diff options
Diffstat (limited to 'kubernetes')
-rw-r--r-- | kubernetes/appc/charts/appc-cdt/values.yaml | 2 | ||||
-rw-r--r-- | kubernetes/appc/values.yaml | 2 | ||||
-rw-r--r-- | kubernetes/common/common/templates/_aafconfig.tpl | 168 | ||||
-rw-r--r-- | kubernetes/common/common/templates/_storage.tpl | 244 | ||||
-rw-r--r-- | kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json | 2 | ||||
-rw-r--r-- | kubernetes/nbi/templates/configmap-aaf-add-config.yaml | 28 | ||||
-rw-r--r-- | kubernetes/nbi/templates/deployment.yaml | 42 | ||||
-rw-r--r-- | kubernetes/nbi/values.yaml | 44 | ||||
-rwxr-xr-x | kubernetes/onap/values.yaml | 4 | ||||
-rwxr-xr-x | kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml | 2 | ||||
-rwxr-xr-x | kubernetes/so/charts/so-bpmn-infra/values.yaml | 3 | ||||
-rwxr-xr-x | kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml | 20 | ||||
-rwxr-xr-x | kubernetes/so/charts/so-sdnc-adapter/values.yaml | 3 | ||||
-rwxr-xr-x | kubernetes/so/resources/config/overrides/override.yaml | 3 | ||||
-rwxr-xr-x | kubernetes/so/values.yaml | 3 | ||||
-rw-r--r-- | kubernetes/vnfsdk/values.yaml | 2 |
16 files changed, 372 insertions, 200 deletions
diff --git a/kubernetes/appc/charts/appc-cdt/values.yaml b/kubernetes/appc/charts/appc-cdt/values.yaml index 377041a615..118d19c1b3 100644 --- a/kubernetes/appc/charts/appc-cdt/values.yaml +++ b/kubernetes/appc/charts/appc-cdt/values.yaml @@ -26,7 +26,7 @@ flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/appc-cdt-image:1.7.0 +image: onap/appc-cdt-image:1.7.1 pullPolicy: Always # application configuration diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml index 8e8c4219ac..fb8230b128 100644 --- a/kubernetes/appc/values.yaml +++ b/kubernetes/appc/values.yaml @@ -56,7 +56,7 @@ secrets: flavor: small # application image repository: nexus3.onap.org:10001 -image: onap/appc-image:1.7.0 +image: onap/appc-image:1.7.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/common/common/templates/_aafconfig.tpl b/kubernetes/common/common/templates/_aafconfig.tpl index db7cbe8d8d..0c78cc11b9 100644 --- a/kubernetes/common/common/templates/_aafconfig.tpl +++ b/kubernetes/common/common/templates/_aafconfig.tpl @@ -18,11 +18,10 @@ common templates to enable aaf configs for applictaions Parameter for aafConfig to be defined in values.yaml - aafConfig: --> if a different key is used, call templates with argument (dict "aafRoot" "<yourkey>" "dot" .) + aafConfig: --> if a different key is used, call templates with argument (dict "aafRoot" .Values.<yourkey> "dot" .) # additional scripts can be defined to handle certs addconfig: true|false fqdn: "sdnc" - image: onap/aaf/aaf_agent:2.1.15 app_ns: "org.osaaf.aaf" fqi: "sdnc@sdnc.onap.org" fqi_namespace: org.onap.sdnc @@ -31,19 +30,13 @@ aafDeployPass: demo123456! cadi_latitude: "38.0" cadi_longitude: "-72.0" - persistence: - enabled: true - config.volumeReclaimPolicy: Delete - config.accessMode: ReadWriteMany - config.size: 40M - config.storageClass: "manual" - config.mountPath: "/dockerdata-nfs" - config.mountSubPath: "sdnc/aaf" + secret_uid: &aaf_secret_uid my-component-aaf-deploy-creds + # secrets configuration, Note: create a secrets template secrets: - - uid: aaf-deploy-creds + - uid: *aaf_secret_uid type: basicAuth - externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}' + externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' login: '{{ .Values.aafConfig.aafDeployFqi }}' password: '{{ .Values.aafConfig.aafDeployPass }}' passwordPolicy: required @@ -56,25 +49,18 @@ volumeMounts: {{- if .Values.global.aafEnabled }} - mountPath: "/opt/app/osaaf" - name: {{ include "common.fullname" . }}-aaf-config-vol + name: {{ include "common.fullname" . }}-aaf-config {{- end }} volumes: {{- include "common.aaf-config-volumes" . | nindent XX}} - - If persistence.enabled = true - Create pvc: - {{ include "common.aaf-config-pvc" . }} - Create pv - {{ include "common.aaf-config-pv" . }} - */}} {{- define "common.aaf-config" -}} -{{- $dot := default . .dot -}} -{{- $aafRoot := default "aafConfig" .aafRoot -}} -{{ if .Values.global.aafEnabled }} -- name: {{ include "common.name" . }}-aaf-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- $dot := default . .dot -}} +{{- $aafRoot := default $dot.Values.aafConfig .aafRoot -}} +{{- if $dot.Values.global.aafEnabled -}} +- name: {{ include "common.name" $dot }}-aaf-readiness + image: "{{ $dot.Values.global.readinessRepository }}/{{ $dot.Values.global.readinessImage }}" + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} command: - /root/ready.py args: @@ -84,143 +70,79 @@ - aaf-cm - --container-name - aaf-service - env: - name: NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace -- name: {{ include "common.name" . }}-aaf-config - image: {{ .Values.global.repository }}/{{index .Values $aafRoot "image" }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +- name: {{ include "common.name" $dot }}-aaf-config + image: {{ (default $dot.Values.repository $dot.Values.global.repository) }}/{{ $dot.Values.global.aafAgentImage }} + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} volumeMounts: - mountPath: "/opt/app/osaaf" - name: {{ include "common.fullname" . }}-aaf-config-vol - {{- if (index .Values $aafRoot "addconfig") }} + name: {{ include "common.fullname" $dot }}-aaf-config +{{- if $aafRoot.addconfig }} - name: aaf-add-config mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh subPath: aaf-add-config.sh - {{- end }} +{{- end }} command: - sh - -c - | #!/usr/bin/env bash /opt/app/aaf_config/bin/agent.sh - {{- if (index .Values $aafRoot "addconfig") }} +{{- if $aafRoot.addconfig }} /opt/app/aaf_config/bin/aaf-add-config.sh - {{- end }} +{{- end }} env: - name: APP_FQI - value: "{{ index .Values $aafRoot "fqi" }}" + value: "{{ $aafRoot.fqi }}" - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace}}:8095" + value: "https://aaf-locate.{{ $dot.Release.Namespace}}:8095" - name: aaf_locator_container value: "oom" - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" + value: "{{ $dot.Release.Namespace }}" - name: aaf_locator_fqdn - value: "{{ index .Values $aafRoot "fqdn" }}" + value: "{{ $aafRoot.fqdn }}" - name: aaf_locator_app_ns - value: "{{ index .Values $aafRoot "app_ns" }}" + value: "{{ $aafRoot.app_ns }}" - name: DEPLOY_FQI - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 6 }} + {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "login") | indent 6 }} - name: DEPLOY_PASSWORD - {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 6 }} - #Note: want to put this on Nodes, evenutally + {{- include "common.secret.envFromSecret" (dict "global" $dot "uid" $aafRoot.secret_uid "key" "password") | indent 6 }} + #Note: want to put this on Nodes, eventually - name: cadi_longitude - value: "{{ default "52.3" (index .Values $aafRoot "cadi_longitude") }}" + value: "{{ default "52.3" $aafRoot.cadi_longitude }}" - name: cadi_latitude - value: "{{ default "13.2" (index .Values $aafRoot "cadi_latitude") }}" + value: "{{ default "13.2" $aafRoot.cadi_latitude }}" #Hello specific. Clients don't don't need this, unless Registering with AAF Locator - name: aaf_locator_public_fqdn - value: "{{ (index .Values $aafRoot "public_fqdn") | default "" }}" -{{- end -}} + value: "{{ $aafRoot.public_fqdn | default "" }}" +{{- end -}} {{- end -}} - {{- define "common.aaf-config-volume-mountpath" -}} -{{ if .Values.global.aafEnabled }} +{{- if .Values.global.aafEnabled -}} - mountPath: "/opt/app/osaaf" - name: {{ include "common.fullname" . }}-aaf-config-vol -{{- end -}} + name: {{ include "common.fullname" . }}-aaf-config +{{- end -}} {{- end -}} {{- define "common.aaf-config-volumes" -}} -{{ if .Values.global.aafEnabled }} -{{- $dot := default . .dot -}} -{{- $aafRoot := default "aafConfig" .aafRoot -}} -- name: {{ include "common.fullname" . }}-aaf-config-vol - persistentVolumeClaim: - claimName: {{ include "common.fullname" . }}-aaf-config-pvc -{{- if (index .Values $aafRoot "addconfig") }} +{{- $dot := default . .dot -}} +{{- $aafRoot := default $dot.Values.aafConfig .aafRoot -}} +{{- if $dot.Values.global.aafEnabled -}} +- name: {{ include "common.fullname" $dot }}-aaf-config + emptyDir: + medium: Memory +{{- if $aafRoot.addconfig }} - name: aaf-add-config configMap: - name: {{ include "common.fullname" . }}-aaf-add-config + name: {{ include "common.fullname" $dot }}-aaf-add-config defaultMode: 0700 -{{- end }} -{{- end -}} -{{- end }} - -{{- define "common.aaf-config-pv" -}} -{{- $dot := default . .dot -}} -{{- $aafRoot := default "aafConfig" .aafRoot -}} -metadata: - name: {{ include "common.fullname" . }}-aaf-config-pv - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }}-aaf-config-pv - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - name: {{ include "common.fullname" . }} -spec: - capacity: - storage: {{ index .Values $aafRoot "persistence" "config" "size"}} - accessModes: - - {{ index .Values $aafRoot "persistence" "config" "accessMode" }} - persistentVolumeReclaimPolicy: {{ index .Values $aafRoot "persistence" "config" "volumeReclaimPolicy" }} - hostPath: - path: {{ index .Values $aafRoot "persistence" "config" "mountPath" }}/{{ .Release.Name }}/{{ index .Values $aafRoot "persistence" "config" "mountSubPath" }} -{{- if (index .Values $aafRoot "persistence" "config" "storageClass") }} -{{- if (eq "-" (index .Values $aafRoot "persistence" "config" "storageClass")) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ index .Values $aafRoot "persistence" "config" "storageClass" }}" -{{- end }} -{{- end }} -{{- end -}} - -{{- define "common.aaf-config-pvc" -}} -{{- $dot := default . .dot -}} -{{- $aafRoot := default "aafConfig" .aafRoot -}} -metadata: - name: {{ include "common.fullname" . }}-aaf-config-pvc - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -{{- if (index .Values $aafRoot "persistence" "annotations") }} - annotations: -{{ toYaml (index .Values $aafRoot "persistence" "annotations" ) | indent 4 }} -{{- end }} -spec: - selector: - matchLabels: - app: {{ include "common.name" . }}-aaf-config-pv - accessModes: - - {{ index .Values $aafRoot "persistence" "config" "accessMode" }} - resources: - requests: - storage: {{ index .Values $aafRoot "persistence" "config" "size" }} -{{- if (index .Values $aafRoot "persistence" "config" "storageClass") }} -{{- if (eq "-" (index .Values $aafRoot "persistence" "config" "storageClass")) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ index .Values $aafRoot "persistence" "config" "storageClass" }}" -{{- end }} -{{- end }} +{{- end -}} +{{- end -}} {{- end -}} diff --git a/kubernetes/common/common/templates/_storage.tpl b/kubernetes/common/common/templates/_storage.tpl index 45c8b7504a..2114d677e6 100644 --- a/kubernetes/common/common/templates/_storage.tpl +++ b/kubernetes/common/common/templates/_storage.tpl @@ -16,9 +16,20 @@ {{/* Give the root folder for ONAP when using host pathes + + The function takes up to two arguments (inside a dictionary): + - .dot : environment (.) + - .subPath: the sub path to use, default to + ".Values.persistence.mountSubPath" + + Example calls: + {{ include "common.storageClass" . }} + {{ include "common.storageClass" (dict "dot" . "subPath" "my-awesome-subPath") }} */}} {{- define "common.persistencePath" -}} -{{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} +{{- $dot := default . .dot -}} +{{- $subPath := default $dot.Values.persistence.mountSubPath .subPath -}} +{{ $dot.Values.global.persistence.mountPath | default $dot.Values.persistence.mountPath }}/{{ include "common.release" $dot }}/{{ $subPath }} {{- end -}} {{/* @@ -26,28 +37,61 @@ The value "common.fullname"-data is used by default, unless either override mechanism is used. - - .Values.global.persistence.storageClass : override default storageClass for all charts - - .Values.persistence.storageClassOverride : override global and default storage class on a per chart basis - - .Values.persistence.storageClass : override default storage class on a per chart basis + - .Values.global.persistence.storageClass : override default storageClass for + all charts + - .Values.persistence.storageClassOverride : override global and default + storage class on a per chart + basis + - .Values.persistence.storageClass : override default storage class on + per chart basis + + The function takes up to two arguments (inside a dictionary): + - .dot : environment (.) + - .suffix: suffix to name. if not set, default to "data" when no override + mechanism is used. + - .persistenceInfos: the persitence values to use, default to + `.Values.persistence`. + Need to be the dict key from `.Values` in string + format. + let's say you have: + + persistence: + logs: + enabled: true + size: 100Mi + accessMode: ReadWriteOnce + ... + + then you have to put `.Values.persitence.logs` in + order to use it. + + + Example calls: + {{ include "common.storageClass" . }} + {{ include "common.storageClass" (dict "dot" . "suffix" "my-awesome-suffix") }} + {{ include "common.storageClass" (dict "dot" . "suffix" "my-awesome-suffix" "persistenceInfos" .Values.persistenceLog) }} */}} {{- define "common.storageClass" -}} - {{- if .Values.persistence.storageClassOverride -}} - {{- if ne "-" .Values.persistence.storageClassOverride -}} - {{- printf "%s" .Values.persistence.storageClassOverride -}} +{{- $dot := default . .dot -}} +{{- $suffix := default "data" .suffix -}} +{{- $persistenceInfos := default $dot.Values.persistence .persistenceInfos -}} + {{- if $persistenceInfos.storageClassOverride -}} + {{- if ne "-" $persistenceInfos.storageClassOverride -}} + {{- $persistenceInfos.storageClassOverride -}} {{- else -}} {{- $storage_class := "" -}} {{- printf "%q" $storage_class -}} {{- end -}} {{- else -}} - {{- if or .Values.persistence.storageClass .Values.global.persistence.storageClass }} - {{- if ne "-" (default .Values.persistence.storageClass .Values.global.persistence.storageClass) -}} - {{- printf "%s" (default .Values.persistence.storageClass .Values.global.persistence.storageClass) -}} + {{- if or $persistenceInfos.storageClass $dot.Values.global.persistence.storageClass }} + {{- if ne "-" (default $persistenceInfos.storageClass $dot.Values.global.persistence.storageClass) -}} + {{- default $persistenceInfos.storageClass $dot.Values.global.persistence.storageClass -}} {{- else -}} {{- $storage_class := "" -}} {{- printf "%q" $storage_class -}} {{- end -}} {{- else -}} - {{- printf "%s-data" (include "common.fullname" .) -}} + {{- printf "%s-%s" (include "common.fullname" $dot) $suffix -}} {{- end -}} {{- end -}} {{- end -}} @@ -63,53 +107,104 @@ {{/* Generate a PV + + The function takes up to three arguments (inside a dictionary): + - .dot : environment (.) + - .suffix: suffix to name. if not set, default to "data". + - .persistenceInfos: the persitence values to use, default to + `.Values.persistence`. + Need to be the dict key from `.Values` in string + format. + let's say you have: + + persistence: + logs: + enabled: true + size: 100Mi + accessMode: ReadWriteOnce + ... + + then you have to put `.Values.persitence.logs` in + order to use it. + + Example calls: + {{ include "common.PV" . }} + {{ include "common.PV" (dict "dot" . "suffix" "my-awesome-suffix" "persistenceInfos".Values.persistenceLog ) }} + {{ include "common.PV" (dict "dot" . "subPath" "persistenceInfos" .Values.persistence.log) }} */}} {{- define "common.PV" -}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} -{{- if (include "common.needPV" .) -}} +{{- $dot := default . .dot -}} +{{- $suffix := default "data" .suffix -}} +{{- $metadata_suffix := ternary "" $suffix (eq $suffix "data") -}} +{{- $persistenceInfos := default $dot.Values.persistence .persistenceInfos -}} +{{- if and $persistenceInfos.enabled (not $persistenceInfos.existingClaim) -}} +{{- if (include "common.needPV" $dot) -}} kind: PersistentVolume apiVersion: v1 -metadata: - name: {{ include "common.fullname" . }}-data - namespace: {{ include "common.namespace" . }} - labels: {{- include "common.labels" . | nindent 4 }} +metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "suffix" $suffix "labels" $persistenceInfos.labels) | nindent 2 }} spec: capacity: - storage: {{ .Values.persistence.size }} + storage: {{ $persistenceInfos.size }} accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" . }}-data" - persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + - {{ $persistenceInfos.accessMode }} + persistentVolumeReclaimPolicy: {{ $persistenceInfos.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $dot }}-{{ $suffix }}" hostPath: - path: {{ include "common.persistencePath" . }} + path: {{ include "common.persistencePath" (dict "dot" $dot "subPath" $persistenceInfos.mountSubPath) }} {{- end -}} {{- end -}} {{- end -}} {{/* Generate N PV for a statefulset + + The function takes up to two arguments (inside a dictionary): + - .dot : environment (.) + - .suffix: suffix to name. if not set, default to "data". + - .persistenceInfos: the persitence values to use, default to + `.Values.persistence`. + Need to be the dict key from `.Values` in string + format. + let's say you have: + + persistence: + logs: + enabled: true + size: 100Mi + accessMode: ReadWriteOnce + ... + + then you have to put `.Values.persitence.logs` in + order to use it. + + Example calls: + {{ include "common.replicaPV" . }} + {{ include "common.replicaPV" (dict "dot" . "suffix" "my-awesome-suffix" "persistenceInfos" .Values.persistenceLog) }} + {{ include "common.replicaPV" (dict dot" . "subPath" "persistenceInfos" .Values.persistence.log) }} */}} {{- define "common.replicaPV" -}} -{{- $global := . }} -{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if (include "common.needPV" .) -}} -{{- range $i := until (int $global.Values.replicaCount)}} +{{- $dot := default . .dot -}} +{{- $suffix := default "data" .suffix -}} +{{- $metadata_suffix := ternary "" $suffix (eq $suffix "data") -}} +{{- $persistenceInfos := default $dot.Values.persistence .persistenceInfos -}} +{{- if and $persistenceInfos.enabled (not $persistenceInfos.existingClaim) -}} +{{- if (include "common.needPV" $dot) -}} +{{/* TODO: see if we can use "common.PV" after branching F release */}} +{{- range $i := until (int $dot.Values.replicaCount) }} +{{- $range_suffix := printf "%s-%d" $metadata_suffix $i }} --- kind: PersistentVolume apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-data-{{$i}} - namespace: {{ include "common.namespace" $global }} - labels: {{- include "common.labels" $global | nindent 4 }} +metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "suffix" $range_suffix "labels" $persistenceInfos.labels) | nindent 2 }} spec: capacity: - storage: {{ $global.Values.persistence.size}} + storage: {{ $persistenceInfos.size }} accessModes: - - {{ $global.Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" $global }}-data" + - {{ $persistenceInfos.accessMode }} + persistentVolumeReclaimPolicy: {{ $persistenceInfos.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" $dot }}-{{ $suffix }}" hostPath: - path: {{ include "common.persistencePath" $global }}-{{$i}} + path: {{ include "common.persistencePath" (dict "dot" $dot "subPath" $persistenceInfos.mountSubPath) }}-{{ $i }} {{- end -}} {{- end -}} {{- end -}} @@ -117,22 +212,81 @@ spec: {{/* Generate a PVC + + The function takes up to two arguments (inside a dictionary): + - .dot : environment (.) + - .suffix: suffix to name. if not set, default to "data". + - .persistenceInfos: the persitence values to use, default to + `.Values.persistence`. + Need to be the dict key from `.Values` in string + format. + let's say you have: + + persistence: + logs: + enabled: true + size: 100Mi + accessMode: ReadWriteOnce + ... + + then you have to put `.Values.persitence.logs` in + order to use it. + + Example calls: + {{ include "common.PVC" . }} + {{ include "common.PVC" (dict "dot" . "suffix" "my-awesome-suffix" "persistenceInfos" .Values.persistenceLog) }} + {{ include "common.PVC" (dict dot" . "subPath" "persistenceInfos" .Values.persistence.log) }} */}} {{- define "common.PVC" -}} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +{{- $dot := default . .dot -}} +{{- $persistenceInfos := default $dot.Values.persistence .persistenceInfos -}} +{{- $suffix := default "data" .suffix -}} +{{- $metadata_suffix := ternary "" $suffix (eq $suffix "data") -}} +{{- if and $persistenceInfos.enabled (not $persistenceInfos.existingClaim) -}} kind: PersistentVolumeClaim apiVersion: v1 -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} -{{- if .Values.persistence.annotations }} - annotations: -{{ toYaml .Values.persistence.annotations | indent 4 }} -{{- end }} +{{ include "common.PVCTemplate" (dict "dot" $dot "suffix" $suffix "persistenceInfos" $persistenceInfos) }} +{{- end -}} +{{- end -}} + +{{/* + Generate a PVC template for a statefulset + + The function takes up to two arguments (inside a dictionary): + - .dot : environment (.) + - .suffix: suffix to name. if not set, default to "data". + - .persistenceInfos: the persitence values to use, default to + `.Values.persistence`. + Need to be the dict key from `.Values` in string + format. + let's say you have: + + persistence: + logs: + enabled: true + size: 100Mi + accessMode: ReadWriteOnce + ... + + then you have to put `.Values.persitence.logs` in + order to use it. + + Example calls: + {{ include "common.PVCTemplate" . }} + {{ include "common.PVCTemplate" (dict "dot" . "suffix" "my-awesome-suffix" "persistenceInfos" .Values.persistenceLog) }} + {{ include "common.PVCTemplate" (dict dot" . "subPath" "persistenceInfos" .Values.persistence.log) }} +*/}} +{{- define "common.PVCTemplate" -}} +{{- $dot := default . .dot -}} +{{- $persistenceInfos := default $dot.Values.persistence .persistenceInfos -}} +{{- $suffix := default "data" .suffix -}} +{{- $metadata_suffix := ternary "" $suffix (eq $suffix "data") -}} +metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "suffix" $metadata_suffix "annotations" $persistenceInfos.annotations) | nindent 2 }} spec: accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} + - {{ $persistenceInfos.accessMode }} + storageClassName: {{ include "common.storageClass" (dict "dot" $dot "suffix" $suffix "persistenceInfos" $persistenceInfos ) }} resources: requests: - storage: {{ .Values.persistence.size }} -{{- end -}} + storage: {{ $persistenceInfos.size }} {{- end -}} diff --git a/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json b/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json index b459a989d7..2e47c9e118 100644 --- a/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json +++ b/kubernetes/dcaegen2/components/dcae-policy-handler/resources/config/config.json @@ -24,7 +24,7 @@ "timeout_in_secs": 60 }, "dmaap_mr" : { - "url" : "https://message-router:3904/events/unauthenticated.POLICY-NOTIFICATION/policy-handler/ph1", + "url" : "https://message-router:3905/events/POLICY-NOTIFICATION/policy-handler/ph1", "query": { "timeout": 15000 }, diff --git a/kubernetes/nbi/templates/configmap-aaf-add-config.yaml b/kubernetes/nbi/templates/configmap-aaf-add-config.yaml new file mode 100644 index 0000000000..fe099b140d --- /dev/null +++ b/kubernetes/nbi/templates/configmap-aaf-add-config.yaml @@ -0,0 +1,28 @@ +{{ if .Values.global.aafEnabled }} +{{/* +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.aafConfig.addconfig -}} +apiVersion: v1 +kind: ConfigMap +{{- $suffix := "aaf-add-config" }} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} +data: + aaf-add-config.sh: |- + /opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \ + {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.aafConfig.credsPath }}/mycreds.prop +{{- end -}} +{{- end -}} diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml index 528a3f7e76..3283239100 100644 --- a/kubernetes/nbi/templates/deployment.yaml +++ b/kubernetes/nbi/templates/deployment.yaml @@ -32,6 +32,9 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.fullname" . }} spec: +{{- if .Values.global.aafEnabled }} + initContainers: {{ include "common.aaf-config" . | nindent 6 }} +{{- end }} containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -40,16 +43,39 @@ spec: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container + {{- if .Values.global.aafEnabled }} + command: + - bash + args: + - -c + - | + export $(grep '^c' {{ .Values.aafConfig.credsPath }}/mycreds.prop | xargs -0) + export JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \ + -Dserver.ssl.key-store={{ .Values.aafConfig.credsPath }}/org.onap.nbi.p12 \ + -Dserver.ssl.key-store-type=PKCS12 \ + -Djavax.net.ssl.trustStore={{ .Values.aafConfig.credsPath }}/org.onap.nbi.trust.jks \ + -Dserver.ssl.key-store-password=$cadi_keystore_password_p12 \ + -Djavax.net.ssl.trustStoreType=jks\ + -Djava.security.egd=file:/dev/./urandom -Dserver.port=8443" + {{- if eq "DEBUG" .Values.config.loglevel }} + export JAVA_DEBUG="-Djavax.net.debug=all" + {{- end }} + exec java -XX:+UseContainerSupport $JAVA_DEBUG $JAVA_OPTS -jar /opt/onap/app.jar + {{- end }} {{ if .Values.liveness.enabled }} livenessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} + httpGet: + port: {{ .Values.liveness.port }} + path: {{ .Values.liveness.path }} + scheme: HTTPS initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end }} readinessProbe: - tcpSocket: - port: {{ .Values.service.internalPort }} + httpGet: + port: {{ .Values.readiness.port }} + path: {{ .Values.readiness.path }} + scheme: HTTPS initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} env: @@ -72,7 +98,7 @@ spec: - name: ONAP_CLOUDOWNER value: {{ .Values.config.cloudOwner }} - name: NBI_URL - value: "http://nbi.{{ include "common.namespace" . }}:8080/nbi/api/v4" + value: "https://nbi.