HOME}/bin} MYSQL_HOST=${MYSQL_HOST:-dbhost} -MYSQL_PASSWORD=${MYSQL_PASSWORD:-openECOMP1.0} +MYSQL_PASSWORD=${MYSQL_ROOT_PASSWORD} -SDNC_DB_USER=${SDNC_DB_USER:-sdnctl} -SDNC_DB_PASSWORD=${SDNC_DB_PASSWORD:-gamma} -SDNC_DB_DATABASE=${SDN_DB_DATABASE:-sdnctl} +SDNC_DB_USER=${SDNC_DB_USER} +SDNC_DB_PASSWORD=${SDNC_DB_PASSWORD} +SDNC_DB_DATABASE=${SDNC_DB_DATABASE} # Create tablespace and user account @@ -46,12 +46,12 @@ END # load schema if [ -f ${ETC_DIR}/sdnctl.dump ] then - mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} sdnctl < ${ETC_DIR}/sdnctl.dump + mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} ${SDNC_DB_DATABASE} < ${ETC_DIR}/sdnctl.dump fi for datafile in ${ETC_DIR}/*.data.dump do - mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} sdnctl < $datafile + mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} ${SDNC_DB_DATABASE} < $datafile done # Create VNIs 100-199 diff --git a/kubernetes/sdnc/resources/config/bin/startODL.sh b/kubernetes/sdnc/resources/config/bin/startODL.sh index 5f5f811fd0..af5c36207c 100755 --- a/kubernetes/sdnc/resources/config/bin/startODL.sh +++ b/kubernetes/sdnc/resources/config/bin/startODL.sh @@ -65,7 +65,7 @@ function enable_odl_cluster(){ addToFeatureBoot odl-jolokia #${ODL_HOME}/bin/client feature:install odl-mdsal-clustering #${ODL_HOME}/bin/client feature:install odl-jolokia - + echo "Update cluster information statically" hm=$(hostname) @@ -113,8 +113,8 @@ function enable_odl_cluster(){ # Install SDN-C platform components if not already installed and start container ODL_HOME=${ODL_HOME:-/opt/opendaylight/current} -ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME:-admin} -ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U} +ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME} +ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD} SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc} SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin} CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk} @@ -166,4 +166,3 @@ nohup python ${SDNC_BIN}/installCerts.py & exec ${ODL_HOME}/bin/karaf server - diff --git a/kubernetes/sdnc/resources/config/conf/aaiclient.properties b/kubernetes/sdnc/resources/config/conf/aaiclient.properties index 035942b304..5d4473c978 100755 --- a/kubernetes/sdnc/resources/config/conf/aaiclient.properties +++ b/kubernetes/sdnc/resources/config/conf/aaiclient.properties @@ -2,8 +2,7 @@ # ============LICENSE_START======================================================= # openECOMP : SDN-C # ================================================================================ -# Copyright (C) 2018 ONAP Intellectual Property. All rights -# reserved. +# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,8 +29,8 @@ org.onap.ccsdk.sli.adaptors.aai.ssl.trust=/opt/onap/sdnc/data/stores/truststoreO org.onap.ccsdk.sli.adaptors.aai.ssl.trust.psswd=changeit org.onap.ccsdk.sli.adaptors.aai.host.certificate.ignore=true -org.onap.ccsdk.sli.adaptors.aai.client.name=sdnc@sdnc.onap.org -org.onap.ccsdk.sli.adaptors.aai.client.psswd=demo123456! +org.onap.ccsdk.sli.adaptors.aai.client.name=${AAI_CLIENT_NAME} +org.onap.ccsdk.sli.adaptors.aai.client.psswd=${AAI_CLIENT_PASSWORD} org.onap.ccsdk.sli.adaptors.aai.application=openECOMP # diff --git a/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties b/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties index 3a6b5a08f0..224e84b3a7 100644 --- a/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties +++ b/kubernetes/sdnc/resources/config/conf/blueprints-processor-adaptor.properties @@ -24,12 +24,12 @@ org.onap.ccsdk.features.blueprints.adaptors.envtype=solo org.onap.ccsdk.features.blueprints.adaptors.modelservice.type=generic org.onap.ccsdk.features.blueprints.adaptors.modelservice.enable=true org.onap.ccsdk.features.blueprints.adaptors.modelservice.url=http://controller-blueprints:8080/api/v1/ -org.onap.ccsdk.features.blueprints.adaptors.modelservice.user=ccsdkapps -org.onap.ccsdk.features.blueprints.adaptors.modelservice.passwd=ccsdkapps +org.onap.ccsdk.features.blueprints.adaptors.modelservice.user=${MODELSERVICE_USER} +org.onap.ccsdk.features.blueprints.adaptors.modelservice.passwd=${MODELSERVICE_PASSWORD} # Generic RESTCONF Adaptor org.onap.ccsdk.features.blueprints.adaptors.restconf.type=generic org.onap.ccsdk.features.blueprints.adaptors.restconf.enable=true -org.onap.ccsdk.features.blueprints.adaptors.restconf.user=admin -org.onap.ccsdk.features.blueprints.adaptors.restconf.passwd={{ .Values.config.odlPassword}} +org.onap.ccsdk.features.blueprints.adaptors.restconf.user=${RESTCONF_USER} +org.onap.ccsdk.features.blueprints.adaptors.restconf.passwd=${RESTCONF_PASSWORD} org.onap.ccsdk.features.blueprints.adaptors.restconf.url=http://sdnc:8282/restconf/ diff --git a/kubernetes/sdnc/resources/config/conf/dblib.properties b/kubernetes/sdnc/resources/config/conf/dblib.properties index 1849053411..1fb6fb8732 100644 --- a/kubernetes/sdnc/resources/config/conf/dblib.properties +++ b/kubernetes/sdnc/resources/config/conf/dblib.properties @@ -1,7 +1,6 @@ ### # ============LICENSE_START======================================================= -# Copyright (C) 2018 AT&T Intellectual Property. All rights -# reserved. +# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,11 +17,11 @@ ### org.onap.ccsdk.sli.dbtype=jdbc org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01 -org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl +org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{$.Values.config.dbSdnctlDatabase}} org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver -org.onap.ccsdk.sli.jdbc.database=sdnctl -org.onap.ccsdk.sli.jdbc.user=sdnctl -org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}} +org.onap.ccsdk.sli.jdbc.database={{$.Values.config.dbSdnctlDatabase}} +org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER} +org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD} org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01 org.onap.ccsdk.sli.jdbc.connection.timeout=50 org.onap.ccsdk.sli.jdbc.request.timeout=100 diff --git a/kubernetes/sdnc/resources/config/conf/lcm-dg.properties b/kubernetes/sdnc/resources/config/conf/lcm-dg.properties index f91c62c98b..44ee0b998f 100644 --- a/kubernetes/sdnc/resources/config/conf/lcm-dg.properties +++ b/kubernetes/sdnc/resources/config/conf/lcm-dg.properties @@ -1,7 +1,7 @@ #ANSIBLE ansible.agenturl=http://{{.Values.config.ansibleServiceName}}:{{.Values.config.ansiblePort}}/Dispatch -ansible.user=sdnc -ansible.password=sdnc +ansible.user=${ANSIBLE_USER} +ansible.password=${ANSIBLE_PASSWORD} ansible.lcm.localparameters= ansible.nodelist= ansible.timeout=60 @@ -23,10 +23,10 @@ restapi.templateDir=/opt/onap/sdnc/restapi/templates lcm.restconf.configscaleout.templatefile=lcm-restconf-configscaleout.json lcm.restconf.configscaleout.urlpath=/restconf/config/vlb-business-vnf-onap-plugin:vlb-business-vnf-onap-plugin/vdns-instances/vdns-instance/ lcm.restconf.configscaleout.geturlpath=/restconf/operational/health-vnf-onap-plugin:health-vnf-onap-plugin-state/health-check -lcm.restconf.configscaleout.user=admin -lcm.restconf.configscaleout.password=admin -lcm.restconf.user=admin -lcm.restconf.password=admin +lcm.restconf.configscaleout.user=${SCALEOUT_USER} +lcm.restconf.configscaleout.password=${SCALEOUT_PASSWORD} +lcm.restconf.user=${RESTCONF_USER} +lcm.restconf.password=${RESTCONF_PASSWORD} lcm.restconf.port=8183 #DMAAP diff --git a/kubernetes/sdnc/resources/config/conf/netbox.properties b/kubernetes/sdnc/resources/config/conf/netbox.properties index 9cd3880614..a768041945 100755 --- a/kubernetes/sdnc/resources/config/conf/netbox.properties +++ b/kubernetes/sdnc/resources/config/conf/netbox.properties @@ -16,4 +16,4 @@ # Configuration file for Netbox client org.onap.ccsdk.sli.adaptors.netbox.url=http://netbox-app.{{.Release.Namespace}}:8001 -org.onap.ccsdk.sli.adaptors.netbox.apikey=onceuponatimeiplayedwithnetbox20180814
\ No newline at end of file +org.onap.ccsdk.sli.adaptors.netbox.apikey=${NETBOX_API_KEY}
