diff options
Diffstat (limited to 'kubernetes')
94 files changed, 1302 insertions, 225 deletions
diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat index 298274ed0f..23a068763a 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat @@ -70,3 +70,4 @@ vfc@vfc.onap.org|vfc|local|/opt/app/osaaf/local||mailto:|org.onap.vfc|root|30|{' vid1@vid1.onap.org|vid1|local|/opt/app/osaaf/local||mailto:|org.onap.vid1|root|30|{'onap', 'onap.vid1', 'vid1', 'vid1.api.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12', 'script'} vid2@vid2.onap.org|vid2|local|/opt/app/osaaf/local||mailto:|org.onap.vid2|root|30|{'onap.vid2', 'vid2', 'vid2.api.simpledemo.onap.org', 'vid2.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'} vid@vid.onap.org|vid|local|/opt/app/osaaf/local||mailto:|org.onap.vid|root|30|{'vid.api.simpledemo.onap.org', 'vid.onap'}|mmanager@osaaf.org|{'jks', 'pkcs12'} +uui@uui.onap.org|uui|local|/opt/app/osaaf/local||mailto:|org.onap.uui|root|30|{'uui', 'uui.api.simpledemo.onap.org', 'uui.onap','uui-server', 'uui-server.api.simpledemo.onap.org', 'uui-server.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'} diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat index 5cccae1a65..7112b0b7e4 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat @@ -55,3 +55,4 @@ ps0001@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04 aaf_admin@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|| deployer@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|| portal_admin@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344|| +uui@uui.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.uui|53344|| diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat index 3756a89aad..6763069879 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat @@ -77,6 +77,7 @@ org.onap.vfc||org.onap||3 org.onap.vid1||org.onap||3 org.onap.vid2||org.onap||3 org.onap.vid||org.onap||3 +org.onap.uui||org.onap||3 org.openecomp.dcae|DCAE Namespace Org|org.openecomp|3|3 org.openecomp.dmaapBC|DMaap NS|org.openecomp|3|3 org.openecomp|Open EComp NS|org|2|2 diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat index d29617a4d9..48ec26e15a 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat @@ -524,6 +524,9 @@ org.onap.vid|url|doclib_admin|*|Document Library Admin|"{'org.onap.vid|System_Ad org.onap.vid|url|doclib|*|Document Library|"{'org.onap.vid|System_Administrator'}" org.onap.vid|url|login|*|Login|"{'org.onap.vid|Standard_User', 'org.onap.vid|System_Administrator'}" org.onap.vid|url|view_reports|*|View Raptor reports| +org.onap.uui|access|*|*|AAF Namespace Write Access|"{'org.onap.uui|admin', 'org.onap.uui|service'}" +org.onap.uui|access|*|read|AAF Namespace Read Access|"{'org.onap.uui|owner'}" +org.onap.uui|certman|local|request,ignoreIPs,showpass||"{'org.onap.uui|admin', 'org.onap.uui|seeCerts', 'org.osaaf.aaf|deploy'}" org.openecomp|access|*|*|OpenEcomp Write Access|{'org.openecomp.admin'} org.openecomp|access|*|read|OpenEcomp Read Access|{'org.openecomp.owner'} org.openecomp.dmaapBC|access|*|*|DMaap Write Access|{'org.openecomp.dmaapBC.admin'} diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat index d73a09d4cd..397846c72c 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat @@ -330,12 +330,16 @@ org.onap.vid|seeCerts|seeCerts| org.onap.vid|service|service| org.onap.vid|Standard_User|Standard User|"{'org.onap.vid|menu|menu_ajax|*', 'org.onap.vid|menu|menu_changemanagement|*', 'org.onap.vid|menu|menu_customer_create|*', 'org.onap.vid|menu|menu_customer|*', 'org.onap.vid|menu|menu_home|*', 'org.onap.vid|menu|menu_itracker|*', 'org.onap.vid|menu|menu_logout|*', 'org.onap.vid|menu|menu_map|*', 'org.onap.vid|menu|menu_newserinstance|*', 'org.onap.vid|menu|menu_profile|*', 'org.onap.vid|menu|menu_reports|*', 'org.onap.vid|menu|menu_searchexisting|*', 'org.onap.vid|menu|menu_servicemodels|*', 'org.onap.vid|menu|menu_tab|*', 'org.onap.vid|menu|menu_viewlog|*', 'org.onap.vid|url|login|*'}" org.onap.vid|System_Administrator|System Administrator|"{'org.onap.vid|menu|menu_admin|*', 'org.onap.vid|menu|menu_ajax|*', 'org.onap.vid|menu|menu_changemanagement|*', 'org.onap.vid|menu|menu_customer_create|*', 'org.onap.vid|menu|menu_customer|*', 'org.onap.vid|menu|menu_feedback|*', 'org.onap.vid|menu|menu_help|*', 'org.onap.vid|menu|menu_home|*', 'org.onap.vid|menu|menu_itracker|*', 'org.onap.vid|menu|menu_job_create|*', 'org.onap.vid|menu|menu_job|*', 'org.onap.vid|menu|menu_logout|*', 'org.onap.vid|menu|menu_newserinstance|*', 'org.onap.vid|menu|menu_notes|*', 'org.onap.vid|menu|menu_process|*', 'org.onap.vid|menu|menu_profile_create|*', 'org.onap.vid|menu|menu_profile_import|*', 'org.onap.vid|menu|menu_profile|*', 'org.onap.vid|menu|menu_reports|*', 'org.onap.vid|menu|menu_sample|*', 'org.onap.vid|menu|menu_searchexisting|*', 'org.onap.vid|menu|menu_servicemodels|*', 'org.onap.vid|menu|menu_tab|*', 'org.onap.vid|menu|menu_test|*', 'org.onap.vid|menu|menu_viewlog|*', 'org.onap.vid|url|doclib_admin|*', 'org.onap.vid|url|doclib|*', 'org.onap.vid|url|login|*'}" +org.onap.uui|admin|AAF Namespace Administrators|"{'org.onap.uui|access|*|*', 'org.onap.uui|certman|local|request,ignoreIPs,showpass'}" +org.onap.uui|owner|AAF Namespace Owners|"{'org.onap.uui|access|*|read'}" +org.onap.uui|seeCerts||"{'org.onap.uui|certman|local|request,ignoreIPs,showpass'}" +org.onap.uui|service||"{'org.onap.uui|access|*|*'}" org.openecomp|admin|OpenEcomp Admins|"{'org.openecomp.access|*|*'}" org.openecomp.dmaapBC|admin|AAF Admins|"{'org.openecomp.dmaapBC.access|*|*', 'org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub', 'org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub', 'org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create'}" org.openecomp.dmaapBC|owner|AAF Owners|"{'org.openecomp.dmaapBC.access|*|read'}" org.openecomp|owner|OpenEcomp Owners|"{'org.openecomp.access|*|read'}" org.osaaf.aaf|admin|AAF Admins|"{'org.osaaf.aaf.access|*|*', 'org.osaaf.aaf|cache|all|clear', 'org.osaaf.aaf|cache|role|clear', 'org.osaaf.aaf|password|*|create,reset'}" -org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.a1p|certman|local|request,ignoreIPs,showpass', 'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-engine-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-rule-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.refrepo|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}" +org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.a1p|certman|local|request,ignoreIPs,showpass', 'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-engine-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-rule-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.refrepo|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.onap.uui|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}" org.osaaf.aaf|owner|AAF Owners|"{'org.osaaf.aaf.access|*|read,approve'}" org.osaaf.aaf|service||"{'org.osaaf.aaf|cache|*|clear'}" org.osaaf|admin|OSAAF Admins|"{'org.osaaf.access|*|*'}" diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat index cf6c3aa827..0dabc4d595 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat @@ -94,6 +94,7 @@ mmanager@people.osaaf.org|org.onap.vid2.admin|2020-11-26 12:31:54.000+0000|org.o mmanager@people.osaaf.org|org.onap.vid2.owner|2020-11-26 12:31:54.000+0000|org.onap.vid2|owner mmanager@people.osaaf.org|org.onap.vid.admin|2020-11-26 12:31:54.000+0000|org.onap.vid|admin mmanager@people.osaaf.org|org.onap.vid.owner|2020-11-26 12:31:54.000+0000|org.onap.vid|owner +mmanager@people.osaaf.org|org.onap.uui.owner|2020-11-26 12:31:54.000+0000|org.onap.uui|owner mmanager@people.osaaf.org|org.osaaf.people.owner|2020-11-26 12:31:54.000+0000|org.osaaf.people|owner portal@portal.onap.org|org.onap.aaf-sms.admin|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|admin portal@portal.onap.