diff options
Diffstat (limited to 'kubernetes')
76 files changed, 688 insertions, 912 deletions
diff --git a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml index e295a37b45..f9bb230161 100644 --- a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml +++ b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml @@ -48,10 +48,11 @@ logging: org: springframework: {{ .Values.logging.level }} -dmi: - auth: - username: ${DMI_USERNAME} - password: ${DMI_PASSWORD} +ncmp: + dmi: + auth: + username: ${DMI_USERNAME} + password: ${DMI_PASSWORD} {{- if .Values.config.useStrimziKafka }} spring.kafka.bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092 diff --git a/kubernetes/cps/components/cps-core/templates/deployment.yaml b/kubernetes/cps/components/cps-core/templates/deployment.yaml index a247f148a7..1b482f405c 100644 --- a/kubernetes/cps/components/cps-core/templates/deployment.yaml +++ b/kubernetes/cps/components/cps-core/templates/deployment.yaml @@ -97,6 +97,24 @@ spec: env: - name: SPRING_PROFILES_ACTIVE value: {{ .Values.config.spring.profile }} + - name: DB_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }} + - name: LIQUIBASE_LABELS + value: {{ .Values.config.liquibaseLabels }} + - name: CPS_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }} + - name: CPS_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }} + - name: DMI_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "login") | indent 12 }} + - name: DMI_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "password") | indent 12 }} + {{- if .Values.config.useStrimziKafka }} + - name: JAASLOGIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-kafka-user" "key" "sasl.jaas.config") | indent 12 }} + {{- end }} resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }} diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml index 5a10b2f4ae..d2bee113ba 100644 --- a/kubernetes/cps/components/cps-core/values.yaml +++ b/kubernetes/cps/components/cps-core/values.yaml @@ -75,7 +75,7 @@ global: container: name: postgres -image: onap/cps-and-ncmp:3.0.1 +image: onap/cps-and-ncmp:3.1.4 containerPort: &svc_port 8080 managementPort: &mgt_port 8081 @@ -208,7 +208,7 @@ config: notification.data-updated.filters.enabled-dataspaces: "" notification.async.enabled: false notification.async.executor.core-pool-size: 2 - notification.async.executor.max-pool-size: 1 + notification.async.executor.max-pool-size: 10 notification.async.executor.queue-capacity: 500 notification.async.executor.wait-for-tasks-to-complete-on-shutdown: true notification.async.executor.thread-name-prefix: Async- diff --git a/kubernetes/cps/components/cps-temporal/values.yaml b/kubernetes/cps/components/cps-temporal/values.yaml index a92791e019..af9306aa25 100644 --- a/kubernetes/cps/components/cps-temporal/values.yaml +++ b/kubernetes/cps/components/cps-temporal/values.yaml @@ -48,7 +48,7 @@ secrets: value: '{{ .Values.config.someConfig }}' policy: generate -image: onap/cps-temporal:1.1.0 +image: onap/cps-temporal:1.2.0 containerPort: &svc_port 8080 managementPort: &mgt_port 8081 diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml index 0edb648327..1971273ddf 100644 --- a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml +++ b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml @@ -47,7 +47,7 @@ global: virtualhost: baseurl: "simpledemo.onap.org" -image: onap/ncmp-dmi-plugin:1.1.0 +image: onap/ncmp-dmi-plugin:1.2.1 containerPort: &svc_port 8080 managementPort: &mgt_port 8081 diff --git a/kubernetes/cps/templates/cps-kafka-topic.yaml b/kubernetes/cps/templates/cps-kafka-topic.yaml index 1a23ddfc9b..b4ecfcd9c4 100644 --- a/kubernetes/cps/templates/cps-kafka-topic.yaml +++ b/kubernetes/cps/templates/cps-kafka-topic.yaml @@ -25,4 +25,24 @@ spec: config: retention.ms: {{ .Values.config.dataUpdatedTopic.retentionMs }} segment.bytes: {{ .Values.config.dataUpdatedTopic.segmentBytes }} +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: {{ .Values.config.ncmpEventsTopic.name }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + config: + retention.ms: {{ .Values.config.ncmpEventsTopic.retentionMs }} +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: {{ .Values.config.ncmpAsyncM2MTopic.name }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + config: + retention.ms: {{ .Values.config.ncmpAsyncM2MTopic.retentionMs }} {{- end }}
\ No newline at end of file diff --git a/kubernetes/cps/templates/cps-kafka-user.yaml b/kubernetes/cps/templates/cps-kafka-user.yaml index b3136d7f04..fafc8c3369 100644 --- a/kubernetes/cps/templates/cps-kafka-user.yaml +++ b/kubernetes/cps/templates/cps-kafka-user.yaml @@ -38,4 +38,20 @@ spec: type: topic name: {{ .Values.config.dataUpdatedTopic.name }} operation: Write + - resource: + type: group + name: {{ .Values.config.ncmpEventsTopic.consumer.groupId }} + operation: All + - resource: + type: topic + name: {{ .Values.config.ncmpEventsTopic.name }} + operation: All + - resource: + type: group + name: {{ .Values.config.ncmpAsyncM2MTopic.consumer.groupId }} + operation: All + - resource: + type: topic + name: {{ .Values.config.ncmpAsyncM2MTopic.name }} + operation: All {{- end }}
\ No newline at end of file diff --git a/kubernetes/cps/values.yaml b/kubernetes/cps/values.yaml index 700ad38844..f3e6198ac1 100755 --- a/kubernetes/cps/values.yaml +++ b/kubernetes/cps/values.yaml @@ -55,6 +55,16 @@ config: segmentBytes: 1073741824 consumer: groupId: cps-temporal-group + ncmpEventsTopic: + name: ncmp-events + retentionMs: 7200000 + consumer: + groupId: ncmp-group + ncmpAsyncM2MTopic: + name: ncmp-async-m2m + retentionMs: 600000 + consumer: + groupId: ncmp-group # Enable all CPS components by default cps-core: diff --git a/kubernetes/policy/components/policy-clamp-be/templates/secrets.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/ingress.yaml index 4cf8155f6c..79df5ced0c 100644 --- a/kubernetes/policy/components/policy-clamp-be/templates/secrets.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/ingress.yaml @@ -1,6 +1,5 @@ {{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Copyright (C) 2022 Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,4 +14,4 @@ # limitations under the License. */}} -{{ include "common.secretFast" . }} +{{ include "common.ingress" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml index d9f91cfab8..5b0eea661c 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml @@ -120,6 +120,16 @@ service: plain_port: 8100 port_protocol: http +ingress: + enabled: false + service: + - baseaddr: "dcae-datafile-collector-api" + name: "datafile-collector" + port: 8443 + plain_port: 8100 + config: + ssl: "redirect" + # Data Router Publisher Credentials drPubscriberCreds: username: username diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/ingress.yaml index ad9984c26c..df12117b3e 100755..100644 --- a/kubernetes/policy/components/policy-clamp-be/resources/config/create-db-tables.sh +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/ingress.yaml @@ -1,7 +1,5 @@ -#!/bin/sh {{/* -# Copyright © 2017 Amdocs, Bell Canada, AT&T -# Modifications Copyright © 2018, 2020-2021 AT&T Intellectual Property +# Copyright (C) 2022 Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,4 +14,4 @@ # limitations under the License. */}} -mysql -h"${MYSQL_HOST}" -P"${MYSQL_PORT}" -u"${MYSQL_USER}" -p"${MYSQL_PASSWORD}" -f policyclamp < /dbcmd-config/policy-clamp-create-tables.sql +{{ include "common.ingress" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml index 067ddb2cf2..9beef813f8 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml @@ -118,6 +118,15 @@ service: port_protocol: http nodePort: 22 +ingress: + enabled: false + service: + - baseaddr: "dcae-hv-ves-collector-api" + name: "dcae-hv-ves-collector" + port: 6061 + config: + ssl: "redirect" + #strimzi kafka config hvVesKafkaUser: dcae-hv-ves-kafka-user diff --git a/kubernetes/policy/components/policy-clamp-be/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/ingress.yaml index 9b0cdf6a87..df12117b3e 100644 --- a/kubernetes/policy/components/policy-clamp-be/Chart.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/templates/ingress.yaml @@ -1,7 +1,5 @@ -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation +{{/* +# Copyright (C) 2022 Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,19 +12,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +*/}} -apiVersion: v2 -description: ONAP Policy Clamp Backend -name: policy-clamp-be -version: 11.0.0 - -dependencies: - - name: certInitializer - version: ~11.x-0 - repository: '@local' - - name: repositoryGenerator - version: ~11.x-0 - repository: '@local' - - name: serviceAccount - version: ~11.x-0 - repository: '@local' +{{ include "common.ingress" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml index 701fa4e67c..1a3cffa7b1 100644 --- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml @@ -97,6 +97,16 @@ service: nodePort: 16 useNodePortExt: true +ingress: + enabled: false + service: + - baseaddr: "dcae-restconf-collector-api" + name: "dcae-restconf-collector" + port: 8443 + plain_port: 8080 + config: + ssl: "redirect" + # AAF Credentials controllerCreds: username: access diff --git a/kubernetes/policy/components/policy-clamp-be/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/ingress.yaml index aeadc37bd4..df12117b3e 100644 --- a/kubernetes/policy/components/policy-clamp-be/templates/configmap.