summaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat1
-rw-r--r--kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat1
-rw-r--r--kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat1
-rw-r--r--kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat3
-rw-r--r--kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat6
-rw-r--r--kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat4
-rw-r--r--kubernetes/aaf/resources/data/identities.dat1
-rw-r--r--kubernetes/aai/components/aai-babel/templates/deployment.yaml24
-rw-r--r--kubernetes/aai/components/aai-babel/values.yaml5
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml22
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml4
-rw-r--r--kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml4
-rw-r--r--kubernetes/aai/components/aai-graphadmin/values.yaml4
-rw-r--r--kubernetes/aai/components/aai-modelloader/templates/deployment.yaml26
-rw-r--r--kubernetes/aai/components/aai-modelloader/values.yaml6
-rw-r--r--kubernetes/aai/components/aai-resources/templates/deployment.yaml23
-rw-r--r--kubernetes/aai/components/aai-resources/values.yaml5
-rw-r--r--kubernetes/aai/components/aai-schema-service/templates/deployment.yaml22
-rw-r--r--kubernetes/aai/components/aai-schema-service/values.yaml5
-rw-r--r--kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml22
-rw-r--r--kubernetes/aai/components/aai-sparky-be/values.yaml5
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/deployment.yaml24
-rw-r--r--kubernetes/aai/components/aai-traversal/templates/job.yaml6
-rw-r--r--kubernetes/aai/components/aai-traversal/values.yaml5
-rw-r--r--kubernetes/aai/templates/configmap.yaml15
-rw-r--r--kubernetes/aai/values.yaml16
-rwxr-xr-xkubernetes/cds/components/cds-blueprints-processor/values.yaml2
-rwxr-xr-xkubernetes/cds/components/cds-command-executor/values.yaml2
-rwxr-xr-xkubernetes/cds/components/cds-py-executor/values.yaml2
-rw-r--r--kubernetes/cds/components/cds-sdc-listener/values.yaml2
-rw-r--r--kubernetes/cds/components/cds-ui/values.yaml2
-rw-r--r--kubernetes/common/common/templates/_log.tpl7
-rw-r--r--kubernetes/common/etcd/templates/statefulset.yaml2
-rw-r--r--kubernetes/common/etcd/values.yaml1
-rw-r--r--kubernetes/common/mongo/templates/statefulset.yaml2
-rw-r--r--kubernetes/holmes/requirements.yaml5
-rw-r--r--kubernetes/holmes/values.yaml28
-rw-r--r--kubernetes/multicloud/components/multicloud-fcaps/requirements.yaml3
-rw-r--r--kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml7
-rw-r--r--kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml2
-rw-r--r--kubernetes/multicloud/components/multicloud-fcaps/values.yaml8
-rw-r--r--kubernetes/multicloud/components/multicloud-k8s/requirements.yaml3
-rw-r--r--kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml2
-rw-r--r--kubernetes/multicloud/components/multicloud-k8s/values.yaml6
-rw-r--r--kubernetes/multicloud/components/multicloud-pike/requirements.yaml3
-rw-r--r--kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml7
-rw-r--r--kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml4
-rw-r--r--kubernetes/multicloud/components/multicloud-pike/values.yaml8
-rw-r--r--kubernetes/multicloud/components/multicloud-prometheus/requirements.yaml3
-rw-r--r--kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml1
-rw-r--r--kubernetes/multicloud/components/multicloud-prometheus/values.yaml6
-rw-r--r--kubernetes/multicloud/components/multicloud-starlingx/requirements.yaml3
-rw-r--r--kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml7
-rw-r--r--kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml2
-rw-r--r--kubernetes/multicloud/components/multicloud-starlingx/values.yaml8
-rw-r--r--kubernetes/multicloud/components/multicloud-vio/requirements.yaml3
-rw-r--r--kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml1
-rw-r--r--kubernetes/multicloud/components/multicloud-vio/values.yaml6
-rw-r--r--kubernetes/multicloud/components/multicloud-windriver/requirements.yaml3
-rw-r--r--kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml7
-rw-r--r--kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml2
-rw-r--r--kubernetes/multicloud/components/multicloud-windriver/values.yaml8
-rw-r--r--kubernetes/multicloud/requirements.yaml3
-rw-r--r--kubernetes/multicloud/resources/config/log/framework/log.yml7
-rw-r--r--kubernetes/multicloud/templates/deployment.yaml1
-rw-r--r--kubernetes/multicloud/values.yaml8
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-http-ppnt/Chart.yaml22
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-http-ppnt/requirements.yaml31
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/HttpParticipantParameters.yaml42
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/logback.xml103
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/configmap.yaml32
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/deployment.yaml93
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/secrets.yaml17
-rw-r--r--kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml104
-rwxr-xr-xkubernetes/policy/requirements.yaml4
-rwxr-xr-xkubernetes/policy/values.yaml2
-rw-r--r--kubernetes/sdnc/components/dmaap-listener/values.yaml2
-rw-r--r--kubernetes/sdnc/components/sdnc-ansible-server/values.yaml2
-rw-r--r--kubernetes/sdnc/components/sdnc-web/values.yaml2
-rw-r--r--kubernetes/sdnc/components/ueb-listener/values.yaml2
-rw-r--r--kubernetes/sdnc/values.yaml2
-rw-r--r--kubernetes/uui/Makefile51
-rw-r--r--kubernetes/uui/components/Makefile51
-rw-r--r--kubernetes/uui/components/uui-server/requirements.yaml27
-rw-r--r--kubernetes/uui/components/uui-server/resources/config/application.properties53
-rw-r--r--kubernetes/uui/components/uui-server/resources/entrypoint/run.sh43
-rw-r--r--kubernetes/uui/components/uui-server/templates/configmap.yaml41
-rw-r--r--kubernetes/uui/components/uui-server/templates/deployment.yaml32
-rw-r--r--kubernetes/uui/components/uui-server/values.yaml38
-rw-r--r--kubernetes/uui/requirements.yaml3
-rw-r--r--kubernetes/uui/resources/config/server.xml161
-rw-r--r--kubernetes/uui/templates/configmap.yaml28
-rw-r--r--kubernetes/uui/templates/deployment.yaml59
-rw-r--r--kubernetes/uui/values.yaml33
94 files changed, 1302 insertions, 225 deletions
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
index 298274ed0f..23a068763a 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat
@@ -70,3 +70,4 @@ vfc@vfc.onap.org|vfc|local|/opt/app/osaaf/local||mailto:|org.onap.vfc|root|30|{'
vid1@vid1.onap.org|vid1|local|/opt/app/osaaf/local||mailto:|org.onap.vid1|root|30|{'onap', 'onap.vid1', 'vid1', 'vid1.api.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
vid2@vid2.onap.org|vid2|local|/opt/app/osaaf/local||mailto:|org.onap.vid2|root|30|{'onap.vid2', 'vid2', 'vid2.api.simpledemo.onap.org', 'vid2.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
vid@vid.onap.org|vid|local|/opt/app/osaaf/local||mailto:|org.onap.vid|root|30|{'vid.api.simpledemo.onap.org', 'vid.onap'}|mmanager@osaaf.org|{'jks', 'pkcs12'}
+uui@uui.onap.org|uui|local|/opt/app/osaaf/local||mailto:|org.onap.uui|root|30|{'uui', 'uui.api.simpledemo.onap.org', 'uui.onap','uui-server', 'uui-server.api.simpledemo.onap.org', 'uui-server.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'}
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat
index 5cccae1a65..7112b0b7e4 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat
@@ -55,3 +55,4 @@ ps0001@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04
aaf_admin@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
deployer@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
portal_admin@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
+uui@uui.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.uui|53344||
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat
index 3756a89aad..6763069879 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat
@@ -77,6 +77,7 @@ org.onap.vfc||org.onap||3
org.onap.vid1||org.onap||3
org.onap.vid2||org.onap||3
org.onap.vid||org.onap||3
+org.onap.uui||org.onap||3
org.openecomp.dcae|DCAE Namespace Org|org.openecomp|3|3
org.openecomp.dmaapBC|DMaap NS|org.openecomp|3|3
org.openecomp|Open EComp NS|org|2|2
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat
index d29617a4d9..48ec26e15a 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat
@@ -524,6 +524,9 @@ org.onap.vid|url|doclib_admin|*|Document Library Admin|"{'org.onap.vid|System_Ad
org.onap.vid|url|doclib|*|Document Library|"{'org.onap.vid|System_Administrator'}"
org.onap.vid|url|login|*|Login|"{'org.onap.vid|Standard_User', 'org.onap.vid|System_Administrator'}"
org.onap.vid|url|view_reports|*|View Raptor reports|
+org.onap.uui|access|*|*|AAF Namespace Write Access|"{'org.onap.uui|admin', 'org.onap.uui|service'}"
+org.onap.uui|access|*|read|AAF Namespace Read Access|"{'org.onap.uui|owner'}"
+org.onap.uui|certman|local|request,ignoreIPs,showpass||"{'org.onap.uui|admin', 'org.onap.uui|seeCerts', 'org.osaaf.aaf|deploy'}"
org.openecomp|access|*|*|OpenEcomp Write Access|{'org.openecomp.admin'}
org.openecomp|access|*|read|OpenEcomp Read Access|{'org.openecomp.owner'}
org.openecomp.dmaapBC|access|*|*|DMaap Write Access|{'org.openecomp.dmaapBC.admin'}
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat
index d73a09d4cd..397846c72c 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat
@@ -330,12 +330,16 @@ org.onap.vid|seeCerts|seeCerts|
org.onap.vid|service|service|
org.onap.vid|Standard_User|Standard User|"{'org.onap.vid|menu|menu_ajax|*', 'org.onap.vid|menu|menu_changemanagement|*', 'org.onap.vid|menu|menu_customer_create|*', 'org.onap.vid|menu|menu_customer|*', 'org.onap.vid|menu|menu_home|*', 'org.onap.vid|menu|menu_itracker|*', 'org.onap.vid|menu|menu_logout|*', 'org.onap.vid|menu|menu_map|*', 'org.onap.vid|menu|menu_newserinstance|*', 'org.onap.vid|menu|menu_profile|*', 'org.onap.vid|menu|menu_reports|*', 'org.onap.vid|menu|menu_searchexisting|*', 'org.onap.vid|menu|menu_servicemodels|*', 'org.onap.vid|menu|menu_tab|*', 'org.onap.vid|menu|menu_viewlog|*', 'org.onap.vid|url|login|*'}"
org.onap.vid|System_Administrator|System Administrator|"{'org.onap.vid|menu|menu_admin|*', 'org.onap.vid|menu|menu_ajax|*', 'org.onap.vid|menu|menu_changemanagement|*', 'org.onap.vid|menu|menu_customer_create|*', 'org.onap.vid|menu|menu_customer|*', 'org.onap.vid|menu|menu_feedback|*', 'org.onap.vid|menu|menu_help|*', 'org.onap.vid|menu|menu_home|*', 'org.onap.vid|menu|menu_itracker|*', 'org.onap.vid|menu|menu_job_create|*', 'org.onap.vid|menu|menu_job|*', 'org.onap.vid|menu|menu_logout|*', 'org.onap.vid|menu|menu_newserinstance|*', 'org.onap.vid|menu|menu_notes|*', 'org.onap.vid|menu|menu_process|*', 'org.onap.vid|menu|menu_profile_create|*', 'org.onap.vid|menu|menu_profile_import|*', 'org.onap.vid|menu|menu_profile|*', 'org.onap.vid|menu|menu_reports|*', 'org.onap.vid|menu|menu_sample|*', 'org.onap.vid|menu|menu_searchexisting|*', 'org.onap.vid|menu|menu_servicemodels|*', 'org.onap.vid|menu|menu_tab|*', 'org.onap.vid|menu|menu_test|*', 'org.onap.vid|menu|menu_viewlog|*', 'org.onap.vid|url|doclib_admin|*', 'org.onap.vid|url|doclib|*', 'org.onap.vid|url|login|*'}"
+org.onap.uui|admin|AAF Namespace Administrators|"{'org.onap.uui|access|*|*', 'org.onap.uui|certman|local|request,ignoreIPs,showpass'}"
+org.onap.uui|owner|AAF Namespace Owners|"{'org.onap.uui|access|*|read'}"
+org.onap.uui|seeCerts||"{'org.onap.uui|certman|local|request,ignoreIPs,showpass'}"
+org.onap.uui|service||"{'org.onap.uui|access|*|*'}"
org.openecomp|admin|OpenEcomp Admins|"{'org.openecomp.access|*|*'}"
org.openecomp.dmaapBC|admin|AAF Admins|"{'org.openecomp.dmaapBC.access|*|*', 'org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub', 'org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub', 'org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create'}"
org.openecomp.dmaapBC|owner|AAF Owners|"{'org.openecomp.dmaapBC.access|*|read'}"
org.openecomp|owner|OpenEcomp Owners|"{'org.openecomp.access|*|read'}"
org.osaaf.aaf|admin|AAF Admins|"{'org.osaaf.aaf.access|*|*', 'org.osaaf.aaf|cache|all|clear', 'org.osaaf.aaf|cache|role|clear', 'org.osaaf.aaf|password|*|create,reset'}"
-org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.a1p|certman|local|request,ignoreIPs,showpass', 'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-engine-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-rule-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.refrepo|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}"
+org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.a1p|certman|local|request,ignoreIPs,showpass', 'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-engine-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-rule-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.refrepo|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.onap.uui|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}"
org.osaaf.aaf|owner|AAF Owners|"{'org.osaaf.aaf.access|*|read,approve'}"
org.osaaf.aaf|service||"{'org.osaaf.aaf|cache|*|clear'}"
org.osaaf|admin|OSAAF Admins|"{'org.osaaf.access|*|*'}"
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat
index cf6c3aa827..0dabc4d595 100644
--- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat
+++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat
@@ -94,6 +94,7 @@ mmanager@people.osaaf.org|org.onap.vid2.admin|2020-11-26 12:31:54.000+0000|org.o
mmanager@people.osaaf.org|org.onap.vid2.owner|2020-11-26 12:31:54.000+0000|org.onap.vid2|owner
mmanager@people.osaaf.org|org.onap.vid.admin|2020-11-26 12:31:54.000+0000|org.onap.vid|admin
mmanager@people.osaaf.org|org.onap.vid.owner|2020-11-26 12:31:54.000+0000|org.onap.vid|owner
+mmanager@people.osaaf.org|org.onap.uui.owner|2020-11-26 12:31:54.000+0000|org.onap.uui|owner
mmanager@people.osaaf.org|org.osaaf.people.owner|2020-11-26 12:31:54.000+0000|org.osaaf.people|owner
portal@portal.onap.org|org.onap.aaf-sms.admin|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|admin
portal@portal.onap.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin
@@ -255,6 +256,7 @@ aaf_admin@people.osaaf.org|org.onap.vfc.admin|2020-11-26 12:31:54.000+0000|org.o
aaf_admin@people.osaaf.org|org.onap.vid1.admin|2020-11-26 12:31:54.000+0000|org.onap.vid1|admin
aaf_admin@people.osaaf.org|org.onap.vid2.admin|2020-11-26 12:31:54.000+0000|org.onap.vid2|admin
aaf_admin@people.osaaf.org|org.onap.vid.admin|2020-11-26 12:31:54.000+0000|org.onap.vid|admin
+aaf_admin@people.osaaf.org|org.onap.uui.admin|2020-11-26 12:31:54.000+0000|org.onap.uui|admin
aaf_admin@people.osaaf.org|org.osaaf.aaf.admin|2020-11-26 12:31:54.000+0000|org.osaaf.aaf|admin
aaf_admin@people.osaaf.org|org.osaaf.people.admin|2020-11-26 12:31:54.000+0000|org.osaaf.people|admin
deployer@people.osaaf.org|org.osaaf.aaf.deploy|2020-11-26 12:31:54.000+0000|org.osaaf.aaf|deploy
@@ -355,6 +357,8 @@ vid@vid.onap.org|org.onap.vid.service|2020-11-26 12:31:54.000+0000|org.onap.vid|
vid1@people.osaaf.org|org.onap.vid.System_Administrator|2020-11-26 12:31:54.000+0000|org.onap.vid|System_Administrator
vid2@people.osaaf.org|org.onap.vid.Standard_User|2020-11-26 12:31:54.000+0000|org.onap.vid|Standard_User
vid2@people.osaaf.org|org.onap.vid.System_Administrator|2020-11-26 12:31:54.000+0000|org.onap.vid|System_Administrator
+uui@uui.onap.org|org.onap.uui.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.uui|seeCerts
+uui@uui.onap.org|org.onap.uui.service|2020-11-26 12:31:54.000+0000|org.onap.uui|service
dmaap-bc@bc.dmaap.onap.org|org.onap.dmaap.bc.service|2020-11-26 12:31:54.000+0000|org.onap.dmaap.bc|service
dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap-bc.api.Controller|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc.api|Controller
dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap-bc.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc|seeCerts
diff --git a/kubernetes/aaf/resources/data/identities.dat b/kubernetes/aaf/resources/data/identities.dat
index 0fffd6b079..972b2ed347 100644
--- a/kubernetes/aaf/resources/data/identities.dat
+++ b/kubernetes/aaf/resources/data/identities.dat
@@ -75,6 +75,7 @@ msb-eag|ONAP MSB EAG Application|MSB EAG|ONAP Application|314-123-1234|no_reply@
msb-iag|ONAP MSB IAG Application|MSB IAG|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
music|ONAP MUSIC Application|MUSIC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
refrepo|ONAP REFREPO Application|REFREPO|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+uui|ONAP UUI Application|UUI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
# VID Identities
vid|ONAP VID Application|VID|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
vid1|ONAP VID Application 1|VID 1|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
index db3540606b..e12a234b8e 100644
--- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml
@@ -85,8 +85,8 @@ spec:
subPath: babel-auth.properties
- mountPath: /opt/app/babel/config/auth
name: {{ include "common.fullname" . }}-secrets
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
+ - mountPath: {{ .Values.log.path }}
+ name: logs
- mountPath: /opt/app/babel/config/logback.xml
name: {{ include "common.fullname" . }}-config
subPath: logback.xml
@@ -102,17 +102,7 @@ spec:
{{- end }}
# side car containers
- - name: filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- name: filebeat-conf
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
- - mountPath: /usr/share/filebeat/data
- name: aai-filebeat
+ {{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
@@ -133,13 +123,9 @@ spec:
- name: {{ include "common.fullname" . }}-secrets
secret:
secretName: {{ include "common.fullname" . }}-babel-secrets
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: aai-filebeat
+ - name: logs
emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml
index 14a2993c2a..0c34deae13 100644
--- a/kubernetes/aai/components/aai-babel/values.yaml
+++ b/kubernetes/aai/components/aai-babel/values.yaml
@@ -91,3 +91,8 @@ serviceAccount:
nameOverride: aai-babel
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
index 610290061f..6de34e9be7 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
@@ -114,7 +114,7 @@ spec:
name: {{ include "common.fullname" . }}-config
subPath: aaiconfig.properties
- mountPath: /opt/aai/logroot/AAI-RES
- name: {{ include "common.fullname" . }}-logs
+ name: logs
- mountPath: /opt/app/aai-graphadmin/resources/logback.xml
name: {{ include "common.fullname" . }}-config
subPath: logback.xml
@@ -174,29 +174,15 @@ spec:
{{- end }}
# side car containers
- - name: filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- name: filebeat-conf
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