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin @@ -255,6 +256,7 @@ aaf_admin@people.osaaf.org|org.onap.vfc.admin|2020-11-26 12:31:54.000+0000|org.o aaf_admin@people.osaaf.org|org.onap.vid1.admin|2020-11-26 12:31:54.000+0000|org.onap.vid1|admin aaf_admin@people.osaaf.org|org.onap.vid2.admin|2020-11-26 12:31:54.000+0000|org.onap.vid2|admin aaf_admin@people.osaaf.org|org.onap.vid.admin|2020-11-26 12:31:54.000+0000|org.onap.vid|admin +aaf_admin@people.osaaf.org|org.onap.uui.admin|2020-11-26 12:31:54.000+0000|org.onap.uui|admin aaf_admin@people.osaaf.org|org.osaaf.aaf.admin|2020-11-26 12:31:54.000+0000|org.osaaf.aaf|admin aaf_admin@people.osaaf.org|org.osaaf.people.admin|2020-11-26 12:31:54.000+0000|org.osaaf.people|admin deployer@people.osaaf.org|org.osaaf.aaf.deploy|2020-11-26 12:31:54.000+0000|org.osaaf.aaf|deploy @@ -355,6 +357,8 @@ vid@vid.onap.org|org.onap.vid.service|2020-11-26 12:31:54.000+0000|org.onap.vid| vid1@people.osaaf.org|org.onap.vid.System_Administrator|2020-11-26 12:31:54.000+0000|org.onap.vid|System_Administrator vid2@people.osaaf.org|org.onap.vid.Standard_User|2020-11-26 12:31:54.000+0000|org.onap.vid|Standard_User vid2@people.osaaf.org|org.onap.vid.System_Administrator|2020-11-26 12:31:54.000+0000|org.onap.vid|System_Administrator +uui@uui.onap.org|org.onap.uui.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.uui|seeCerts +uui@uui.onap.org|org.onap.uui.service|2020-11-26 12:31:54.000+0000|org.onap.uui|service dmaap-bc@bc.dmaap.onap.org|org.onap.dmaap.bc.service|2020-11-26 12:31:54.000+0000|org.onap.dmaap.bc|service dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap-bc.api.Controller|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc.api|Controller dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap-bc.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc|seeCerts diff --git a/kubernetes/aaf/resources/data/identities.dat b/kubernetes/aaf/resources/data/identities.dat index 0fffd6b079..972b2ed347 100644 --- a/kubernetes/aaf/resources/data/identities.dat +++ b/kubernetes/aaf/resources/data/identities.dat @@ -75,6 +75,7 @@ msb-eag|ONAP MSB EAG Application|MSB EAG|ONAP Application|314-123-1234|no_reply@ msb-iag|ONAP MSB IAG Application|MSB IAG|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager music|ONAP MUSIC Application|MUSIC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager refrepo|ONAP REFREPO Application|REFREPO|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +uui|ONAP UUI Application|UUI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager # VID Identities vid|ONAP VID Application|VID|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager vid1|ONAP VID Application 1|VID 1|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml index db3540606b..e12a234b8e 100644 --- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml @@ -85,8 +85,8 @@ spec: subPath: babel-auth.properties - mountPath: /opt/app/babel/config/auth name: {{ include "common.fullname" . }}-secrets - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs + - mountPath: {{ .Values.log.path }} + name: logs - mountPath: /opt/app/babel/config/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml @@ -102,17 +102,7 @@ spec: {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - - mountPath: /usr/share/filebeat/data - name: aai-filebeat + {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime @@ -133,13 +123,9 @@ spec: - name: {{ include "common.fullname" . }}-secrets secret: secretName: {{ include "common.fullname" . }}-babel-secrets - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: aai-filebeat + - name: logs emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index 14a2993c2a..0c34deae13 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -91,3 +91,8 @@ serviceAccount: nameOverride: aai-babel roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml index 610290061f..6de34e9be7 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml @@ -114,7 +114,7 @@ spec: name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-RES - name: {{ include "common.fullname" . }}-logs + name: logs - mountPath: /opt/app/aai-graphadmin/resources/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml @@ -174,29 +174,15 @@ spec: {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - - mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-filebeat + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: {{ include "common.fullname" . }}-filebeat + - name: logs emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml index 7c078e9236..1705cf58f8 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml @@ -133,9 +133,7 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-logs emptyDir: {} - name: {{ include "common.fullname" . }}-config diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml index 9b4be4e4c7..5752e54926 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml @@ -182,9 +182,7 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }} - name: {{ include "common.fullname" . }}-logs emptyDir: {} - name: {{ include "common.fullname" . }}-config diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index cdbef0dd8a..031a082eac 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -264,3 +264,7 @@ serviceAccount: nameOverride: aai-graphadmin roles: - read +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml index 7509f88090..7e05d3b6cf 100644 --- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml @@ -62,8 +62,8 @@ spec: name: {{ include "common.fullname" . }}-prop-config - mountPath: /opt/app/model-loader/config/auth/ name: {{ include "common.fullname" . }}-auth-config - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs + - mountPath: {{ .Values.log.path }} + name: logs - mountPath: /opt/app/model-loader/logback.xml name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml @@ -74,19 +74,7 @@ spec: {{ include "common.resources" . }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - - mountPath: /usr/share/filebeat/data - name: aai-filebeat - resources: -{{ include "common.resources" . }} + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime @@ -98,13 +86,9 @@ spec: - name: {{ include "common.fullname" . }}-auth-config secret: secretName: {{ include "common.fullname" . }} - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: aai-filebeat + - name: logs emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml index 96780757c0..443bf40122 100644 --- a/kubernetes/aai/components/aai-modelloader/values.yaml +++ b/kubernetes/aai/components/aai-modelloader/values.yaml @@ -19,7 +19,6 @@ global: # global defaults nodePortPrefix: 302 - # application image image: onap/model-loader:1.9.1 pullPolicy: Always @@ -90,3 +89,8 @@ serviceAccount: nameOverride: aai-modelloader roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index fd4b1c3dc1..021f0946ed 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -150,7 +150,7 @@ spec: name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-RES - name: {{ include "common.fullname" . }}-logs + name: logs - mountPath: /opt/app/aai-resources/resources/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml @@ -218,30 +218,15 @@ spec: affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - - mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-filebeat - resources: {{ include "common.resources" . | nindent 12 }} + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: {{ include "common.fullname" . }}-filebeat + - name: logs emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index 3941af3747..fcf7cfedef 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -275,3 +275,8 @@ serviceAccount: nameOverride: aai-resources roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml index d4394057e8..7c25ab7e61 100644 --- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml @@ -57,7 +57,7 @@ spec: name: aaiconfig-conf subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-SS - name: {{ include "common.fullname" . }}-logs + name: logs - mountPath: /opt/app/aai-schema-service/resources/logback.xml