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/ingress.yaml @@ -1,6 +1,5 @@ {{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T +# Copyright (C) 2022 Deutsche Telekom AG # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,17 +14,4 @@ # limitations under the License. */}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-configmap - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} - -{{ include "common.log.configMap" . }} +{{ include "common.ingress" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml index c9fb0517a3..746853c286 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml @@ -107,6 +107,16 @@ service: nodePort: 17 useNodePortExt: true +ingress: + enabled: false + service: + - baseaddr: "dcae-ves-collector-api" + name: "dcae-ves-collector" + port: 8443 + plain_port: 8080 + config: + ssl: "redirect" + # application environments applicationEnv: CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml' diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml index 803298aadc..f8182e0096 100755 --- a/kubernetes/policy/Chart.yaml +++ b/kubernetes/policy/Chart.yaml @@ -55,10 +55,6 @@ dependencies: version: ~11.x-0 repository: 'file://components/policy-distribution' condition: policy-distribution.enabled - - name: policy-clamp-be - version: ~11.x-0 - repository: 'file://components/policy-clamp-be' - condition: policy-clamp-be.enabled - name: policy-clamp-ac-k8s-ppnt version: ~11.x-0 repository: 'file://components/policy-clamp-ac-k8s-ppnt' diff --git a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json index 0c9d6a504f..7614a8c5b1 100755 --- a/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json +++ b/kubernetes/policy/components/policy-apex-pdp/resources/config/OnapPfConfig.json @@ -5,7 +5,7 @@ "port": 6969, "userName": "${RESTSERVER_USER}", "password": "${RESTSERVER_PASSWORD}", - "https": true, + "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}, "prometheus": true }, "pdpStatusParameters":{ @@ -28,14 +28,14 @@ "topicSources" : [{ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], - "useHttps" : true, + "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}, "fetchTimeout": 15000, "topicCommInfrastructure" : "dmaap" }], "topicSinks" : [{ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], - "useHttps" : true, + "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}, "topicCommInfrastructure" : "dmaap" }] } diff --git a/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml b/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml index e28331baca..6a4d28bc4b 100755 --- a/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/templates/service.yaml @@ -34,11 +34,11 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.externalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index f0fa193281..09206dc8e9 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -114,7 +114,7 @@ readiness: service: type: ClusterIP name: policy-apex-pdp - portName: policy-apex-pdp + portName: http externalPort: 6969 internalPort: 6969 nodePort: 37 diff --git a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml index 92f580942e..bcee4d35d1 100644 --- a/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml +++ b/kubernetes/policy/components/policy-api/resources/config/apiParameters.yaml @@ -19,6 +19,8 @@ server: port: {{ .Values.service.internalPort }} + ssl: + enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} spring: security.user: @@ -26,7 +28,7 @@ spring: password: "${RESTSERVER_PASSWORD}" mvc.converters.preferred-json-mapper: gson datasource: - url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin + url: jdbc:mariadb://{{ .Values.db.service.name }}/policyadmin driverClassName: org.mariadb.jdbc.Driver username: "${SQL_USER}" password: "${SQL_PASSWORD}" @@ -50,7 +52,7 @@ database: name: PolicyProviderParameterGroup implementation: org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl driver: org.mariadb.jdbc.Driver - url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin + url: jdbc:mariadb://{{ .Values.db.service.name }}/policyadmin user: "${SQL_USER}" password: "${SQL_PASSWORD}" persistenceUnit: PolicyDb diff --git a/kubernetes/policy/components/policy-api/templates/deployment.yaml b/kubernetes/policy/components/policy-api/templates/deployment.yaml index f19233e3b4..c4946a8263 100755 --- a/kubernetes/policy/components/policy-api/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-api/templates/deployment.yaml @@ -92,7 +92,7 @@ spec: httpHeaders: - name: Authorization value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }} - scheme: {{ .Values.readiness.scheme }} + scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} successThreshold: {{ .Values.readiness.successThreshold }} failureThreshold: {{ .Values.readiness.failureThreshold }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} diff --git a/kubernetes/policy/components/policy-api/templates/service.yaml b/kubernetes/policy/components/policy-api/templates/service.yaml index a1b5585db6..b5dee39e60 100755 --- a/kubernetes/policy/components/policy-api/templates/service.yaml +++ b/kubernetes/policy/components/policy-api/templates/service.yaml @@ -34,11 +34,11 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index 45e54ed3aa..d77929dc42 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -116,7 +116,6 @@ readiness: initialDelaySeconds: 10 periodSeconds: 120 api: /policy/api/v1/healthcheck - scheme: HTTPS successThreshold: 1 failureThreshold: 3 timeout: 60 @@ -124,7 +123,7 @@ readiness: service: type: ClusterIP name: policy-api - portName: policy-api + portName: http externalPort: 6969 internalPort: 6969 nodePort: 40 diff --git a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml index bae5941854..c8532499a6 100644 --- a/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml @@ -54,13 +54,13 @@ participant: - ${topicServer:message-router} topicCommInfrastructure: dmaap fetchTimeout: 15000 - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} topicSinks: - topic: POLICY-ACRUNTIME-PARTICIPANT servers: - ${topicServer:message-router} topicCommInfrastructure: dmaap - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} # If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below # clampAutomationCompositionTopics: # topicSources: @@ -94,3 +94,6 @@ server: port: 8084 servlet: context-path: /onap/httpparticipant + ssl: + enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} + diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml index 00451b9425..6fc53e24d6 100644 --- a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml @@ -57,14 +57,14 @@ participant: - ${topicServer:message-router} topicCommInfrastructure: dmaap fetchTimeout: 15000 - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} topicSinks: - topic: POLICY-ACRUNTIME-PARTICIPANT servers: - ${topicServer:message-router} topicCommInfrastructure: dmaap - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} # If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below # clampAutomationCompositionTopics: @@ -104,6 +104,9 @@ server: port: 8083 servlet: context-path: /onap/policy/clamp/acm/k8sparticipant + ssl: + enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} + logging: # Configuration of logging diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml index 07d5eca377..fc0060629e 100644 --- a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml @@ -46,7 +46,7 @@ participant: port: 6969 userName: ${API_USER} password: ${API_PASSWORD} - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} allowSelfSignedCerts: true policyPapParameters: clientName: pap @@ -54,7 +54,7 @@ participant: port: 6969 userName: ${PAP_USER} password: ${PAP_PASSWORD} - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} allowSelfSignedCerts: true intermediaryParameters: reportingTimeIntervalMs: 120000 @@ -73,14 +73,14 @@ participant: - ${topicServer:message-router} topicCommInfrastructure: dmaap fetchTimeout: 15000 - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} topicSinks: - topic: POLICY-ACRUNTIME-PARTICIPANT servers: - ${topicServer:message-router} topicCommInfrastructure: dmaap - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} # If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below # clampAutomationCompositionTopics: @@ -118,3 +118,6 @@ server: port: 8085 servlet: context-path: /onap/policyparticipant + ssl: + enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} + diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties deleted file mode 100644 index 03e55e15f5..0000000000 --- a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties +++ /dev/null @@ -1,77 +0,0 @@ -{{/* -### -# ============LICENSE_START======================================================= -# ONAP CLAMP -# ================================================================================ -# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights -# reserved. -# ================================================================================ -# Modifications copyright (c) 2019 Nokia -# Modifications Copyright (c) 2022 Nordix Foundation -# ================================================================================\ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END============================================ -# =================================================================== -# -### -*/}} -{{- if .Values.global.aafEnabled }} -server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} -server.ssl.key-store-password=${cadi_keystore_password_p12} -server.ssl.key-password=${cadi_key_password} -server.ssl.key-store-type=PKCS12 -server.ssl.key-alias={{ .Values.certInitializer.fqi }} - -# The key file used to decode the key store and trust store password -# If not defined, the key store and trust store password will not be decrypted -clamp.config.keyFile=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keyFile }} - -## Config part for Client certificates -server.ssl.client-auth=want -server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} -server.ssl.trust-store-password=${cadi_truststore_password} -{{- end }} - -#clds datasource connection details -spring.datasource.username=${MYSQL_USER} -spring.datasource.password=${MYSQL_PASSWORD} -spring.datasource.url=jdbc:mariadb:sequential://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyclamp?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3 -spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,default-dictionary-elements - -#The log folder that will be used in logback.xml file -clamp.config.files.sdcController=file:/opt/policy/clamp/sdc-controllers-config-pass.json - -# -# Configuration Settings for Policy Engine Components -clamp.config.policy.api.url=https://policy-api.{{ include "common.namespace" . }}:6969 -clamp.config.policy.api.userName=policyadmin -clamp.config.policy.api.password=zb!XztG34 -clamp.config.policy.pap.url=https://policy-pap.{{ include "common.namespace" . }}:6969 -clamp.config.policy.pap.userName=policyadmin -clamp.config.policy.pap.password=zb!XztG34 - -#DCAE Inventory Url Properties -clamp.config.dcae.inventory.url=https://inventory.{{ include "common.namespace" . }}:8080 -clamp.config.dcae.dispatcher.url=https://deployment-handler.{{ include "common.namespace" . }}:8443 -#DCAE Deployment Url Properties -clamp.config.dcae.deployment.url=https://deployment-handler.