- - mountPath: /usr/share/filebeat/data
- name: {{ include "common.fullname" . }}-filebeat
+ {{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-filebeat
+ - name: logs
emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
index 7c078e9236..1705cf58f8 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
@@ -133,9 +133,7 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-config
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
index 9b4be4e4c7..5752e54926 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
@@ -182,9 +182,7 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-config
diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml
index cdbef0dd8a..031a082eac 100644
--- a/kubernetes/aai/components/aai-graphadmin/values.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/values.yaml
@@ -264,3 +264,7 @@ serviceAccount:
nameOverride: aai-graphadmin
roles:
- read
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
index 7509f88090..7e05d3b6cf 100644
--- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml
@@ -62,8 +62,8 @@ spec:
name: {{ include "common.fullname" . }}-prop-config
- mountPath: /opt/app/model-loader/config/auth/
name: {{ include "common.fullname" . }}-auth-config
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
+ - mountPath: {{ .Values.log.path }}
+ name: logs
- mountPath: /opt/app/model-loader/logback.xml
name: {{ include "common.fullname" . }}-log-conf
subPath: logback.xml
@@ -74,19 +74,7 @@ spec:
{{ include "common.resources" . }}
# side car containers
- - name: filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- name: filebeat-conf
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
- - mountPath: /usr/share/filebeat/data
- name: aai-filebeat
- resources:
-{{ include "common.resources" . }}
+ {{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
@@ -98,13 +86,9 @@ spec:
- name: {{ include "common.fullname" . }}-auth-config
secret:
secretName: {{ include "common.fullname" . }}
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: aai-filebeat
+ - name: logs
emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml
index 96780757c0..443bf40122 100644
--- a/kubernetes/aai/components/aai-modelloader/values.yaml
+++ b/kubernetes/aai/components/aai-modelloader/values.yaml
@@ -19,7 +19,6 @@
global: # global defaults
nodePortPrefix: 302
-
# application image
image: onap/model-loader:1.9.1
pullPolicy: Always
@@ -90,3 +89,8 @@ serviceAccount:
nameOverride: aai-modelloader
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
index fd4b1c3dc1..021f0946ed 100644
--- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml
@@ -150,7 +150,7 @@ spec:
name: {{ include "common.fullname" . }}-config
subPath: aaiconfig.properties
- mountPath: /opt/aai/logroot/AAI-RES
- name: {{ include "common.fullname" . }}-logs
+ name: logs
- mountPath: /opt/app/aai-resources/resources/logback.xml
name: {{ include "common.fullname" . }}-config
subPath: logback.xml
@@ -218,30 +218,15 @@ spec:
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
# side car containers
- - name: filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- name: filebeat-conf
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
- - mountPath: /usr/share/filebeat/data
- name: {{ include "common.fullname" . }}-filebeat
- resources: {{ include "common.resources" . | nindent 12 }}
+ {{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-filebeat
+ - name: logs
emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml
index 3941af3747..fcf7cfedef 100644
--- a/kubernetes/aai/components/aai-resources/values.yaml
+++ b/kubernetes/aai/components/aai-resources/values.yaml
@@ -275,3 +275,8 @@ serviceAccount:
nameOverride: aai-resources
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
index d4394057e8..7c25ab7e61 100644
--- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml
@@ -57,7 +57,7 @@ spec:
name: aaiconfig-conf
subPath: aaiconfig.properties
- mountPath: /opt/aai/logroot/AAI-SS
- name: {{ include "common.fullname" . }}-logs
+ name: logs
- mountPath: /opt/app/aai-schema-service/resources/logback.xml
name: {{ include "common.fullname" . }}-log-conf
subPath: logback.xml
@@ -105,17 +105,7 @@ spec:
{{- end }}
# side car containers
- - name: filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- name: filebeat-conf
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
- - mountPath: /usr/share/filebeat/data
- name: {{ include "common.fullname" . }}-filebeat
+ {{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: aai-common-aai-auth-mount
@@ -124,13 +114,9 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-filebeat
+ - name: logs
emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml
index 252df407c1..4c2b64af82 100644
--- a/kubernetes/aai/components/aai-schema-service/values.yaml
+++ b/kubernetes/aai/components/aai-schema-service/values.yaml
@@ -146,3 +146,8 @@ serviceAccount:
nameOverride: aai-schema-service
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
index 7c09dcd228..48a6b04913 100644
--- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml
@@ -107,7 +107,7 @@ spec:
name: portal-config
- mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/
name: portal-config-props
- - mountPath: /var/log/onap
+ - mountPath: {{ .Values.log.path }}
name: logs
- mountPath: /opt/app/sparky/config/application.properties
name: config
@@ -164,19 +164,7 @@ spec:
{{- end }}
# side car containers
- - name: filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- name: filebeat-conf
- - mountPath: /var/log/onap
- name: logs
- - mountPath: /usr/share/filebeat/data
- name: aai-sparky-filebeat
- resources:
-{{ include "common.resources" . }}
+ {{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
@@ -197,13 +185,9 @@ spec:
- name: auth-config
secret:
secretName: {{ include "common.fullname" . }}
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
- name: logs
emptyDir: {}
- - name: aai-sparky-filebeat
- emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: modeldir
emptyDir: {}
restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml
index 342df7a5d5..b9c8207d7e 100644
--- a/kubernetes/aai/components/aai-sparky-be/values.yaml
+++ b/kubernetes/aai/components/aai-sparky-be/values.yaml
@@ -150,3 +150,8 @@ serviceAccount:
nameOverride: aai-sparky-be
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
index 277fb4bfbb..ed8cde7a88 100644
--- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml
@@ -169,7 +169,7 @@ spec:
name: {{ include "common.fullname" . }}-config
subPath: aaiconfig.properties
- mountPath: /opt/aai/logroot/AAI-GQ
- name: {{ include "common.fullname" . }}-logs
+ name: logs
- mountPath: /opt/aai/logroot/AAI-GQ/misc
name: {{ include "common.fullname" . }}-logs-misc
- mountPath: /opt/app/aai-traversal/resources/logback.xml
@@ -243,33 +243,17 @@ spec:
{{- end }}
# side car containers
- - name: filebeat-onap
- image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- name: filebeat-conf
- - mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
- - mountPath: /usr/share/filebeat/data
- name: {{ include "common.fullname" . }}-filebeat
- resources:
-{{ include "common.resources" . }}
+ {{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
- - name: {{ include "common.fullname" . }}-logs
+ - name: logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logs-misc
emptyDir: {}
- - name: {{ include "common.fullname" . }}-filebeat
- emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml
index 42f0f47bb0..f2e6ee61b5 100644
--- a/kubernetes/aai/components/aai-traversal/templates/job.yaml
+++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml
@@ -118,15 +118,11 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
- - name: filebeat-conf
- configMap:
- name: aai-filebeat
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logs-misc
emptyDir: {}
- - name: {{ include "common.fullname" . }}-filebeat
- emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml
index 70f3e9e6a7..38c7bd0da2 100644
--- a/kubernetes/aai/components/aai-traversal/values.yaml
+++ b/kubernetes/aai/components/aai-traversal/values.yaml
@@ -282,3 +282,8 @@ serviceAccount:
nameOverride: aai-traversal
roles:
- read
+
+#Log configuration
+log:
+ path: /var/log/onap
+logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
diff --git a/kubernetes/aai/templates/configmap.yaml b/kubernetes/aai/templates/configmap.yaml
index b0da359ab1..dac36d729d 100644
--- a/kubernetes/aai/templates/configmap.yaml
+++ b/kubernetes/aai/templates/configmap.yaml
@@ -15,18 +15,7 @@
# this is a shared resource for subcharts
*/}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: aai-filebeat
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }}
+{{ include "common.log.configMap" . }}
---
apiVersion: v1
kind: ConfigMap
@@ -72,4 +61,4 @@ metadata:
type: Opaque
data:
{{ tpl (.Files.Glob "resources/config/rproxy/security/*").AsSecrets . | indent 2 }}
-{{ end }} \ No newline at end of file
+{{ end }}
diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml
index 1122d63dab..79a0f045bc 100644
--- a/kubernetes/aai/values.yaml
+++ b/kubernetes/aai/values.yaml
@@ -33,6 +33,7 @@ global: # global defaults
aafEnabled: true
msbEnabled: true
+ centralizedLoggingEnabled: true
cassandra:
#This will instantiate AAI cassandra cluster, default:shared cassandra.