name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml @@ -105,17 +105,7 @@ spec: {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - - mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-filebeat + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: aai-common-aai-auth-mount @@ -124,13 +114,9 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: {{ include "common.fullname" . }}-filebeat + - name: logs emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index 252df407c1..4c2b64af82 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -146,3 +146,8 @@ serviceAccount: nameOverride: aai-schema-service roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index 7c09dcd228..48a6b04913 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -107,7 +107,7 @@ spec: name: portal-config - mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/ name: portal-config-props - - mountPath: /var/log/onap + - mountPath: {{ .Values.log.path }} name: logs - mountPath: /opt/app/sparky/config/application.properties name: config @@ -164,19 +164,7 @@ spec: {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: logs - - mountPath: /usr/share/filebeat/data - name: aai-sparky-filebeat - resources: -{{ include "common.resources" . }} + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime @@ -197,13 +185,9 @@ spec: - name: auth-config secret: secretName: {{ include "common.fullname" . }} - - name: filebeat-conf - configMap: - name: aai-filebeat - name: logs emptyDir: {} - - name: aai-sparky-filebeat - emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: modeldir emptyDir: {} restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index 342df7a5d5..b9c8207d7e 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -150,3 +150,8 @@ serviceAccount: nameOverride: aai-sparky-be roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml index 277fb4bfbb..ed8cde7a88 100644 --- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml @@ -169,7 +169,7 @@ spec: name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-GQ - name: {{ include "common.fullname" . }}-logs + name: logs - mountPath: /opt/aai/logroot/AAI-GQ/misc name: {{ include "common.fullname" . }}-logs-misc - mountPath: /opt/app/aai-traversal/resources/logback.xml @@ -243,33 +243,17 @@ spec: {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - - mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-filebeat - resources: -{{ include "common.resources" . }} + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} - name: {{ include "common.fullname" . }}-logs-misc emptyDir: {} - - name: {{ include "common.fullname" . }}-filebeat - emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml index 42f0f47bb0..f2e6ee61b5 100644 --- a/kubernetes/aai/components/aai-traversal/templates/job.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml @@ -118,15 +118,11 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat - name: {{ include "common.fullname" . }}-logs emptyDir: {} - name: {{ include "common.fullname" . }}-logs-misc emptyDir: {} - - name: {{ include "common.fullname" . }}-filebeat - emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index 70f3e9e6a7..38c7bd0da2 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -282,3 +282,8 @@ serviceAccount: nameOverride: aai-traversal roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/templates/configmap.yaml b/kubernetes/aai/templates/configmap.yaml index b0da359ab1..dac36d729d 100644 --- a/kubernetes/aai/templates/configmap.yaml +++ b/kubernetes/aai/templates/configmap.yaml @@ -15,18 +15,7 @@ # this is a shared resource for subcharts */}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: aai-filebeat - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} +{{ include "common.log.configMap" . }} --- apiVersion: v1 kind: ConfigMap @@ -72,4 +61,4 @@ metadata: type: Opaque data: {{ tpl (.Files.Glob "resources/config/rproxy/security/*").AsSecrets . | indent 2 }} -{{ end }}
\ No newline at end of file +{{ end }} diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 1122d63dab..79a0f045bc 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -33,6 +33,7 @@ global: # global defaults aafEnabled: true msbEnabled: true + centralizedLoggingEnabled: true cassandra: #This will instantiate AAI cassandra cluster, default:shared cassandra. @@ -276,6 +277,21 @@ global: # global defaults # since when this is enabled, it prints a lot of information to console enabled: false +aai-babel: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-graphadmin: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-modelloader: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-resources: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-schema-service: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-sparky-be: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-traversal: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' + ################################################################# # Certificate configuration ################################################################# diff --git a/kubernetes/cds/components/cds-blueprints-processor/values.yaml b/kubernetes/cds/components/cds-blueprints-processor/values.yaml index dc2002877a..f59e8cea4d 100755 --- a/kubernetes/cds/components/cds-blueprints-processor/values.yaml +++ b/kubernetes/cds/components/cds-blueprints-processor/values.yaml @@ -87,7 +87,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-blueprintsprocessor:1.2.0 +image: onap/ccsdk-blueprintsprocessor:1.2.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/cds/components/cds-command-executor/values.yaml b/kubernetes/cds/components/cds-command-executor/values.yaml index 658a899c1e..8077d819d1 100755 --- a/kubernetes/cds/components/cds-command-executor/values.yaml +++ b/kubernetes/cds/components/cds-command-executor/values.yaml @@ -32,7 +32,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-commandexecutor:1.2.0 +image: onap/ccsdk-commandexecutor:1.2.1 pullPolicy: Always # application configuration diff --git a/kubernetes/cds/components/cds-py-executor/values.yaml b/kubernetes/cds/components/cds-py-executor/values.yaml index c7a2734a8b..cf138c5e26 100755 --- a/kubernetes/cds/components/cds-py-executor/values.yaml +++ b/kubernetes/cds/components/cds-py-executor/values.yaml @@ -30,7 +30,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-py-executor:1.2.0 +image: onap/ccsdk-py-executor:1.2.1 pullPolicy: Always # default number of instances diff --git a/kubernetes/cds/components/cds-sdc-listener/values.yaml b/kubernetes/cds/components/cds-sdc-listener/values.yaml index fd15bd0ecc..7ca0a44aa4 100644 --- a/kubernetes/cds/components/cds-sdc-listener/values.yaml +++ b/kubernetes/cds/components/cds-sdc-listener/values.yaml @@ -29,7 +29,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-sdclistener:1.2.0 +image: onap/ccsdk-sdclistener:1.2.1 name: sdc-listener pullPolicy: Always diff --git a/kubernetes/cds/components/cds-ui/values.yaml b/kubernetes/cds/components/cds-ui/values.yaml index f579cc358d..175c17ffa9 100644 --- a/kubernetes/cds/components/cds-ui/values.yaml +++ b/kubernetes/cds/components/cds-ui/values.yaml @@ -44,7 +44,7 @@ certInitializer: {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop # application image -image: onap/ccsdk-cds-ui-server:1.2.0 +image: onap/ccsdk-cds-ui-server:1.2.1 pullPolicy: Always # application configuration diff --git a/kubernetes/common/common/templates/_log.tpl b/kubernetes/common/common/templates/_log.tpl index 81420468b0..369c25b254 100644 --- a/kubernetes/common/common/templates/_log.tpl +++ b/kubernetes/common/common/templates/_log.tpl @@ -27,6 +27,13 @@ mountPath: {{ .Values.log.path }} - name: filebeat-data mountPath: /usr/share/filebeat/data + resources: + requests: + memory: "5Mi" + cpu: "10m" + limits: + memory: "20Mi" + cpu: "100m" {{- end -}} {{- end -}} diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index c8c0ffa0b2..ff11da309a 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -75,7 +75,7 @@ spec: - name: SET_NAME value: {{ include "common.fullname" . }} - name: SERVICE_NAME - value: {{ include "common.servicename" . }} + value: {{ include "common.servicename" . }}.