diff options
Diffstat (limited to 'kubernetes')
54 files changed, 297 insertions, 654 deletions
diff --git a/kubernetes/aaf/values.yaml b/kubernetes/aaf/values.yaml index 8eaead5e4b..5a1c5f2709 100644 --- a/kubernetes/aaf/values.yaml +++ b/kubernetes/aaf/values.yaml @@ -131,6 +131,12 @@ readiness: ingress: enabled: false + service: + - baseaddr: "aaf.api" + name: "aaf-service" + port: 8100 + config: + ssl: "none" ## Persist data to a persitent volume persistence: diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml index 12991a831f..45a9b4cfa1 100644 --- a/kubernetes/appc/values.yaml +++ b/kubernetes/appc/values.yaml @@ -143,6 +143,15 @@ dgbuilder: service: name: appc-dgbuilder + ingress: + enabled: false + service: + - baseaddr: "appc-dgbuilder" + name: "appc-dgbuilder" + port: 3000 + config: + ssl: "redirect" + #passing value to cdt chart. value of nodePort3 will be same as appc.service.nodePort3. appc-cdt: nodePort3: 11 @@ -207,7 +216,7 @@ persistence: ingress: enabled: false service: - - baseaddr: appc + - baseaddr: "appc.api" name: "appc" port: 8443 config: diff --git a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml b/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml index fa00ffed1a..5e473bc12e 100644 --- a/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml +++ b/kubernetes/clamp/charts/clamp-backend/templates/deployment.yaml @@ -78,11 +78,17 @@ spec: name: {{ include "common.fullname" . }}-config subPath: sdc-controllers-config.json env: - - name: SPRING_APPLICATION_JSON - valueFrom: - configMapKeyRef: - name: {{ template "common.fullname" . }} - key: spring_application_json + - name: MYSQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: MYSQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + - name: MYSQL_DATABASE + value: {{ tpl .Values.db.databaseName .}} + - name: SPRING_APPLICATION_JSON + valueFrom: + configMapKeyRef: + name: {{ template "common.fullname" . }} + key: spring_application_json resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml b/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml new file mode 100644 index 0000000000..57f88ce32d --- /dev/null +++ b/kubernetes/clamp/charts/clamp-backend/templates/secrets.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/clamp/charts/clamp-backend/values.yaml b/kubernetes/clamp/charts/clamp-backend/values.yaml index ca444aa175..f354ad14a7 100644 --- a/kubernetes/clamp/charts/clamp-backend/values.yaml +++ b/kubernetes/clamp/charts/clamp-backend/values.yaml @@ -23,11 +23,19 @@ global: # global defaults readinessImage: readiness-check:2.0.0 persistence: {} +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-backend:5.0.4 +image: onap/clamp-backend:5.0.6 pullPolicy: Always # flag to enable debugging - application support required @@ -40,6 +48,9 @@ log: ################################################################# # Application configuration defaults. ################################################################# + +db: {} + config: log: logstashServiceName: log-ls @@ -47,8 +58,10 @@ config: mysqlPassword: strong_pitchou dataRootDir: /dockerdata-nfs springApplicationJson: > - { - "spring.datasource.cldsdb.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3", + { + "spring.datasource.username": "${MYSQL_USER}", + "spring.datasource.password": "${MYSQL_PASSWORD}", + "spring.datasource.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/${MYSQL_DATABASE}?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3", "spring.profiles.active": "clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements", "clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json", "clamp.config.dcae.inventory.url": "https4://inventory.{{ include "common.namespace" . }}:8080", @@ -63,7 +76,7 @@ config: "clamp.config.policy.pap.userName": "healthcheck", "clamp.config.policy.pap.password": "zb!XztG34", "clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095" - } + } # default number of instances replicaCount: 1 diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh deleted file mode 100755 index 2e2ad2e1af..0000000000 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bootstrap-database.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh - -### -# ============LICENSE_START======================================================= -# ONAP CLAMP -# ================================================================================ -# Copyright (C) 2017 AT&T Intellectual Property. All rights -# reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END============================================ -# =================================================================== -# -### - -mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < /docker-entrypoint-initdb.d/bulkload/create-db.sql -## New model creation -mysql -uroot -p$MYSQL_ROOT_PASSWORD -f cldsdb4 < /docker-entrypoint-initdb.d/bulkload/create-tables.sql diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql deleted file mode 100644 index ea4d97c1b5..0000000000 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-db.sql +++ /dev/null @@ -1,11 +0,0 @@ -# -# Create CLDS database objects (tables, etc.) -# -# -CREATE DATABASE `cldsdb4`; -USE `cldsdb4`; -DROP USER 'clds'; -CREATE USER 'clds'; -GRANT ALL on cldsdb4.* to 'clds' identified by 'sidnnd83K' with GRANT OPTION; -FLUSH PRIVILEGES; - diff --git a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql index 1f153bce04..1f153bce04 100644 --- a/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/create-tables.sql +++ b/kubernetes/clamp/charts/mariadb/resources/config/mariadb/docker-entrypoint-initdb.d/create-tables.sql diff --git a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml b/kubernetes/clamp/charts/mariadb/templates/configmap.yaml index 705c38fa19..522c5f9bf8 100644 --- a/kubernetes/clamp/charts/mariadb/templates/configmap.yaml +++ b/kubernetes/clamp/charts/mariadb/templates/configmap.yaml @@ -17,19 +17,6 @@ apiVersion: v1 kind: ConfigMap metadata: - name: clamp-entrypoint-initdb-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: name: clamp-entrypoint-bulkload-configmap namespace: {{ include "common.namespace" . }} labels: @@ -38,7 +25,7 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/bulkload/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }} --- apiVersion: v1 kind: ConfigMap diff --git a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml b/kubernetes/clamp/charts/mariadb/templates/deployment.yaml index be46f89433..7d22930b6a 100644 --- a/kubernetes/clamp/charts/mariadb/templates/deployment.yaml +++ b/kubernetes/clamp/charts/mariadb/templates/deployment.yaml @@ -52,19 +52,19 @@ spec: initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "common.fullname" . }} - key: db-root-password + - name: MYSQL_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }} + - name: MYSQL_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }} + - name: MYSQL_ROOT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12 }} + - name: MYSQL_DATABASE + value: {{ tpl .Values.db.databaseName .