@@ -276,6 +277,21 @@ global: # global defaults
# since when this is enabled, it prints a lot of information to console
enabled: false
+aai-babel:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-graphadmin:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-modelloader:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-resources:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-schema-service:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-sparky-be:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+aai-traversal:
+ logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
+
#################################################################
# Certificate configuration
#################################################################
diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
index dc2002877a..f59e8cea4d 100755
--- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml
+++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml
@@ -87,7 +87,7 @@ certInitializer:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-blueprintsprocessor:1.2.0
+image: onap/ccsdk-blueprintsprocessor:1.2.1
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/cds/components/cds-command-executor/values.yaml b/kubernetes/cds/components/cds-command-executor/values.yaml
index 658a899c1e..8077d819d1 100755
--- a/kubernetes/cds/components/cds-command-executor/values.yaml
+++ b/kubernetes/cds/components/cds-command-executor/values.yaml
@@ -32,7 +32,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-commandexecutor:1.2.0
+image: onap/ccsdk-commandexecutor:1.2.1
pullPolicy: Always
# application configuration
diff --git a/kubernetes/cds/components/cds-py-executor/values.yaml b/kubernetes/cds/components/cds-py-executor/values.yaml
index c7a2734a8b..cf138c5e26 100755
--- a/kubernetes/cds/components/cds-py-executor/values.yaml
+++ b/kubernetes/cds/components/cds-py-executor/values.yaml
@@ -30,7 +30,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-py-executor:1.2.0
+image: onap/ccsdk-py-executor:1.2.1
pullPolicy: Always
# default number of instances
diff --git a/kubernetes/cds/components/cds-sdc-listener/values.yaml b/kubernetes/cds/components/cds-sdc-listener/values.yaml
index fd15bd0ecc..7ca0a44aa4 100644
--- a/kubernetes/cds/components/cds-sdc-listener/values.yaml
+++ b/kubernetes/cds/components/cds-sdc-listener/values.yaml
@@ -29,7 +29,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-sdclistener:1.2.0
+image: onap/ccsdk-sdclistener:1.2.1
name: sdc-listener
pullPolicy: Always
diff --git a/kubernetes/cds/components/cds-ui/values.yaml b/kubernetes/cds/components/cds-ui/values.yaml
index f579cc358d..175c17ffa9 100644
--- a/kubernetes/cds/components/cds-ui/values.yaml
+++ b/kubernetes/cds/components/cds-ui/values.yaml
@@ -44,7 +44,7 @@ certInitializer:
{{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
# application image
-image: onap/ccsdk-cds-ui-server:1.2.0
+image: onap/ccsdk-cds-ui-server:1.2.1
pullPolicy: Always
# application configuration
diff --git a/kubernetes/common/common/templates/_log.tpl b/kubernetes/common/common/templates/_log.tpl
index 81420468b0..369c25b254 100644
--- a/kubernetes/common/common/templates/_log.tpl
+++ b/kubernetes/common/common/templates/_log.tpl
@@ -27,6 +27,13 @@
mountPath: {{ .Values.log.path }}
- name: filebeat-data
mountPath: /usr/share/filebeat/data
+ resources:
+ requests:
+ memory: "5Mi"
+ cpu: "10m"
+ limits:
+ memory: "20Mi"
+ cpu: "100m"
{{- end -}}
{{- end -}}
diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml
index c8c0ffa0b2..ff11da309a 100644
--- a/kubernetes/common/etcd/templates/statefulset.yaml
+++ b/kubernetes/common/etcd/templates/statefulset.yaml
@@ -75,7 +75,7 @@ spec:
- name: SET_NAME
value: {{ include "common.fullname" . }}
- name: SERVICE_NAME
- value: {{ include "common.servicename" . }}
+ value: {{ include "common.servicename" . }}.{{ include "common.namespace" . }}.svc.{{ .Values.global.clusterName }}
{{- if .Values.extraEnv }}
{{ toYaml .Values.extraEnv | indent 8 }}
{{- end }}
diff --git a/kubernetes/common/etcd/values.yaml b/kubernetes/common/etcd/values.yaml
index 3cfd4535f1..e2334eadfe 100644
--- a/kubernetes/common/etcd/values.yaml
+++ b/kubernetes/common/etcd/values.yaml
@@ -17,6 +17,7 @@
#################################################################
global:
nodePortPrefix: 302
+ clusterName: cluster.local
persistence: {}
#################################################################
diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml
index 11602054e8..9f24493392 100644
--- a/kubernetes/common/mongo/templates/statefulset.yaml
+++ b/kubernetes/common/mongo/templates/statefulset.yaml
@@ -72,7 +72,7 @@ spec:
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- name: {{ include "common.fullname" . }}-data
- mountPath: /var/lib/mongo
+ mountPath: /data/db
resources: {{ include "common.resources" . | nindent 12 }}
{{ include "common.containerSecurityContext" . | indent 10 }}
{{- if .Values.nodeSelector }}
diff --git a/kubernetes/holmes/requirements.yaml b/kubernetes/holmes/requirements.yaml
index d1200fd162..f881acdc97 100644
--- a/kubernetes/holmes/requirements.yaml
+++ b/kubernetes/holmes/requirements.yaml
@@ -22,6 +22,11 @@ dependencies:
- name: postgres
version: ~9.x-0
repository: '@local'
+ condition: global.postgres.localCluster
+ - name: postgres-init
+ version: ~9.x-0
+ repository: '@local'
+ condition: not global.postgres.localCluster
- name: holmes-rule-mgmt
version: ~9.x-0
repository: 'file://components/holmes-rule-mgmt'
diff --git a/kubernetes/holmes/values.yaml b/kubernetes/holmes/values.yaml
index 9c69c20096..a536380bd5 100644
--- a/kubernetes/holmes/values.yaml
+++ b/kubernetes/holmes/values.yaml
@@ -19,7 +19,16 @@
global:
nodePortPrefix: 302
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
-
+ #Service Names of the postgres db to connect to.
+ #Override it to dbc-pg if localCluster is enabled.