{{ include "common.namespace" . }}.svc.{{ .Values.global.clusterName }} {{- if .Values.extraEnv }} {{ toYaml .Values.extraEnv | indent 8 }} {{- end }} diff --git a/kubernetes/common/etcd/values.yaml b/kubernetes/common/etcd/values.yaml index 3cfd4535f1..e2334eadfe 100644 --- a/kubernetes/common/etcd/values.yaml +++ b/kubernetes/common/etcd/values.yaml @@ -17,6 +17,7 @@ ################################################################# global: nodePortPrefix: 302 + clusterName: cluster.local persistence: {} ################################################################# diff --git a/kubernetes/common/mongo/templates/statefulset.yaml b/kubernetes/common/mongo/templates/statefulset.yaml index 11602054e8..9f24493392 100644 --- a/kubernetes/common/mongo/templates/statefulset.yaml +++ b/kubernetes/common/mongo/templates/statefulset.yaml @@ -72,7 +72,7 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: - name: {{ include "common.fullname" . }}-data - mountPath: /var/lib/mongo + mountPath: /data/db resources: {{ include "common.resources" . | nindent 12 }} {{ include "common.containerSecurityContext" . | indent 10 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/holmes/requirements.yaml b/kubernetes/holmes/requirements.yaml index d1200fd162..f881acdc97 100644 --- a/kubernetes/holmes/requirements.yaml +++ b/kubernetes/holmes/requirements.yaml @@ -22,6 +22,11 @@ dependencies: - name: postgres version: ~9.x-0 repository: '@local' + condition: global.postgres.localCluster + - name: postgres-init + version: ~9.x-0 + repository: '@local' + condition: not global.postgres.localCluster - name: holmes-rule-mgmt version: ~9.x-0 repository: 'file://components/holmes-rule-mgmt' diff --git a/kubernetes/holmes/values.yaml b/kubernetes/holmes/values.yaml index 9c69c20096..a536380bd5 100644 --- a/kubernetes/holmes/values.yaml +++ b/kubernetes/holmes/values.yaml @@ -19,7 +19,16 @@ global: nodePortPrefix: 302 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 - + #Service Names of the postgres db to connect to. + #Override it to dbc-pg if localCluster is enabled. + postgres: + localCluster: false + service: + name: pgset + name2: &postgres tcp-pgset-primary + name3: tcp-pgset-replica + container: + name: postgres secrets: - uid: pg-root-pass name: &pgRootPassSecretName '{{ include "common.release" . }}-holmes-pg-root-pass' @@ -65,11 +74,23 @@ postgres: mountSubPath: holmes/data mountInitPath: holmes +postgres-init: + nameOverride: holmes-postgres-init + config: + pgUserName: holmes + pgDatabase: *dbName + pgDataPath: data + pgUserExternalSecret: *pgUserCredsSecretName + # pgPrimaryPassword: password + # pgUserPassword: password + # pgRootPassword: password + holmes-engine-mgmt: config: pgConfig: dbName: *dbName - dbHost: *dbHost + # dbHost: *dbHost + dbHost: *postgres dbPort: *dbPort dbUserCredsExternalSecret: *pgUserCredsSecretName @@ -77,7 +98,8 @@ holmes-rule-mgmt: config: pgConfig: dbName: *dbName - dbHost: *dbHost + # dbHost: *dbHost + dbHost: *postgres dbPort: *dbPort dbUserCredsExternalSecret: *pgUserCredsSecretName diff --git a/kubernetes/multicloud/components/multicloud-fcaps/requirements.yaml b/kubernetes/multicloud/components/multicloud-fcaps/requirements.yaml index c2d6f85118..27373df61e 100644 --- a/kubernetes/multicloud/components/multicloud-fcaps/requirements.yaml +++ b/kubernetes/multicloud/components/multicloud-fcaps/requirements.yaml @@ -21,3 +21,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml index 21991b75fe..fe2eb68a3e 100644 --- a/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml @@ -35,15 +35,10 @@ handlers: level: "DEBUG" class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/openstack/fcaps/fcaps.log" - formatter: "mdcFormat" + formatter: "standard" maxBytes: 52428800 backupCount: 10 formatters: standard: format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" - mdcFormat: - format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml index 99d2314a07..b438bf0066 100644 --- a/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml @@ -100,7 +100,7 @@ spec: - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.rabbitmq }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: rabbit-mq - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: fcaps-log emptyDir: {} diff --git a/kubernetes/multicloud/components/multicloud-fcaps/values.yaml b/kubernetes/multicloud/components/multicloud-fcaps/values.yaml index c66e4e829f..39ddbae5b7 100644 --- a/kubernetes/multicloud/components/multicloud-fcaps/values.yaml +++ b/kubernetes/multicloud/components/multicloud-fcaps/values.yaml @@ -22,7 +22,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/openstack-fcaps:1.5.5 +image: onap/multicloud/openstack-fcaps:1.5.6 pullPolicy: Always #Istio sidecar injection policy @@ -89,3 +89,9 @@ resources: # rabbit-mq image resource rabbitmq: rabbitmq:alpine + +#Pods Service Account +serviceAccount: + nameOverride: multicloud-fcaps + roles: + - read diff --git a/kubernetes/multicloud/components/multicloud-k8s/requirements.yaml b/kubernetes/multicloud/components/multicloud-k8s/requirements.yaml index 434abf9ab5..eebca63b29 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/requirements.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/requirements.yaml @@ -29,3 +29,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml index 9f50d35784..e63be9c81c 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/templates/deployment.yaml @@ -85,7 +85,7 @@ spec: subPath: config.json - mountPath: /data name: artifact-data - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml index 0126594693..1c7c8fa489 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml @@ -133,3 +133,9 @@ resources: cpu: 10m memory: 100Mi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: multicloud-k8s + roles: + - read diff --git a/kubernetes/multicloud/components/multicloud-pike/requirements.yaml b/kubernetes/multicloud/components/multicloud-pike/requirements.yaml index c2d6f85118..27373df61e 100644 --- a/kubernetes/multicloud/components/multicloud-pike/requirements.yaml +++ b/kubernetes/multicloud/components/multicloud-pike/requirements.yaml @@ -21,3 +21,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml index 43e681e615..e740dccce3 100644 --- a/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml @@ -35,15 +35,10 @@ handlers: level: "DEBUG" class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/openstack/pike/pike.log" - formatter: "mdcFormat" + formatter: "standard" maxBytes: 52428800 backupCount: 10 formatters: standard: format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" - mdcFormat: - format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml index b48e8dc431..d12e663236 100644 --- a/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml @@ -69,6 +69,8 @@ spec: {{ include "common.resources" . | indent 12 }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/sh"] + args: ["-c", "/bin/sh /opt/pike/run.sh"] ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -97,7 +99,7 @@ spec: name: pike-log - mountPath: /usr/share/filebeat/data name: pike-data-filebeat - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: pike-log emptyDir: {} diff --git a/kubernetes/multicloud/components/multicloud-pike/values.yaml b/kubernetes/multicloud/components/multicloud-pike/values.yaml index 3fc572631a..5ef87f46b6 100644 --- a/kubernetes/multicloud/components/multicloud-pike/values.yaml +++ b/kubernetes/multicloud/components/multicloud-pike/values.yaml @@ -22,7 +22,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/openstack-pike:1.5.5 +image: onap/multicloud/openstack-pike:1.5.6 pullPolicy: Always #Istio sidecar injection policy @@ -86,3 +86,9 @@ resources: cpu: 20m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: multicloud-pike + roles: + - read diff --git a/kubernetes/multicloud/components/multicloud-prometheus/requirements.yaml b/kubernetes/multicloud/components/multicloud-prometheus/requirements.yaml index 09630f0989..eb40843bf1 100644 --- a/kubernetes/multicloud/components/multicloud-prometheus/requirements.