}} volumeMounts: - - mountPath: /docker-entrypoint-initdb.d/bootstrap-database.sh - name: docker-entrypoint-initdb - subPath: bootstrap-database.sh - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /docker-entrypoint-initdb.d/bulkload/ + - mountPath: /docker-entrypoint-initdb.d/ name: docker-entrypoint-bulkload - mountPath: /etc/mysql/conf.d/conf1/ name: clamp-mariadb-conf @@ -88,9 +88,6 @@ spec: {{- else }} emptyDir: {} {{- end }} - - name: docker-entrypoint-initdb - configMap: - name: clamp-entrypoint-initdb-configmap - name: docker-entrypoint-bulkload configMap: name: clamp-entrypoint-bulkload-configmap diff --git a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml b/kubernetes/clamp/charts/mariadb/templates/secrets.yaml index 8f3a21752d..57f88ce32d 100644 --- a/kubernetes/clamp/charts/mariadb/templates/secrets.yaml +++ b/kubernetes/clamp/charts/mariadb/templates/secrets.yaml @@ -13,16 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -type: Opaque -data: - db-root-password: {{ .Values.config.mysqlPassword | b64enc | quote }} +{{ include "common.secretFast" . }} diff --git a/kubernetes/clamp/charts/mariadb/values.yaml b/kubernetes/clamp/charts/mariadb/values.yaml index 8bf6100563..df651dd9ea 100644 --- a/kubernetes/clamp/charts/mariadb/values.yaml +++ b/kubernetes/clamp/charts/mariadb/values.yaml @@ -20,18 +20,27 @@ global: # global defaults nodePortPrefix: 302 persistence: {} - # application image repository: nexus3.onap.org:10001 image: mariadb:10.3.12 pullPolicy: Always flavor: small - ################################################################# -# Application configuration defaults. +# Secrets metaconfig ################################################################# -config: - mysqlPassword: strong_pitchou +secrets: + - uid: db-root-pass + type: password + externalSecret: '{{ tpl (default "" .Values.db.rootCredsExternalSecret) . }}' + password: '{{ .Values.db.rootPass }}' + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + +# Application configuration +db: {} # default number of instances replicaCount: 1 diff --git a/kubernetes/clamp/templates/secrets.yaml b/kubernetes/clamp/templates/secrets.yaml new file mode 100644 index 0000000000..57f88ce32d --- /dev/null +++ b/kubernetes/clamp/templates/secrets.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/clamp/values.yaml b/kubernetes/clamp/values.yaml index 0679982740..9446ca8eb3 100644 --- a/kubernetes/clamp/values.yaml +++ b/kubernetes/clamp/values.yaml @@ -24,6 +24,33 @@ global: # global defaults loggingImage: beats/filebeat:5.5.0 centralizedLoggingEnabled: false +secrets: + - uid: db-root-pass + name: &dbRootPass '{{ include "common.release" . }}-clamp-db-root-pass' + type: password + password: '{{ .Values.db.rootPass }}' + - uid: db-secret + name: &dbUserPass '{{ include "common.release" . }}-clamp-db-user-pass' + type: basicAuth + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + +db: + user: clds +# password: sidnnd83K + databaseName: &dbName cldsdb4 +# rootPass: emrys user: testos + +clamp-backend: + db: + userCredsExternalSecret: *dbUserPass + databaseName: *dbName +mariadb: + db: + rootCredsExternalSecret: *dbRootPass + userCredsExternalSecret: *dbUserPass + databaseName: *dbName + subChartsOnly: enabled: true @@ -31,7 +58,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/clamp-frontend:5.0.3 +image: onap/clamp-frontend:5.0.6 pullPolicy: Always # flag to enable debugging - application support required @@ -89,7 +116,7 @@ service: ingress: enabled: false service: - - baseaddr: "clamp" + - baseaddr: "clamp.api" name: "clamp" port: 2443 config: diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml index fba076d47d..90922791bc 100644 --- a/kubernetes/cli/values.yaml +++ b/kubernetes/cli/values.yaml @@ -64,10 +64,10 @@ service: ingress: enabled: false service: - - baseaddr: "cli" + - baseaddr: "cli.api" name: "cli" port: 443 - - baseaddr: "cli2" + - baseaddr: "cli2.api" name: cli port: 9090 config: diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index 28c40e6da7..6586573f9f 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -152,6 +152,12 @@ service: ingress: enabled: false + service: + - baseaddr: "dgbuilder" + name: "dgbuilder" + port: 3000 + config: + ssl: "redirect" resources: {} # We usually recommend not to specify default resources and to leave this as a conscious diff --git a/kubernetes/consul/values.yaml b/kubernetes/consul/values.yaml index d55ea4666e..34272c6b96 100644 --- a/kubernetes/consul/values.yaml +++ b/kubernetes/consul/values.yaml @@ -61,7 +61,7 @@ service: {} ingress: enabled: false service: - - baseaddr: "consul-server" + - baseaddr: "consul.api" name: "consul-server" port: 8800 config: diff --git a/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml index 67d13cf477..56315285cd 100755 --- a/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml +++ b/kubernetes/contrib/components/awx/charts/awx-postgres/templates/deployment.yaml @@ -60,7 +60,7 @@ spec: name: localtime readOnly: true - name: {{ include "common.fullname" . }}-data - mountPath: /var/lib/postgresql/data + mountPath: /var/lib/postgresql/ resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml b/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml index 45468e4969..3a4bb90b98 100755 --- a/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml +++ b/kubernetes/contrib/components/netbox/charts/netbox-postgres/templates/deployment.yaml @@ -50,7 +50,7 @@ spec: name: localtime readOnly: true - name: {{ include "common.fullname" . }}-data - mountPath: /var/lib/postgresql/data + mountPath: /var/lib/postgresql/ resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml index 78721169d4..aca2fc407d 100644 