\ No newline at end of file diff --git a/kubernetes/sdnc/resources/config/conf/svclogic.properties b/kubernetes/sdnc/resources/config/conf/svclogic.properties index 55ef8e7e85..adbba660c5 100644 --- a/kubernetes/sdnc/resources/config/conf/svclogic.properties +++ b/kubernetes/sdnc/resources/config/conf/svclogic.properties @@ -2,8 +2,7 @@ # ============LICENSE_START======================================================= # openECOMP : SDN-C # ================================================================================ -# Copyright (C) 2017 AT&T Intellectual Property. All rights -# reserved. +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,8 +19,7 @@ ### org.onap.ccsdk.sli.dbtype = jdbc -org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl -org.onap.ccsdk.sli.jdbc.database = sdnctl -org.onap.ccsdk.sli.jdbc.user = sdnctl -org.onap.ccsdk.sli.jdbc.password = {{.Values.config.dbSdnctlPassword}} - +org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{$.Values.config.dbSdnctlDatabase}} +org.onap.ccsdk.sli.jdbc.database = {{$.Values.config.dbSdnctlDatabase}} +org.onap.ccsdk.sli.jdbc.user = ${SDNC_DB_USER} +org.onap.ccsdk.sli.jdbc.password = ${SDNC_DB_PASSWORD} diff --git a/kubernetes/sdnc/templates/job.yaml b/kubernetes/sdnc/templates/job.yaml index dc77006a60..0cd0eae610 100755 --- a/kubernetes/sdnc/templates/job.yaml +++ b/kubernetes/sdnc/templates/job.yaml @@ -36,12 +36,53 @@ spec: name: {{ include "common.name" . }} spec: initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: AAI_CLIENT_NAME + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }} + - name: AAI_CLIENT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }} + - name: MODELSERVICE_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }} + - name: MODELSERVICE_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "password") | indent 10 }} + - name: RESTCONF_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }} + - name: RESTCONF_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }} + - name: ANSIBLE_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "login") | indent 10 }} + - name: ANSIBLE_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "password") | indent 10 }} + - name: SCALEOUT_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "login") | indent 10 }} + - name: SCALEOUT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "password") | indent 10 }} + - name: NETBOX_APIKEY + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "netbox-apikey" "key" "password") | indent 10 }} + - name: SDNC_DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: SDNC_DB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: config-input + - mountPath: /config + name: properties + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - name: {{ include "common.name" . }}-readiness command: - /root/ready.py args: - --container-name - - {{ .Values.config.mariadbGalera.chartName }} + - {{ include "common.mariadbService" . }} env: - name: NAMESPACE valueFrom: @@ -55,31 +96,24 @@ spec: image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} env: - - name: MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password + - name: MYSQL_ROOT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }} + - name: ODL_ADMIN_USERNAME + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }} - name: ODL_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-odl - key: odl-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }} + - name: SDNC_DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} - name: SDNC_DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-sdnctl - key: db-sdnctl-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} - name: MYSQL_HOST - value: "{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}" + value: {{ include "common.mariadbService" . }} - name: SDNC_HOME value: "{{.Values.config.sdncHome}}" - name: ETC_DIR value: "{{.Values.config.etcDir}}" - name: BIN_DIR value: "{{.Values.config.binDir}}" - - name: SDNC_DB_USER - value: "{{.Values.config.dbSdnctlUser}}" - name: SDNC_DB_DATABASE value: "{{.Values.config.dbSdnctlDatabase}}" volumeMounts: @@ -119,11 +153,13 @@ spec: configMap: name: {{ include "common.fullname" . }}-bin defaultMode: 0755 - - name: properties + - name: config-input configMap: name: {{ include "common.fullname" . }}-properties defaultMode: 0644 + - name: properties + emptyDir: + medium: Memory restartPolicy: Never imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - diff --git a/kubernetes/sdnc/templates/secret-aaf.yaml b/kubernetes/sdnc/templates/secret-aaf.yaml deleted file mode 100644 index cd2e539b28..0000000000 --- a/kubernetes/sdnc/templates/secret-aaf.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{ if .Values.global.aafEnabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-aaf - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -type: Opaque -data: - aaf-password: {{ .Values.aaf_init.deploy_pass | b64enc | quote }} -{{ end }} diff --git a/kubernetes/sdnc/templates/secrets.yaml b/kubernetes/sdnc/templates/secrets.yaml index e8cb336883..dee311c336 100644 --- a/kubernetes/sdnc/templates/secrets.yaml +++ b/kubernetes/sdnc/templates/secrets.yaml @@ -1,41 +1,15 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-odl - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - odl-password: {{ .Values.config.odlPassword | b64enc | quote }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-sdnctl - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.fullname" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-sdnctl-password: {{ .Values.config.dbSdnctlPassword | b64enc | quote }} +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 1611449095..6054546d58 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -34,10 +34,51 @@ spec: spec: initContainers: - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: AAI_CLIENT_NAME + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }} + - name: AAI_CLIENT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }} + - name: MODELSERVICE_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }} + - name: MODELSERVICE_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "modeling-user-creds" "key" "password") | indent 10 }} + - name: RESTCONF_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }} + - name: RESTCONF_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }} + - name: ANSIBLE_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "login") | indent 10 }} + - name: ANSIBLE_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "ansible-creds" "key" "password") | indent 10 }} + - name: SCALEOUT_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "login") | indent 10 }} + - name: SCALEOUT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "scaleout-creds" "key" "password") | indent 10 }} + - name: NETBOX_APIKEY + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "netbox-apikey" "key" "password") | indent 10 }} + - name: SDNC_DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} + - name: SDNC_DB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: config-input + - mountPath: /config + name: properties + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + + - command: - /root/ready.py args: - --container-name - - {{ .Values.config.mariadbGalera.chartName }} + - {{ include "common.mariadbService" . }} env: - name: NAMESPACE valueFrom: @@ -89,12 +130,9 @@ spec: - name: aaf_locator_app_ns value: "{{ .Values.aaf_init.app_ns }}" - name: DEPLOY_FQI - value: "{{ .Values.aaf_init.deploy_fqi }}" + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 12 }} - name: DEPLOY_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" .}}-aaf - key: aaf-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 12 }} - name: cadi_longitude value: "{{ .Values.aaf_init.cadi_longitude }}" - name: cadi_latitude @@ -125,41 +163,36 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password - - name: ODL_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-odl - key: odl-password - - name: SDNC_DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-sdnctl - key: db-sdnctl-password - - name: SDNC_CONFIG_DIR - value: "{{ .Values.config.configDir }}" - - name: ENABLE_ODL_CLUSTER - value: "{{ .Values.config.enableClustering }}" - - name: MY_ODL_CLUSTER - value: "{{ .Values.config.myODLCluster }}" - - name: PEER_ODL_CLUSTER - value: "{{ .Values.config.peerODLCluster }}" - - name: IS_PRIMARY_CLUSTER - value: "{{ .Values.config.isPrimaryCluster }}" - - name: GEO_ENABLED - value: "{{ .Values.config.geoEnabled}}" - - name: SDNC_AAF_ENABLED - value: "{{ .Values.global.aafEnabled}}" - - name: SDNC_REPLICAS - value: "{{ .Values.replicaCount }}" - - name: MYSQL_HOST - value: "{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}" - - name: JAVA_HOME - value: "{{ .Values.config.javaHome}}" + - name: MYSQL_ROOT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }} + - name: ODL_ADMIN_USERNAME + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }} + - name: ODL_ADMIN_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }} + - name: SDNC_DB_USER + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: SDNC_DB_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + - name: SDNC_CONFIG_DIR + value: "{{ .Values.config.configDir }}" + - name: ENABLE_ODL_CLUSTER + value: "{{ .Values.config.enableClustering }}" + - name: MY_ODL_CLUSTER + value: "{{ .Values.config.myODLCluster }}" + - name: PEER_ODL_CLUSTER + value: "{{ .Values.config.peerODLCluster }}" + - name: IS_PRIMARY_CLUSTER + value: "{{ .Values.config.isPrimaryCluster }}" + - name: GEO_ENABLED + value: "{{ .Values.config.geoEnabled}}" + - name: SDNC_AAF_ENABLED + value: "{{ .Values.global.aafEnabled}}" + - name: SDNC_REPLICAS + value: "{{ .Values.replicaCount }}" + - name: MYSQL_HOST + value: {{ include "common.mariadbService" . }} + - name: JAVA_HOME + value: "{{ .Values.config.javaHome}}" volumeMounts: - mountPath: /etc/localtime name: localtime @@ -252,10 +285,13 @@ spec: configMap: name: {{ include "common.fullname" . }}-bin defaultMode: 0755 - - name: properties + - name: config-input configMap: name: {{ include "common.fullname" . }}-properties defaultMode: 0644 + - name: properties + emptyDir: + medium: Memory - name: {{ include "common.fullname" . }}-certs {{ if .Values.certpersistence.enabled }} persistentVolumeClaim: diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 4447a7dfaa..8fd7590863 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -26,6 +26,83 @@ global: persistence: mountPath: /dockerdata-nfs aafEnabled: true + # envsusbt + envsubstImage: dibi/envsubst + mariadbGalera: + #This flag allows SO to instantiate its own mariadb-galera cluster + #If shared instance is used, this chart assumes that DB already exists + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-root-password + name: '{{ include "common.release" . }}-sdnc-db-root-password' + type: password + externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}' + password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword" }}' + - uid: db-secret + name: &dbSecretName '{{ include "common.release" . }}-sdnc-db-secret' + type: basicAuth + # This is a nasty trick that allows you override this secret using external one + # with the same field that is used to pass this to subchart + externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}' + login: '{{ index .Values "mariadb-galera" "config" "userName" }}' + password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}' + - uid: odl-creds + name: &odlCredsSecretName '{{ include "common.release" . }}-sdnc-odl-creds' + type: basicAuth + externalSecret: '{{ .Values.config.odlCredsExternalSecret }}' + login: '{{ .Values.config.odlUser }}' + password: '{{ .Values.config.odlPassword }}' + # For now this is left hardcoded but should be revisited in a future + passwordPolicy: required + - uid: aaf-creds + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aaf_init.deploy_fqi }}' + password: '{{ .Values.aaf_init.deploy_pass }}' + passwordPolicy: required + - uid: netbox-apikey + type: password + externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}' + password: '{{ .Values.config.netboxApikey }}' + passwordPolicy: required + - uid: aai-user-creds + type: basicAuth + externalSecret: '{{ .Values.config.aaiCredsExternalSecret}}' + login: '{{ .Values.config.aaiUser }}' + password: '{{ .Values.config.aaiPassword }}' + passwordPolicy: required + - uid: modeling-user-creds + type: basicAuth + externalSecret: '{{ .Values.config.modelingCredsExternalSecret}}' + login: '{{ .Values.config.modelingUser }}' + password: '{{ .Values.config.modelingPassword }}' + passwordPolicy: required + - uid: restconf-creds + type: basicAuth + externalSecret: '{{ .Values.config.restconfCredsExternalSecret}}' + login: '{{ .Values.config.restconfUser }}' + password: '{{ .Values.config.restconfPassword }}' + passwordPolicy: required + - uid: ansible-creds + name: &ansibleSecretName '{{ include "common.release" . }}-sdnc-ansible-creds' + type: basicAuth + externalSecret: '{{ .Values.config.ansibleCredsExternalSecret}}' + login: '{{ .Values.config.ansibleUser }}' + password: '{{ .Values.config.ansiblePassword }}' + passwordPolicy: required + - uid: scaleout-creds + type: basicAuth + externalSecret: '{{ .Values.config.scaleoutCredsExternalSecret}}' + login: '{{ .Values.config.scaleoutUser }}' + password: '{{ .Values.config.scaleoutPassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -43,11 +120,27 @@ debugEnabled: false config: odlUid: 100 odlGid: 101 + odlUser: admin odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U - dbRootPassword: secretpassword - dbSdnctlUser: sdnctl - dbSdnctlDatabase: sdnctl - dbSdnctlPassword: gamma + # odlCredsExternalSecret: some secret + netboxApikey: onceuponatimeiplayedwithnetbox20180814 + # netboxApikeyExternalSecret: some secret + aaiUser: sdnc@sdnc.onap.org + aaiPassword: demo123456! + # aaiCredsExternalSecret: some secret + modelingUser: ccsdkapps + modelingPassword: ccsdkapps + # modelingCredsExternalSecret: some secret + restconfUser: admin + restconfPassword: admin + # restconfCredsExternalSecret: some secret + scaleoutUser: admin + scaleoutPassword: admin + # scaleoutExternalSecret: some secret + ansibleUser: sdnc + ansiblePassword: sdnc + # ansibleCredsExternalSecret: some secret + dbSdnctlDatabase: &sdncDbName sdnctl enableClustering: true sdncHome: /opt/onap/sdnc binDir: /opt/onap/sdnc/bin @@ -91,17 +184,6 @@ config: parallelGCThreads : 3 numberGGLogFiles: 10 - - - #local Mariadb-galera cluster - localDBCluster: false - - #Shared mariadb-galera details - mariadbGalera: - chartName: mariadb-galera - serviceName: mariadb-galera - internalPort: 3306 - # dependency / sub-chart configuration aaf_init: agentImage: onap/aaf/aaf_agent:2.1.15 @@ -114,63 +196,82 @@ aaf_init: cadi_latitude: "38.0" cadi_longitude: "-72.0" +mariadb-galera: &mariadbGalera + nameOverride: sdnc-db + config: + rootPasswordExternalSecret: '{{ ternary (include "common.release" .)-sdnc-db-root-password "" .Values.global.mariadbGalera.localCluster }}' + userName: sdnctl + userCredentialsExternalSecret: *dbSecretName + service: + name: sdnc-dbhost + internalPort: 3306 + sdnctlPrefix: sdnc + persistence: + mountSubPath: sdnc/mariadb-galera + enabled: true + replicaCount: 1 + cds: enabled: false dmaap-listener: nameOverride: sdnc-dmaap-listener + mariadb-galera: + << : *mariadbGalera + config: + mysqlDatabase: *sdncDbName config: sdncChartName: sdnc - mysqlChartName: mariadb-galera dmaapPort: 3904 sdncPort: 8282 configDir: /opt/onap/sdnc/data/properties - odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + odlCredsExternalSecret: *odlCredsSecretName ueb-listener: + mariadb-galera: + << : *mariadbGalera + config: + mysqlDatabase: *sdncDbName nameOverride: sdnc-ueb-listener config: sdncPort: 8282 sdncChartName: sdnc - mysqlChartName: mariadb-galera configDir: /opt/onap/sdnc/data/properties - odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + odlCredsExternalSecret: *odlCredsSecretName sdnc-portal: + mariadb-galera: + << : *mariadbGalera + config: + mysqlDatabase: *sdncDbName config: sdncChartName: sdnc - mysqlChartName: mariadb-galera configDir: /opt/onap/sdnc/data/properties - dbRootPassword: secretpassword - dbSdnctlPassword: gamma - odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + odlCredsExternalSecret: *odlCredsSecretName sdnc-ansible-server: + config: + restCredsExternalSecret: *ansibleSecretName + mariadb-galera: + << : *mariadbGalera + config: + mysqlDatabase: ansible service: name: sdnc-ansible-server internalPort: 8000 - config: - mysqlServiceName: mariadb-galera - -mariadb-galera: - nameOverride: sdnc-db - service: - name: sdnc-dbhost - internalPort: 3306 - sdnctlPrefix: sdnc - persistence: - mountSubPath: sdnc/mariadb-galera - enabled: true - replicaCount: 1 dgbuilder: nameOverride: sdnc-dgbuilder config: + db: + dbName: *sdncDbName + rootPasswordExternalSecret: '{{ ternary (printf "%s-sdnc-db-root-password" (include "common.release" .)) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" "mariadb-galera")) .Values.global.mariadbGalera.localCluster }}' + userCredentialsExternalSecret: *dbSecretName dbPodName: mariadb-galera dbServiceName: mariadb-galera - dbRootPassword: secretpassword - dbSdnctlPassword: gamma + # This should be revisited and changed to plain text dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5 + mariadb-galera: service: name: sdnc-dgbuilder nodePort: "03" diff --git a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml index a714ba9328..02947c6643 100755 --- a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml @@ -289,6 +289,15 @@ sdnc: si: svc: types: PORT-MIRROR,PPROBE + dmaap: + host: http://message-router.{{ include "common.namespace" . }}:3904 + timeout: 30000 + lcm: + path: '/restconf/operations/LCM:' + actionTimeout: 300000 + dmapp: + readTopic: SDNC-LCM-WRITE + writeTopic: SDNC-LCM-READ appc: client: topic: diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml b/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml index b57205223e..a2e27548ba 100755 --- a/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/templates/configmap.yaml @@ -38,3 +38,12 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} + diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml index 91e9be6376..40b19871da 100755 --- a/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/templates/deployment.yaml @@ -66,26 +66,14 @@ spec: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.readwrite.port - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.rolename + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} - name: DB_ADMIN_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.rolename + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.password - {{- if eq .Values.global.security.aaf.enabled true }} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + {{- if eq .Values.global.security.aaf.enabled true }} - name: TRUSTSTORE value: /app/org.onap.so.trust.jks - name: TRUSTSTORE_PASSWORD @@ -111,16 +99,42 @@ spec: - name: config mountPath: /app/config readOnly: true + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap {{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap volumes: - name: logs emptyDir: {} - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/charts/so-bpmn-infra/templates/secret.yaml b/kubernetes/so/charts/so-bpmn-infra/templates/secret.yaml new file mode 100644 index 0000000000..dee311c336 --- /dev/null +++ b/kubernetes/so/charts/so-bpmn-infra/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/charts/so-bpmn-infra/values.yaml index a7925b79e5..357a8fd62c 100755 --- a/kubernetes/so/charts/so-bpmn-infra/values.