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/requirements.yaml @@ -27,3 +27,6 @@ dependencies: - name: prometheus-grafana version: ~9.x-0 repository: 'file://components/prometheus-grafana' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml index 3a5c8edb5f..74941292fd 100644 --- a/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/templates/deployment.yaml @@ -105,6 +105,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 8 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-config configMap: diff --git a/kubernetes/multicloud/components/multicloud-prometheus/values.yaml b/kubernetes/multicloud/components/multicloud-prometheus/values.yaml index fa949c0c75..757041ce43 100644 --- a/kubernetes/multicloud/components/multicloud-prometheus/values.yaml +++ b/kubernetes/multicloud/components/multicloud-prometheus/values.yaml @@ -100,3 +100,9 @@ resources: cpu: 20m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: multicloud-prometheus + roles: + - read diff --git a/kubernetes/multicloud/components/multicloud-starlingx/requirements.yaml b/kubernetes/multicloud/components/multicloud-starlingx/requirements.yaml index c2d6f85118..27373df61e 100644 --- a/kubernetes/multicloud/components/multicloud-starlingx/requirements.yaml +++ b/kubernetes/multicloud/components/multicloud-starlingx/requirements.yaml @@ -21,3 +21,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml index e4d3d54b38..05989ac9b4 100644 --- a/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml @@ -39,15 +39,10 @@ handlers: level: "DEBUG" class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/openstack/starlingx/starlingx.log" - formatter: "mdcFormat" + formatter: "standard" maxBytes: 52428800 backupCount: 10 formatters: standard: format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" - mdcFormat: - format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml index 5413327d0b..7c39bb7006 100644 --- a/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml @@ -111,7 +111,7 @@ spec: subPath: config.json - mountPath: /data name: artifact-data - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: starlingx-log emptyDir: {} diff --git a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml index fb6f3b3592..69e4d943bd 100644 --- a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml +++ b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml @@ -24,7 +24,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/multicloud/openstack-starlingx:1.5.5 +image: onap/multicloud/openstack-starlingx:1.5.6 pullPolicy: Always #Istio sidecar injection policy @@ -88,3 +88,9 @@ resources: cpu: 20m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: multicloud-starlingx + roles: + - read diff --git a/kubernetes/multicloud/components/multicloud-vio/requirements.yaml b/kubernetes/multicloud/components/multicloud-vio/requirements.yaml index c2d6f85118..27373df61e 100644 --- a/kubernetes/multicloud/components/multicloud-vio/requirements.yaml +++ b/kubernetes/multicloud/components/multicloud-vio/requirements.yaml @@ -21,3 +21,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml index 520f86a7d1..5548359b12 100644 --- a/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-vio/templates/deployment.yaml @@ -94,6 +94,7 @@ spec: name: vio-log - mountPath: /usr/share/filebeat/data name: vio-data-filebeat + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: vio-log emptyDir: {} diff --git a/kubernetes/multicloud/components/multicloud-vio/values.yaml b/kubernetes/multicloud/components/multicloud-vio/values.yaml index 1a5af2ca48..5b218f1e75 100644 --- a/kubernetes/multicloud/components/multicloud-vio/values.yaml +++ b/kubernetes/multicloud/components/multicloud-vio/values.yaml @@ -85,3 +85,9 @@ resources: cpu: 20m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: multicloud-vio + roles: + - read diff --git a/kubernetes/multicloud/components/multicloud-windriver/requirements.yaml b/kubernetes/multicloud/components/multicloud-windriver/requirements.yaml index c2d6f85118..27373df61e 100644 --- a/kubernetes/multicloud/components/multicloud-windriver/requirements.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/requirements.yaml @@ -21,3 +21,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml index 79ff56adaa..7488188cdc 100644 --- a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml @@ -35,15 +35,10 @@ handlers: level: "DEBUG" class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/openstack/windriver/titanium_cloud.log" - formatter: "mdcFormat" + formatter: "standard" maxBytes: 52428800 backupCount: 10 formatters: standard: format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" - mdcFormat: - format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml index 2ed0b13249..f46e45017d 100644 --- a/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml @@ -120,7 +120,7 @@ spec: subPath: config.json - mountPath: /data name: artifact-data - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: windriver-log emptyDir: {} diff --git a/kubernetes/multicloud/components/multicloud-windriver/values.yaml b/kubernetes/multicloud/components/multicloud-windriver/values.yaml index dee6ba7a87..d520a783b7 100644 --- a/kubernetes/multicloud/components/multicloud-windriver/values.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/values.yaml @@ -25,7 +25,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/openstack-windriver:1.5.5 +image: onap/multicloud/openstack-windriver:1.5.6 pullPolicy: Always #Istio sidecar injection policy @@ -97,3 +97,9 @@ resources: cpu: 20m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: multicloud-windriver + roles: + - read diff --git a/kubernetes/multicloud/requirements.yaml b/kubernetes/multicloud/requirements.yaml index 2af2eb92ae..84099b2171 100644 --- a/kubernetes/multicloud/requirements.yaml +++ b/kubernetes/multicloud/requirements.yaml @@ -49,3 +49,6 @@ dependencies: version: ~9.x-0 repository: 'file://components/multicloud-windriver' condition: multicloud-windriver.enabled + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/multicloud/resources/config/log/framework/log.yml b/kubernetes/multicloud/resources/config/log/framework/log.yml index 023ff81d50..604797d467 100644 --- a/kubernetes/multicloud/resources/config/log/framework/log.yml +++ b/kubernetes/multicloud/resources/config/log/framework/log.yml @@ -26,14 +26,9 @@ handlers: level: "DEBUG" class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/multivimbroker/multivimbroker.log" - formatter: "mdcFormat" + formatter: "standard" maxBytes: 52428800 backupCount: 10 formatters: standard: format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" - mdcFormat: - format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/multicloud/templates/deployment.yaml b/kubernetes/multicloud/templates/deployment.yaml index a5b8297e2f..34fe6224bc 100644 --- a/kubernetes/multicloud/templates/deployment.yaml +++ b/kubernetes/multicloud/templates/deployment.yaml @@ -100,6 +100,7 @@ spec: name: framework-log - mountPath: /usr/share/filebeat/data name: framework-data-filebeat + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: framework-log emptyDir: {} diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml index d378ec2b1f..90e72be044 100644 --- a/kubernetes/multicloud/values.yaml +++ b/kubernetes/multicloud/values.yaml @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/framework:1.7.0 +image: onap/multicloud/framework:1.7.1 pullPolicy: Always #Istio sidecar injection policy @@ -108,3 +108,9 @@ resources: cpu: 20m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: multicloud + roles: + - read diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/Chart.yaml new file mode 100644 index 0000000000..463e007d9f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP Policy Clamp Controlloop Http Participant +name: policy-clamp-cl-http-ppnt +version: 9.0.0 diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/requirements.