{{ include "common.namespace" . }}:8443/nbi/api/v4" - name: SDC_HOST value: "https://sdc-be.{{ include "common.namespace" . }}:8443" - name: SDC_HEADER_ECOMPINSTANCEID @@ -90,7 +116,7 @@ spec: value: {{ .Values.so_authorization }} {{- end }} - name: DMAAP_HOST - value: "https://message-router.{{ include "common.namespace" . }}:3905" + value: "http://message-router.{{ include "common.namespace" . }}:3904" - name: LOGGING_LEVEL_ORG_ONAP_NBI value: {{ .Values.config.loglevel }} - name: MSB_ENABLED @@ -99,7 +125,7 @@ spec: value: "msb-discovery.{{ include "common.namespace" . }}" - name: MSB_DISCOVERY_PORT value: "10081" - volumeMounts: + volumeMounts: {{ include "common.aaf-config-volume-mountpath" . | nindent 12 }} - mountPath: /etc/localtime name: localtime readOnly: true @@ -125,7 +151,7 @@ spec: # name: esr-server-logs # - mountPath: /usr/share/filebeat/data # name: esr-server-filebeat - volumes: + volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index 4e22af6494..ceab7fad2a 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -28,6 +28,30 @@ global: service: mariadb-galera internalPort: 3306 nameOverride: mariadb-galera + aafAgentImage: onap/aaf/aaf_agent:2.1.15 + aafEnabled: true + busyBoxImage: busybox:1.30 + busyBoxRepository: docker.io + +################################################################# +# AAF part +################################################################# +aafConfig: + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: nbi + fqi: nbi@nbi.onap.org + public_fqdn: nbi.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + permission_user: 1000 + permission_group: 999 + addconfig: true + secret_uid: &aaf_secret_uid nbi-aaf-deploy-creds + ################################################################# # Secrets metaconfig @@ -39,13 +63,19 @@ secrets: externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' login: '{{ .Values.config.db.userName }}' password: '{{ .Values.config.db.userPassword }}' + - uid: *aaf_secret_uid + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aafConfig.aafDeployFqi }}' + password: '{{ .Values.aafConfig.aafDeployPass }}' + passwordPolicy: required subChartsOnly: enabled: true # application image repository: nexus3.onap.org:10001 -image: onap/externalapi/nbi:6.0.0 +image: onap/externalapi/nbi:6.0.1 pullPolicy: IfNotPresent sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU= aai_authorization: Basic QUFJOkFBSQ== @@ -109,9 +139,8 @@ affinity: {} # probe configuration parameters liveness: - httpGet: - path: /nbi/api/v4/status - port: 8080 + path: /nbi/api/v4/status + port: 8443 initialDelaySeconds: 180 periodSeconds: 30 # necessary to disable liveness probe when setting breakpoints @@ -119,9 +148,8 @@ liveness: enabled: true readiness: - httpGet: - path: /nbi/api/v4/status - port: 8080 + path: /nbi/api/v4/status + port: 8443 initialDelaySeconds: 185 periodSeconds: 30 @@ -130,7 +158,7 @@ service: portName: api name: nbi nodePort: 74 - internalPort: 8080 + internalPort: 8443 ingress: enabled: false diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 4d69b9d3cb..40275a5696 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -71,8 +71,10 @@ global: tls: true # Disabling AAF - # POC Mode, don't use it in production + # POC Mode, only for use in development environment + # Keep it enabled in production aafEnabled: true + aafAgentImage: onap/aaf/aaf_agent:2.1.20 # TLS # Set to false if you want to disable TLS for NodePorts. Be aware that this diff --git a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml index 02947c6643..aa1189dcba 100755 --- a/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/resources/config/overrides/override.yaml @@ -284,7 +284,7 @@ policy: environment: TEST sdnc: auth: Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== - host: http://sdnc.