+ postgres:
+ localCluster: false
+ service:
+ name: pgset
+ name2: &postgres tcp-pgset-primary
+ name3: tcp-pgset-replica
+ container:
+ name: postgres
secrets:
- uid: pg-root-pass
name: &pgRootPassSecretName '{{ include "common.release" . }}-holmes-pg-root-pass'
@@ -65,11 +74,23 @@ postgres:
mountSubPath: holmes/data
mountInitPath: holmes
+postgres-init:
+ nameOverride: holmes-postgres-init
+ config:
+ pgUserName: holmes
+ pgDatabase: *dbName
+ pgDataPath: data
+ pgUserExternalSecret: *pgUserCredsSecretName
+ # pgPrimaryPassword: password
+ # pgUserPassword: password
+ # pgRootPassword: password
+
holmes-engine-mgmt:
config:
pgConfig:
dbName: *dbName
- dbHost: *dbHost
+ # dbHost: *dbHost
+ dbHost: *postgres
dbPort: *dbPort
dbUserCredsExternalSecret: *pgUserCredsSecretName
@@ -77,7 +98,8 @@ holmes-rule-mgmt:
config:
pgConfig:
dbName: *dbName
- dbHost: *dbHost
+ # dbHost: *dbHost
+ dbHost: *postgres
dbPort: *dbPort
dbUserCredsExternalSecret: *pgUserCredsSecretName
diff --git a/kubernetes/multicloud/components/multicloud-fcaps/requirements.yaml b/kubernetes/multicloud/components/multicloud-fcaps/requirements.yaml
index c2d6f85118..27373df61e 100644
--- a/kubernetes/multicloud/components/multicloud-fcaps/requirements.yaml
+++ b/kubernetes/multicloud/components/multicloud-fcaps/requirements.yaml
@@ -21,3 +21,6 @@ dependencies:
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
diff --git a/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml
index 21991b75fe..fe2eb68a3e 100644
--- a/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml
+++ b/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml
@@ -35,15 +35,10 @@ handlers:
level: "DEBUG"
class: "logging.handlers.RotatingFileHandler"
filename: "/var/log/onap/multicloud/openstack/fcaps/fcaps.log"
- formatter: "mdcFormat"
+ formatter: "standard"
maxBytes: 52428800
backupCount: 10
formatters:
standard:
format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
- mdcFormat:
- format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
diff --git a/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml
index 99d2314a07..b438bf0066 100644
--- a/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml
+++ b/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml
@@ -100,7 +100,7 @@ spec:
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.rabbitmq }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: rabbit-mq
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: fcaps-log
emptyDir: {}
diff --git a/kubernetes/multicloud/components/multicloud-fcaps/values.yaml b/kubernetes/multicloud/components/multicloud-fcaps/values.yaml
index c66e4e829f..39ddbae5b7 100644
--- a/kubernetes/multicloud/components/multicloud-fcaps/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-fcaps/values.yaml
@@ -22,7 +22,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/openstack-fcaps:1.5.5
+image: onap/multicloud/openstack-fcaps:1.5.6
pullPolicy: Always
#Istio sidecar injection policy
@@ -89,3 +89,9 @@ resources:
# rabbit-mq image resource
rabbitmq: rabbitmq:alpine
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: multicloud-fcaps
+ roles:
+ - read
diff --git a/kubernetes/multicloud/components/multicloud-k8s/requirements.yaml b/kubernetes/multicloud/components/multicloud-k8s/requirements.yaml
index 434abf9ab5..eebca63b29 100644
--- a/kubernetes/multicloud/components/multicloud-k8s/requirements.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/requirements.yaml
@@ -29,3 +29,6 @@ dependencies:
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml
index 9f50d35784..e63be9c81c 100644
--- a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml
@@ -85,7 +85,7 @@ spec:
subPath: config.json
- mountPath: /data
name: artifact-data
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
hostPath:
diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml
index 0126594693..1c7c8fa489 100644
--- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml
@@ -133,3 +133,9 @@ resources:
cpu: 10m
memory: 100Mi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: multicloud-k8s
+ roles:
+ - read
diff --git a/kubernetes/multicloud/components/multicloud-pike/requirements.yaml b/kubernetes/multicloud/components/multicloud-pike/requirements.yaml
index c2d6f85118..27373df61e 100644
--- a/kubernetes/multicloud/components/multicloud-pike/requirements.yaml
+++ b/kubernetes/multicloud/components/multicloud-pike/requirements.yaml
@@ -21,3 +21,6 @@ dependencies:
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
diff --git a/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml
index 43e681e615..e740dccce3 100644
--- a/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml
+++ b/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml
@@ -35,15 +35,10 @@ handlers:
level: "DEBUG"
class: "logging.handlers.RotatingFileHandler"
filename: "/var/log/onap/multicloud/openstack/pike/pike.log"
- formatter: "mdcFormat"
+ formatter: "standard"
maxBytes: 52428800
backupCount: 10
formatters:
standard:
format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
- mdcFormat:
- format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
diff --git a/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml
index b48e8dc431..d12e663236 100644
--- a/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml
+++ b/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml
@@ -69,6 +69,8 @@ spec:
{{ include "common.resources" . | indent 12 }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/bin/sh"]
+ args: ["-c", "/bin/sh /opt/pike/run.sh"]
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
@@ -97,7 +99,7 @@ spec:
name: pike-log
- mountPath: /usr/share/filebeat/data
name: pike-data-filebeat
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: pike-log
emptyDir: {}
diff --git a/kubernetes/multicloud/components/multicloud-pike/values.yaml b/kubernetes/multicloud/components/multicloud-pike/values.yaml
index 3fc572631a..5ef87f46b6 100644
--- a/kubernetes/multicloud/components/multicloud-pike/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-pike/values.yaml
@@ -22,7 +22,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/openstack-pike:1.5.5
+image: onap/multicloud/openstack-pike:1.5.6
pullPolicy: Always
#Istio sidecar injection policy
@@ -86,3 +86,9 @@ resources:
cpu: 20m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: multicloud-pike
+ roles:
+ - read
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/requirements.yaml b/kubernetes/multicloud/components/multicloud-prometheus/requirements.yaml
index 09630f0989..eb40843bf1 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/requirements.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/requirements.yaml
@@ -27,3 +27,6 @@ dependencies:
- name: prometheus-grafana
version: ~9.x-0
repository: 'file://components/prometheus-grafana'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml
index 3a5c8edb5f..74941292fd 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml
@@ -105,6 +105,7 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
diff --git a/kubernetes/multicloud/components/multicloud-prometheus/values.yaml b/kubernetes/multicloud/components/multicloud-prometheus/values.yaml
index fa949c0c75..757041ce43 100644
--- a/kubernetes/multicloud/components/multicloud-prometheus/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-prometheus/values.yaml
@@ -100,3 +100,9 @@ resources:
cpu: 20m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: multicloud-prometheus
+ roles:
+ - read
diff --git a/kubernetes/multicloud/components/multicloud-starlingx/requirements.yaml b/kubernetes/multicloud/components/multicloud-starlingx/requirements.yaml
index c2d6f85118..27373df61e 100644
--- a/kubernetes/multicloud/components/multicloud-starlingx/requirements.yaml
+++ b/kubernetes/multicloud/components/multicloud-starlingx/requirements.yaml
@@ -21,3 +21,6 @@ dependencies:
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
diff --git a/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml
index e4d3d54b38..05989ac9b4 100644
--- a/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml
+++ b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml
@@ -39,15 +39,10 @@ handlers:
level: "DEBUG"
class: "logging.handlers.RotatingFileHandler"
filename: "/var/log/onap/multicloud/openstack/starlingx/starlingx.log"
- formatter: "mdcFormat"
+ formatter: "standard"
maxBytes: 52428800
backupCount: 10
formatters:
standard:
format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
- mdcFormat:
- format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
diff --git a/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml
index 5413327d0b..7c39bb7006 100644
--- a/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml
+++ b/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml
@@ -111,7 +111,7 @@ spec:
subPath: config.json
- mountPath: /data
name: artifact-data
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: starlingx-log
emptyDir: {}
diff --git a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml
index fb6f3b3592..69e4d943bd 100644
--- a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml
@@ -24,7 +24,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-starlingx:1.5.5
+image: onap/multicloud/openstack-starlingx:1.5.6
pullPolicy: Always
#Istio sidecar injection policy
@@ -88,3 +88,9 @@ resources:
cpu: 20m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: multicloud-starlingx
+ roles:
+ - read
diff --git a/kubernetes/multicloud/components/multicloud-vio/requirements.yaml b/kubernetes/multicloud/components/multicloud-vio/requirements.yaml
index c2d6f85118..27373df61e 100644
--- a/kubernetes/multicloud/components/multicloud-vio/requirements.yaml
+++ b/kubernetes/multicloud/components/multicloud-vio/requirements.yaml
@@ -21,3 +21,6 @@ dependencies:
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
diff --git a/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml
index 520f86a7d1..5548359b12 100644
--- a/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml
+++ b/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml
@@ -94,6 +94,7 @@ spec:
name: vio-log
- mountPath: /usr/share/filebeat/data
name: vio-data-filebeat
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: vio-log
emptyDir: {}
diff --git a/kubernetes/multicloud/components/multicloud-vio/values.yaml b/kubernetes/multicloud/components/multicloud-vio/values.yaml
index 1a5af2ca48..5b218f1e75 100644
--- a/kubernetes/multicloud/components/multicloud-vio/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-vio/values.yaml
@@ -85,3 +85,9 @@ resources:
cpu: 20m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: multicloud-vio
+ roles:
+ - read
diff --git a/kubernetes/multicloud/components/multicloud-windriver/requirements.yaml b/kubernetes/multicloud/components/multicloud-windriver/requirements.yaml
index c2d6f85118..27373df61e 100644
--- a/kubernetes/multicloud/components/multicloud-windriver/requirements.yaml
+++ b/kubernetes/multicloud/components/multicloud-windriver/requirements.yaml