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/values.yaml @@ -24,12 +24,39 @@ global: mountPath: /dockerdata-nfs ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds' + type: basicAuth + externalSecret: '{{ .Values.db.userCredsExternalSecret }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds' + type: basicAuth + externalSecret: '{{ .Values.db.adminCredsExternalSecret }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + + +################################################################# # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 image: onap/so/bpmn-infra:1.5.3 pullPolicy: Always +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret replicaCount: 1 minReadySeconds: 10 containerPort: 8081 diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml index 91e9be6376..63a10b0d83 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/templates/deployment.yaml @@ -66,25 +66,13 @@ spec: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.readwrite.port - name: DB_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.rolename + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.readwrite.password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} - name: DB_ADMIN_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.rolename + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} - name: DB_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "common.release" . }}-so-db-secrets - key: mariadb.admin.password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} {{- if eq .Values.global.security.aaf.enabled true }} - name: TRUSTSTORE value: /app/org.onap.so.trust.jks diff --git a/kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml b/kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml new file mode 100644 index 0000000000..dee311c336 --- /dev/null +++ b/kubernetes/so/charts/so-catalog-db-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml index c4e23164f2..889f2e83ec 100755 --- a/kubernetes/so/charts/so-catalog-db-adapter/values.yaml +++ b/kubernetes/so/charts/so-catalog-db-adapter/values.yaml @@ -24,12 +24,39 @@ global: mountPath: /dockerdata-nfs ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-user-creds' + type: basicAuth + externalSecret: '{{ .Values.db.userCredsExternalSecret }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-admin-creds' + type: basicAuth + externalSecret: '{{ .Values.db.adminCredsExternalSecret }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + +################################################################# # Application configuration defaults. ################################################################# repository: nexus3.onap.org:10001 image: onap/so/catalog-db-adapter:1.5.3 pullPolicy: Always +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + replicaCount: 1 minReadySeconds: 10 containerPort: 8082 diff --git a/kubernetes/so/charts/so-mariadb/templates/job.yaml b/kubernetes/so/charts/so-mariadb/templates/job.yaml index 68c6017b91..c3002093eb 100644 --- a/kubernetes/so/charts/so-mariadb/templates/job.yaml +++ b/kubernetes/so/charts/so-mariadb/templates/job.yaml @@ -43,14 +43,11 @@ spec: - name: DB_HOST value: {{ .Values.global.migration.dbHost }} - name: DB_USER - value: {{ .Values.global.migration.dbUser }} + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-backup-creds" "key" "login") | indent 10 }} - name: DB_PORT value: "{{ .Values.global.migration.dbPort }}" - name: DB_PASS - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }}-migration - key: db-root-password-backup + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-backup-creds" "key" "password") | indent 10 }} command: - /bin/bash - -c @@ -138,10 +135,7 @@ spec: name: {{ include "common.release" . }}-so-db-secrets key: mariadb.readwrite.port - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }} volumeMounts: - mountPath: /etc/localtime name: localtime diff --git a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml b/kubernetes/so/charts/so-mariadb/templates/secrets.yaml index 1c309faffb..746fe61ccc 100644 --- a/kubernetes/so/charts/so-mariadb/templates/secrets.yaml +++ b/kubernetes/so/charts/so-mariadb/templates/secrets.yaml @@ -1,4 +1,5 @@ # Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,36 +12,5 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-root-password: {{ .Values.global.mariadbGalera.mariadbRootPassword | b64enc | quote }} -{{- if .Values.global.migration.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }}-migration - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - "helm.sh/hook": pre-upgrade,pre-install - "helm.sh/hook-weight": "0" - "helm.sh/hook-delete-policy": before-hook-creation -type: Opaque -data: - db-root-password-backup: {{ .Values.global.migration.dbPassword | b64enc | quote }} -{{- end }} + +{{ include "common.secret" . }} diff --git a/kubernetes/so/charts/so-mariadb/values.yaml b/kubernetes/so/charts/so-mariadb/values.yaml index acf9cb4f33..a5586c6665 100755 --- a/kubernetes/so/charts/so-mariadb/values.yaml +++ b/kubernetes/so/charts/so-mariadb/values.yaml @@ -26,6 +26,28 @@ global: ubuntuInitRepository: registry.hub.docker.com ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-root-pass + name: '{{ include "common.release" . }}-so-mariadb-root-pass' + type: password + externalSecret: '{{ .Values.db.rootPasswordExternalSecret }}' + password: '{{ .Values.db.rootPassword }}' + passwordPolicy: required + - uid: db-backup-creds + name: '{{ include "common.release" . }}-so-mariadb-backup-creds' + type: basicAuth + externalSecret: '{{ .Values.db.backupCredsExternalSecret }}' + login: '{{ .Values.db.backupUser }}' + password: '{{ .Values.db.backupPassword }}' + passwordPolicy: required + annotations: + helm.sh/hook: pre-upgrade,pre-install + helm.sh/hook-weight: "0" + helm.sh/hook-delete-policy: before-hook-creation + +################################################################# # Application configuration defaults. ################################################################# # application image @@ -34,6 +56,13 @@ image: mariadb:10.1.38 pullPolicy: Always ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 +# db config +db: + rootPassword: secretpassword + # rootPasswordExternalSecret: some secret + backupPassword: secretpassword + backupUser: root + # backupCredsExternalSecret: some secret # application configuration config: # gerrit branch where the latest heat code is checked in diff --git a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml index 4710fea218..ffebc4c794 100755 --- a/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/resources/config/overrides/override.yaml @@ -99,7 +99,8 @@ mso: auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}} logPath: ./logs/openstack msb-ip: msb-iag.