diff options
Diffstat (limited to 'kubernetes')
30 files changed, 790 insertions, 25 deletions
diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg index 6e7acef17f..1266d4e1c0 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg @@ -17,6 +17,8 @@ global log /dev/log local0 stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin stats timeout 30s + # it is required else pod will not come up + maxconn 50000 user root group root daemon @@ -38,7 +40,8 @@ defaults mode http option httplog option ssl-hello-chk - option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ== + option httpchk + http-check send meth GET uri /aai/util/echo ver HTTP/1.1 hdr Host aai hdr X-TransactionId haproxy-0111 hdr X-FromAppId haproxy hdr Accept application/json hdr Authorization 'Basic QUFJOkFBSQ==' default-server init-addr none # option dontlognull # errorfile 400 /etc/haproxy/errors/400.http @@ -59,6 +62,12 @@ defaults timeout server 480000 timeout http-keep-alive 30000 +frontend stats + bind *:8448 + http-request use-service prometheus-exporter if { path /metrics } + stats enable + stats uri /stats + stats refresh 10s frontend IST_8443 mode http @@ -73,6 +82,10 @@ frontend IST_8443 capture response header Host len 100 option log-separate-errors option forwardfor + + http-request set-header X-Forwarded-Proto https + http-request add-header X-Forwarded-Port 8443 + http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used } http-request set-header X-AAI-SSL %[ssl_fc] @@ -97,9 +110,6 @@ frontend IST_8443 {{- end }} {{- end }} - reqadd X-Forwarded-Proto:\ https - reqadd X-Forwarded-Port:\ 8443 - ####################### #ACLS FOR PORT 8446#### ####################### @@ -107,9 +117,10 @@ frontend IST_8443 acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$ acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$ acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$ + acl is_dsl path_reg -i ^/aai/v[0-9]+/dsl$ acl is_named-query path_beg -i /aai/search/named-query acl is_search-model path_beg -i /aai/search/model - use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model + use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model or is_dsl default_backend IST_Default_8447 @@ -120,9 +131,11 @@ frontend IST_8443 backend IST_Default_8447 balance roundrobin + stick-table type string len 100 size 200k expire 2m + stick on path http-request set-header X-Forwarded-Port %[src_port] http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; - server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none + server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none ####################### @@ -131,9 +144,11 @@ backend IST_Default_8447 backend IST_AAI_8446 balance roundrobin + stick-table type string len 100 size 200k expire 2m + stick on path http-request set-header X-Forwarded-Port %[src_port] http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; - server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none + server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none listen IST_AAI_STATS mode http diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg index 1accff9935..fe1715b734 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg @@ -17,6 +17,10 @@ global log /dev/log local0 stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin stats timeout 30s + # it is required else pod will not come up + maxconn 50000 + user root + group root daemon ################################# # Default SSL material locations# @@ -38,7 +42,8 @@ defaults {{- if ( include "common.needTLS" .) }} option ssl-hello-chk {{- end }} - option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ QUFJOkFBSQ== + option httpchk + http-check send meth GET uri /aai/util/echo ver HTTP/1.1 hdr Host aai hdr X-TransactionId haproxy-0111 hdr X-FromAppId haproxy hdr Accept application/json hdr Authorization 'Basic QUFJOkFBSQ==' default-server init-addr none # option dontlognull # errorfile 400 /etc/haproxy/errors/400.http @@ -59,6 +64,12 @@ defaults timeout server 480000 timeout http-keep-alive 30000 +frontend stats + bind *:8448 + http-request use-service prometheus-exporter if { path /metrics } + stats enable + stats uri /stats + stats refresh 10s frontend IST_8080 mode http @@ -73,8 +84,8 @@ frontend IST_8080 option log-separate-errors option forwardfor http-request set-header X-Forwarded-Proto http - reqadd X-Forwarded-Proto:\ http - reqadd X-Forwarded-Port:\ 8080 + http-request set-header X-Forwarded-Proto http + http-request add-header X-Forwarded-Port 8080 ####################### #ACLS FOR PORT 8446#### @@ -104,6 +115,10 @@ frontend IST_8443 capture response header Host len 100 option log-separate-errors option forwardfor + + http-request set-header X-Forwarded-Proto https + http-request add-header X-Forwarded-Port 8443 + http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used } http-request set-header X-AAI-SSL %[ssl_fc] @@ -128,8 +143,6 @@ frontend IST_8443 {{- end }} {{- end }} - reqadd X-Forwarded-Proto:\ https - reqadd X-Forwarded-Port:\ 8443 {{- end }} ####################### @@ -152,12 +165,14 @@ frontend IST_8443 backend IST_Default_8447 balance roundrobin + stick-table type string len 100 size 200k expire 2m + stick on path http-request set-header X-Forwarded-Port %[src_port] http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; {{- if ( include "common.needTLS" .) }} - server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none + server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none {{- else }} - server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447 + server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447 {{- end }} ####################### @@ -166,10 +181,12 @@ backend IST_Default_8447 backend IST_AAI_8446 balance roundrobin + stick-table type string len 100 size 200k expire 2m + stick on path http-request set-header X-Forwarded-Port %[src_port] http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; {{- if ( include "common.needTLS" .) }} - server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none + server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none {{- else }} - server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446 + server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446 {{- end }} diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml index f17256b6e4..f1d10e2c81 100644 --- a/kubernetes/aai/templates/deployment.yaml +++ b/kubernetes/aai/templates/deployment.yaml @@ -66,6 +66,13 @@ spec: image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + resources: + requests: + memory: {{ .Values.haproxy.initContainers.resources.memory }} + cpu: {{ .Values.haproxy.initContainers.resources.cpu }} + limits: + memory: {{ .Values.haproxy.initContainers.resources.memory }} + cpu: {{ .Values.haproxy.initContainers.resources.cpu }} containers: - name: {{ include "common.name" . }} image: "{{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}" @@ -87,6 +94,7 @@ spec: ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPlainPort }} + - containerPort: {{ .Values.metricsService.internalPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} diff --git a/kubernetes/aai/templates/service.yaml b/kubernetes/aai/templates/service.yaml index 4a6dc8e497..d140296990 100644 --- a/kubernetes/aai/templates/service.yaml +++ b/kubernetes/aai/templates/service.yaml @@ -54,4 +54,23 @@ spec: type: ClusterIP selector: app: {{ include "common.name" . }} - +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }}-metrics + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-metrics + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + ports: + - port: {{ .Values.metricsService.externalPort }} + targetPort: {{ .Values.metricsService.internalPort }} + name: {{ .Values.metricsService.portName }} + type: {{ .Values.metricsService.type }} + selector: + app: {{ include "common.name" . }} + clusterIP: None