{{ include "common.namespace" . }}:8443 -clamp.config.dcae.deployment.userName=none -clamp.config.dcae.deployment.password=none - -#AAF related parameters -clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095 - -# Configuration settings for ControlLoop Runtime Rest API -clamp.config.acm.runtime.url=https://policy-clamp-runtime-acm.{{ include "common.namespace" . }}:6969 -clamp.config.acm.runtime.userName=${RUNTIME_USER} -clamp.config.acm.runtime.password=${RUNTIME_PASSWORD} diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/components/policy-clamp-be/resources/config/log/filebeat/filebeat.yml deleted file mode 100644 index 8717e6f33a..0000000000 --- a/kubernetes/policy/components/policy-clamp-be/resources/config/log/filebeat/filebeat.yml +++ /dev/null @@ -1,55 +0,0 @@ -{{/* -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} -filebeat.prospectors: -#it is mandatory, in our case it's log -- input_type: log - #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. - paths: - - /var/log/onap/*/*/*/*.log - - /var/log/onap/*/*/*.log - - /var/log/onap/*/*.log - #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive - ignore_older: 48h - # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit - clean_inactive: 96h - -# Name of the registry file. If a relative path is used, it is considered relative to the -# data path. Else full qualified file name. -#filebeat.registry_file: ${path.data}/registry - - -output.logstash: - #List of logstash server ip addresses with port number. - #But, in our case, this will be the loadbalancer IP address. - #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. - hosts: ["{{.Values.config.log.logstashServiceName}}:{{.Values.config.log.logstashPort}}"] - #If enable will do load balancing among availabe Logstash, automatically. - loadbalance: true - - #The list of root certificates for server verifications. - #If certificate_authorities is empty or not set, the trusted - #certificate authorities of the host system are used. - #ssl.certificate_authorities: $ssl.certificate_authorities - - #The path to the certificate for SSL client authentication. If the certificate is not specified, - #client authentication is not available. - #ssl.certificate: $ssl.certificate - - #The client certificate key used for client authentication. - #ssl.key: $ssl.key - - #The passphrase used to decrypt an encrypted key stored in the configured key file - #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql b/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql deleted file mode 100644 index 1652dc18c3..0000000000 --- a/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql +++ /dev/null @@ -1,275 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * Copyright (C) 2021 Nordix Foundation - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * ============LICENSE_END========================================================= - */ - -create table if not exists dictionary ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - dictionary_second_level integer, - dictionary_type varchar(255), - primary key (name) - ) engine=InnoDB; - -create table if not exists dictionary_elements ( - short_name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - description varchar(255) not null, - name varchar(255) not null, - subdictionary_name varchar(255), - type varchar(255) not null, - primary key (short_name) - ) engine=InnoDB; - -create table if not exists dictionary_to_dictionaryelements ( - dictionary_name varchar(255) not null, - dictionary_element_short_name varchar(255) not null, - primary key (dictionary_name, dictionary_element_short_name) - ) engine=InnoDB; - -create table if not exists hibernate_sequence ( - next_val bigint -) engine=InnoDB; - -insert into hibernate_sequence values ( 1 ); - -create table if not exists loop_element_models ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - blueprint_yaml MEDIUMTEXT, - dcae_blueprint_id varchar(255), - loop_element_type varchar(255) not null, - short_name varchar(255), - primary key (name) - ) engine=InnoDB; - -create table if not exists loop_logs ( - id bigint not null, - log_component varchar(255) not null, - log_instant datetime(6) not null, - log_type varchar(255) not null, - message MEDIUMTEXT not null, - loop_id varchar(255) not null, - primary key (id) - ) engine=InnoDB; - -create table if not exists loop_templates ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - allowed_loop_type varchar(255), - blueprint_yaml MEDIUMTEXT, - dcae_blueprint_id varchar(255), - maximum_instances_allowed integer, - svg_representation MEDIUMTEXT, - unique_blueprint boolean default false, - service_uuid varchar(255), - primary key (name) - ) engine=InnoDB; - -create table if not exists loopelementmodels_to_policymodels ( - loop_element_name varchar(255) not null, - policy_model_type varchar(255) not null, - policy_model_version varchar(255) not null, - primary key (loop_element_name, policy_model_type, policy_model_version) - ) engine=InnoDB; - -create table if not exists loops ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - dcae_deployment_id varchar(255), - dcae_deployment_status_url varchar(255), - global_properties_json json, - last_computed_state varchar(255) not null, - svg_representation MEDIUMTEXT, - loop_template_name varchar(255) not null, - service_uuid varchar(255), - primary key (name) - ) engine=InnoDB; - -create table if not exists loops_to_microservicepolicies ( - loop_name varchar(255) not null, - microservicepolicy_name varchar(255) not null, - primary key (loop_name, microservicepolicy_name) - ) engine=InnoDB; - -create table if not exists looptemplates_to_loopelementmodels ( - loop_element_model_name varchar(255) not null, - loop_template_name varchar(255) not null, - flow_order integer not null, - primary key (loop_element_model_name, loop_template_name) - ) engine=InnoDB; - -create table if not exists micro_service_policies ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - configurations_json json, - json_representation json not null, - pdp_group varchar(255), - pdp_sub_group varchar(255), - context varchar(255), - dcae_blueprint_id varchar(255), - dcae_deployment_id varchar(255), - dcae_deployment_status_url varchar(255), - device_type_scope varchar(255), - shared bit not null, - loop_element_model_id varchar(255), - policy_model_type varchar(255), - policy_model_version varchar(255), - primary key (name) - ) engine=InnoDB; - -create table if not exists operational_policies ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - configurations_json json, - json_representation json not null, - pdp_group varchar(255), - pdp_sub_group varchar(255), - loop_element_model_id varchar(255), - policy_model_type varchar(255), - policy_model_version varchar(255), - loop_id varchar(255) not null, - primary key (name) - ) engine=InnoDB; - -create table if not exists policy_models ( - policy_model_type varchar(255) not null, - version varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - policy_acronym varchar(255), - policy_tosca MEDIUMTEXT, - policy_pdp_group json, - primary key (policy_model_type, version) - ) engine=InnoDB; - -create table if not exists services ( - service_uuid varchar(255) not null, - name varchar(255) not null, - resource_details json, - service_details json, - version varchar(255), - primary key (service_uuid) - ) engine=InnoDB; - -alter table dictionary_to_dictionaryelements - add constraint FK68hjjinnm8nte2owstd0xwp23 - foreign key (dictionary_element_short_name) - references dictionary_elements (short_name); - -alter table dictionary_to_dictionaryelements - add constraint FKtqfxg46gsxwlm2gkl6ne3cxfe - foreign key (dictionary_name) - references dictionary (name); - -alter table loop_logs - add constraint FK1j0cda46aickcaoxqoo34khg2 - foreign key (loop_id) - references loops (name); - -alter table loop_templates - add constraint FKn692dk6281wvp1o95074uacn6 - foreign key (service_uuid) - references services (service_uuid); - -alter table loopelementmodels_to_policymodels - add constraint FK23j2q74v6kaexefy0tdabsnda - foreign key (policy_model_type, policy_model_version) - references policy_models (policy_model_type, version); - -alter table loopelementmodels_to_policymodels - add constraint FKjag1iu0olojfwryfkvb5o0rk5 - foreign key (loop_element_name) - references loop_element_models (name); - -alter table loops - add constraint FK844uwy82wt0l66jljkjqembpj - foreign key (loop_template_name) - references loop_templates (name); - -alter table loops - add constraint FK4b9wnqopxogwek014i1shqw7w - foreign key (service_uuid) - references services (service_uuid); - -alter table loops_to_microservicepolicies - add constraint FKle255jmi7b065fwbvmwbiehtb - foreign key (microservicepolicy_name) - references micro_service_policies (name); - -alter table loops_to_microservicepolicies - add constraint FK8avfqaf7xl71l7sn7a5eri68d - foreign key (loop_name) - references loops (name); - -alter table looptemplates_to_loopelementmodels - add constraint FK1k7nbrbugvqa0xfxkq3cj1yn9 - foreign key (loop_element_model_name) - references loop_element_models (name); - -alter table looptemplates_to_loopelementmodels - add constraint FKj29yxyw0x7ue6mwgi6d3qg748 - foreign key (loop_template_name) - references loop_templates (name); - -alter table micro_service_policies - add constraint FKqvvdypacbww07fuv8xvlvdjgl - foreign key (loop_element_model_id) - references loop_element_models (name); - -alter table micro_service_policies - add constraint FKn17j9ufmyhqicb6cvr1dbjvkt - foreign key (policy_model_type, policy_model_version) - references policy_models (policy_model_type, version); - -alter table operational_policies - add constraint FKi9kh7my40737xeuaye9xwbnko - foreign key (loop_element_model_id) - references loop_element_models (name); - -alter table operational_policies - add constraint FKlsyhfkoqvkwj78ofepxhoctip - foreign key (policy_model_type, policy_model_version) - references policy_models (policy_model_type, version); - -alter table operational_policies - add constraint FK1ddoggk9ni2bnqighv6ecmuwu - foreign key (loop_id) - references loops (name); diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json b/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json deleted file mode 100644 index 6021b21d21..0000000000 --- a/kubernetes/policy/components/policy-clamp-be/resources/config/sdc-controllers-config.