@@ -21,3 +21,6 @@ dependencies:
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
diff --git a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml
index 79ff56adaa..7488188cdc 100644
--- a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml
+++ b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml
@@ -35,15 +35,10 @@ handlers:
level: "DEBUG"
class: "logging.handlers.RotatingFileHandler"
filename: "/var/log/onap/multicloud/openstack/windriver/titanium_cloud.log"
- formatter: "mdcFormat"
+ formatter: "standard"
maxBytes: 52428800
backupCount: 10
formatters:
standard:
format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
- mdcFormat:
- format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml
index 2ed0b13249..f46e45017d 100644
--- a/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml
+++ b/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml
@@ -120,7 +120,7 @@ spec:
subPath: config.json
- mountPath: /data
name: artifact-data
-
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: windriver-log
emptyDir: {}
diff --git a/kubernetes/multicloud/components/multicloud-windriver/values.yaml b/kubernetes/multicloud/components/multicloud-windriver/values.yaml
index dee6ba7a87..d520a783b7 100644
--- a/kubernetes/multicloud/components/multicloud-windriver/values.yaml
+++ b/kubernetes/multicloud/components/multicloud-windriver/values.yaml
@@ -25,7 +25,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/openstack-windriver:1.5.5
+image: onap/multicloud/openstack-windriver:1.5.6
pullPolicy: Always
#Istio sidecar injection policy
@@ -97,3 +97,9 @@ resources:
cpu: 20m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: multicloud-windriver
+ roles:
+ - read
diff --git a/kubernetes/multicloud/requirements.yaml b/kubernetes/multicloud/requirements.yaml
index 2af2eb92ae..84099b2171 100644
--- a/kubernetes/multicloud/requirements.yaml
+++ b/kubernetes/multicloud/requirements.yaml
@@ -49,3 +49,6 @@ dependencies:
version: ~9.x-0
repository: 'file://components/multicloud-windriver'
condition: multicloud-windriver.enabled
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
diff --git a/kubernetes/multicloud/resources/config/log/framework/log.yml b/kubernetes/multicloud/resources/config/log/framework/log.yml
index 023ff81d50..604797d467 100644
--- a/kubernetes/multicloud/resources/config/log/framework/log.yml
+++ b/kubernetes/multicloud/resources/config/log/framework/log.yml
@@ -26,14 +26,9 @@ handlers:
level: "DEBUG"
class: "logging.handlers.RotatingFileHandler"
filename: "/var/log/onap/multicloud/multivimbroker/multivimbroker.log"
- formatter: "mdcFormat"
+ formatter: "standard"
maxBytes: 52428800
backupCount: 10
formatters:
standard:
format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
- mdcFormat:
- format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
diff --git a/kubernetes/multicloud/templates/deployment.yaml b/kubernetes/multicloud/templates/deployment.yaml
index a5b8297e2f..34fe6224bc 100644
--- a/kubernetes/multicloud/templates/deployment.yaml
+++ b/kubernetes/multicloud/templates/deployment.yaml
@@ -100,6 +100,7 @@ spec:
name: framework-log
- mountPath: /usr/share/filebeat/data
name: framework-data-filebeat
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: framework-log
emptyDir: {}
diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml
index d378ec2b1f..90e72be044 100644
--- a/kubernetes/multicloud/values.yaml
+++ b/kubernetes/multicloud/values.yaml
@@ -27,7 +27,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/framework:1.7.0
+image: onap/multicloud/framework:1.7.1
pullPolicy: Always
#Istio sidecar injection policy
@@ -108,3 +108,9 @@ resources:
cpu: 20m
memory: 2Gi
unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: multicloud
+ roles:
+ - read
diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/Chart.yaml
new file mode 100644
index 0000000000..463e007d9f
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/Chart.yaml
@@ -0,0 +1,22 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP Policy Clamp Controlloop Http Participant
+name: policy-clamp-cl-http-ppnt
+version: 9.0.0
diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/requirements.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/requirements.yaml
new file mode 100644
index 0000000000..0139b52b25
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/requirements.yaml
@@ -0,0 +1,31 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~9.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~9.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~9.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~9.x-0
+ repository: '@local'
diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/HttpParticipantParameters.yaml
new file mode 100644
index 0000000000..fd3c1d4438
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/HttpParticipantParameters.yaml
@@ -0,0 +1,42 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+participant:
+ intermediaryParameters:
+ reportingTimeIntervalMs: 120000
+ description: Participant Description
+ participantId:
+ name: HttpParticipant0
+ version: 1.0.0
+ participantType:
+ name: org.onap.k8s.controlloop.HttpControlLoopParticipant
+ version: 2.3.4
+ clampControlLoopTopics:
+ topicSources:
+ - topic: POLICY-CLRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ fetchTimeout: 15000
+ useHttps: true
+ topicSinks:
+ - topic: POLICY-CLRUNTIME-PARTICIPANT
+ servers:
+ - ${topicServer:message-router}
+ topicCommInfrastructure: dmaap
+ useHttps: true
diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/logback.xml
new file mode 100644
index 0000000000..b6a853d0a0
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/logback.xml
@@ -0,0 +1,103 @@
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2021 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/http-participant/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/http-participant/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/http-participant/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/http-participant/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/http-participant/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/http-participant/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/configmap.yaml
new file mode 100644
index 0000000000..09cc8cd48f
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/configmap.yaml
@@ -0,0 +1,32 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/deployment.yaml
new file mode 100644
index 0000000000..80eaf761e8
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/deployment.yaml
@@ -0,0 +1,93 @@
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ volumeMounts:
+ - mountPath: /config-input
+ name: cl-http-ppnt-config
+ - mountPath: /config
+ name: cl-http-ppnt-config-processed
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+{{- if .Values.global.aafEnabled }}
+ command: ["sh","-c"]
+ args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
+ /opt/app/policy/clamp/bin/http-participant.sh /opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"]
+{{- else }}
+ command: ["/opt/app/policy/clamp/bin/http-participant.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"]
+ env:
+ - name: KEYSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+{{- end }}
+ volumeMounts:
+{{ include "common.certInitializer.volumeMount" . | indent 10 }}
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: cl-http-ppnt-config-processed
+ resources:
+{{ include "common.resources" . }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+{{ include "common.certInitializer.volumes" . | indent 8 }}
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: cl-http-ppnt-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: cl-http-ppnt-config-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/secrets.yaml
new file mode 100644
index 0000000000..0bddc8dfbc
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/secrets.yaml
@@ -0,0 +1,17 @@
+{{/*
+#Copyright (C) 2021 Nordix Foundation. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml
new file mode 100644
index 0000000000..6ea647e388
--- /dev/null
+++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml
@@ -0,0 +1,104 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ aafEnabled: true
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.keyStorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
+ password: '{{ .Values.certStores.trustStorePassword }}'
+ passwordPolicy: required
+
+certStores:
+ keyStorePassword: Pol1cy_0nap
+ trustStorePassword: Pol1cy_0nap
+
+certInitializer:
+ nameOverride: policy-clamp-cl-http-ppnt-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: policy
+ fqi: policy@policy.onap.org
+ public_fqdn: policy.onap.org
+ cadi_latitude: "0.0"
+ cadi_longitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ app_ns: org.osaaf.aaf
+ uid: 100
+ gid: 101
+ aaf_add_config: >
+ echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
+ echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
+ chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/policy-clamp-cl-http-ppnt:6.1.3
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 200m
+ memory: 2Gi
+ unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-clamp-cl-http-ppnt
+ roles:
+ - read
diff --git a/kubernetes/policy/requirements.yaml b/kubernetes/policy/requirements.yaml
index 246e129234..949199aa81 100755
--- a/kubernetes/policy/requirements.yaml
+++ b/kubernetes/policy/requirements.yaml
@@ -74,6 +74,10 @@ dependencies:
version: ~9.x-0
repository: 'file://components/policy-clamp-cl-pf-ppnt'
condition: policy-clamp-cl-pf-ppnt.enabled
+ - name: policy-clamp-cl-http-ppnt
+ version: ~9.x-0
+ repository: 'file://components/policy-clamp-cl-http-ppnt'
+ condition: policy-clamp-cl-http-ppnt.enabled
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 33602a97d0..5204aa7568 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -107,6 +107,8 @@ policy-clamp-cl-pf-ppnt:
restServer:
apiUserExternalSecret: *policyApiCredsSecret
papUserExternalSecret: *policyPapCredsSecret
+policy-clamp-cl-http-ppnt:
+ enabled: true
policy-nexus:
enabled: false
policy-clamp-cl-runtime:
diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml
index 1c8bd5a26f..801d542bc0 100644
--- a/kubernetes/sdnc/components/dmaap-listener/values.yaml
+++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml
@@ -49,7 +49,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-dmaap-listener-image:2.2.1
+image: onap/sdnc-dmaap-listener-image:2.2.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
index 6b4c5a25c5..4b8ac2198a 100644
--- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml
@@ -49,7 +49,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ansible-server-image:2.2.1
+image: onap/sdnc-ansible-server-image:2.2.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml
index eafb3f2ec0..dd76f58dd2 100644
--- a/kubernetes/sdnc/components/sdnc-web/values.yaml
+++ b/kubernetes/sdnc/components/sdnc-web/values.yaml
@@ -23,7 +23,7 @@ global:
# Application configuration defaults.
#################################################################
# application image
-image: "onap/sdnc-web-image:2.2.1"
+image: "onap/sdnc-web-image:2.2.2"
pullPolicy: Always
config:
diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml
index aba55dd693..848fd97eb2 100644
--- a/kubernetes/sdnc/components/ueb-listener/values.yaml
+++ b/kubernetes/sdnc/components/ueb-listener/values.yaml
@@ -55,7 +55,7 @@ secrets:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ueb-listener-image:2.2.1
+image: onap/sdnc-ueb-listener-image:2.2.2
pullPolicy: Always
# flag to enable debugging - application support required
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index d244f9c455..a1ed2ca0b1 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -206,7 +206,7 @@ certificates:
# application images
pullPolicy: Always
-image: onap/sdnc-image:2.2.1
+image: onap/sdnc-image:2.2.2
# flag to enable debugging - application support required
debugEnabled: false
diff --git a/kubernetes/uui/Makefile b/kubernetes/uui/Makefile
new file mode 100644
index 0000000000..4c79718d02
--- /dev/null
+++ b/kubernetes/uui/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
diff --git a/kubernetes/uui/components/Makefile b/kubernetes/uui/components/Makefile
new file mode 100644
index 0000000000..bf267b7720
--- /dev/null
+++ b/kubernetes/uui/components/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
diff --git a/kubernetes/uui/components/uui-server/requirements.yaml b/kubernetes/uui/components/uui-server/requirements.yaml
new file mode 100644
index 0000000000..34cedc84cb
--- /dev/null
+++ b/kubernetes/uui/components/uui-server/requirements.yaml
@@ -0,0 +1,27 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~9.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: certInitializer
+ version: ~9.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~9.x-0
+ repository: '@local'
diff --git a/kubernetes/uui/components/uui-server/resources/config/application.properties b/kubernetes/uui/components/uui-server/resources/config/application.properties
new file mode 100644
index 0000000000..37f8467df1
--- /dev/null
+++ b/kubernetes/uui/components/uui-server/resources/config/application.properties
@@ -0,0 +1,53 @@
+##
+## Copyright (C) 2017 CMCC, Inc. and others. All rights reserved.
+##
+## Licensed under the Apache License, Version 2.0 (the "License");
+## you may not use this file except in compliance with the License.
+## You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+##
+## General App Properties
+server.servlet.contextPath=/api/usecaseui-server/v1
+server.port=8082
+spring.http.multipart.max-file-size=128MB
+spring.http.multipart.max-request-size=128MB
+
+## App DB Properties
+spring.datasource.url=jdbc:postgresql://localhost:5432/uui
+spring.datasource.username=uui
+spring.datasource.password=uui
+spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL9Dialect
+spring.database.driver.classname=org.postgresql.Driver
+spring.jpa.show-sql=false
+spring.jpa.properties.hibernate.format_sql=false
+spring.jpa.properties.hibernate.show-sql=false
+spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true
+spring.jpa.properties.hibernate.temp.use_jdbc_metadata_defaults = false
+spring.jpa.properties.hibernate.current_session_context_class=org.springframework.orm.hibernate5.SpringSessionContext
+spring.jpa.properties.hibernate.cache.use_second_level_cache=false
+spring.jpa.properties.hibernate.cache.use_query_cache=false
+#spring.jpa.properties.hibernate.allow_update_outside_transaction=true
+
+## Basic Authentication Properties
+# security.user.name=usecase
+# security.user.password=usecase
+
+## Logback Properties
+logging.file.name=logs/usecaseui_server.log
+logging.level.*=INFO
+
+#enable shutdown
+endpoints.shutdown.enabled=true
+endpoints.shutdown.sensitive=false
+
+server.ssl.protocol=TLS
+server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+server.ssl.key-store-password=${KEYSTORE_PASSWORD}
+server.ssl.key-store-type=PKCS12 \ No newline at end of file
diff --git a/kubernetes/uui/components/uui-server/resources/entrypoint/run.sh b/kubernetes/uui/components/uui-server/resources/entrypoint/run.sh
new file mode 100644
index 0000000000..f96dd74bd3
--- /dev/null
+++ b/kubernetes/uui/components/uui-server/resources/entrypoint/run.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+{{/*
+#
+# Copyright 2016-2017 ZTE Corporation.
+# Copyright 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+*/}}
+
+main_path="/home/uui"
+echo @main_path@ $main_path
+
+echo "Starting postgreSQL..."
+#service postgresql start
+postmaster -D /usr/share/postgresql/data &
+sleep 10
+
+echo "usecase-ui database init script start..."
+dbScript="$main_path/resources/bin/initDB.sh"
+source $dbScript 127.0.0.1 5432 postgres uui
+echo "usecase-ui database init script finished normally..."
+
+JAVA_PATH="$JAVA_HOME/bin/java"
+JAVA_OPTS="-Xms50m -Xmx128m"
+echo @JAVA_PATH@ $JAVA_PATH
+echo @JAVA_OPTS@ $JAVA_OPTS
+
+jar_path="$main_path/usecase-ui-server.jar"
+echo @jar_path@ $jar_path
+
+echo "Starting usecase-ui-server..."