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/requirements.yaml new file mode 100644 index 0000000000..0139b52b25 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/requirements.yaml @@ -0,0 +1,31 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~9.x-0 + repository: '@local' + - name: certInitializer + version: ~9.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~9.x-0 + repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/HttpParticipantParameters.yaml new file mode 100644 index 0000000000..fd3c1d4438 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/HttpParticipantParameters.yaml @@ -0,0 +1,42 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +participant: + intermediaryParameters: + reportingTimeIntervalMs: 120000 + description: Participant Description + participantId: + name: HttpParticipant0 + version: 1.0.0 + participantType: + name: org.onap.k8s.controlloop.HttpControlLoopParticipant + version: 2.3.4 + clampControlLoopTopics: + topicSources: + - topic: POLICY-CLRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + fetchTimeout: 15000 + useHttps: true + topicSinks: + - topic: POLICY-CLRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + useHttps: true diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/logback.xml new file mode 100644 index 0000000000..b6a853d0a0 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/logback.xml @@ -0,0 +1,103 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2021 Nordix Foundation. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/http-participant/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/http-participant/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/http-participant/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/http-participant/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/http-participant/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/http-participant/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + </root> + +</configuration> diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/configmap.yaml new file mode 100644 index 0000000000..09cc8cd48f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/configmap.yaml @@ -0,0 +1,32 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/deployment.yaml new file mode 100644 index 0000000000..80eaf761e8 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/deployment.yaml @@ -0,0 +1,93 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + volumeMounts: + - mountPath: /config-input + name: cl-http-ppnt-config + - mountPath: /config + name: cl-http-ppnt-config-processed + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["sh","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + /opt/app/policy/clamp/bin/http-participant.sh /opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"] +{{- else }} + command: ["/opt/app/policy/clamp/bin/http-participant.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} + volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: cl-http-ppnt-config-processed + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} + - name: localtime + hostPath: + path: /etc/localtime + - name: cl-http-ppnt-config + configMap: + name: {{ include "common.fullname" . }}-configmap + defaultMode: 0755 + - name: cl-http-ppnt-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/secrets.yaml new file mode 100644 index 0000000000..0bddc8dfbc --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +#Copyright (C) 2021 Nordix Foundation. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml new file mode 100644 index 0000000000..6ea647e388 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml @@ -0,0 +1,104 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + aafEnabled: true + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-clamp-cl-http-ppnt-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/policy-clamp-cl-http-ppnt:6.1.3 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} +ingress: + enabled: false + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-cl-http-ppnt + roles: + - read diff --git a/kubernetes/policy/requirements.yaml b/kubernetes/policy/requirements.yaml index 246e129234..949199aa81 100755 --- a/kubernetes/policy/requirements.yaml +++ b/kubernetes/policy/requirements.yaml @@ -74,6 +74,10 @@ dependencies: version: ~9.x-0 repository: 'file://components/policy-clamp-cl-pf-ppnt' condition: policy-clamp-cl-pf-ppnt.enabled + - name: policy-clamp-cl-http-ppnt + version: ~9.x-0 + repository: 'file://components/policy-clamp-cl-http-ppnt' + condition: policy-clamp-cl-http-ppnt.enabled - name: repositoryGenerator version: ~9.x-0 repository: '@local' diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 33602a97d0..5204aa7568 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -107,6 +107,8 @@ policy-clamp-cl-pf-ppnt: restServer: apiUserExternalSecret: *policyApiCredsSecret papUserExternalSecret: *policyPapCredsSecret +policy-clamp-cl-http-ppnt: + enabled: true policy-nexus: enabled: false policy-clamp-cl-runtime: diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml index 1c8bd5a26f..801d542bc0 100644 --- a/kubernetes/sdnc/components/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-dmaap-listener-image:2.2.1 +image: onap/sdnc-dmaap-listener-image:2.2.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml index 6b4c5a25c5..4b8ac2198a 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ansible-server-image:2.2.1 +image: onap/sdnc-ansible-server-image:2.2.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml index eafb3f2ec0..dd76f58dd2 100644 --- a/kubernetes/sdnc/components/sdnc-web/values.yaml +++ b/kubernetes/sdnc/components/sdnc-web/values.yaml @@ -23,7 +23,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: "onap/sdnc-web-image:2.2.1" +image: "onap/sdnc-web-image:2.2.2" pullPolicy: Always config: diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml index aba55dd693..848fd97eb2 100644 --- a/kubernetes/sdnc/components/ueb-listener/values.yaml +++ b/kubernetes/sdnc/components/ueb-listener/values.yaml @@ -55,7 +55,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ueb-listener-image:2.2.1 +image: onap/sdnc-ueb-listener-image:2.2.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index d244f9c455..a1ed2ca0b1 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -206,7 +206,7 @@ certificates: # application images pullPolicy: Always -image: onap/sdnc-image:2.2.1 +image: onap/sdnc-image:2.2.2 # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/uui/Makefile b/kubernetes/uui/Makefile new file mode 100644 index 0000000000..4c79718d02 --- /dev/null +++ b/kubernetes/uui/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := dist resources templates charts docker +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/uui/components/Makefile b/kubernetes/uui/components/Makefile new file mode 100644 index 0000000000..bf267b7720 --- /dev/null +++ b/kubernetes/uui/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/uui/components/uui-server/requirements.yaml b/kubernetes/uui/components/uui-server/requirements.yaml new file mode 100644 index 0000000000..34cedc84cb --- /dev/null +++ b/kubernetes/uui/components/uui-server/requirements.yaml @@ -0,0 +1,27 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~9.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: certInitializer + version: ~9.