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "sdc-connections":{ - "sdc-controller":{ - "user": "clamp", - "consumerGroup": "clamp", - "consumerId": "clamp", - "environmentName": "AUTO", - "sdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443", - "password": "${SDC_CLIENT_PASSWORD_ENC}", - "pollingInterval":30, - "pollingTimeout":30, - "activateServerTLSAuth":"false", - "keyStorePassword":"", - "keyStorePath":"", - "messageBusAddresses":["message-router.{{ include "common.namespace" . }}"] - } - } -} diff --git a/kubernetes/policy/components/policy-clamp-be/templates/NOTES.txt b/kubernetes/policy/components/policy-clamp-be/templates/NOTES.txt deleted file mode 100644 index e36d6a5bfb..0000000000 --- a/kubernetes/policy/components/policy-clamp-be/templates/NOTES.txt +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.externalPort }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit https://127.0.0.1:8443 to use your application" - kubectl port-forward $POD_NAME 8443:{{ .Values.service.internalPort }} -{{- end }} diff --git a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml deleted file mode 100644 index 4354c00a30..0000000000 --- a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml +++ /dev/null @@ -1,135 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app: {{ include "common.name" . }} - template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} - spec: - initContainers: - - command: - - /app/ready.py - args: - - --job-name - - {{ include "common.release" . }}-policy-clamp-galera-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness -{{ include "common.certInitializer.initContainer" . | indent 6 }} - containers: - # side car containers - {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }} - # main container - - name: {{ include "common.name" . }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - sh - workingDir: "/opt/policy/clamp/" - args: - - -c - - | - {{- if .Values.global.aafEnabled }} - export $(grep '^cadi_' {{ .Values.certInitializer.credsPath }}/org.onap.clamp.cred.props | xargs -0) - export SDC_CLIENT_PASSWORD_ENC=`java -jar {{ .Values.certInitializer.credsPath }}/aaf-cadi-aaf-2.1.20-full.jar cadi digest ${SDC_CLIENT_PASSWORD} {{ .Values.certInitializer.credsPath }}/org.onap.clamp.keyfile`; - envsubst < "/opt/policy/clamp/sdc-controllers-config.json" > "/opt/policy/clamp/sdc-controllers-config-pass.json" - {{- end }} - java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./policy-clamp-backend.jar --spring.config.location=optional:classpath:/,optional:classpath:/config/,optional:file:./,optional:file:./config/ - ports: - - containerPort: {{ .Values.service.internalPort }} - # disable liveness probe when breakpoints set in debugger - # so K8s doesn't restart unresponsive container - {{- if eq .Values.liveness.enabled true }} - livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} - periodSeconds: {{ .Values.liveness.periodSeconds }} - {{ end -}} - readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} - initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} - periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - name: logs - mountPath: {{ .Values.log.path }} - - mountPath: /opt/policy/clamp/sdc-controllers-config.json - name: {{ include "common.fullname" . }}-config - subPath: sdc-controllers-config.json - - mountPath: /opt/policy/clamp/application.properties - name: {{ include "common.fullname" . }}-config - subPath: application.properties - env: - - name: RUNTIME_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-be-secret" "key" "login") | indent 12 }} - - name: RUNTIME_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-be-secret" "key" "password") | indent 12 }} - - name: MYSQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }} - - name: MYSQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12 }} - - name: SDC_CLIENT_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "password") | indent 12 }} - {{- if ne "unlimited" (include "common.flavor" .) }} - - name: JAVA_RAM_CONFIGURATION - value: -XX:MinRAMPercentage=50 -XX:MaxRAMPercentage=75 - {{- end }} - resources: {{ include "common.resources" . | nindent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} - {{- end -}} - {{- if .Values.affinity }} - affinity: {{ toYaml .Values.affinity | nindent 10 }} - {{- end }} - serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }}-configmap - items: - - key: sdc-controllers-config.json - path: sdc-controllers-config.json - - key: application.properties - path: application.properties - - name: logs - emptyDir: {} - {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-be/templates/job.yaml b/kubernetes/policy/components/policy-clamp-be/templates/job.yaml deleted file mode 100755 index b942dd3fb2..0000000000 --- a/kubernetes/policy/components/policy-clamp-be/templates/job.yaml +++ /dev/null @@ -1,86 +0,0 @@ -{{/* -# Copyright © 2018 Amdocs, Bell Canada -# Modifications Copyright © 2020-2021 AT&T Intellectual Property -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "common.release" . }}-policy-clamp-galera-config - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-policy-clamp-job - release: {{ include "common.release" . }} -spec: - template: - metadata: - labels: - app: {{ include "common.name" . }}-policy-clamp-job - release: {{ include "common.release" . }} - spec: - imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" - initContainers: -#This container checks that all galera instances are up before initializing it. - - name: {{ include "common.name" . }}-readiness - image: {{ include "repositoryGenerator.image.readiness" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /app/ready.py - - --job-name - - {{ include "common.release" . }}-policy-galera-config - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - containers: - - name: {{ include "common.release" . }}-policy-clamp-galera-config - image: {{ include "repositoryGenerator.image.mariadb" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /dbcmd-config/create-db-tables.sh - name: {{ include "common.fullname" . }}-config - subPath: create-db-tables.sh - - mountPath: /dbcmd-config/policy-clamp-create-tables.sql - name: {{ include "common.fullname" . }}-config - subPath: policy-clamp-create-tables.sql - command: - - /bin/sh - args: - - -x - - /dbcmd-config/create-db-tables.sh - env: - - name: MYSQL_HOST - value: "{{ .Values.db.service.name }}" - - name: MYSQL_USER - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 10 }} - - name: MYSQL_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 10 }} - - name: MYSQL_PORT - value: "{{ .Values.db.service.internalPort }}" - resources: -{{ include "common.resources" . }} - restartPolicy: Never - volumes: - - name: {{ include "common.fullname" . }}-config - configMap: - name: {{ include "common.fullname" . }}-configmap - items: - - key: create-db-tables.sh - path: create-db-tables.sh - - key: policy-clamp-create-tables.sql - path: policy-clamp-create-tables.sql diff --git a/kubernetes/policy/components/policy-clamp-be/templates/service.yaml b/kubernetes/policy/components/policy-clamp-be/templates/service.yaml deleted file mode 100644 index c01d36a53d..0000000000 --- a/kubernetes/policy/components/policy-clamp-be/templates/service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{/* -# Copyright © 2017 Amdocs, Bell Canada -# Modifications Copyright © 2018 AT&T -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -*/}} - -apiVersion: v1 -kind: Service -metadata: - name: {{ include "common.servicename" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} diff --git a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml index 4fb70fc337..3d192f4b6a 100644 --- a/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml @@ -66,6 +66,8 @@ server: context-path: /onap/policy/clamp/acm error: path: /error + ssl: + enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} runtime: @@ -83,7 +85,7 @@ runtime: servers: - ${topicServer:message-router} topicCommInfrastructure: dmaap - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} fetchTimeout: 15000 topicSinks: - @@ -91,7 +93,7 @@ runtime: servers: - ${topicServer:message-router} topicCommInfrastructure: dmaap - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} # If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below # topicParameterGroup: diff --git a/kubernetes/policy/components/policy-distribution/resources/config/config.json b/kubernetes/policy/components/policy-distribution/resources/config/config.json index 615afc6351..1aa9044eab 100755 --- a/kubernetes/policy/components/policy-distribution/resources/config/config.json +++ b/kubernetes/policy/components/policy-distribution/resources/config/config.json @@ -26,7 +26,7 @@ "port":6969, "userName":"${RESTSERVER_USER}", "password":"${RESTSERVER_PASSWORD}", - "https":true, + "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}, "prometheus": true }, "receptionHandlerParameters":{ @@ -56,7 +56,7 @@ "sdcConfiguration":{ "parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup", "parameters":{ - "asdcAddress": "sdc-be:8443", + "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}", "messageBusAddress": [ "message-router.{{ include "common.namespace" . }}" ], @@ -75,7 +75,8 @@ "keyStorePassword": "null", "activeserverTlsAuth": false, "isFilterinEmptyResources": true, - "isUseHttpsWithDmaap": true + "isUseHttpsWithDmaap": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}, + "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} } } }, @@ -98,7 +99,7 @@ "port": 6969, "userName": "${API_USER}", "password": "${API_PASSWORD}", - "useHttps": true + "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} }, "papParameters": { "clientName": "policy-pap", @@ -106,7 +107,7 @@ "port": 6969, "userName": "${PAP_USER}", "password": "${PAP_PASSWORD}", - "useHttps": true + "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} }, "deployPolicies": true } diff --git a/kubernetes/policy/components/policy-distribution/templates/service.yaml b/kubernetes/policy/components/policy-distribution/templates/service.yaml index 4b91692749..f8fa5415ba 100755 --- a/kubernetes/policy/components/policy-distribution/templates/service.yaml +++ b/kubernetes/policy/components/policy-distribution/templates/service.yaml @@ -33,7 +33,7 @@ spec: ports: - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index fe1c720590..11b47a676e 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -131,7 +131,7 @@ readiness: service: type: ClusterIP name: policy-distribution - portName: policy-distribution + portName: http externalPort: 6969 internalPort: 6969 diff --git a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf index c1e578733b..22168e8753 100755 --- a/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf +++ b/kubernetes/policy/components/policy-drools-pdp/resources/configmaps/base.conf @@ -57,7 +57,7 @@ AAF_HOST=aaf-locate.