+$JAVA_PATH $JAVA_OPTS -classpath $jar_path -jar $jar_path $SPRING_OPTS \ No newline at end of file
diff --git a/kubernetes/uui/components/uui-server/templates/configmap.yaml b/kubernetes/uui/components/uui-server/templates/configmap.yaml
new file mode 100644
index 0000000000..0f0bd37c26
--- /dev/null
+++ b/kubernetes/uui/components/uui-server/templates/configmap.yaml
@@ -0,0 +1,41 @@
+{{/*
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-entrypoint
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/entrypoint/*").AsConfig . | indent 2 }}
diff --git a/kubernetes/uui/components/uui-server/templates/deployment.yaml b/kubernetes/uui/components/uui-server/templates/deployment.yaml
index ea6f7b7a23..b7a385d30e 100644
--- a/kubernetes/uui/components/uui-server/templates/deployment.yaml
+++ b/kubernetes/uui/components/uui-server/templates/deployment.yaml
@@ -35,10 +35,20 @@ spec:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ bash /uui/run.sh
+ {{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
@@ -50,8 +60,7 @@ spec:
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
readinessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
@@ -62,5 +71,24 @@ spec:
value: {{tpl .Values.msbaddr .}}
- name: MR_ADDR
value: {{tpl .Values.mraddr .}}
+ {{- if .Values.global.aafEnabled }}
+ - name: SPRING_OPTS
+ value: --spring.config.location=file:/config/application.properties
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - mountPath: /uui/run.sh
+ name: entrypoint
+ subPath: run.sh
+ - mountPath: /config/application.properties
+ name: config
+ subPath: application.properties
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: entrypoint
+ configMap:
+ name: {{ include "common.fullname" . }}-entrypoint
+ defaultMode: 0755
+ {{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml
index 6017f2640e..1b652d553b 100644
--- a/kubernetes/uui/components/uui-server/values.yaml
+++ b/kubernetes/uui/components/uui-server/values.yaml
@@ -18,6 +18,44 @@
global:
uuiPortPrefix: 303
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: uui-server-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: uui
+ fqi: uui@uui.onap.org
+ fqi_namespace: org.onap.uui
+ public_fqdn: uui.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: |
+ echo "*** changing them into shell safe ones"
+ export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ cd {{ .Values.credsPath }}
+ keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
+ -storepass "${cadi_keystore_password_p12}" \
+ -keystore {{ .Values.fqi_namespace }}.p12
+ keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
+ -storepass "${cadi_truststore_password}" \
+ -keystore {{ .Values.fqi_namespace }}.trust.jks
+ echo "*** set key password as same password as keystore password"
+ keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \
+ -keystore {{ .Values.fqi_namespace }}.jks \
+ -keypass "${cadi_keystore_password_p12}" \
+ -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }}
+ echo "*** save the generated passwords"
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
+ echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 1000 {{ .Values.credsPath }}
+
subChartsOnly:
enabled: true
diff --git a/kubernetes/uui/requirements.yaml b/kubernetes/uui/requirements.yaml
index b982291e58..05d649f500 100644
--- a/kubernetes/uui/requirements.yaml
+++ b/kubernetes/uui/requirements.yaml
@@ -20,6 +20,9 @@ dependencies:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: certInitializer
+ version: ~9.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~9.x-0
repository: '@local'
diff --git a/kubernetes/uui/resources/config/server.xml b/kubernetes/uui/resources/config/server.xml
new file mode 100644
index 0000000000..2260bb8cf5
--- /dev/null
+++ b/kubernetes/uui/resources/config/server.xml
@@ -0,0 +1,161 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- {{/*
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!-- Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/server.html
+*/}} -->
+
+<Server port="8005" shutdown="SHUTDOWN">
+ <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+ <!-- Security listener. Documentation at /docs/config/listeners.html
+ <Listener className="org.apache.catalina.security.SecurityListener" />
+ -->
+ <!--APR library loader. Documentation at /docs/apr.html -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+ <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+ <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+ <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+ <!-- Global JNDI resources
+ Documentation at /docs/jndi-resources-howto.html
+ -->
+ <GlobalNamingResources>
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users
+ -->
+ <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" />
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" Note: A "Service" is not itself a "Container",
+ so you may not define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/service.html
+ -->
+ <Service name="Catalina">
+
+ <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+ <!--
+ <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+ maxThreads="150" minSpareThreads="4"/>
+ -->
+
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Documentation at :
+ Java HTTP Connector: /docs/config/http.html
+ Java AJP Connector: /docs/config/ajp.html
+ APR (HTTP/AJP) Connector: /docs/apr.html
+ Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+ -->
+ <!--Connector port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+ -->
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12" keystorePass="${KEYSTORE_PASSWORD}" />
+
+ <!-- A "Connector" using the shared thread pool-->
+ <!--
+ <Connector executor="tomcatThreadPool"
+ port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+ -->
+ <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
+ This connector uses the NIO implementation. The default
+ SSLImplementation will depend on the presence of the APR/native
+ library and the useOpenSSL attribute of the
+ AprLifecycleListener.
+ Either JSSE or OpenSSL style configuration may be used regardless of
+ the SSLImplementation selected. JSSE style configuration is used below.
+ -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" SSLEnabled="true">
+ <SSLHostConfig>
+ <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
+ type="RSA" />
+ </SSLHostConfig>
+ </Connector>
+ -->
+ <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
+ This connector uses the APR/native implementation which always uses
+ OpenSSL for TLS.
+ Either JSSE or OpenSSL style configuration may be used. OpenSSL style
+ configuration is used below.
+ -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
+ maxThreads="150" SSLEnabled="true" >
+ <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
+ <SSLHostConfig>
+ <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
+ certificateFile="conf/localhost-rsa-cert.pem"
+ certificateChainFile="conf/localhost-rsa-chain.pem"
+ type="RSA" />
+ </SSLHostConfig>
+ </Connector>
+ -->
+
+ <!-- Define an AJP 1.3 Connector on port 8009 -->
+ <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
+
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host).
+ Documentation at /docs/config/engine.html -->
+
+ <!-- You should set jvmRoute to support load-balancing via AJP ie :
+ <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+ -->
+ <Engine name="Catalina" defaultHost="localhost">
+
+ <!--For clustering, please take a look at documentation at:
+ /docs/cluster-howto.html (simple how to)
+ /docs/config/cluster.html (reference documentation) -->
+ <!--
+ <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+ -->
+
+ <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+ via a brute-force attack -->
+ <Realm className="org.apache.catalina.realm.LockOutRealm">
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" />
+ </Realm>
+
+ <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
+
+ <!-- SingleSignOn valve, share authentication between web applications
+ Documentation at: /docs/config/valve.html -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ -->
+
+ <!-- Access log processes all example.
+ Documentation at: /docs/config/valve.html
+ Note: The pattern used is equivalent to using pattern="common" -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t &quot;%r&quot; %s %b" />
+
+ </Host>
+ </Engine>
+ </Service>
+</Server>
diff --git a/kubernetes/uui/templates/configmap.yaml b/kubernetes/uui/templates/configmap.yaml
new file mode 100644
index 0000000000..8c32132498
--- /dev/null
+++ b/kubernetes/uui/templates/configmap.yaml
@@ -0,0 +1,28 @@
+{{/*
+# Copyright © 2021 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} \ No newline at end of file
diff --git a/kubernetes/uui/templates/deployment.yaml b/kubernetes/uui/templates/deployment.yaml
index 8c523b2388..5d8c7b32b5 100644
--- a/kubernetes/uui/templates/deployment.yaml
+++ b/kubernetes/uui/templates/deployment.yaml
@@ -35,6 +35,28 @@ spec:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ {{- if .Values.global.aafEnabled }}
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
+ cd /config-input && for PFILE in `ls -1`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ done
+ cat /config/server.xml
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
@@ -42,7 +64,16 @@ spec:
command:
- /bin/bash
- -c
- - /home/uui/uuiStartup.sh
+ - |
+ echo "*** /opt"
+ ls -lh /opt/
+ echo "*** /opt/app"
+ ls -lh /opt/app/
+ echo "*** /opt/app/osaaf/"
+ ls -lh /opt/app/osaaf/
+ echo "*** /opt/app/osaaf/local"
+ ls -lh /opt/app/osaaf/local/
+ /home/uui/uuiStartup.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
@@ -59,18 +90,30 @@ spec:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ {{- if .Values.global.aafEnabled }}
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ - mountPath: /home/uui/server.xml
+ name: config
+ subPath: server.xml
+ {{- end }}
env:
- name: MSB_ADDR
value: {{ tpl .Values.msbaddr . }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end }}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
+ {{- if .Values.global.aafEnabled }}
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ - name: config-input
+ configMap:
+ name: {{ include "common.fullname" . }}
+ - name: config
+ emptyDir:
+ medium: Memory
+ {{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml
index 32b8449240..52301d63c8 100644
--- a/kubernetes/uui/values.yaml
+++ b/kubernetes/uui/values.yaml
@@ -18,6 +18,39 @@
global:
uuiPortPrefix: 303
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: uui-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: uui
+ fqi: uui@uui.onap.org
+ fqi_namespace: org.onap.uui
+ public_fqdn: uui.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: |
+ echo "*** changing them into shell safe ones"
+ export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ cd {{ .Values.credsPath }}
+ keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
+ -storepass "${cadi_keystore_password_p12}" \
+ -keystore {{ .Values.fqi_namespace }}.p12
+ keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
+ -storepass "${cadi_truststore_password}" \
+ -keystore {{ .Values.fqi_namespace }}.trust.jks
+ echo "*** save the generated passwords"
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
+ echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 1000 {{ .Values.credsPath }}
+
subChartsOnly:
enabled: true