\ No newline at end of file diff --git a/kubernetes/aai/templates/servicemonitor.yaml b/kubernetes/aai/templates/servicemonitor.yaml new file mode 100644 index 0000000000..c0d9f212b4 --- /dev/null +++ b/kubernetes/aai/templates/servicemonitor.yaml @@ -0,0 +1,3 @@ +{{- if .Values.metrics.serviceMonitor.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index f594e41c0d..b463f9cd0c 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -328,7 +328,7 @@ certInitializer: # application image dockerhubRepository: registry.hub.docker.com -image: aaionap/haproxy:1.4.2 +image: onap/aai-haproxy:1.9.5 pullPolicy: Always flavor: small @@ -356,9 +356,16 @@ affinity: {} # HAProxy configuration to block HTTP requests to AAI based on configurable URL patterns haproxy: + initContainers: + resources: + memory: 100Mi + cpu: 50m requestBlocking: enabled: false customConfigs: [] + replicas: + aaiResources: 1 + aaiTraversal: 1 # probe configuration parameters liveness: @@ -398,6 +405,30 @@ service: internalPlainPort: 8080 nodeport: 33 +metricsService: + type: ClusterIP + portName: prometheus + externalPort: 8448 + internalPort: 8448 + +metrics: + serviceMonitor: + enabled: false + targetPort: 8448 + path: /metrics + basicAuth: + enabled: false + + selector: + app: '{{ include "common.name" . }}-metrics' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: '{{ include "common.release" . }}' + heritage: '{{ .Release.Service }}' + + relabelings: [] + + metricRelabelings: [] + ingress: enabled: false service: diff --git a/kubernetes/sdc/components/sdc-be/templates/configmap.yaml b/kubernetes/sdc/components/sdc-be/templates/configmap.yaml index aa632f33f4..332cd74661 100644 --- a/kubernetes/sdc/components/sdc-be/templates/configmap.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/configmap.yaml @@ -27,3 +27,5 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }} + + diff --git a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml index 24f169a5b9..16fc57aa92 100644 --- a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml @@ -31,8 +31,10 @@ spec: args: - --container-name - "sdc-onboarding-be" + {{- if not .Values.global.kafka.useKafka }} - --container-name - "message-router" + {{- end }} env: - name: NAMESPACE valueFrom: @@ -159,6 +161,12 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP + {{- if .Values.global.kafka.useKafka }} + - name: SASL_JAAS_CONFIG + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-be-kafka-secret" "key" "sasl.jaas.config") | indent 12 }} + - name: USE_KAFKA + value: {{ .Values.global.kafka.useKafka | quote }} + {{- end }} volumeMounts: - name: sdc-environments mountPath: /app/jetty/chef-solo/environments/ diff --git a/kubernetes/sdc/components/sdc-be/templates/sdc-be-kafka-user.yaml b/kubernetes/sdc/components/sdc-be/templates/sdc-be-kafka-user.yaml new file mode 100644 index 0000000000..6cd7f93c5a --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/templates/sdc-be-kafka-user.yaml @@ -0,0 +1,39 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.kafka.useKafka }} +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaUser +metadata: + name: {{ include "common.release" . }}-{{ .Values.global.kafka.sdcBeKafkaUser }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + authentication: + type: {{ .Values.config.kafka.saslMech }} + authorization: + type: {{ .Values.config.kafka.authType }} + acls: + - resource: + type: group + name: {{ .Values.config.kafka.topicConsumer.groupId }}-{{ .Values.env.name }} + operation: Read + - resource: + type: topic + patternType: prefix + name: {{ .Values.config.kafka.topicConsumer.pattern }} + operation: All +{{- end }} diff --git a/kubernetes/sdc/components/sdc-be/templates/sdc-distro-topics.yaml b/kubernetes/sdc/components/sdc-be/templates/sdc-distro-topics.yaml new file mode 100644 index 0000000000..9a6f7579e8 --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/templates/sdc-distro-topics.yaml @@ -0,0 +1,40 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.global.kafka.useKafka }} +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: sdc-distro-notif-topic + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + topicName: {{ .Values.global.kafka.topics.sdcDistNotifTopic }}-{{ .Values.env.name }} + config: + retention.ms: {{ .Values.config.kafka.topicRetentionMs }} + segment.bytes: {{ .Values.config.kafka.topicSegmentBytes }} +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: sdc-distro-status-topic + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + topicName: {{ .Values.global.kafka.topics.sdcDistStatusTopic }}-{{ .Values.env.name }} + config: + retention.ms: {{ .Values.config.kafka.topicRetentionMs }} + segment.bytes: {{ .Values.config.kafka.topicSegmentBytes }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/sdc/components/sdc-be/templates/secret.yaml b/kubernetes/sdc/components/sdc-be/templates/secret.yaml new file mode 100644 index 0000000000..bb5091f01a --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index 9f216352c0..faf46e5549 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE +# Modifications Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,13 +31,20 @@ global: replicaCount: 3 clusterName: cassandra dataCenter: Pod + # Strimzi kafka config + kafka: + useKafka: overridden-from-parent-values-yaml + sdcBeKafkaUser: overridden-from-parent-values-yaml + topics: + sdcDistNotifTopic: overridden-from-parent-values-yaml + sdcDistStatusTopic: overridden-from-parent-values-yaml ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/sdc-backend-all-plugins:1.11.9 -backendInitImage: onap/sdc-backend-init:1.11.9 +image: onap/sdc-backend-all-plugins:1.12.0 +backendInitImage: onap/sdc-backend-init:1.12.0 pullPolicy: Always @@ -70,9 +78,29 @@ certInitializer: ################################################################# # SDC Config part ################################################################# + +secrets: + - uid: sdc-be-kafka-secret + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: sasl.jaas.config + value: '{{ .Values.config.someConfig }}' + policy: generate + config: javaOptions: "-Xmx1536m -Xms1536m" cassandraSslEnabled: "false" + # Strimzi kafka config + kafka: + saslMech: scram-sha-512 + securityProtocol: SASL_PLAINTEXT + authType: simple + topicRetentionMs: 7200000 + topicSegmentBytes: 1073741824 + topicConsumer: + pattern: SDC-DIST + groupId: sdc # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index 46208a21c6..b3dfbfa0ba 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -51,8 +51,8 @@ cassandra: # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.11.9 -cassandraInitImage: onap/sdc-cassandra-init:1.11.9 +image: onap/sdc-cassandra:1.12.0 +cassandraInitImage: onap/sdc-cassandra-init:1.12.0 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index 76c9e13767..abac356d40 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -47,7 +47,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-frontend:1.11.9 +image: onap/sdc-frontend:1.12.0 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index 45cbcd617a..1db5af98d0 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -59,8 +59,8 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-onboard-backend:1.11.9 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.11.9 +image: onap/sdc-onboard-backend:1.12.0 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.12.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json index c9535592d8..aee666f4af 100755 --- a/kubernetes/sdc/resources/config/environments/AUTO.json +++ b/kubernetes/sdc/resources/config/environments/AUTO.json @@ -35,6 +35,13 @@ "message-router.{{include "common.namespace" .}}" ] }, + "Kafka": { + "bootstrap": "{{ include "common.release" . }}-{{ .Values.global.kafka.kafkaBootstrap }}" + }, + "DistributionTopics": { + "notificationTopicName": "{{ .Values.global.kafka.topics.sdcDistNotifTopic }}", + "statusTopicName": "{{ .Values.global.kafka.topics.sdcDistStatusTopic }}" + }, "Nodes": { "CS": [ "{{.Values.global.sdc_cassandra.serviceName}}.{{include "common.namespace" .}}" diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index e7643069bf..60a361eae6 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE +# Modifications Copyright © 2021 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -41,9 +42,19 @@ global: clusterName: cassandra dataCenter: Pod centralizedLoggingEnabled: true + # Kafka config + kafka: + useKafka: true + sdcBeKafkaUser: sdc-be-kafka-user + kafkaBootstrap: strimzi-kafka-bootstrap:9092 + topics: + sdcDistNotifTopic: SDC-DISTR-NOTIF-TOPIC + sdcDistStatusTopic: SDC-DISTR-STATUS-TOPIC sdc-be: logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc' + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.kafka.sdcBeKafkaUser }}' sdc-fe: logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc' sdc-onboarding-be: diff --git a/kubernetes/strimzi/templates/strimzi-kafka.yaml b/kubernetes/strimzi/templates/strimzi-kafka.yaml index c7dc2aff08..03ee56a7a4 100644 --- a/kubernetes/strimzi/templates/strimzi-kafka.yaml +++ b/kubernetes/strimzi/templates/strimzi-kafka.yaml @@ -70,6 +70,7 @@ spec: min.insync.replicas: {{ .Values.replicaCount }} offsets.topic.replication.factor: {{ .Values.replicaCount }} transaction.state.log.replication.factor: {{ .Values.replicaCount }} + num.partitions: {{ .Values.numPartitions }} transaction.state.log.min.isr: {{ .Values.replicaCount }} log.message.format.version: {{ .Values.version }} inter.broker.protocol.version: {{ .Values.version }} diff --git a/kubernetes/strimzi/values.yaml b/kubernetes/strimzi/values.yaml index dcfa913604..99ccde5040 100644 --- a/kubernetes/strimzi/values.yaml +++ b/kubernetes/strimzi/values.yaml @@ -24,6 +24,7 @@ global: # Application configuration defaults. ################################################################# replicaCount: 3 +numPartitions: 10 kafkaInternalPort: 9092 saslMechanism: scram-sha-512 version: 3.2.3 diff --git a/kubernetes/uui/Chart.yaml b/kubernetes/uui/Chart.yaml index e2e996eaf8..6acf6f2e4d 100644 --- a/kubernetes/uui/Chart.yaml +++ b/kubernetes/uui/Chart.yaml @@ -1,6 +1,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2022 Huawei Technologies Co., Ltd. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,3 +39,6 @@ dependencies: - name: uui-nlp version: ~12.x-0 repository: 'file://components/uui-nlp' + - name: uui-intent-analysis + version: ~11.x-0 + repository: 'file://components/uui-intent-analysis' diff --git a/kubernetes/uui/components/uui-intent-analysis/.helmignore b/kubernetes/uui/components/uui-intent-analysis/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/uui/components/uui-intent-analysis/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/uui/components/uui-intent-analysis/Chart.yaml b/kubernetes/uui/components/uui-intent-analysis/Chart.yaml new file mode 100644 index 0000000000..89b67993e4 --- /dev/null +++ b/kubernetes/uui/components/uui-intent-analysis/Chart.yaml @@ -0,0 +1,35 @@ +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v2 +description: ONAP uui intent analysis +name: uui-intent-analysis +version: 11.0.0 + +dependencies: + - name: common + version: ~12.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~12.x-0 + repository: '@local' + - name: postgres + version: ~12.x-0 + repository: '@local' + - name: serviceAccount + version: ~12.x-0 + repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' diff --git a/kubernetes/uui/components/uui-intent-analysis/resources/config/intent-analysis-init.sql b/kubernetes/uui/components/uui-intent-analysis/resources/config/intent-analysis-init.sql new file mode 100644 index 0000000000..ac3eaf0fed --- /dev/null +++ b/kubernetes/uui/components/uui-intent-analysis/resources/config/intent-analysis-init.sql @@ -0,0 +1,91 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2022 Huawei Technologies Co., Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +CREATE EXTENSION IF NOT EXISTS "uuid-ossp"; + +create table if not exists intent( + intent_id varchar(255) primary key, + intent_name varchar(255) +); + +create table if not exists expectation( + expectation_id varchar(255) primary key, + expectation_name varchar(255), + expectation_type varchar(255), + intent_id varchar(255) +); + +create table if not exists expectation_object( + object_id varchar(255) DEFAULT uuid_generate_v4 (), + primary key(object_id), + object_type varchar(255), + object_instance varchar(255), + expectation_id varchar(255) +); + +create table if not exists expectation_target( + target_id varchar(255) primary key, + target_name varchar(255), + expectation_id varchar(255) +); + +create table if not exists context( + context_id varchar(255) primary key, + context_name varchar(255), + parent_id varchar(255) +); + +create table if not exists context_mapping( + context_id varchar(255) primary key, + parent_type varchar(255), + parent_id varchar(255) +); + +create table if not exists fulfilment_info( + fulfilment_info_id varchar(255) primary key, + fulfilment_info_status