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ b/kubernetes/dmaap/components/message-router/values.yaml @@ -95,6 +95,13 @@ prometheus: ingress: enabled: false + service: + - baseaddr: "mr.api" + name: "message-router" + port: 3905 + config: + ssl: "none" + # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/log/charts/log-kibana/values.yaml b/kubernetes/log/charts/log-kibana/values.yaml index d69ab8ef42..8d4b49e20f 100644 --- a/kubernetes/log/charts/log-kibana/values.yaml +++ b/kubernetes/log/charts/log-kibana/values.yaml @@ -81,7 +81,7 @@ service: ingress: enabled: false service: - - baseaddr: "logkibana" + - baseaddr: "kibana.api" name: "log-kibana" port: 5601 config: @@ -105,4 +105,4 @@ resources: requests: cpu: 2 memory: 4Gi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/msb/charts/kube2msb/values.yaml b/kubernetes/msb/charts/kube2msb/values.yaml index af845939a5..556931d07e 100644 --- a/kubernetes/msb/charts/kube2msb/values.yaml +++ b/kubernetes/msb/charts/kube2msb/values.yaml @@ -24,7 +24,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/oom/kube2msb:1.1.0 +image: onap/oom/kube2msb:1.2.6 pullPolicy: Always istioSidecar: true @@ -70,4 +70,4 @@ resources: requests: cpu: 1 memory: 1Gi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/msb/charts/msb-discovery/values.yaml b/kubernetes/msb/charts/msb-discovery/values.yaml index 268385d59f..9f8f061d8e 100644 --- a/kubernetes/msb/charts/msb-discovery/values.yaml +++ b/kubernetes/msb/charts/msb-discovery/values.yaml @@ -60,7 +60,7 @@ service: ingress: enabled: false service: - - baseaddr: "msbdiscovery" + - baseaddr: "msb.api.discovery" name: "msb-discovery" port: 10081 config: diff --git a/kubernetes/msb/charts/msb-eag/values.yaml b/kubernetes/msb/charts/msb-eag/values.yaml index c5820ae3dc..60c197327e 100644 --- a/kubernetes/msb/charts/msb-eag/values.yaml +++ b/kubernetes/msb/charts/msb-eag/values.yaml @@ -24,7 +24,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/msb/msb_apigateway:1.2.6 +image: onap/msb/msb_apigateway:1.2.7 pullPolicy: Always istioSidecar: true diff --git a/kubernetes/msb/charts/msb-iag/values.yaml b/kubernetes/msb/charts/msb-iag/values.yaml index 00adb83658..a927816492 100644 --- a/kubernetes/msb/charts/msb-iag/values.yaml +++ b/kubernetes/msb/charts/msb-iag/values.yaml @@ -24,7 +24,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/msb/msb_apigateway:1.2.6 +image: onap/msb/msb_apigateway:1.2.7 pullPolicy: Always istioSidecar: true diff --git a/kubernetes/msb/resources/config/certificates/ca.crt b/kubernetes/msb/resources/config/certificates/ca.crt new file mode 100644 index 0000000000..62da777a58 --- /dev/null +++ b/kubernetes/msb/resources/config/certificates/ca.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDkjCCAnoCCQCHtNgoWafiHzANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC +Q04xETAPBgNVBAgMCHNpY2h1YW5nMRAwDgYDVQQHDAdjaGVuZ2R1MQwwCgYDVQQK +DAN6dGUxDjAMBgNVBAsMBXplbmFwMTgwNgYDVQQDDC9aVEUgT3BlblBhbGV0dGUg +Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzAeFw0xNzAzMTcwMTU2MjBa +Fw0yNzAzMTUwMTU2MjBaMIGKMQswCQYDVQQGEwJDTjERMA8GA1UECAwIc2ljaHVh +bmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAKBgNVBAoMA3p0ZTEOMAwGA1UECwwFemVu +YXAxODA2BgNVBAMML1pURSBPcGVuUGFsZXR0ZSBSb290IENlcnRpZmljYXRlIEF1 +dGhvcml0eSAyMDE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23LK +Eq56pVzsRbYJ6NMdk82QfLjnp+f7KzdQ46SfwldG3gmipasPwDXV9jT9FvUlX8s/ +mRphOyuZ7vDzL2QjlS/FBATTWrJ2VCJmBVlzVu4STZ6YrxpQrSAalGkiYd9uT2Yt +2quNUPCsZSlJ8qJCYs098bJ2XTsK0JBby94j3nTdvNWhhErrheWdG/CHje32sKog +6BxN4GzMeZ2fUd0vKsqBs89M0pApdjpRMqEGHg+Lri4iiE9kKa/Y8S3V6ggJZjbp +7xs7N0miy/paeosjfFe5U6mhumUSZPFy8ueAgGxqBkwvLJwCY3HYcrsFGaXTu+c3 +p2q1Adygif1h43HrvQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAb/cgmsCxvQmvu +5e4gpn5WEMo0k7F6IAghd8139i9vmtQ88reYZvfiVsp/5ZjNnNj75lLbjjexDkPA +bdnAiJfRKOrMaPqY6Bem4v8lPu1B/kj1umn4BXOCC1kpcH/2JCmvI8uh49SSlT9J +wUSKWw8Qhy9XKN692y02QZke9Xp2HoFvMUlntglmQUIRO5eBYLQCSWpfv/iyMs6w +ar7Tk1p2rURpRh02P7WFQ5j5fxXEOrkMT7FX80EB3AddSthstj2iDlUcqfG3jXH/ +FA5r1q45kMUaMYxV9WIE67Vt0RaxrUJYWDR2kDSSox7LR5GpjWiSlPAfcLCeVuA3 +3lR7lW/J +-----END CERTIFICATE----- diff --git a/kubernetes/msb/resources/config/certificates/cert.crt b/kubernetes/msb/resources/config/certificates/cert.crt new file mode 100644 index 0000000000..7d1314f59e --- /dev/null +++ b/kubernetes/msb/resources/config/certificates/cert.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqjCCApKgAwIBAgIJAOQWcdss4Qu5MA0GCSqGSIb3DQEBCwUAMIGKMQswCQYD +VQQGEwJDTjERMA8GA1UECAwIc2ljaHVhbmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAK +BgNVBAoMA3p0ZTEOMAwGA1UECwwFemVuYXAxODA2BgNVBAMML1pURSBPcGVuUGFs +ZXR0ZSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE3MB4XDTIwMDQyMjAy +NTc1MFoXDTIyMDQyMjAyNTc1MFowYDELMAkGA1UEBhMCQ04xEDAOBgNVBAgMB1Np +Y2h1YW4xEDAOBgNVBAcMB0NoZW5nZHUxDTALBgNVBAoMBE9OQVAxDDAKBgNVBAsM +A01TQjEQMA4GA1UEAwwHbXNiLWlhZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAMa1YlTIL8APcmASbxrD7Q9BhWL9Hwi+FKO4HsIrSiJj/A/FLVe3kV2a +xA7b5wdv44P0qQnh3pc0djlnZ47Fgli3lhEZ33+j5vrXHCjEFKiZZVeO+y/p+OcZ +VMNiL+MPJNTNgMkPoaljs/U6fn6fFyAgMMIqqigxHJaNvz7IH+UpqbWWzZo7+JqC +lBi8t5ZIDk18/3cPQWXIne+3MoYULdEayAS8/4wYoJANH1knmSG+J07f9uCXniiz +4zFFngMGHm4kuKXJCAl5E6S5fPzsLKqtwbbn9kJNyWoNFDuc7zW5dPfqPVckHHQ8 +Dx0q2111UgrzrBZMW1RKmcwB+1YXip8CAwEAAaM8MDowCQYDVR0TBAIwADALBgNV +HQ8EBAMCBeAwIAYDVR0RBBkwF4IVKi5zaW1wbGVkZW1vLm9uYXAub3JnMA0GCSqG +SIb3DQEBCwUAA4IBAQCXSECDNzsg2MhVIVvviqxhpZWZ3sa7KxXlyd9iSmBzkneS ++XiyUC575ZM3lmh1Kme35bWgz5R/w76XLSMBPxIX6uZ4HVNQqwSPv63Nk9+ON3IN +iCn6ehHKJgT0rpx/aB3sIcE1hEtIWLGaaKVEb3DOuDbkbBT9eJbIgHKkT80PKynK +l35dQRMiGBQiD8cBUxTOJaj7QohZ/aUWArZCOl0uvddkrs/IOCMY3BDQ0WZ7RYp3 +LwpgZVPzkVRaSLSq3TS07Re+nZcaht69T6mdMY5V0gW20O4J2nWMaldSmlNqcddb +Nl5Xn0lRMW651ZzxEkcaXNtR78yLYi2JXtyQBgVA +-----END CERTIFICATE----- diff --git a/kubernetes/nbi/templates/ingress.yaml b/kubernetes/nbi/templates/ingress.yaml new file mode 100644 index 0000000000..0cd8cfbd36 --- /dev/null +++ b/kubernetes/nbi/templates/ingress.