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/uui/components/uui-server/resources/config/application.properties b/kubernetes/uui/components/uui-server/resources/config/application.properties new file mode 100644 index 0000000000..37f8467df1 --- /dev/null +++ b/kubernetes/uui/components/uui-server/resources/config/application.properties @@ -0,0 +1,53 @@ +## +## Copyright (C) 2017 CMCC, Inc. and others. All rights reserved. +## +## Licensed under the Apache License, Version 2.0 (the "License"); +## you may not use this file except in compliance with the License. +## You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## +## General App Properties +server.servlet.contextPath=/api/usecaseui-server/v1 +server.port=8082 +spring.http.multipart.max-file-size=128MB +spring.http.multipart.max-request-size=128MB + +## App DB Properties +spring.datasource.url=jdbc:postgresql://localhost:5432/uui +spring.datasource.username=uui +spring.datasource.password=uui +spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL9Dialect +spring.database.driver.classname=org.postgresql.Driver +spring.jpa.show-sql=false +spring.jpa.properties.hibernate.format_sql=false +spring.jpa.properties.hibernate.show-sql=false +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true +spring.jpa.properties.hibernate.temp.use_jdbc_metadata_defaults = false +spring.jpa.properties.hibernate.current_session_context_class=org.springframework.orm.hibernate5.SpringSessionContext +spring.jpa.properties.hibernate.cache.use_second_level_cache=false +spring.jpa.properties.hibernate.cache.use_query_cache=false +#spring.jpa.properties.hibernate.allow_update_outside_transaction=true + +## Basic Authentication Properties +# security.user.name=usecase +# security.user.password=usecase + +## Logback Properties +logging.file.name=logs/usecaseui_server.log +logging.level.*=INFO + +#enable shutdown +endpoints.shutdown.enabled=true +endpoints.shutdown.sensitive=false + +server.ssl.protocol=TLS +server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12 +server.ssl.key-store-password=${KEYSTORE_PASSWORD} +server.ssl.key-store-type=PKCS12
\ No newline at end of file diff --git a/kubernetes/uui/components/uui-server/resources/entrypoint/run.sh b/kubernetes/uui/components/uui-server/resources/entrypoint/run.sh new file mode 100644 index 0000000000..f96dd74bd3 --- /dev/null +++ b/kubernetes/uui/components/uui-server/resources/entrypoint/run.sh @@ -0,0 +1,43 @@ +#!/bin/bash +{{/* +# +# Copyright 2016-2017 ZTE Corporation. +# Copyright 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +*/}} + +main_path="/home/uui" +echo @main_path@ $main_path + +echo "Starting postgreSQL..." +#service postgresql start +postmaster -D /usr/share/postgresql/data & +sleep 10 + +echo "usecase-ui database init script start..." +dbScript="$main_path/resources/bin/initDB.sh" +source $dbScript 127.0.0.1 5432 postgres uui +echo "usecase-ui database init script finished normally..." + +JAVA_PATH="$JAVA_HOME/bin/java" +JAVA_OPTS="-Xms50m -Xmx128m" +echo @JAVA_PATH@ $JAVA_PATH +echo @JAVA_OPTS@ $JAVA_OPTS + +jar_path="$main_path/usecase-ui-server.jar" +echo @jar_path@ $jar_path + +echo "Starting usecase-ui-server..." +$JAVA_PATH $JAVA_OPTS -classpath $jar_path -jar $jar_path $SPRING_OPTS
\ No newline at end of file diff --git a/kubernetes/uui/components/uui-server/templates/configmap.yaml b/kubernetes/uui/components/uui-server/templates/configmap.yaml new file mode 100644 index 0000000000..0f0bd37c26 --- /dev/null +++ b/kubernetes/uui/components/uui-server/templates/configmap.yaml @@ -0,0 +1,41 @@ +{{/* +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-entrypoint + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/entrypoint/*").AsConfig . | indent 2 }} diff --git a/kubernetes/uui/components/uui-server/templates/deployment.yaml b/kubernetes/uui/components/uui-server/templates/deployment.yaml index ea6f7b7a23..b7a385d30e 100644 --- a/kubernetes/uui/components/uui-server/templates/deployment.yaml +++ b/kubernetes/uui/components/uui-server/templates/deployment.yaml @@ -35,10 +35,20 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + bash /uui/run.sh + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -50,8 +60,7 @@ spec: initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} readinessProbe: tcpSocket: port: {{ .Values.service.internalPort }} @@ -62,5 +71,24 @@ spec: value: {{tpl .Values.msbaddr .}} - name: MR_ADDR value: {{tpl .Values.mraddr .}} + {{- if .Values.global.aafEnabled }} + - name: SPRING_OPTS + value: --spring.config.location=file:/config/application.properties + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + - mountPath: /uui/run.sh + name: entrypoint + subPath: run.sh + - mountPath: /config/application.properties + name: config + subPath: application.properties + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + - name: config + configMap: + name: {{ include "common.fullname" . }} + - name: entrypoint + configMap: + name: {{ include "common.fullname" . }}-entrypoint + defaultMode: 0755 + {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/uui/components/uui-server/values.yaml b/kubernetes/uui/components/uui-server/values.yaml index 6017f2640e..1b652d553b 100644 --- a/kubernetes/uui/components/uui-server/values.yaml +++ b/kubernetes/uui/components/uui-server/values.yaml @@ -18,6 +18,44 @@ global: uuiPortPrefix: 303 +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: uui-server-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: uui + fqi: uui@uui.onap.org + fqi_namespace: org.onap.uui + public_fqdn: uui.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** changing them into shell safe ones" + export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** set key password as same password as keystore password" + keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \ + -keystore {{ .Values.fqi_namespace }}.jks \ + -keypass "${cadi_keystore_password_p12}" \ + -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }} + echo "*** save the generated passwords" + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop + echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R 1000 {{ .Values.credsPath }} + subChartsOnly: enabled: true diff --git a/kubernetes/uui/requirements.yaml b/kubernetes/uui/requirements.yaml index b982291e58..05d649f500 100644 --- a/kubernetes/uui/requirements.yaml +++ b/kubernetes/uui/requirements.yaml @@ -20,6 +20,9 @@ dependencies: # a part of this chart's package and will not # be published independently to a repo (at this point) repository: '@local' + - name: certInitializer + version: ~9.x-0 + repository: '@local' - name: repositoryGenerator version: ~9.x-0 repository: '@local' diff --git a/kubernetes/uui/resources/config/server.xml b/kubernetes/uui/resources/config/server.xml new file mode 100644 index 0000000000..2260bb8cf5 --- /dev/null +++ b/kubernetes/uui/resources/config/server.xml @@ -0,0 +1,161 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- {{/* + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!-- Note: A "Server" is not itself a "Container", so you may not + define subcomponents such as "Valves" at this level. + Documentation at /docs/config/server.html +*/}} --> + +<Server port="8005" shutdown="SHUTDOWN"> + <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> + <!-- Security listener. Documentation at /docs/config/listeners.html + <Listener className="org.apache.catalina.security.SecurityListener" /> + --> + <!--APR library loader. Documentation at /docs/apr.html --> + <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> + <!-- Prevent memory leaks due to use of particular java/javax APIs--> + <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> + <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> + <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> + + <!-- Global JNDI resources + Documentation at /docs/jndi-resources-howto.html + --> + <GlobalNamingResources> + <!