varchar(255), + not_fulfilled_state varchar(255), + not_fulfilled_reason varchar(255) +); + +create table if not exists state( + state_id varchar(255) primary key, + state_name varchar(255), + is_satisfied boolean, + condition varchar(255), + expectation_id varchar(255) +); + +create table if not exists condition( + condition_id varchar(255) primary key, + condition_name varchar(255), + operator_type varchar(255), + condition_value varchar(255), + parent_id varchar(255) + ); + +create table if not exists intent_management_function_reg_info( + imfr_info_id varchar(255) primary key, + imfr_info_description varchar(255), + support_area varchar(255), + support_model varchar(255), + support_interfaces varchar(255), + handle_name varchar(255), + intent_function_type varchar(255) + ); diff --git a/kubernetes/uui/components/uui-intent-analysis/resources/entrypoint/run.sh b/kubernetes/uui/components/uui-intent-analysis/resources/entrypoint/run.sh new file mode 100644 index 0000000000..cf68e7c96a --- /dev/null +++ b/kubernetes/uui/components/uui-intent-analysis/resources/entrypoint/run.sh @@ -0,0 +1,31 @@ +{{/* +# +# Copyright (C) 2022 Huawei Technologies Co., Ltd. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +*/}} + +main_path="/home/uui" +echo @main_path@ $main_path + +JAVA_PATH="$JAVA_HOME/bin/java" +JAVA_OPTS="-Xms50m -Xmx128m" +echo @JAVA_PATH@ $JAVA_PATH +echo @JAVA_OPTS@ $JAVA_OPTS + +jar_path="$main_path/usecase-ui-intent-analysis.jar" +echo @jar_path@ $jar_path + +echo "Starting usecase-ui-intent-analysis..." +$JAVA_PATH $JAVA_OPTS -classpath $jar_path -jar $jar_path $SPRING_OPTS diff --git a/kubernetes/uui/components/uui-intent-analysis/templates/configmap.yaml b/kubernetes/uui/components/uui-intent-analysis/templates/configmap.yaml new file mode 100644 index 0000000000..3583c416de --- /dev/null +++ b/kubernetes/uui/components/uui-intent-analysis/templates/configmap.yaml @@ -0,0 +1,31 @@ +{{/* +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-entrypoint + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/entrypoint/*").AsConfig . | indent 2 }} diff --git a/kubernetes/uui/components/uui-intent-analysis/templates/deployment.yaml b/kubernetes/uui/components/uui-intent-analysis/templates/deployment.yaml new file mode 100644 index 0000000000..91d96c232f --- /dev/null +++ b/kubernetes/uui/components/uui-intent-analysis/templates/deployment.yaml @@ -0,0 +1,76 @@ +{{/* +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.pullPolicy }} + command: ["sh", "-c"] + args: + - ". /uui/run.sh" + ports: {{ include "common.containerPorts" . | nindent 10 }} + env: + - name: POSTGRES_IP + value: {{ .Values.postgres.service.name2 }} + - name: POSTGRES_PORT + value: "{{ .Values.postgres.service.externalPort }}" + - name: POSTGRES_DB_NAME + value: {{ .Values.postgres.config.pgDatabase }} + - name: POSTGRES_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} + - name: POSTGRES_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} +{{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} +{{- end }} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ include "common.resources" . }} +{{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} +{{- end }} +{{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} +{{- end }} + volumeMounts: + - mountPath: /uui/run.sh + name: entrypoint + subPath: run.sh + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: + - name: entrypoint + configMap: + name: {{ include "common.fullname" . }}-entrypoint + defaultMode: 0755 + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/uui/components/uui-intent-analysis/templates/job.yaml b/kubernetes/uui/components/uui-intent-analysis/templates/job.yaml new file mode 100644 index 0000000000..edcf3fe09f --- /dev/null +++ b/kubernetes/uui/components/uui-intent-analysis/templates/job.yaml @@ -0,0 +1,74 @@ +{{/* +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-init-postgres + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-job + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }}-job + release: {{ include "common.release" . }} + spec: + restartPolicy: Never + initContainers: + - command: + - /app/ready.py + args: + - --container-name + - "{{ .Values.postgres.nameOverride }}" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }}-job + image: {{ include "repositoryGenerator.image.postgres" . }} + imagePullPolicy: {{ .Values.pullPolicy }} + env: + - name: PGUSER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} + - name: PGPASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} + command: + - /bin/sh + - -c + - | + psql -h $(UUI_INTENT_PG_PRIMARY_SERVICE_HOST) -f /aaa/init/intent-analysis-init.sql -d {{ .Values.postgres.config.pgDatabase }} + volumeMounts: + - name: init-data + mountPath: /aaa/init/intent-analysis-init.sql + subPath: intent-analysis-init.sql + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + volumes: + - name: init-data + configMap: + name: {{ include "common.fullname" . }} diff --git a/kubernetes/uui/components/uui-intent-analysis/templates/secrets.yaml b/kubernetes/uui/components/uui-intent-analysis/templates/secrets.yaml new file mode 100644 index 0000000000..638e02c1e5 --- /dev/null +++ b/kubernetes/uui/components/uui-intent-analysis/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/uui/components/uui-intent-analysis/templates/service.yaml b/kubernetes/uui/components/uui-intent-analysis/templates/service.yaml new file mode 100644 index 0000000000..33e96ef8c4 --- /dev/null +++ b/kubernetes/uui/components/uui-intent-analysis/templates/service.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/uui/components/uui-intent-analysis/values.yaml b/kubernetes/uui/components/uui-intent-analysis/values.yaml new file mode 100644 index 0000000000..65cc4004bb --- /dev/null +++ b/kubernetes/uui/components/uui-intent-analysis/values.yaml @@ -0,0 +1,121 @@ +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for uui intent analysis. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + passwordStrength: long + +#Pods Service Account +serviceAccount: + nameOverride: uui-intent-analysis + roles: + - read + +secrets: + - uid: pg-root-pass + name: &pgRootPassSecretName '{{ include "common.release" . }}-uui-intent-pg-root-pass' + type: password + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "uui-intent-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' + password: '{{ .Values.postgres.config.pgRootpassword }}' + policy: generate + - uid: pg-user-creds + name: &pgUserCredsSecretName '{{ include "common.release" . }}-uui-intent-pg-user-creds' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "uui-intent-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' + login: '{{ .Values.postgres.config.pgUserName }}' + password: '{{ .Values.postgres.config.pgUserPassword }}' + passwordPolicy: generate + +image: onap/usecase-ui-intent-analysis:5.1.1 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false +flavor: small +replicaCount: 1 +nodeSelector: {} +affinity: {} + +service: + type: ClusterIP + name: uui-intent-analysis + ports: + - name: http-rest + port: &svc_port 8083 + +liveness: + initialDelaySeconds: 120 + port: *svc_port + periodSeconds: 10 + enabled: true + +readiness: + initialDelaySeconds: 60 + port: *svc_port + periodSeconds: 10 + +# application configuration override for postgres +postgres: + nameOverride: &postgresName uui-intent-postgres + service: + name: *postgresName + name2: uui-intent-pg-primary + name3: uui-intent-pg-replica + container: + name: + primary: uui-intent-pg-primary + replica: uui-intent-pg-replica + config: + pgUserName: uui + pgDatabase: uuiintdb + pgUserExternalSecret: *pgUserCredsSecretName + pgRootPasswordExternalSecret: *pgRootPassSecretName + persistence: + mountSubPath: uui/uuiintent/data + mountInitPath: uui + +readinessCheck: + wait_for: + containers: + - *postgresName + +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# +# Example: +# Configure resource requests and limits +# ref: http://kubernetes.io/docs/user-guide/compute-resources/ +# Minimum memory for development is 2 CPU cores and 4GB memory +# Minimum memory for production is 4 CPU cores and 8GB memory +resources: + small: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 100m + memory: 250Mi + large: + limits: + cpu: 400m + memory: 1000Mi + requests: + cpu: 200m + memory: 500Mi + unlimited: {} |