{{ include "common.namespace" . }}:8282 + host: http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }} path: /restconf/operations/GENERIC-RESOURCE-API si: svc: diff --git a/kubernetes/so/charts/so-bpmn-infra/values.yaml b/kubernetes/so/charts/so-bpmn-infra/values.yaml index 1d2c5f17b1..b04343feef 100755 --- a/kubernetes/so/charts/so-bpmn-infra/values.yaml +++ b/kubernetes/so/charts/so-bpmn-infra/values.yaml @@ -22,6 +22,9 @@ global: readinessImage: readiness-check:2.0.2 persistence: mountPath: /dockerdata-nfs + #This configuration specifies Service and port for SDNC OAM interface + sdncOamService: sdnc-oam + sdncOamPort: 8282 ################################################################# # Secrets metaconfig diff --git a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml index 7a1358cc88..d363122a33 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/resources/config/overrides/override.yaml @@ -148,16 +148,16 @@ org: bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage sdncauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}} sdncconnecttime: 5000 - sdncurl10: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/GENERIC-RESOURCE-API:' - sdncurl11: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNFTOPOLOGYAIC-API:' - sdncurl12: 'http://sdnc.{{ include "common.namespace" . }}:8282/' - sdncurl13: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/opticalservice:' - sdncurl5: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/config' - sdncurl6: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNF-API:' - sdncurl7: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/L3UCPE-API:' - sdncurl8: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NBNC-API:' - sdncurl9: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NORTHBOUND-API:service-topology-operation' - sdncurl20: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/LCM:' + sdncurl10: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/GENERIC-RESOURCE-API:' + sdncurl11: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/VNFTOPOLOGYAIC-API:' + sdncurl12: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/' + sdncurl13: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/opticalservice:' + sdncurl5: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/config' + sdncurl6: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/VNF-API:' + sdncurl7: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/L3UCPE-API:' + sdncurl8: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/NBNC-API:' + sdncurl9: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/NORTHBOUND-API:service-topology-operation' + sdncurl20: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/LCM:' service: infra: service-topology-infra-activate-operation: POST|90000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1 diff --git a/kubernetes/so/charts/so-sdnc-adapter/values.yaml b/kubernetes/so/charts/so-sdnc-adapter/values.yaml index a4b2496662..42c5d4ddb3 100755 --- a/kubernetes/so/charts/so-sdnc-adapter/values.yaml +++ b/kubernetes/so/charts/so-sdnc-adapter/values.yaml @@ -22,6 +22,9 @@ global: readinessImage: readiness-check:2.0.2 persistence: mountPath: /dockerdata-nfs + #This configuration specifies Service and port for SDNC OAM interface + sdncOamService: sdnc-oam + sdncOamPort: 8282 ################################################################# # Secrets metaconfig diff --git a/kubernetes/so/resources/config/overrides/override.yaml b/kubernetes/so/resources/config/overrides/override.yaml index c57ed023ef..6bd930d7b1 100755 --- a/kubernetes/so/resources/config/overrides/override.yaml +++ b/kubernetes/so/resources/config/overrides/override.yaml @@ -1,3 +1,6 @@ +aai: + endpoint: https://aai.{{ include "common.namespace" . }}:8443 + auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}} server: port: {{ index .Values.containerPort }} tomcat: diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 8a83427c4b..4cf991ea60 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -34,6 +34,9 @@ global: localCluster: false persistence: mountPath: /dockerdata-nfs + #This configuration specifies Service and port for SDNC OAM interface + sdncOamService: sdnc-oam + sdncOamPort: 8282 #This configuration will run the migration. The configurations are for backing up the data #from DB and then restoring it to the present versions preferred DB. migration: diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml index 9529e558a2..96cacfbf82 100644 --- a/kubernetes/vnfsdk/values.yaml +++ b/kubernetes/vnfsdk/values.yaml @@ -28,7 +28,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/vnfsdk/refrepo:1.3.2 +image: onap/vnfsdk/refrepo:1.5.1 postgresRepository: crunchydata postgresImage: crunchy-postgres:centos7-10.3-1.8.2 pullPolicy: Always |