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.ingress" . }} diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index f6a0af596b..6381d83e27 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -162,6 +162,12 @@ service: ingress: enabled: false + service: + - baseaddr: "nbi.api" + name: "nbi" + port: 8443 + config: + ssl: "redirect" # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 5839addf6a..9e593c2e42 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -147,7 +147,7 @@ global: # to customize the ONAP deployment. ################################################################# aaf: - enabled: true + enabled: false aai: enabled: false appc: diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf index 1598a8ff3f..90248b8836 100644 --- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf +++ b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf @@ -63,5 +63,5 @@ BRMS_UEB_API_KEY= BRMS_UEB_API_SECRET= #Dependency.json file version -BRMS_DEPENDENCY_VERSION=1.6.0 -BRMS_MODELS_DEPENDENCY_VERSION=2.2.2 +BRMS_DEPENDENCY_VERSION=1.6.3 +BRMS_MODELS_DEPENDENCY_VERSION=2.2.5 diff --git a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml index 95446b24bb..8d9863784f 100644 --- a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml +++ b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml @@ -36,7 +36,7 @@ spec: - sh args: - -c - - "cd /config-input && for PFILE in `ls -1 *.conf`; do envsubst <${PFILE} >/config/${PFILE}; done" + - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done" env: - name: JDBC_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} @@ -55,10 +55,14 @@ spec: - name: REPOSITORY_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }} volumeMounts: - - mountPath: /config-input + - mountPath: /config-input/pe + name: pe-input + - mountPath: /config-input/pe-brmsgw + name: pe-brmsgw-input + - mountPath: /config/pe name: pe - - mountPath: /config - name: pe-processed + - mountPath: /config/pe-brmsgw + name: pe-brmsgw image: "{{ .Values.global.envsubstImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config @@ -101,7 +105,6 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }} - name: REPOSITORY_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }} - volumeMounts: ports: - containerPort: {{ .Values.service.externalPort }} {{- if eq .Values.liveness.enabled true }} @@ -127,7 +130,7 @@ spec: name: pe-brmsgw subPath: brmsgw.conf - mountPath: /tmp/policy-install/config/base.conf - name: pe-processed + name: pe subPath: base.conf - mountPath: /tmp/policy-install/do-start.sh name: pe-scripts @@ -146,7 +149,7 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: pe + - name: pe-input configMap: name: {{ include "common.release" . }}-pe-configmap defaultMode: 0755 @@ -154,11 +157,14 @@ spec: configMap: name: {{ include "common.release" . }}-pe-scripts-configmap defaultMode: 0777 - - name: pe-brmsgw + - name: pe-brmsgw-input configMap: name: {{ include "common.fullname" . }}-pe-configmap defaultMode: 0755 - - name: pe-processed + - name: pe + emptyDir: + medium: Memory + - name: pe-brmsgw emptyDir: medium: Memory imagePullSecrets: diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml index ee47b4a4c3..b906e46468 100644 --- a/kubernetes/policy/charts/brmsgw/values.yaml +++ b/kubernetes/policy/charts/brmsgw/values.yaml @@ -56,7 +56,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.2 +image: onap/policy-pe:1.6.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/drools/values.yaml b/kubernetes/policy/charts/drools/values.yaml index 05f7c1b0a8..0126c6e06b 100644 --- a/kubernetes/policy/charts/drools/values.yaml +++ b/kubernetes/policy/charts/drools/values.yaml @@ -40,7 +40,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pdpd-cl:1.6.1 +image: onap/policy-pdpd-cl:1.6.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/charts/pap/values.yaml index ca0c84f3c9..630b2055fa 100644 --- a/kubernetes/policy/charts/pap/values.yaml +++ b/kubernetes/policy/charts/pap/values.yaml @@ -58,7 +58,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pap:2.2.1 +image: onap/policy-pap:2.2.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml index 0b2f92bc80..fa6c141c1c 100644 --- a/kubernetes/policy/charts/pdp/values.yaml +++ b/kubernetes/policy/charts/pdp/values.yaml @@ -51,7 +51,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.2 +image: onap/policy-pe:1.6.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-api/values.yaml b/kubernetes/policy/charts/policy-api/values.yaml index 48eb689778..906e86ad38 100644 --- a/kubernetes/policy/charts/policy-api/values.yaml +++ b/kubernetes/policy/charts/policy-api/values.yaml @@ -46,7 +46,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-api:2.2.2 +image: onap/policy-api:2.2.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh index 0e473105a2..ee427af678 100644 --- a/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh +++ b/kubernetes/policy/charts/policy-common/resources/config/scripts/do-start.sh @@ -1,4 +1,7 @@ +#!/bin/bash + # Copyright © 2017 Amdocs, Bell Canada, AT&T +# Modifications Copyright © 2020 AT&T # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,7 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -#!/bin/bash # Script to configure and start the Policy components that are to run in the designated container, # It is intended to be used as the entrypoint in the Dockerfile, so the last statement of the @@ -65,7 +67,7 @@ else fi if [[ -f config/policy-truststore ]]; then - cp -f config/policy-truststore $[POLICY_HOME]/etc/ssl + cp -f config/policy-truststore $POLICY_HOME/etc/ssl fi if [[ -f config/$container-tweaks.sh ]] ; then @@ -95,13 +97,4 @@ else fi policy.sh start - -# on pap, wait for pap, pdp, brmsgw, nexus and drools up, -# then push the initial default policies -if [[ $container == pap ]]; then - # wait addional 1 minute for all processes to get fully initialized and synched up - sleep 60 - bash -xv config/push-policies.sh -fi - sleep 1000d diff --git a/kubernetes/policy/resources/config/pe/push-policies.sh b/kubernetes/policy/resources/config/pe/push-policies.sh deleted file mode 100644 index ec8c914c17..0000000000 --- a/kubernetes/policy/resources/config/pe/push-policies.sh +++ /dev/null @@ -1,485 +0,0 @@ -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# Modifications Copyright © 2018-2019 AT&T. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#! /bin/bash - -# forked from https://gerrit.onap.org/r/gitweb?p=policy/docker.git;a=blob;f=config/pe/push-policies.sh;h=555ab357e6b4f54237bf07ef5e6777d782564bc0;hb=refs/heads/amsterdam and adapted for OOM - -#########################################Upload BRMS Param Template########################################## - -echo "Upload BRMS Param Template" - -sleep 2 - -wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl - -sleep 2 - -curl -k -v --silent -X POST --header 'Content-Type: multipart/form-data' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -F "file=@cl-amsterdam-template.drl" -F "importParametersJson={\"serviceName\":\"ClosedLoopControlName\",\"serviceType\":\"BRMSPARAM\"}" 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/policyEngineImport' - -echo "PRELOAD_POLICIES is $PRELOAD_POLICIES" - -if [ "$PRELOAD_POLICIES" == "false" ]; then - exit 0 -fi - -#########################################Create BRMS Param policies########################################## - -echo "Create BRMSParam Operational Policies" - -sleep 2 - -echo "Create BRMSParamvFirewall Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamvFirewall", - "policyDescription": "BRMS Param vFirewall policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+Eace933104d443b496b8.nodes.heat.vpg%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create BRMSParamvDNS Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamvDNS", - "policyDescription": "BRMS Param vDNS policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", - "controlLoopYaml": "controlLoop%3A%0A++version%3A+2.0.0%0A++controlLoopName%3A+ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3%0A++trigger_policy%3A+unique-policy-id-1-scale-up%0A++timeout%3A+1200%0A++abatement%3A+false%0Apolicies%3A%0A++-+id%3A+unique-policy-id-1-scale-up%0A++++name%3A+Create+a+new+VF+Module%0A++++description%3A%0A++++actor%3A+SO%0A++++recipe%3A+VF+Module+Create%0A++++target%3A%0A++++++type%3A+VNF%0A++++payload%3A%0A++++++requestParameters%3A+%27%7B%22usePreload%22%3Atrue%2C%22userParams%22%3A%5B%5D%7D%27%0A++++++configurationParameters%3A+%27%5B%7B%22ip-addr%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B9%5D%22%2C%22oam-ip-addr%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B16%5D%22%2C%22enabled%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B23%5D%22%7D%5D%27%0A++++retry%3A+0%0A++++timeout%3A+1200%0A++++success%3A+final_success%0A++++failure%3A+final_failure%0A++++failure_timeout%3A+final_failure_timeout%0A++++failure_retries%3A+final_failure_retries%0A++++failure_exception%3A+final_failure_exception%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create BRMSParamVOLTE Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamVOLTE", - "policyDescription": "BRMS Param VOLTE policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b%0D%0A++trigger_policy%3A+unique-policy-id-1-restart%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-restart%0D%0A++++name%3A+Restart+the+VM%0D%0A++++description%3A%0D%0A++++actor%3A+VFC%0D%0A++++recipe%3A+Restart%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create BRMSParamvCPE Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamvCPE", - "policyDescription": "BRMS Param vCPE policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e%0D%0A++trigger_policy%3A+unique-policy-id-1-restart%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+true%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-restart%0D%0A++++name%3A+Restart+the+VM%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+Restart%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create BRMSParamvPCI Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamvPCI", - "policyDescription": "BRMS Param vPCI policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "casablanca" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+3.0.0%0D%0A++controlLoopName%3A+ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459%0D%0A++trigger_policy%3A+unique-policy-id-123-modifyconfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-123-modifyconfig%0D%0A++++name%3A+modify+PCI+config%0D%0A++++description%3A%0D%0A++++actor%3A+SDNR%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+These+fields+are+not+used%0D%0A++++++resourceID%3A+Eace933104d443b496b8.nodes.heat.vpg%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create BRMSParamCCVPN Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyConfigType": "BRMS_PARAM", - "policyName": "com.BRMSParamCCVPN", - "policyDescription": "BRMS Param CCVPN policy", - "policyScope": "com", - "attributes": { - "MATCHING": { - "controller" : "amsterdam" - }, - "RULE": { - "templateName": "ClosedLoopControlName", - "closedLoopControlName": "ControlLoop-CCVPN-2179b738-fd36-4843-a71a-a8c24c70c66b", - "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-CCVPN-2179b738-fd36-4843-a71a-a8c24c70c66b%0D%0A++trigger_policy%3A+unique-policy-id-16-Reroute%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-16-Reroute%0D%0A++++name%3A+Connectivity Reroute%0D%0A++++description%3A%0D%0A++++actor%3A+SDNC%0D%0A++++recipe%3A+Reroute%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -#########################################Create Micro Service Config policies########################################## - -echo "Create MicroService Config Policies" - -sleep 2 - -echo "Create MicroServicevFirewall Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevFirewall\", \"description\": \"MicroService vFirewall Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vFirewallBroadcastPackets\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 300, \"direction\": \"LESS_OR_EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ONSET\" }, { \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 700, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" } ] }] } } }", - "policyConfigType": "MicroService", - "policyName": "com.MicroServicevFirewall", - "onapName": "DCAE" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - - -sleep 2 - -echo "Create MicroServicevDNS Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevDNS\", \"description\": \"MicroService vDNS Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vLoadBalancer\", \"controlLoopSchemaType\": \"VM\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 300, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" }] }] } } }", - "policyConfigType": "MicroService", - "policyName": "com.MicroServicevDNS", - "onapName": "DCAE" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - - -sleep 2 - -echo "Create MicroServicevCPE Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevCPE\", \"description\": \"MicroService