{{ include "common.namespace" . }} - msb-port: 80 + msb-port: 443 + msb-scheme: https workflow: endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine msoKey: {{ .Values.mso.msoKey }} diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml index b57205223e..21544798cf 100755 --- a/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/templates/configmap.yaml @@ -38,3 +38,11 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml index 91e9be6376..c0ac078039 100755 --- a/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-openstack-adapter/templates/deployment.yaml @@ -111,16 +111,42 @@ spec: - name: config mountPath: /app/config readOnly: true + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap {{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap volumes: - name: logs emptyDir: {} - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml b/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml index b57205223e..104daae051 100755 --- a/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml +++ b/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml @@ -38,3 +38,11 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml index 91e9be6376..c0ac078039 100755 --- a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml +++ b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml @@ -111,16 +111,42 @@ spec: - name: config mountPath: /app/config readOnly: true + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap {{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap volumes: - name: logs emptyDir: {} - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml index a20d2178ba..6235bd2c88 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml @@ -151,6 +151,7 @@ org: sdncurl7: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/L3UCPE-API:' sdncurl8: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NBNC-API:' sdncurl9: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NORTHBOUND-API:service-topology-operation' + sdncurl20: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/LCM:' service: infra: service-topology-infra-activate-operation: POST|90000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1 @@ -160,6 +161,12 @@ org: vfmodule: '': query: GET|60000|sdncurl12| + lcm: + download-n-e-sw: POST|1800000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm + activate-n-e-sw: POST|300000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm + upgrade-pre-check: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm + upgrade-post-check: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm + default: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm network: encryptionKey: {{ index .Values.org.onap.so.adapters.sdnc.network.encryptionKey }} spring: diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml index b57205223e..104daae051 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/templates/configmap.yaml @@ -38,3 +38,11 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml index 5c7f3ab0ca..3b3d189190 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/templates/deployment.yaml @@ -96,16 +96,42 @@ spec: - name: config mountPath: /app/config readOnly: true + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap {{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap volumes: - name: logs emptyDir: {} - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/Chart.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/Chart.yaml index e2818139fa..9ea7a7efc2 100644..100755 --- a/kubernetes/common/postgres-legacy/charts/pgpool/Chart.yaml +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/Chart.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 Amdocs, AT&T, Bell Canada +# Copyright © 2020 Samsung # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,6 +13,6 @@ # limitations under the License. apiVersion: v1 -description: ONAP Postgres Server -name: pgpool +description: ONAP SO VE VNFM Adapter (SOL002) +name: so-ve-vnfm-adapter version: 5.0.0 diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml new file mode 100755 index 0000000000..88d805d81e --- /dev/null +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/resources/config/overrides/override.yaml @@ -0,0 +1,25 @@ +# Copyright © 2020 Samsung# Copyright © 2020 Samsung +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +server: + port: {{ (index .Values.service.ports 0).port }} + +vevnfmadapter: + endpoint: https://msb-iag:30283/api/{{ include "common.servicename" . }}/v1 + +aai: + endpoint: https://aai.{{ include "common.namespace" . }}:8443 + +dmaap: + endpoint: http://message-router.{{ include "common.namespace" . }}:3904 diff --git a/kubernetes/common/postgres-legacy/charts/pgpool/templates/configmap.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/configmap.yaml index 099c8dd12e..e940811883 100755 --- a/kubernetes/common/postgres-legacy/charts/pgpool/templates/configmap.yaml +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/configmap.yaml @@ -1,4 +1,4 @@ -# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2020 Samsung # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,12 +15,17 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }}-pgpool-configmap + name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} + labels: {{- include "common.labels" . | nindent 4 }} data: -{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }} + APP: {{ include "common.name" . }} +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} +data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | nindent 2 }} diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml new file mode 100755 index 0000000000..03b3441c93 --- /dev/null +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/deployment.yaml @@ -0,0 +1,69 @@ +# Copyright © 2020 Samsung +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} + template: + metadata: + labels: {{- include "common.labels" . | nindent 8 }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + command: + - /root/ready.py + args: + - --container-name + - aai + - --container-name + - message-router + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + livenessProbe: + tcpSocket: + port: {{ index .Values.livenessProbe.port }} + initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} + successThreshold: {{ index .Values.livenessProbe.successThreshold}} + failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + ports: {{- include "common.containerPorts" . | nindent 10 }} + volumes: + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/templates/service.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/service.yaml new file mode 100755 index 0000000000..f3ef1138b8 --- /dev/null +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml new file mode 100755 index 0000000000..53106004a9 --- /dev/null +++ b/kubernetes/so/charts/so-ve-vnfm-adapter/values.yaml @@ -0,0 +1,68 @@ +# Copyright © 2020 Samsung +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global: + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + persistence: + mountPath: /dockerdata-nfs +image: onap/so/ve-vnfm-adapter:1.6.0 +pullPolicy: Always +replicaCount: 1 +service: + name: ve-vnfm-adapter + type: ClusterIP + annotations: + msb.onap.org/service-info: | + {{ if not .Values.global.msbDisabled -}}[ + { + "serviceName": "{{ include "common.servicename" . }}", + "version": "v1", + "url": "/", + "protocol": "REST", + "port": "{{ (index .Values.service.ports 0).port }}", + "visualRange": "1" + } + ]{{ end }} + ports: + - name: http + port: 9098 +flavor: small +resources: + small: + limits: + memory: 512Mi + cpu: 500m + requests: + memory: 256Mi + cpu: 250m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + port: 9098 + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/so/templates/configmap.yaml b/kubernetes/so/templates/configmap.yaml index b57205223e..6aa4b5f4f0 100755 --- a/kubernetes/so/templates/configmap.yaml +++ b/kubernetes/so/templates/configmap.yaml @@ -38,3 +38,19 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-so-filebeat-configmap + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }} diff --git a/kubernetes/so/templates/deployment.yaml b/kubernetes/so/templates/deployment.yaml index 91e9be6376..c0ac078039 100755 --- a/kubernetes/so/templates/deployment.yaml +++ b/kubernetes/so/templates/deployment.yaml @@ -111,16 +111,42 @@ spec: - name: config mountPath: /app/config readOnly: true + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap {{ include "helpers.livenessProbe" .| indent 8 }} ports: - containerPort: {{ index .Values.containerPort }} name: {{ .Values.service.portName }} protocol: TCP + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap volumes: - name: logs emptyDir: {} - name: config configMap: name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 5a06253863..a792ff9acd 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -20,6 +20,8 @@ global: repository: nexus3.onap.org:10001 readinessRepository: oomk8s readinessImage: readiness-check:2.0.2 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 mariadbGalera: nameOverride: mariadb-galera serviceName: mariadb-galera @@ -119,6 +121,12 @@ livenessProbe: nodeSelector: {} affinity: {} +# application configuration +config: + logstashServiceName: log-ls + logstashPort: 5044 + + #Used only if localCluster is enabled. Instantiates SO's own cassandra cluster #helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \ # --set so.global.mariadbGalera.localCluster=true \ diff --git a/kubernetes/uui/charts/uui-server/templates/service.yaml b/kubernetes/uui/charts/uui-server/templates/service.yaml index 353fb308dd..9c799cffec 100644 --- a/kubernetes/uui/charts/uui-server/templates/service.yaml +++ b/kubernetes/uui/charts/uui-server/templates/service.yaml @@ -30,7 +30,8 @@ metadata: "url": "/api/usecaseui-server/v1", "protocol": "REST", "port": "{{.Values.service.internalPort}}", - "visualRange":"1" + "visualRange":"1", + "enable_ssl": true } ]' spec: diff --git a/kubernetes/uui/charts/uui-server/values.yaml b/kubernetes/uui/charts/uui-server/values.yaml index e7856d3a4d..b83180757b 100644 --- a/kubernetes/uui/charts/uui-server/values.yaml +++ b/kubernetes/uui/charts/uui-server/values.yaml @@ -25,12 +25,12 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/usecase-ui-server:2.0.1 +image: onap/usecase-ui-server:2.0.2 pullPolicy: Always # application configuration -msbaddr: msb-iag.