{{.Release.Namespace}} # HTTP Servers -HTTP_SERVER_HTTPS=true +HTTP_SERVER_HTTPS={{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} PROMETHEUS=true # PDP-D DMaaP configuration channel @@ -98,12 +98,12 @@ DCAE_CONSUMER_GROUP=dcae.policy.shared # Open DMaaP DMAAP_SERVERS=message-router -DMAAP_HTTPS=true +DMAAP_HTTPS={{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }} # AAI AAI_HOST=aai.{{.Release.Namespace}} -AAI_PORT=8443 +AAI_PORT={{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }} AAI_CONTEXT_URI= # MSO diff --git a/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml index b41bf4fdb9..619d0d4441 100755 --- a/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/templates/service.yaml @@ -31,17 +31,17 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.externalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort }} - port: {{ .Values.service.externalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort2 }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort }} - port: {{ .Values.service.externalPort2 }} targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort2 }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index d48d05fe44..72f22bcd3b 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -70,7 +70,7 @@ readiness: service: type: ClusterIP name: policy-drools-pdp - portName: policy-drools-pdp + portName: http internalPort: 6969 externalPort: 6969 nodePort: 17 diff --git a/kubernetes/policy/components/policy-gui/resources/config/application.yml b/kubernetes/policy/components/policy-gui/resources/config/application.yml new file mode 100644 index 0000000000..9be81d8ddd --- /dev/null +++ b/kubernetes/policy/components/policy-gui/resources/config/application.yml @@ -0,0 +1,25 @@ +server: + port: 2443 + ssl: + enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} +# enabled-protocols: TLSv1.2 +# client-auth: want +# key-store: file:${KEYSTORE} +# key-store-password: ${KEYSTORE_PASSWD} +# trust-store: file:${TRUSTSTORE} +# trust-store-password: ${TRUSTSTORE_PASSWD} + +clamp: + url: + disable-ssl-validation: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }} + disable-ssl-hostname-check: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }} + +apex-editor: + upload-url: + upload-userid: + +management: + endpoints: + web: + exposure: + include: health, metrics, prometheus diff --git a/kubernetes/policy/components/policy-gui/resources/config/logback.xml b/kubernetes/policy/components/policy-gui/resources/config/logback.xml new file mode 100644 index 0000000000..c20df8329d --- /dev/null +++ b/kubernetes/policy/components/policy-gui/resources/config/logback.xml @@ -0,0 +1,118 @@ +<!-- + ============LICENSE_START======================================================= + policy-gui + ================================================================================ + Copyright (C) 2021-2022 Nordix Foundation. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= + --> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>TRACE</level> + </filter> + <encoder> + <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n + </pattern> + </encoder> + </appender> + + <appender name="ERROR" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${POLICY_LOGS}/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${POLICY_LOGS}/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>TRACE</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="asyncError" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ERROR" /> + </appender> + + <appender name="DEBUG" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${POLICY_LOGS}/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${POLICY_LOGS}/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="asyncDebug" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DEBUG" /> + </appender> + + <appender name="NETWORK" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${POLICY_LOGS}/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>${POLICY_LOGS}/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="asyncNetwork" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NETWORK" /> + </appender> + + <logger name="network" level="TRACE" additivity="false"> + <appender-ref ref="asyncNetwork" /> + </logger> + + <logger name="org.apache" level="TRACE" additivity="false"> + <appender-ref ref="DEBUG" /> + </logger> + + <!-- Spring related loggers --> + <logger name="org.springframework" level="TRACE" additivity="false"> + <appender-ref ref="DEBUG" /> + </logger> + + <!-- GUI related loggers --> + <logger name="org.onap.policy.gui" level="TRACE" additivity="false"> + <appender-ref ref="ERROR" /> + <appender-ref ref="DEBUG" /> + </logger> + + <!-- logback internals logging --> + <logger name="ch.qos.logback.classic" level="INFO" /> + <logger name="ch.qos.logback.core" level="INFO" /> + + <root level="TRACE"> + <appender-ref ref="asyncDebug" /> + <appender-ref ref="asyncError" /> + <appender-ref ref="asyncNetwork" /> + <appender-ref ref="STDOUT" /> + </root> +</configuration> diff --git a/kubernetes/policy/components/policy-gui/templates/configmap.yaml b/kubernetes/policy/components/policy-gui/templates/configmap.yaml index 4f600882e9..9426b0f54f 100644 --- a/kubernetes/policy/components/policy-gui/templates/configmap.yaml +++ b/kubernetes/policy/components/policy-gui/templates/configmap.yaml @@ -21,7 +21,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "common.fullname" . }} + name: {{ include "common.fullname" . }}-configmap namespace: {{ include "common.namespace" . }} labels: app: {{ include "common.name" . }} @@ -29,6 +29,6 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/*.{xml,yaml,yml}").AsConfig . | indent 2 }} {{ include "common.log.configMap" . }} diff --git a/kubernetes/policy/components/policy-gui/templates/deployment.yaml b/kubernetes/policy/components/policy-gui/templates/deployment.yaml index a155715580..5a43fc71b0 100644 --- a/kubernetes/policy/components/policy-gui/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-gui/templates/deployment.yaml @@ -41,10 +41,34 @@ spec: spec: initContainers: - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: KEYSTORE + value: {{ .Values.certStores.keystoreLocation }} + - name: KEYSTORE_PASSWD + value: {{ .Values.certStores.keyStorePassword }} + - name: TRUSTSTORE + value: {{ .Values.certStores.truststoreLocation }} + - name: TRUSTSTORE_PASSWD + value: {{ .Values.certStores.trustStorePassword }} + - name: POLICY_LOGS + value: {{ .Values.log.path }} + volumeMounts: + - mountPath: /config-input + name: policy-gui-config + - mountPath: /config + name: policy-gui-config-processed + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + - command: - /app/ready.py args: - --container-name - - policy-clamp-be + - policy-clamp-runtime-acm env: - name: NAMESPACE valueFrom: @@ -62,20 +86,20 @@ spec: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} -{{- if .Values.global.aafEnabled }} +{{- if not (include "common.onServiceMesh" .) }} command: ["sh","-c"] args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"] env: -{{- else }} +{{ else }} command: ["/opt/app/policy/gui/bin/policy-gui.sh"] env: - name: KEYSTORE_PASSWD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} - name: TRUSTSTORE_PASSWD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} -{{- end }} +{{ end }} - name: CLAMP_URL - value: https://policy-clamp-be:8443 + value: http://policy-clamp-runtime-acm:6969 ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -95,6 +119,12 @@ spec: volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - name: logs mountPath: {{ .Values.log.path }} + - mountPath: /opt/app/policy/gui/etc/application.yml + name: policy-gui-config-processed + subPath: application.yml + - mountPath: /opt/app/policy/gui/etc/logback.xml + name: policy-gui-config-processed + subPath: logback.xml resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -113,5 +143,12 @@ spec: - name: logs emptyDir: {} {{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.volumes" . | nindent 8 }}{{ end }} + - name: policy-gui-config + configMap: + name: {{ include "common.fullname" . }}-configmap + defaultMode: 0755 + - name: policy-gui-config-processed + emptyDir: + medium: Memory imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-gui/templates/service.yaml b/kubernetes/policy/components/policy-gui/templates/service.yaml index 44e66b8680..827e93a4f2 100644 --- a/kubernetes/policy/components/policy-gui/templates/service.yaml +++ b/kubernetes/policy/components/policy-gui/templates/service.yaml @@ -34,11 +34,11 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml index c605b6b6ea..8761df7a6b 100644 --- a/kubernetes/policy/components/policy-gui/values.yaml +++ b/kubernetes/policy/components/policy-gui/values.yaml @@ -42,6 +42,8 @@ secrets: certStores: keyStorePassword: Pol1cy_0nap + keystoreLocation: /opt/app/policy/gui/etc/ssl/policy-keystore + truststoreLocation: /opt/app/policy/gui/etc/ssl/policy-truststore trustStorePassword: Pol1cy_0nap ################################################################# @@ -116,7 +118,7 @@ readiness: service: type: NodePort name: policy-gui - portName: policy-gui + portName: http internalPort: 2443 nodePort: 43 diff --git a/kubernetes/policy/components/policy-nexus/templates/service.yaml b/kubernetes/policy/components/policy-nexus/templates/service.yaml index 55defa9e92..6bec5619f6 100755 --- a/kubernetes/policy/components/policy-nexus/templates/service.yaml +++ b/kubernetes/policy/components/policy-nexus/templates/service.yaml @@ -31,11 +31,11 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.externalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/policy/components/policy-nexus/values.yaml b/kubernetes/policy/components/policy-nexus/values.yaml index 3d77e67456..ac0028d1d9 100755 --- a/kubernetes/policy/components/policy-nexus/values.yaml +++ b/kubernetes/policy/components/policy-nexus/values.yaml @@ -56,7 +56,7 @@ readiness: service: type: ClusterIP name: policy-nexus - portName: policy-nexus + portName: http externalPort: 8081 internalPort: 8081 nodePort: 36 diff --git a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml index 7cb32d0079..8fe4fac5fb 100644 --- a/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml +++ b/kubernetes/policy/components/policy-pap/resources/config/papParameters.yaml @@ -57,7 +57,7 @@ spring: server: port: 6969 ssl: - enabled: true + enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} pap: name: PapGroup @@ -76,7 +76,7 @@ pap: - topic: POLICY-PDP-PAP servers: - message-router - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} fetchTimeout: 15000 topicCommInfrastructure: dmaap - topic: POLICY-HEARTBEAT @@ -84,19 +84,19 @@ pap: consumerGroup: policy-pap servers: - message-router - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} fetchTimeout: 15000 topicCommInfrastructure: dmaap topicSinks: - topic: POLICY-PDP-PAP servers: - message-router - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} topicCommInfrastructure: dmaap - topic: POLICY-NOTIFICATION servers: - message-router - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} topicCommInfrastructure: dmaap # If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks # servers: @@ -113,19 +113,19 @@ pap: port: 6969 userName: "${API_USER}" password: "${API_PASSWORD}" - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} basePath: policy/api/v1/healthcheck - clientName: distribution hostname: policy-distribution port: 6969 userName: "${DISTRIBUTION_USER}" password: "${DISTRIBUTION_PASSWORD}" - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} basePath: healthcheck - clientName: dmaap hostname: message-router port: 3905 - useHttps: true + useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }} basePath: topics management: diff --git a/kubernetes/policy/components/policy-pap/templates/deployment.yaml b/kubernetes/policy/components/policy-pap/templates/deployment.yaml index 6f02f8e4c0..e05204249e 100755 --- a/kubernetes/policy/components/policy-pap/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-pap/templates/deployment.yaml @@ -112,7 +112,7 @@ spec: httpHeaders: - name: Authorization value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }} - scheme: {{ .Values.readiness.scheme }} + scheme: {{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }} successThreshold: {{ .Values.readiness.successThreshold }} failureThreshold: {{ .Values.readiness.failureThreshold }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index 0dc6dbe4dc..cc66af9146 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -148,7 +148,6 @@ readiness: periodSeconds: 120 port: http-api api: /policy/pap/v1/healthcheck - scheme: HTTPS successThreshold: 1 failureThreshold: 3 timeout: 60 diff --git a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json index 19b4d9c03b..0f1744a9e4 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json +++ b/kubernetes/policy/components/policy-xacml-pdp/resources/config/config.json @@ -26,7 +26,7 @@ "port": 6969, "userName": "${RESTSERVER_USER}", "password": "${RESTSERVER_PASSWORD}", - "https": true, + "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}, "aaf": false, "prometheus": true }, @@ -35,7 +35,7 @@ "port": 6969, "userName": "${API_USER}", "password": "${API_PASSWORD}", - "useHttps": true, + "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}, "aaf": false }, "applicationParameters": { @@ -45,14 +45,14 @@ "topicSources" : [{ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], - "useHttps" : true, + "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}, "fetchTimeout" : 15000, "topicCommInfrastructure" : "dmaap" }], "topicSinks" : [{ "topic" : "POLICY-PDP-PAP", "servers" : [ "message-router" ], - "useHttps" : true, + "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}, "topicCommInfrastructure" : "dmaap" }] } diff --git a/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml index 123ae66432..42995c8985 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/templates/service.yaml @@ -33,7 +33,7 @@ spec: ports: - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 3a44719727..c29e0303fd 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -128,7 +128,7 @@ readiness: service: type: ClusterIP name: policy-xacml-pdp - portName: policy-xacml-pdp + portName: http externalPort: 6969 internalPort: 6969 diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index 9fea669c37..0df26568e5 100755 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -19,22 +19,22 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ include "common.release" . }}-policy-galera-config + name: {{ include "common.fullname" . }}-galera-init namespace: {{ include "common.namespace" . }} labels: - app: {{ include "common.name" . }}-job + app: {{ include "common.name" . }}-galera-init release: {{ include "common.release" . }} spec: template: metadata: labels: - app: {{ include "common.name" . }}-job + app: {{ include "common.name" . }}-galera-init release: {{ include "common.release" . }} + name: {{ include "common.name" . }}-galera-init spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - initContainers: {{ if .Values.global.postgres.localCluster }}{{ include "common.readinessCheck.waitFor" . | nindent 6 }}{{ end }} -#This container checks that all galera instances are up before initializing it. + initContainers: - name: {{ include "common.name" . }}-mariadb-readiness image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -48,7 +48,8 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - - name: {{ include "common.release" . }}-policy-galera-config + containers: + - name: {{ include "common.name" . }}-galera-config image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadb.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: @@ -57,9 +58,11 @@ spec: subPath: db.sh command: - /bin/sh - args: - - -x - - /dbcmd-config/db.sh + - -cx + - | + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} + /dbcmd-config/db.sh env: - name: MYSQL_ROOT_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 10 }} @@ -71,8 +74,57 @@ spec: value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}" resources: {{ include "common.resources" . }} - {{ if .Values.global.postgres.localCluster }} - - name: {{ include "common.release" . }}-policy-pg-config + {{- if (include "common.onServiceMesh" .) }} + - name: policy-service-mesh-wait-for-job-container + image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0 + imagePullPolicy: Always + command: + - /bin/sh + - "-c" + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; + /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-config -t 45; + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + {{- end }} + restartPolicy: Never + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-db-configmap + defaultMode: 0755 + items: + - key: db.sh + path: db.sh + +{{ if .Values.global.postgres.localCluster }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-pg-init + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-pg-init + release: {{ include "common.release" . }} +spec: + template: + metadata: + labels: + app: {{ include "common.name" . }}-pg-init + release: {{ include "common.release" . }} + name: {{ include "common.name" . }}-pg-init + spec: + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + initContainers: {{ if .Values.global.postgres.localCluster }}{{ include "common.readinessCheck.waitFor" . | nindent 6 }}{{ end }} + containers: + - name: {{ include "common.name" . }}-pg-config image: {{ .Values.repository }}/{{ .Values.postgresImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: @@ -81,9 +133,11 @@ spec: subPath: db-pg.sh command: - /bin/sh - args: - - -x - - /docker-entrypoint-initdb.d/db-pg.sh + - -cx + - | + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} + /docker-entrypoint-initdb.d/db-pg.sh env: - name: PG_ADMIN_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-root-pass" "key" "password") | indent 12 }} @@ -97,9 +151,71 @@ spec: value: "{{ .Values.postgres.service.internalPort }}" resources: {{ include "common.resources" . }} - {{ end }} + {{- if (include "common.onServiceMesh" .) }} + - name: policy-service-mesh-wait-for-job-container + image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0 + imagePullPolicy: Always + command: + - /bin/sh + - "-c" + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; + /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-config -t 45; + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + {{- end }} + restartPolicy: Never + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-db-configmap + defaultMode: 0755 + items: + - key: db-pg.sh + path: db-pg.sh +{{ end }} + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-galera-config + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-galera-config + release: {{ include "common.release" . }} +spec: + template: + metadata: + labels: + app: {{ include "common.name" . }}-galera-config + release: {{ include "common.release" . }} + name: {{ include "common.name" . }}-galera-config + spec: + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + initContainers: + - name: {{ include "common.name" . }}-init-readiness + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /app/ready.py + args: + - --job-name + - {{ include "common.fullname" . }}-galera-init + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace containers: - - name: {{ include "common.release" . }}-policy-galera-db-migrator + - name: {{ include "common.name" . }}-galera-db-migrator image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: @@ -108,9 +224,11 @@ spec: subPath: db_migrator_policy_init.sh command: - /bin/sh - args: - - -x - - /dbcmd-config/db_migrator_policy_init.sh + - -cx + - | + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} + /dbcmd-config/db_migrator_policy_init.sh env: - name: SQL_HOST value: "{{ index .Values "mariadb-galera" "service" "name" }}" @@ -126,8 +244,71 @@ spec: value: "sql" resources: {{ include "common.resources" . }} - {{ if .Values.global.postgres.localCluster }} - - name: {{ include "common.release" . }}-policy-pg-db-migrator + {{- if (include "common.onServiceMesh" .) }} + - name: policy-service-mesh-wait-for-job-container + image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0 + imagePullPolicy: Always + command: + - /bin/sh + - "-c" + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; + /app/ready.py --service-mesh-check {{ include "common.name" . }}-galera-db-migrator -t 45; + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + {{- end }} + restartPolicy: Never + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-db-configmap + defaultMode: 0755 + items: + - key: db_migrator_policy_init.sh + path: db_migrator_policy_init.sh + +{{ if .Values.global.postgres.localCluster }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-pg-config + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-pg-config + release: {{ include "common.release" . }} +spec: + template: + metadata: + labels: + app: {{ include "common.name" . }}-pg-config + release: {{ include "common.release" . }} + name: {{ include "common.name" . }}-pg-config + spec: + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + initContainers: + - name: {{ include "common.name" . }}-init-readiness + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /app/ready.py + args: + - --job-name + - {{ include "common.fullname" . }}-pg-init + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + containers: + - name: {{ include "common.name" . }}-pg-db-migrator image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: @@ -136,9 +317,11 @@ spec: subPath: db_migrator_pg_policy_init.sh command: - /bin/sh - args: - - -x - - /dbcmd-config/db_migrator_pg_policy_init.sh + - -cx + - | + {{- if include "common.onServiceMesh" . }} + echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }} + /dbcmd-config/db_migrator_pg_policy_init.sh env: - name: SQL_HOST value: "{{ .Values.postgres.service.name2 }}" @@ -156,20 +339,31 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} resources: {{ include "common.resources" . }} - {{ end }} + {{- if (include "common.onServiceMesh" .) }} + - name: policy-service-mesh-wait-for-job-container + image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0 + imagePullPolicy: Always + command: + - /bin/sh + - "-c" + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; + /app/ready.py --service-mesh-check {{ include "common.name" . }}-pg-db-migrator -t 45; + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + {{- end }} restartPolicy: Never serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }}-db-configmap + defaultMode: 0755 items: - - key: db.sh - path: db.sh - - key: db_migrator_policy_init.sh - path: db_migrator_policy_init.sh - - key: db-pg.sh - path: db-pg.sh - key: db_migrator_pg_policy_init.sh path: db_migrator_pg_policy_init.sh - +{{ end }} diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 1c73e645b9..1b9955b5a7 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -129,12 +129,6 @@ policy-distribution: db: *dbSecretsHook config: jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' -policy-clamp-be: - enabled: true - db: *dbSecretsHook - config: - appUserExternalSecret: *policyAppCredsSecret - jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' policy-clamp-ac-k8s-ppnt: enabled: true config: @@ -161,7 +155,7 @@ policy-clamp-runtime-acm: appUserExternalSecret: *policyAppCredsSecret jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' policy-gui: - enabled: true + enabled: false config: jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}' diff --git a/kubernetes/portal/components/portal-sdk/templates/service.yaml b/kubernetes/portal/components/portal-sdk/templates/service.yaml index f3007a4c46..56a65227a1 100644 --- a/kubernetes/portal/components/portal-sdk/templates/service.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/service.yaml @@ -32,11 +32,11 @@ spec: - port: {{ .Values.service.internalPort }} targetPort: {{ .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py index 3c5f9ce73a..8365c68297 100644 --- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py @@ -152,11 +152,11 @@ GLOBAL_SDC_USERNAME = '{{ .Values.sdcUsername }}' GLOBAL_SDC_PASSWORD = '{{ .Values.sdcPassword }}' GLOBAL_SDC_AUTHENTICATION = [GLOBAL_SDC_USERNAME, GLOBAL_SDC_PASSWORD] # clamp info - everything is from the private oam network (also called onap private network) -GLOBAL_CLAMP_SERVER_PROTOCOL = "https" +GLOBAL_CLAMP_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}' GLOBAL_CLAMP_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "policy-gui" "port" 2443) }}' # nbi info - everything is from the private oam network (also called onap private network) -GLOBAL_NBI_SERVER_PROTOCOL = "https" -GLOBAL_NBI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "nbi" "port" 8443) }}' +GLOBAL_NBI_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}' +GLOBAL_NBI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "nbi" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}' # cli info - everything is from the private oam network (also called onap private network) GLOBAL_CLI_SERVER_PROTOCOL = "https" GLOBAL_CLI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "cli" "port" 443) }}' @@ -176,10 +176,10 @@ GLOBAL_DCAE_AUTHENTICATION = [GLOBAL_DCAE_USERNAME, GLOBAL_DCAE_PASSWORD] GLOBAL_DCAE_HVVES_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-hv-ves-collector") }}' GLOBAL_DCAE_HVVES_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-hv-ves-collector" "port" 6061) }}' # data router info - everything is from the private oam network (also called onap private network) -GLOBAL_DMAAP_DR_PROV_SERVER_PROTOCOL = "https" +GLOBAL_DMAAP_DR_PROV_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}' GLOBAL_DMAAP_DR_PROV_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-dr-prov" "port" 443) }}' -GLOBAL_DMAAP_DR_NODE_SERVER_PROTOCOL = "https" -GLOBAL_DMAAP_DR_NODE_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmapp-dr-node" "port" 8443) }}' +GLOBAL_DMAAP_DR_NODE_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}' +GLOBAL_DMAAP_DR_NODE_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmapp-dr-node" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}' # dmaap message router info GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router") }}' GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}' @@ -216,14 +216,14 @@ GLOBAL_POMBA_ELASTICSEARCH_PORT = '{{include "robot.ingress.port" (dict "root" . GLOBAL_POMBA_CONTEXTAGGREGATOR_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "pomba-contextaggregator" "port" 9529) }}' # microservice bus info - everything is from the private oam network (also called onap private network) -GLOBAL_MSB_SERVER_PROTOCOL = "https" -GLOBAL_MSB_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "clamp" "port" 443) }}' +GLOBAL_MSB_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}' +GLOBAL_MSB_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "msb-iag" "port" ( ternary 443 80 (eq "true" (include "common.needTLS" . )))) }}' # message router info - everything is from the private oam network (also called onap private network) GLOBAL_MR_SERVER_PROTOCOL = "http" GLOBAL_MR_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}' # bus controller info -GLOBAL_BC_SERVER_PROTOCOL = "https" -GLOBAL_BC_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-bc" "port" 8443) }}' +GLOBAL_BC_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}' +GLOBAL_BC_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-bc" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}' GLOBAL_BC_USERNAME = '{{ .Values.bcUsername }}' GLOBAL_BC_PASSWORD = '{{ .Values.bcPassword }}' # dcae inventory and deployment handler info @@ -290,7 +290,7 @@ GLOBAL_SO_NSSMF_ENDPOINT = 'http://' + GLOBAL_INJECTED_SO_NSSMF_IP_ADDR + ':' + GLOBAL_MUSIC_SERVER_PROTOCOL = "https" GLOBAL_MUSIC_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "music" "port" 8443) }}' # oof global info - everything is from the private oam network (also called onap private network) -GLOBAL_OOF_SERVER_PROTOCOL = "https" +GLOBAL_OOF_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}' # oof-homing info - everything is from the private oam network (also called onap private network) GLOBAL_OOF_HOMING_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "oof-has-api" "port" 8091) }}' GLOBAL_OOF_HOMING_USERNAME="{{ .Values.oofHomingUsername }}" @@ -315,7 +315,7 @@ GLOBAL_PACKET_GENERATOR_USERNAME = "admin" GLOBAL_PACKET_GENERATOR_PASSWORD = "admin" GLOBAL_PGN_PORT = "2831" # policy info - everything is from the private oam network (also called onap private network) -GLOBAL_POLICY_SERVER_PROTOCOL = "https" +GLOBAL_POLICY_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}' GLOBAL_POLICY_SERVER_PORT = "8081" GLOBAL_POLICY_HEALTHCHECK_PORT = "6969" GLOBAL_POLICY_AUTH = '{{ .Values.policyAuth}}' @@ -332,9 +332,9 @@ GLOBAL_PORTAL_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "host GLOBAL_PORTAL_USERNAME = '{{ .Values.portalUsername }}' GLOBAL_PORTAL_PASSWORD = '{{ .Values.portalPassword }}' # sdnc info - everything is from the private oam network (also called onap private network) -GLOBAL_SDNC_SERVER_PROTOCOL = "https" -GLOBAL_SDNC_REST_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdnc" "port" 8443) }}' -GLOBAL_SDNC_ADMIN_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdnc-portal" "port" 8443) }}' +GLOBAL_SDNC_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}' +GLOBAL_SDNC_REST_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdnc" "port" ( ternary 8443 8282 (eq "true" (include "common.needTLS" . )))) }}' +GLOBAL_SDNC_ADMIN_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdnc-portal" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}' GLOBAL_SDNC_USERNAME = '{{ .Values.sdncUsername }}' GLOBAL_SDNC_PASSWORD = '{{ .Values.sdncPassword }}' GLOBAL_SDNC_AUTHENTICATION = [GLOBAL_SDNC_USERNAME, GLOBAL_SDNC_PASSWORD] @@ -350,13 +350,13 @@ GLOBAL_VID_PASSWORD = '{{ .Values.vidPassword}}' GLOBAL_VID_HEALTH_USERNAME = '{{ .Values.vidHealthUsername }}' GLOBAL_VID_HEALTH_PASSWORD = '{{ .Values.vidHealthPassword }}' # vnfsdk info - everything is from the private oam network (also called onap private network) -GLOBAL_VNFSDK_SERVER_PROTOCOL = "https" +GLOBAL_VNFSDK_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}' GLOBAL_VNFSDK_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "refrepo" "port" 8703) }}' GLOBAL_DCAE_VES_PROTOCOL = "http" GLOBAL_DCAE_VES_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-ves-collector" "port" 8080) }}' -GLOBAL_DCAE_VES_HTTPS_PROTOCOL = "https" -GLOBAL_DCAE_VES_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-ves-collector-https" "port" 8443) }}' +GLOBAL_DCAE_VES_HTTPS_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}' +GLOBAL_DCAE_VES_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-ves-collector-https" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}' GLOBAL_DCAE_VES_USERNAME = 'sample1' GLOBAL_DCAE_VES_PASSWORD = 'sample1' diff --git a/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml b/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml index e1bac69fe3..348609b8da 100644 --- a/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-admin-cockpit/resources/config/overrides/override.yaml @@ -1,4 +1,7 @@ server: + {{- if include "common.onServiceMesh" . }} + forward-headers-strategy: none + {{- end }} port: {{ index .Values.containerPort }} {{- if .Values.global.aafEnabled }} ssl: diff --git a/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml b/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml index 661ed64b0e..061d8f0847 100644 --- a/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml @@ -15,6 +15,9 @@ */}} server: + {{- if include "common.onServiceMesh" . }} + forward-headers-strategy: none + {{- end }} port: {{ index .Values.containerPort }} tomcat: max-threads: 50 diff --git a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml index ddff9c1dea..77e553bd67 100755 --- a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml @@ -20,7 +20,7 @@ aai: {{ if (include "common.needTLS" .) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 {{ else }} - endpoint: http://aai.{{ include "common.namespace" . }}:8080 + endpoint: http://aai.{{ include "common.namespace" . }}:80 {{ end }} workflowAaiDistributionDelay: PT30S pnfEntryNotificationTimeout: P14D @@ -358,6 +358,9 @@ sniro: headers.minorVersion: 1 headers.latestVersion: 2 server: + {{- if include "common.onServiceMesh" . }} + forward-headers-strategy: none + {{- end }} port: {{ index .Values.containerPort }} tomcat: max-threads: 50 diff --git a/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml index 7aa5984403..c82a0d29d4 100755 --- a/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml @@ -14,6 +14,9 @@ # limitations under the License. */}} server: + {{- if include "common.onServiceMesh" . }} + forward-headers-strategy: none + {{- end }} port: {{ index .Values.containerPort }} tomcat: max-threads: 50 diff --git a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml index 0c2f679082..d667cb5c60 100755 --- a/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-cnf-adapter/resources/config/overrides/override.yaml @@ -19,7 +19,7 @@ aai: {{ if (include "common.needTLS" .) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 {{ else }} - endpoint: http://aai.{{ include "common.namespace" . }}:8080 + endpoint: http://aai.{{ include "common.namespace" . }}:80 {{ end }} enabled: {{ .Values.global.aai.enabled }} logging: @@ -31,6 +31,9 @@ spring: password: ${ACTUATOR_PASSWORD} role: ACTUATOR server: + {{- if include "common.onServiceMesh" . }} + forward-headers-strategy: none + {{- end }} port: {{ index .Values.containerPort }} tomcat: max-threads: 50 diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml index 7c1cb1b3c4..df47c0a5fd 100644 --- a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml @@ -20,7 +20,7 @@ aai: {{ if (include "common.needTLS" .) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 {{ else }} - endpoint: http://aai.{{ include "common.namespace" . }}:8080 + endpoint: http://aai.{{ include "common.namespace" . }}:80 {{ end }} spring: datasource: @@ -45,6 +45,9 @@ spring: password: ${ETSI_NFVO_PASSWORD} role: ETSI-NFVO-Client server: + {{- if include "common.onServiceMesh" . }} + forward-headers-strategy: none + {{- end }} port: {{ .Values.containerPort }} tomcat: max-threads: 50 diff --git a/kubernetes/so/components/so-etsi-sol003-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-sol003-adapter/resources/config/overrides/override.yaml index 33b38add57..fed38f7592 100755 --- a/kubernetes/so/components/so-etsi-sol003-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-etsi-sol003-adapter/resources/config/overrides/override.yaml @@ -19,7 +19,7 @@ aai: {{ if (include "common.needTLS" .) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 {{ else }} - endpoint: http://aai.{{ include "common.namespace" . }}:8080 + endpoint: http://aai.{{ include "common.namespace" . }}:80 {{ end }} spring: security: @@ -31,6 +31,9 @@ spring: password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' role: ACTUATOR server: + {{- if include "common.onServiceMesh" . }} + forward-headers-strategy: none + {{- end }} port: {{ index .Values.containerPort }} ssl: enabled: false diff --git a/kubernetes/so/components/so-etsi-sol005-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-sol005-adapter/resources/config/overrides/override.yaml index e1e2fc23c6..189a02bf73 100755 --- a/kubernetes/so/components/so-etsi-sol005-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-etsi-sol005-adapter/resources/config/overrides/override.yaml @@ -33,6 +33,9 @@ spring: password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' role: ACTUATOR server: + {{- if include "common.onServiceMesh" . }} + forward-headers-strategy: none + {{- end }} port: {{ index .Values.containerPort }} tomcat: max-threads: 50 diff --git a/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml index 1d8a97c028..016b3f534f 100755 --- a/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml @@ -18,7 +18,7 @@ aai: {{ if (include "common.needTLS" .) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 {{ else }} - endpoint: http://aai.{{ include "common.namespace" . }}:8080 + endpoint: http://aai.{{ include "common.namespace" . }}:80 {{ end }} logging: path: logs @@ -44,6 +44,9 @@ spring: password: ${ACTUATOR_PASSWORD} role: ACTUATOR server: + {{- if include "common.onServiceMesh" . }} + forward-headers-strategy: none + {{- end }} port: {{ index .Values.containerPort }} tomcat: max-threads: 50 diff --git a/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml index 8db5d26788..2d645bebf2 100755 --- a/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml @@ -25,6 +25,9 @@ spring: password: ${ACTUATOR_PASSWORD} role: ACTUATOR server: + {{- if include "common.onServiceMesh" . }} + forward-headers-strategy: none + {{- end }} port: {{ index .Values.containerPort }} tomcat: max-threads: 50 diff --git a/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml index 487e93132d..7dc22c3536 100755 --- a/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml @@ -18,10 +18,14 @@ aai: {{ if (include "common.needTLS" .) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 {{ else }} - endpoint: http://aai.{{ include "common.namespace" . }}:8080 + endpoint: http://aai.{{ include "common.namespace" . }}:80 {{ end }} server: + {{- if include "common.onServiceMesh" . }} + forward-headers-strategy: none + {{- end }} port: {{ index .Values.containerPort }} +SW port: {{ index .Values.containerPort }} spring: datasource: hikari: @@ -117,8 +121,8 @@ mso: auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}} logPath: ./logs/openstack msb-ip: msb-iag - msb-port: 443 - msb-scheme: https + msb-port: 80 + msb-scheme: http workflow: endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine msoKey: {{ .Values.mso.msoKey }} diff --git a/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml index 9b70ddcb5d..86e02d638a 100755 --- a/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml @@ -15,6 +15,9 @@ # will be used as entry in DB to say SITE OFF/ON for healthcheck */}} server: + {{- if include "common.onServiceMesh" . }} + forward-headers-strategy: none + {{- end }} port: {{ index .Values.containerPort }} tomcat: max-threads: 50 diff --git a/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml index ffa66e9d78..29a1cf7443 100755 --- a/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml @@ -16,6 +16,9 @@ aai: auth: {{.Values.aai.auth}} server: + {{- if include "common.onServiceMesh" . }} + forward-headers-strategy: none + {{- end }} port: {{ index .Values.containerPort }} spring: datasource: @@ -66,7 +69,7 @@ mso: {{ if (include "common.needTLS" .) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 {{ else }} - endpoint: http://aai.{{ include "common.namespace" . }}:8080 + endpoint: http://aai.{{ include "common.namespace" . }}:80 {{ end }} asdc-connections: asdc-controller1: diff --git a/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml index 5c7a9af467..119236b1b2 100755 --- a/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml @@ -14,6 +14,9 @@ # limitations under the License. */}} server: + {{- if include "common.onServiceMesh" . }} + forward-headers-strategy: none + {{- end }} port: {{ index .Values.containerPort }} mso: msoKey: ${MSO_KEY} diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml index 8471540011..1a96abf9cb 100755 --- a/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml @@ -15,6 +15,9 @@ */}} server: + {{- if include "common.onServiceMesh" . }} + forward-headers-strategy: none + {{- end }} port: {{ include "common.getPort" (dict "global" . "name" "http") }} vevnfmadapter: @@ -28,7 +31,7 @@ aai: {{ if (include "common.needTLS" .) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 {{ else }} - endpoint: http://aai.{{ include "common.namespace" . }}:8080 + endpoint: http://aai.{{ include "common.namespace" . }}:80 {{ end }} dmaap: diff --git a/kubernetes/so/resources/config/overrides/override.yaml b/kubernetes/so/resources/config/overrides/override.yaml index 6933607827..48b75c72e9 100755 --- a/kubernetes/so/resources/config/overrides/override.yaml +++ b/kubernetes/so/resources/config/overrides/override.yaml @@ -2,7 +2,7 @@ aai: {{ if (include "common.needTLS" .) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 {{ else }} - endpoint: http://aai.{{ include "common.namespace" . }}:8080 + endpoint: http://aai.{{ include "common.namespace" . }}:80 {{ end }} auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}} server: @@ -62,7 +62,7 @@ mso: {{ if (include "common.needTLS" .) }} endpoint: https://aai.{{ include "common.namespace" . }}:8443 {{ else }} - endpoint: http://aai.{{ include "common.namespace" . }}:8080 + endpoint: http://aai.{{ include "common.namespace" . }}:80 {{ end }} auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}} |