vCPE Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"Measurement_vGMUX\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value\", \"thresholdValue\": 0, \"direction\": \"EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ABATED\" }, { \"closedLoopControlName\": \"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value\", \"thresholdValue\": 0, \"direction\": \"GREATER\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" }] }] } } }", - "policyConfigType": "MicroService", - "policyName": "com.MicroServicevCPE", - "onapName": "DCAE" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -#########################################Create SDNC Naming Policies########################################## - -echo "Create Generic SDNC Naming Policy for VNF" - -sleep 2 - -echo "Create SDNC vFW Naming Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "configBody": "{ \"service\": \"SDNC-GenerateName\", \"version\": \"CSIT\", \"content\": { \"policy-instance-name\": \"ONAP_VNF_NAMING_TIMESTAMP\", \"naming-models\": [ { \"naming-properties\": [ { \"property-name\": \"AIC_CLOUD_REGION\" }, { \"property-name\": \"CONSTANT\", \"property-value\": \"ONAP-NF\" }, { \"property-name\": \"TIMESTAMP\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" } ], \"naming-type\": \"VNF\", \"naming-recipe\": \"AIC_CLOUD_REGION|DELIMITER|CONSTANT|DELIMITER|TIMESTAMP\" }, { \"naming-properties\": [ { \"property-name\": \"VNF_NAME\" }, { \"property-name\": \"SEQUENCE\", \"increment-sequence\": { \"max\": \"zzz\", \"scope\": \"ENTIRETY\", \"start-value\": \"001\", \"length\": \"3\", \"increment\": \"1\", \"sequence-type\": \"alpha-numeric\" } }, { \"property-name\": \"NFC_NAMING_CODE\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" } ], \"naming-type\": \"VNFC\", \"naming-recipe\": \"VNF_NAME|DELIMITER|NFC_NAMING_CODE|DELIMITER|SEQUENCE\" }, { \"naming-properties\": [ { \"property-name\": \"VNF_NAME\" }, { \"property-value\": \"_\", \"property-name\": \"DELIMITER\" }, { \"property-name\": \"VF_MODULE_LABEL\" }, { \"property-name\": \"VF_MODULE_TYPE\" }, { \"property-name\": \"SEQUENCE\", \"increment-sequence\": { \"max\": \"zzz\", \"scope\": \"PRECEEDING\", \"start-value\": \"01\", \"length\": \"3\", \"increment\": \"1\", \"sequence-type\": \"alpha-numeric\" } } ], \"naming-type\": \"VF-MODULE\", \"naming-recipe\": \"VNF_NAME|DELIMITER|VF_MODULE_LABEL|DELIMITER|VF_MODULE_TYPE|DELIMITER|SEQUENCE\" } ] } }", - "policyName": "SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP", - "policyConfigType": "MicroService", - "onapName": "SDNC", - "riskLevel": "4", - "riskType": "test", - "guard": "false", - "priority": "4", - "description": "ONAP_VNF_NAMING_TIMESTAMP" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -#########################################Creating OOF PCI Policies########################################## -sleep 2 - -echo "Create MicroServicevPCI Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation_pci\", \"uuid\": \"test_pci\", \"policyName\": \"MicroServicevPCI\", \"description\": \"MicroService vPCI Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vFirewallBroadcastPackets\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.executePolicy\", \"thresholdValue\": 1, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ONSET\" } ] }] } } }", - "policyConfigType": "MicroService", - "policyName": "com.MicroServicevPCI", - "onapName": "DCAE" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create PCI MS Config Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyName": "com.PCIMS_CONFIG_POLICY", - "configBody": "{ \"PCI_NEIGHBOR_CHANGE_CLUSTER_TIMEOUT_IN_SECS\":60, \"PCI_MODCONFIG_POLICY_NAME\":\"ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459\", \"PCI_OPTMIZATION_ALGO_CATEGORY_IN_OOF\":\"OOF-PCI-OPTIMIZATION\", \"PCI_SDNR_TARGET_NAME\":\"SDNR\" }", - "policyType": "Config", - "attributes" : { "matching" : { "key1" : "value1" } }, - "policyConfigType": "Base", - "onapName": "DCAE", - "configName": "PCIMS_CONFIG_POLICY", - "configBodyType": "JSON" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Create OOF Config Policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyName": "com.OOF_PCI_CONFIG_POLICY", - "configBody": "{ \"ALGO_CATEGORY\":\"OOF-PCI-OPTIMIZATION\", \"PCI_OPTMIZATION_ALGO_NAME\":\"OOF-PCI-OPTIMIZATION-LEVEL1\", \"PCI_OPTIMIZATION_NW_CONSTRAINT\":\"MAX5PCICHANGESONLY\", \"PCI_OPTIMIZATION_PRIORITY\": 2, \"PCI_OPTIMIZATION_TIME_CONSTRAINT\":\"ONLYATNIGHT\" }", - "attributes" : { "matching" : { "key1" : "value1" } }, - "policyType": "Config", - "policyConfigType": "Base", - "onapName": "DCAE", - "configName": "OOF_PCI_CONFIG_POLICY", - "configBodyType": "JSON" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -#########################################Creating Decision Guard policies######################################### - -sleep 2 - -echo "Creating Decision Guard policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyClass": "Decision", - "policyName": "com.AllPermitGuard", - "policyDescription": "Testing all Permit YAML Guard Policy", - "onapName": "PDPD", - "ruleProvider": "GUARD_YAML", - "attributes": { - "MATCHING": { - "actor": ".*", - "recipe": ".*", - "targets": ".*", - "clname": ".*", - "limit": "10", - "timeWindow": "1", - "timeUnits": "minute", - "guardActiveStart": "00:00:01-05:00", - "guardActiveEnd": "23:59:59-05:00" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Creating Decision vDNS Guard - Frequency Limiter policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyClass": "Decision", - "policyName": "com.vDNS_Frequency", - "policyDescription": "Limit vDNS Scale Up over time period", - "onapName": "PDPD", - "ruleProvider": "GUARD_YAML", - "attributes": { - "MATCHING": { - "actor": "SO", - "recipe": "scaleOut", - "targets": ".*", - "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", - "limit": "1", - "timeWindow": "10", - "timeUnits": "minute", - "guardActiveStart": "00:00:01-05:00", - "guardActiveEnd": "23:59:59-05:00" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -sleep 2 - -echo "Creating Decision vDNS Guard - Min/Max policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "policyClass": "Decision", - "policyName": "com.vDNS_MinMax", - "policyDescription": "Ensure number of instances within a range", - "onapName": "SampleDemo", - "ruleProvider": "GUARD_MIN_MAX", - "attributes": { - "MATCHING": { - "actor": "SO", - "recipe": "scaleOut", - "targets": ".