-- Editable user database that can also be used by + UserDatabaseRealm to authenticate users + --> + <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> + </GlobalNamingResources> + + <!-- A "Service" is a collection of one or more "Connectors" that share + a single "Container" Note: A "Service" is not itself a "Container", + so you may not define subcomponents such as "Valves" at this level. + Documentation at /docs/config/service.html + --> + <Service name="Catalina"> + + <!--The connectors can use a shared executor, you can define one or more named thread pools--> + <!-- + <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" + maxThreads="150" minSpareThreads="4"/> + --> + + + <!-- A "Connector" represents an endpoint by which requests are received + and responses are returned. Documentation at : + Java HTTP Connector: /docs/config/http.html + Java AJP Connector: /docs/config/ajp.html + APR (HTTP/AJP) Connector: /docs/apr.html + Define a non-SSL/TLS HTTP/1.1 Connector on port 8080 + --> + <!--Connector port="8080" protocol="HTTP/1.1" + connectionTimeout="20000" + redirectPort="8443" /> + --> + <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12" keystorePass="${KEYSTORE_PASSWORD}" /> + + <!-- A "Connector" using the shared thread pool--> + <!-- + <Connector executor="tomcatThreadPool" + port="8080" protocol="HTTP/1.1" + connectionTimeout="20000" + redirectPort="8443" /> + --> + <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 + This connector uses the NIO implementation. The default + SSLImplementation will depend on the presence of the APR/native + library and the useOpenSSL attribute of the + AprLifecycleListener. + Either JSSE or OpenSSL style configuration may be used regardless of + the SSLImplementation selected. JSSE style configuration is used below. + --> + <!-- + <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" + maxThreads="150" SSLEnabled="true"> + <SSLHostConfig> + <Certificate certificateKeystoreFile="conf/localhost-rsa.jks" + type="RSA" /> + </SSLHostConfig> + </Connector> + --> + <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2 + This connector uses the APR/native implementation which always uses + OpenSSL for TLS. + Either JSSE or OpenSSL style configuration may be used. OpenSSL style + configuration is used below. + --> + <!-- + <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" + maxThreads="150" SSLEnabled="true" > + <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> + <SSLHostConfig> + <Certificate certificateKeyFile="conf/localhost-rsa-key.pem" + certificateFile="conf/localhost-rsa-cert.pem" + certificateChainFile="conf/localhost-rsa-chain.pem" + type="RSA" /> + </SSLHostConfig> + </Connector> + --> + + <!-- Define an AJP 1.3 Connector on port 8009 --> + <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> + + + <!-- An Engine represents the entry point (within Catalina) that processes + every request. The Engine implementation for Tomcat stand alone + analyzes the HTTP headers included with the request, and passes them + on to the appropriate Host (virtual host). + Documentation at /docs/config/engine.html --> + + <!-- You should set jvmRoute to support load-balancing via AJP ie : + <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> + --> + <Engine name="Catalina" defaultHost="localhost"> + + <!--For clustering, please take a look at documentation at: + /docs/cluster-howto.html (simple how to) + /docs/config/cluster.html (reference documentation) --> + <!-- + <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> + --> + + <!-- Use the LockOutRealm to prevent attempts to guess user passwords + via a brute-force attack --> + <Realm className="org.apache.catalina.realm.LockOutRealm"> + <!-- This Realm uses the UserDatabase configured in the global JNDI + resources under the key "UserDatabase". Any edits + that are performed against this UserDatabase are immediately + available for use by the Realm. --> + <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" /> + </Realm> + + <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> + + <!-- SingleSignOn valve, share authentication between web applications + Documentation at: /docs/config/valve.html --> + <!-- + <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> + --> + + <!-- Access log processes all example. + Documentation at: /docs/config/valve.html + Note: The pattern used is equivalent to using pattern="common" --> + <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> + + </Host> + </Engine> + </Service> +</Server> diff --git a/kubernetes/uui/templates/configmap.yaml b/kubernetes/uui/templates/configmap.yaml new file mode 100644 index 0000000000..8c32132498 --- /dev/null +++ b/kubernetes/uui/templates/configmap.yaml @@ -0,0 +1,28 @@ +{{/* +# Copyright © 2021 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/uui/templates/deployment.yaml b/kubernetes/uui/templates/deployment.yaml index 8c523b2388..5d8c7b32b5 100644 --- a/kubernetes/uui/templates/deployment.yaml +++ b/kubernetes/uui/templates/deployment.yaml @@ -35,6 +35,28 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + {{- if .Values.global.aafEnabled }} + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + - command: + - sh + args: + - -c + - | + export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + cd /config-input && for PFILE in `ls -1` + do + envsubst <${PFILE} >/config/${PFILE} + done + cat /config/server.xml + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + - mountPath: /config-input + name: config-input + - mountPath: /config + name: config + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + {{- end }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} @@ -42,7 +64,16 @@ spec: command: - /bin/bash - -c - - /home/uui/uuiStartup.sh + - | + echo "*** /opt" + ls -lh /opt/ + echo "*** /opt/app" + ls -lh /opt/app/ + echo "*** /opt/app/osaaf/" + ls -lh /opt/app/osaaf/ + echo "*** /opt/app/osaaf/local" + ls -lh /opt/app/osaaf/local/ + /home/uui/uuiStartup.sh ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -59,18 +90,30 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + {{- if .Values.global.aafEnabled }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + - mountPath: /home/uui/server.xml + name: config + subPath: server.xml + {{- end }} env: - name: MSB_ADDR value: {{ tpl .Values.msbaddr . }} - resources: -{{ include "common.resources" . | indent 12 }} + resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} - {{- end -}} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end }} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end }} + {{- if .Values.global.aafEnabled }} + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + - name: config-input + configMap: + name: {{ include "common.fullname" . }} + - name: config + emptyDir: + medium: Memory + {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml index 32b8449240..52301d63c8 100644 --- a/kubernetes/uui/values.yaml +++ b/kubernetes/uui/values.yaml @@ -18,6 +18,39 @@ global: uuiPortPrefix: 303 +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: uui-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: uui + fqi: uui@uui.onap.org + fqi_namespace: org.onap.uui + public_fqdn: uui.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** changing them into shell safe ones" + export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) + cd {{ .Values.credsPath }} + keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \ + -storepass "${cadi_keystore_password_p12}" \ + -keystore {{ .Values.fqi_namespace }}.p12 + keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \ + -storepass "${cadi_truststore_password}" \ + -keystore {{ .Values.fqi_namespace }}.trust.jks + echo "*** save the generated passwords" + echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop + echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop + echo "*** change ownership of certificates to targeted user" + chown -R 1000 {{ .Values.credsPath }} + subChartsOnly: enabled: true |