{{include "common.namespace" .}}:80 +msbaddr: msb-iag.{{include "common.namespace" .}}:443 mraddr: message-router.{{include "common.namespace" .}}:3904 # flag to enable debugging - application support required @@ -84,16 +84,16 @@ ingress: resources: small: limits: - cpu: 250m - memory: 250Mi + cpu: 1.5 + memory: 350Mi requests: - cpu: 250m - memory: 250Mi + cpu: 1 + memory: 245Mi large: limits: - cpu: 500m + cpu: 2 memory: 500Mi requests: - cpu: 500m + cpu: 1 memory: 500Mi unlimited: {} diff --git a/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml index 8e5d097e40..028b164e00 100644 --- a/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-catalog/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: - /root/ready.py args: - --container-name - - vfc-mariadb + - {{ .Values.config.mariadbService }} env: - name: NAMESPACE valueFrom: @@ -49,6 +49,11 @@ spec: name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} + command: + - sh + args: + - -c + - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: @@ -75,11 +80,15 @@ spec: - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR - value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}" - - name: MYSQL_AUTH - value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}" + value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" + - name: MYSQL_ROOT_USER + value: "{{ .Values.global.config.mariadb_admin }}" + - name: MYSQL_ROOT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} - name: REDIS_ADDR value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" + - name: REG_TO_MSB_WHEN_START + value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: - name: {{ include "common.fullname" . }}-catalog mountPath: /service/vfc/nfvo/catalog/static diff --git a/kubernetes/vfc/charts/vfc-catalog/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-catalog/templates/secrets.yaml new file mode 100644 index 0000000000..d053c484be --- /dev/null +++ b/kubernetes/vfc/charts/vfc-catalog/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/vfc/charts/vfc-catalog/values.yaml b/kubernetes/vfc/charts/vfc-catalog/values.yaml index 1a8808b358..3411c44799 100644 --- a/kubernetes/vfc/charts/vfc-catalog/values.yaml +++ b/kubernetes/vfc/charts/vfc-catalog/values.yaml @@ -23,13 +23,23 @@ global: loggingImage: beats/filebeat:5.5.0 ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "db-root-pass" + externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + type: password + password: '{{ .Values.config.mariadbRootPassword }}' + policy: required + +################################################################# # Application configuration defaults. ################################################################# # application image flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/catalog:1.3.4 +image: onap/vfc/catalog:1.3.8 pullPolicy: Always #Istio sidecar injection policy @@ -39,7 +49,11 @@ istioSidecar: true debugEnabled: false # application configuration -config: {} +config: + mariadbService: vfc-mariadb + mariadbPort: 3306 + # mariadbRootPassword: secretpassword + # mariadbRootPasswordExternalSecret: some secret # default number of instances replicaCount: 1 @@ -108,4 +122,4 @@ resources: requests: cpu: 200m memory: 500Mi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/vfc/charts/vfc-ems-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-ems-driver/templates/deployment.yaml index 446bcb96d5..51080a5dbb 100644 --- a/kubernetes/vfc/charts/vfc-ems-driver/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-ems-driver/templates/deployment.yaml @@ -79,6 +79,8 @@ spec: value: "{{ .Values.config.vescollectorServiceName }}:{{ .Values.config.vescollectorPort }}" - name: VES_AUTHINFO value: "{{ .Values.config.vescollectorUser }}:{{ .Values.config.vescollectorPassword }}" + - name: REG_TO_MSB_WHEN_START + value: "{{ .Values.global.config.reg_to_msb_when_start }}" resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/vfc/charts/vfc-ems-driver/values.yaml b/kubernetes/vfc/charts/vfc-ems-driver/values.yaml index d4c71b642c..999a33a7b1 100644 --- a/kubernetes/vfc/charts/vfc-ems-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-ems-driver/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/emsdriver:1.3.0 +image: onap/vfc/emsdriver:1.3.1 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml index 5e84c86ad1..a42567050b 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/templates/deployment.yaml @@ -59,6 +59,8 @@ spec: value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" + - name: REG_TO_MSB_WHEN_START + value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime diff --git a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml index 96bae84455..d7108a8fb0 100644 --- a/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-generic-vnfm-driver/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/gvnfmdriver:1.3.5 +image: onap/vfc/gvnfmdriver:1.3.8 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/deployment.yaml index 163214a692..401d00c792 100644 --- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/templates/deployment.yaml @@ -76,6 +76,8 @@ spec: value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" + - name: REG_TO_MSB_WHEN_START + value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime diff --git a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml index 70125e9441..8b27d45a61 100644 --- a/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-huawei-vnfm-driver/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/nfvo/svnfm/huawei:1.3.0 +image: onap/vfc/nfvo/svnfm/huawei:1.3.6 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-juju-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-juju-vnfm-driver/templates/deployment.yaml index 008d480194..2a542e77bf 100644 --- a/kubernetes/vfc/charts/vfc-juju-vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-juju-vnfm-driver/templates/deployment.yaml @@ -75,6 +75,8 @@ spec: value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName}}:{{ .Values.global.config.msbPort }}" + - name: REG_TO_MSB_WHEN_START + value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime diff --git a/kubernetes/vfc/charts/vfc-juju-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-juju-vnfm-driver/values.yaml index f68f0fc790..1bcdf57df0 100644 --- a/kubernetes/vfc/charts/vfc-juju-vnfm-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-juju-vnfm-driver/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/jujudriver:1.3.1 +image: onap/vfc/jujudriver:1.3.8 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-multivim-proxy/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-multivim-proxy/templates/deployment.yaml index be76d55c96..88e4ca51ee 100644 --- a/kubernetes/vfc/charts/vfc-multivim-proxy/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-multivim-proxy/templates/deployment.yaml @@ -75,6 +75,8 @@ spec: value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" + - name: REG_TO_MSB_WHEN_START + value: "{{ .Values.global.config.reg_to_msb_when_start }}" resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/vfc/charts/vfc-multivim-proxy/values.yaml b/kubernetes/vfc/charts/vfc-multivim-proxy/values.yaml index 211ff720ca..464afe2f7a 100644 --- a/kubernetes/vfc/charts/vfc-multivim-proxy/values.yaml +++ b/kubernetes/vfc/charts/vfc-multivim-proxy/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/multivimproxy:1.3.0 +image: onap/vfc/multivimproxy:1.3.1 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/templates/deployment.yaml index 3f747ce3a6..00c53b2c21 100644 --- a/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/templates/deployment.yaml @@ -77,6 +77,8 @@ spec: value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" + - name: REG_TO_MSB_WHEN_START + value: "{{ .Values.global.config.reg_to_msb_when_start }}" resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/values.yaml index 74f5b67204..e24c3bdac3 100644 --- a/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-nokia-v2vnfm-driver/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/nfvo/svnfm/nokiav2:1.3.0 +image: onap/vfc/nfvo/svnfm/nokiav2:1.3.6 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml index fc6c736fbd..395eedcb84 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-nslcm/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: - /root/ready.py args: - --container-name - - vfc-mariadb + - {{ .Values.config.mariadbService }} env: - name: NAMESPACE valueFrom: @@ -49,6 +49,11 @@ spec: name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} + command: + - sh + args: + - -c + - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: @@ -75,9 +80,11 @@ spec: - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR - value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}" - - name: MYSQL_AUTH - value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}" + value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" + - name: MYSQL_ROOT_USER + value: "{{ .Values.global.config.mariadb_admin }}" + - name: MYSQL_ROOT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} - name: REDIS_ADDR value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" - name: REG_TO_MSB_WHEN_START diff --git a/kubernetes/vfc/charts/vfc-nslcm/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-nslcm/templates/secrets.yaml new file mode 100644 index 0000000000..d053c484be --- /dev/null +++ b/kubernetes/vfc/charts/vfc-nslcm/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/vfc/charts/vfc-nslcm/values.yaml b/kubernetes/vfc/charts/vfc-nslcm/values.yaml index a3d03032c9..30bcc7bde0 100644 --- a/kubernetes/vfc/charts/vfc-nslcm/values.yaml +++ b/kubernetes/vfc/charts/vfc-nslcm/values.yaml @@ -23,13 +23,23 @@ global: loggingImage: beats/filebeat:5.5.0 ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "db-root-pass" + externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + type: password + password: '{{ .Values.config.mariadbRootPassword }}' + policy: required + +################################################################# # Application configuration defaults. ################################################################# # application image flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/nslcm:1.3.4 +image: onap/vfc/nslcm:1.3.7 pullPolicy: Always #Istio sidecar injection policy @@ -39,7 +49,12 @@ istioSidecar: true debugEnabled: false # application configuration -config: {} +config: + mariadbService: vfc-mariadb + mariadbPort: 3306 + # mariadbRootPassword: secretpassword + # mariadbRootPasswordExternalSecret: some secret + # default number of instances replicaCount: 1 @@ -88,4 +103,4 @@ resources: requests: cpu: 200m memory: 500Mi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml index bff1e94766..a6850b5ef2 100644 --- a/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-redis/templates/deployment.yaml @@ -54,6 +54,8 @@ spec: env: - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" + - name: REG_TO_MSB_WHEN_START + value: "{{ .Values.global.config.reg_to_msb_when_start }}" resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/vfc/charts/vfc-redis/values.yaml b/kubernetes/vfc/charts/vfc-redis/values.yaml index cb018b448f..30e2b2ce9a 100644 --- a/kubernetes/vfc/charts/vfc-redis/values.yaml +++ b/kubernetes/vfc/charts/vfc-redis/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/db:1.3.1 +image: onap/vfc/db:1.3.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/vfc/charts/vfc-resmgr/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-resmgr/templates/deployment.yaml index ce381d7140..54ff350109 100644 --- a/kubernetes/vfc/charts/vfc-resmgr/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-resmgr/templates/deployment.yaml @@ -75,6 +75,8 @@ spec: value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" + - name: REG_TO_MSB_WHEN_START + value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime diff --git a/kubernetes/vfc/charts/vfc-resmgr/values.yaml b/kubernetes/vfc/charts/vfc-resmgr/values.yaml index 71cf4cceef..f494b8564d 100644 --- a/kubernetes/vfc/charts/vfc-resmgr/values.yaml +++ b/kubernetes/vfc/charts/vfc-resmgr/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/resmanagement:1.3.0 +image: onap/vfc/resmanagement:1.3.1 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml index e99f4d1120..93320147a9 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnflcm/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: - /root/ready.py args: - --container-name - - vfc-mariadb + - {{ .Values.config.mariadbService }} env: - name: NAMESPACE valueFrom: @@ -49,6 +49,11 @@ spec: name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} + command: + - sh + args: + - -c + - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: @@ -75,11 +80,15 @@ spec: - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR - value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}" - - name: MYSQL_AUTH - value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}" + value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" + - name: MYSQL_ROOT_USER + value: "{{ .Values.global.config.mariadb_admin }}" + - name: MYSQL_ROOT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} - name: REDIS_ADDR value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" + - name: REG_TO_MSB_WHEN_START + value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime diff --git a/kubernetes/vfc/charts/vfc-vnflcm/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-vnflcm/templates/secrets.yaml new file mode 100644 index 0000000000..d053c484be --- /dev/null +++ b/kubernetes/vfc/charts/vfc-vnflcm/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml index 4883833182..60a6abcb7b 100644 --- a/kubernetes/vfc/charts/vfc-vnflcm/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnflcm/values.yaml @@ -23,13 +23,23 @@ global: loggingImage: beats/filebeat:5.5.0 ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "db-root-pass" + externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + type: password + password: '{{ .Values.config.mariadbRootPassword }}' + policy: required + +################################################################# # Application configuration defaults. ################################################################# # application image flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/vnflcm:1.3.4 +image: onap/vfc/vnflcm:1.3.7 pullPolicy: Always #Istio sidecar injection policy @@ -39,7 +49,12 @@ istioSidecar: true debugEnabled: false # application configuration -config: {} +config: + mariadbService: vfc-mariadb + mariadbPort: 3306 + # mariadbRootPassword: secretpassword + # mariadbRootPasswordExternalSecret: some secret + # default number of instances replicaCount: 1 @@ -88,4 +103,4 @@ resources: requests: cpu: 200m memory: 500Mi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml index 66db39ec36..61adba88e8 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnfmgr/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: - /root/ready.py args: - --container-name - - vfc-mariadb + - {{ .Values.config.mariadbService }} env: - name: NAMESPACE valueFrom: @@ -49,6 +49,11 @@ spec: name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} + command: + - sh + args: + - -c + - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: @@ -75,12 +80,15 @@ spec: - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR - value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}" + value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - name: REDIS_ADDR value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" - - name: MYSQL_AUTH - value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}" - + - name: MYSQL_ROOT_USER + value: "{{ .Values.global.config.mariadb_admin }}" + - name: MYSQL_ROOT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} + - name: REG_TO_MSB_WHEN_START + value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/templates/secrets.yaml new file mode 100644 index 0000000000..d053c484be --- /dev/null +++ b/kubernetes/vfc/charts/vfc-vnfmgr/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml b/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml index fdd38e68e9..20af3bb5ef 100644 --- a/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnfmgr/values.yaml @@ -23,13 +23,23 @@ global: loggingImage: beats/filebeat:5.5.0 ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "db-root-pass" + externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + type: password + password: '{{ .Values.config.mariadbRootPassword }}' + policy: required + +################################################################# # Application configuration defaults. ################################################################# # application image flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/vnfmgr:1.3.4 +image: onap/vfc/vnfmgr:1.3.8 pullPolicy: Always #Istio sidecar injection policy @@ -39,7 +49,11 @@ istioSidecar: true debugEnabled: false # application configuration -config: {} +config: + mariadbService: vfc-mariadb + mariadbPort: 3306 + # mariadbRootPassword: secretpassword + # mariadbRootPasswordExternalSecret: some secret # default number of instances replicaCount: 1 @@ -87,4 +101,4 @@ resources: requests: cpu: 200m memory: 500Mi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml index f5fc28466a..ee9ff9cb45 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-vnfres/templates/deployment.yaml @@ -37,7 +37,7 @@ spec: - /root/ready.py args: - --container-name - - vfc-mariadb + - {{ .Values.config.mariadbService }} env: - name: NAMESPACE valueFrom: @@ -49,6 +49,11 @@ spec: name: {{ include "common.name" . }}-readiness containers: - name: {{ include "common.name" . }} + command: + - sh + args: + - -c + - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh' image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: @@ -75,11 +80,15 @@ spec: - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" - name: MYSQL_ADDR - value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}" + value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}" - name: REDIS_ADDR value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}" - - name: MYSQL_AUTH - value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}" + - name: MYSQL_ROOT_USER + value: "{{ .Values.global.config.mariadb_admin }}" + - name: MYSQL_ROOT_PASSWORD + {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}} + - name: REG_TO_MSB_WHEN_START + value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime diff --git a/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml b/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml new file mode 100644 index 0000000000..d053c484be --- /dev/null +++ b/kubernetes/vfc/charts/vfc-vnfres/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/vfc/charts/vfc-vnfres/values.yaml b/kubernetes/vfc/charts/vfc-vnfres/values.yaml index 9c51d6658f..078554d5d6 100644 --- a/kubernetes/vfc/charts/vfc-vnfres/values.yaml +++ b/kubernetes/vfc/charts/vfc-vnfres/values.yaml @@ -23,13 +23,23 @@ global: loggingImage: beats/filebeat:5.5.0 ################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "db-root-pass" + externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}' + type: password + password: '{{ .Values.config.mariadbRootPassword }}' + policy: required + +################################################################# # Application configuration defaults. ################################################################# # application image flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/vnfres:1.3.4 +image: onap/vfc/vnfres:1.3.7 pullPolicy: Always #Istio sidecar injection policy @@ -39,7 +49,12 @@ istioSidecar: true debugEnabled: false # application configuration -config: {} +config: + mariadbService: vfc-mariadb + mariadbPort: 3306 + # mariadbRootPassword: secretpassword + # mariadbRootPasswordExternalSecret: some secret + # default number of instances replicaCount: 1 @@ -88,4 +103,4 @@ resources: requests: cpu: 200m memory: 500Mi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/vfc/charts/vfc-workflow-engine/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-workflow-engine/templates/deployment.yaml index 410d4b6b5b..c78d6b3477 100644 --- a/kubernetes/vfc/charts/vfc-workflow-engine/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-workflow-engine/templates/deployment.yaml @@ -83,6 +83,8 @@ spec: value: "{{ .Values.global.config.msbServiceName }}" - name: OPENPALETTE_MSB_PORT value: "{{ .Values.global.config.msbPort | default 80 }}" + - name: REG_TO_MSB_WHEN_START + value: "{{ .Values.global.config.reg_to_msb_when_start }}" resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/vfc/charts/vfc-workflow-engine/values.yaml b/kubernetes/vfc/charts/vfc-workflow-engine/values.yaml index daf1429350..f626cbe16d 100644 --- a/kubernetes/vfc/charts/vfc-workflow-engine/values.yaml +++ b/kubernetes/vfc/charts/vfc-workflow-engine/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/wfengine-activiti:1.3.0 +image: onap/vfc/wfengine-activiti:1.3.3 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-workflow/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-workflow/templates/deployment.yaml index 534979b835..a28814c5b1 100644 --- a/kubernetes/vfc/charts/vfc-workflow/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-workflow/templates/deployment.yaml @@ -83,6 +83,8 @@ spec: value: "{{ .Values.global.config.msbServiceName }}" - name: OPENPALETTE_MSB_PORT value: "{{ .Values.global.config.msbPort | default 80 }}" + - name: REG_TO_MSB_WHEN_START + value: "{{ .Values.global.config.reg_to_msb_when_start }}" resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/vfc/charts/vfc-workflow/values.yaml b/kubernetes/vfc/charts/vfc-workflow/values.yaml index 1c7444f2bf..57e8253fb2 100644 --- a/kubernetes/vfc/charts/vfc-workflow/values.yaml +++ b/kubernetes/vfc/charts/vfc-workflow/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/wfengine-mgrservice:1.3.0 +image: onap/vfc/wfengine-mgrservice:1.3.3 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-zte-sdnc-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-zte-sdnc-driver/templates/deployment.yaml index be76d55c96..88e4ca51ee 100644 --- a/kubernetes/vfc/charts/vfc-zte-sdnc-driver/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-zte-sdnc-driver/templates/deployment.yaml @@ -75,6 +75,8 @@ spec: value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" + - name: REG_TO_MSB_WHEN_START + value: "{{ .Values.global.config.reg_to_msb_when_start }}" resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/vfc/charts/vfc-zte-sdnc-driver/values.yaml b/kubernetes/vfc/charts/vfc-zte-sdnc-driver/values.yaml index 4c2a54620a..a72d7cc476 100644 --- a/kubernetes/vfc/charts/vfc-zte-sdnc-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-zte-sdnc-driver/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/ztesdncdriver:1.3.0 +image: onap/vfc/ztesdncdriver:1.3.1 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml index 5f5e710632..bd79aad92a 100644 --- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml +++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/templates/deployment.yaml @@ -75,6 +75,8 @@ spec: value: "{{ .Values.global.config.ssl_enabled }}" - name: MSB_ADDR value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}" + - name: REG_TO_MSB_WHEN_START + value: "{{ .Values.global.config.reg_to_msb_when_start }}" volumeMounts: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime diff --git a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml index 3655fc0cd9..6c0f829c80 100644 --- a/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml +++ b/kubernetes/vfc/charts/vfc-zte-vnfm-driver/values.yaml @@ -29,7 +29,7 @@ global: flavor: small repository: nexus3.onap.org:10001 -image: onap/vfc/ztevnfmdriver:1.3.1 +image: onap/vfc/ztevnfmdriver:1.3.6 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/vfc/templates/secrets.yaml b/kubernetes/vfc/templates/secrets.yaml new file mode 100644 index 0000000000..d053c484be --- /dev/null +++ b/kubernetes/vfc/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright (c) 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secret" . }} diff --git a/kubernetes/vfc/values.yaml b/kubernetes/vfc/values.yaml index eb6638b18b..b204c58f94 100644 --- a/kubernetes/vfc/values.yaml +++ b/kubernetes/vfc/values.yaml @@ -18,40 +18,70 @@ global: msbprotocol: https msbServiceName: msb-iag msbPort: 443 - dbServiceName: vfc-db - dbPort: 3306 - dbUser: root - mariadbRootPassword: secretpassword redisServiceName: vfc-redis redisPort: 6379 +# Becaue now oom can register the microservice to msb automatically, +# If it is set to false, vfc contanier will not register again, if it is +# set to true, vfc will register by itself. +# we use this flag to determine who is responbile for serice registeration +# and it can reduce duplicate registration. reg_to_msb_when_start: False + mariadb_admin: root persistence: mountPath: /dockerdata-nfs +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "db-root-pass" + name: &dbRootPassSecret '{{ include "common.release" . }}-vfc-db-root-pass' + type: password + password: '{{ .Values.config.mariadbRootPassword }}' + # application configuration config: logstashServiceName: log-ls logstashPort: 5044 mariadb-galera: + config: + mariadbRootPasswordExternalSecret: *dbRootPassSecret nameOverride: vfc-mariadb service: - name: vfc-db - portName: vfc-db + name: vfc-mariadb + portName: vfc-mariadb nfsprovisionerPrefix: vfc persistence: mountSubPath: vfc/data enabled: true disableNfsProvisioner: true -catalog: +db: &dbConfig + mariadbService: vfc-mariadb + mariadbPort: 3306 + mariadbRootPasswordExternalSecret: *dbRootPassSecret + +vfc-catalog: config: - dbPodName: vfc-db - dbServiceName: vfc-db -nslcm: + << : *dbConfig + +vfc-nslcm: + config: + << : *dbConfig + +vfc-vnflcm: config: - dbPodName: vfc-db - dbServiceName: vfc-db + << : *dbConfig + +vfc-vnfmgr: + config: + << : *dbConfig + +vfc-vnfres: + config: + << : *dbConfig + # sub-chart configuration vfc-workflow: service: diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index e8d0595284..fb8f1a04f8 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -39,7 +39,7 @@ subChartsOnly: # application image repository: nexus3.onap.org:10001 -image: onap/vid:6.0.2 +image: onap/vid:6.0.3 pullPolicy: Always # mariadb image for initializing diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml index ab6bae3d5f..9529e558a2 100644 --- a/kubernetes/vnfsdk/values.yaml +++ b/kubernetes/vnfsdk/values.yaml @@ -98,7 +98,7 @@ service: name: refrepo portName: refrepo nodePort: 97 - internalPort: 8702 + internalPort: 8703 ingress: enabled: false |