*", - "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", - "min": "1", - "max": "5", - "guardActiveStart": "00:00:01-05:00", - "guardActiveEnd": "23:59:59-05:00" - } - } -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy' - -#########################################Push Decision policy######################################### - -sleep 2 - -echo "Push Decision policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.AllPermitGuard", - "policyType": "DECISION" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "Push Decision policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.vDNS_Frequency", - "policyType": "DECISION" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "Push Decision policy" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.vDNS_MinMax", - "policyType": "DECISION" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -#########################################Pushing BRMS Param policies########################################## - -echo "Pushing BRMSParam Operational policies" - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamvFirewall" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamvFirewall", - "policyType": "BRMS_Param" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamvDNS" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamvDNS", - "policyType": "BRMS_Param" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamVOLTE" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamVOLTE", - "policyType": "BRMS_Param" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamvCPE" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamvCPE", - "policyType": "BRMS_Param" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamvPCI" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamvPCI", - "policyType": "BRMS_Param" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 2 - -echo "pushPolicy : PUT : com.BRMSParamCCVPN" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.BRMSParamCCVPN", - "policyType": "BRMS_Param" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -#########################################Pushing MicroService Config policies########################################## - -echo "Pushing MicroService Config policies" - -sleep 2 - -echo "pushPolicy : PUT : com.MicroServicevFirewall" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.MicroServicevFirewall", - "policyType": "MicroService" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 10 - -echo "pushPolicy : PUT : com.MicroServicevDNS" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.MicroServicevDNS", - "policyType": "MicroService" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 10 - -echo "pushPolicy : PUT : com.MicroServicevCPE" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.MicroServicevCPE", - "policyType": "MicroService" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -#########################################Pushing SDNC Naming Policies########################################## -echo "Pushing SDNC Naming Policies" - -sleep 2 - -echo "pushPolicy : PUT : SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "SDNC_Policy.ONAP_VNF_NAMING_TIMESTAMP", - "policyType": "MicroService" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -#########################################Pushing OOF PCI Policies########################################## -sleep 10 - -echo "pushPolicy : PUT : com.MicroServicevPCI" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.MicroServicevPCI", - "policyType": "MicroService" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 10 - -echo "pushPolicy : PUT : com.PCIMS_CONFIG_POLICY" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.PCIMS_CONFIG_POLICY", - "policyType": "Base" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' - -sleep 10 - -echo "pushPolicy : PUT : com.OOF_PCI_CONFIG_POLICY" -curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ - "pdpGroup": "default", - "policyName": "com.OOF_PCI_CONFIG_POLICY", - "policyType": "Base" -}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy' diff --git a/kubernetes/policy/templates/deployment.yaml b/kubernetes/policy/templates/deployment.yaml index 7f96888ec8..fec565fb59 100644 --- a/kubernetes/policy/templates/deployment.yaml +++ b/kubernetes/policy/templates/deployment.yaml @@ -96,9 +96,6 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /tmp/policy-install/config/push-policies.sh - name: pe-pap - subPath: push-policies.sh - mountPath: /tmp/policy-install/config/pap-tweaks.sh name: pe-pap subPath: pap-tweaks.sh diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 3a2b1f1f96..f283d9042f 100644 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -67,7 +67,7 @@ secrets: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/policy-pe:1.6.2 +image: onap/policy-pe:1.6.3 mariadb_image: library/mariadb:10 pullPolicy: Always @@ -137,6 +137,12 @@ service: ingress: enabled: false + service: + - baseaddr: "policy.api" + name: "pap" + port: 8443 + config: + ssl: "redirect" mariadb-galera: # mariadb-galera.config and global.mariadb.config must be equals diff --git a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties index 63348f02d6..aeef85e54c 100755 --- a/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties +++ b/kubernetes/portal/charts/portal-app/resources/config/deliveries/properties/ONAPPORTAL/system.properties @@ -115,13 +115,12 @@ external_system_notification_url= https://jira.onap.org/browse/ #cookie domain cookie_domain = onap.org -{{- if .Values.global.aafEnabled }} -# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now) -ext_central_access_user_name = aaf_admin@people.osaaf.org -ext_central_access_password = thiswillbereplacedatruntime -ext_central_access_url = {{ .Values.aafURL }}/authz/ -ext_central_access_user_domain = @people.osaaf.org - # External Central Auth system access -remote_centralized_system_access = true -{{- end }} +remote_centralized_system_access = {{.Values.global.aafEnabled}} + +# External Access System Basic Auth Credentials & Rest endpoint +# The credentials are placeholders as these are replaced by AAF X509 identity at runtime +ext_central_access_user_name = portal@portal.onap.org +ext_central_access_password = thisfakepasswordwillbereplacedbythex509cert +ext_central_access_url = {{.Values.aafURL}} +ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file diff --git a/kubernetes/portal/charts/portal-app/templates/deployment.yaml b/kubernetes/portal/charts/portal-app/templates/deployment.yaml index 14bbd3c7f6..af00b5ff89 100644 --- a/kubernetes/portal/charts/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/charts/portal-app/templates/deployment.yaml @@ -60,7 +60,7 @@ spec: -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\ /start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"] env: - - name: _CATALINA_OPTS + - name: CATALINA_OPTS value: > -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}" -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}" diff --git a/kubernetes/portal/charts/portal-app/values.yaml b/kubernetes/portal/charts/portal-app/values.yaml index 24388277f4..8d18fd0dbd 100644 --- a/kubernetes/portal/charts/portal-app/values.yaml +++ b/kubernetes/portal/charts/portal-app/values.yaml @@ -37,7 +37,7 @@ pullPolicy: Always #AAF local config -aafURL: https://aaf-service:8100/ +aafURL: https://aaf-service:8100/authz/ aafConfig: aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! @@ -121,7 +121,7 @@ messageRouter: ingress: enabled: false service: - - baseaddr: portalapp + - baseaddr: portal.api name: "portal-app" port: 8443 config: diff --git a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties index 063ba3d122..45ea9b70ca 100755 --- a/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties +++ b/kubernetes/portal/charts/portal-sdk/resources/config/deliveries/properties/ONAPPORTALSDK/system.properties @@ -82,13 +82,12 @@ authenticate_user_server=http://{{.Values.global.portalHostName}}:8383/openid-co #cookie domain cookie_domain = onap.org -{{- if .Values.global.aafEnabled }} -# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now) -ext_central_access_user_name = aaf_admin@people.osaaf.org -ext_central_access_password = thiswillbereplacedatruntime -ext_central_access_url = {{ .Values.aafURL }}/authz/ -ext_central_access_user_domain = @people.osaaf.org - # External Central Auth system access -remote_centralized_system_access = true -{{- end }}
\ No newline at end of file +remote_centralized_system_access = {{.Values.global.aafEnabled}} + +# External Access System Basic Auth Credentials & Rest endpoint +# The credentials are placeholders as these are replaced by AAF X509 identity at runtime +ext_central_access_user_name = portal@portal.onap.org +ext_central_access_password = thisfakepasswordwillbereplacedbythex509cert +ext_central_access_url = {{.Values.aafURL}} +ext_central_access_user_domain = @people.osaaf.org
\ No newline at end of file diff --git a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml index 2de9a1bd24..b78ef34fa1 100644 --- a/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml +++ b/kubernetes/portal/charts/portal-sdk/templates/deployment.yaml @@ -60,7 +60,7 @@ spec: -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\ /start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"] env: - - name: _CATALINA_OPTS + - name: CATALINA_OPTS value: > -Djavax.net.ssl.keyStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.keystoreFile }}" -Djavax.net.ssl.trustStore="{{ .Values.aafConfig.credsPath }}/{{ .Values.aafConfig.truststoreFile }}" diff --git a/kubernetes/portal/charts/portal-sdk/values.yaml b/kubernetes/portal/charts/portal-sdk/values.yaml index 45af55fe1d..02104414d6 100644 --- a/kubernetes/portal/charts/portal-sdk/values.yaml +++ b/kubernetes/portal/charts/portal-sdk/values.yaml @@ -37,7 +37,7 @@ image: onap/portal-sdk:3.2.0 pullPolicy: Always #AAF local config -aafURL: https://aaf-service:8100/ +aafURL: https://aaf-service:8100/authz/ aafConfig: aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! @@ -115,7 +115,7 @@ messageRouter: ingress: enabled: false service: - - baseaddr: portalsdk + - baseaddr: portal-sdk name: "portal-sdk" port: 8443 config: diff --git a/kubernetes/sdc/charts/sdc-be/values.yaml b/kubernetes/sdc/charts/sdc-be/values.yaml index a40b27d2aa..e0af28fd86 100644 --- a/kubernetes/sdc/charts/sdc-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-be/values.yaml @@ -88,7 +88,7 @@ service: ingress: enabled: false service: - - baseaddr: "sdcbe" + - baseaddr: "sdc.api.be" name: "sdc-be" port: 8443 config: diff --git a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml index d1fe131f82..0dfed6ae14 100644 --- a/kubernetes/sdc/charts/sdc-dcae-be/values.yaml +++ b/kubernetes/sdc/charts/sdc-dcae-be/values.yaml @@ -69,6 +69,12 @@ service: ingress: enabled: false + service: + - baseaddr: "sdc.dcae.plugin" + name: "sdc-dcae-be" + port: 8282 + config: + ssl: "none" # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/sdc/charts/sdc-fe/values.yaml b/kubernetes/sdc/charts/sdc-fe/values.yaml index f5d1956f18..e5d41eb897 100644 --- a/kubernetes/sdc/charts/sdc-fe/values.yaml +++ b/kubernetes/sdc/charts/sdc-fe/values.yaml @@ -81,7 +81,7 @@ service: ingress: enabled: false service: - - baseaddr: "sdcfe" + - baseaddr: "sdc.api.fe" name: "sdc-fe" port: 9443 config: diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 21513eb77f..f0d70e2c33 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -289,6 +289,15 @@ dgbuilder: name: sdnc-dgbuilder nodePort: "03" + ingress: + enabled: false + service: + - baseaddr: "sdnc-dgbuilder" + name: "sdnc-dgbuilder" + port: 3000 + config: + ssl: "redirect" + # local elasticsearch cluster localElasticCluster: true elasticsearch: @@ -409,7 +418,7 @@ certpersistence: ingress: enabled: false service: - - baseaddr: "sdnc" + - baseaddr: "sdnc.api" name: "sdnc" port: 8443 config: diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 6cbfc74b52..feb0017979 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -211,7 +211,7 @@ mariadb-galera: ingress: enabled: false service: - - baseaddr: "so" + - baseaddr: "so.api" name: "so" port: 8080 config: diff --git a/kubernetes/uui/values.yaml b/kubernetes/uui/values.yaml index ca45b68727..47182d4e19 100644 --- a/kubernetes/uui/values.yaml +++ b/kubernetes/uui/values.yaml @@ -65,7 +65,7 @@ service: ingress: enabled: false service: - - baseaddr: uui + - baseaddr: "uui.api" name: "uui" port: 8443 config: diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index ebac50bc51..04d79380f5 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -116,7 +116,7 @@ service: ingress: enabled: false service: - - baseaddr: "vid" + - baseaddr: "vid.api" name: "vid-http" port: 8080 config: |